HACKIT 4.0: A Cybersecurity Conference you will regret missing
During its three-year existence, HackIT has grown in scale and significance! Not only has it moved to the capital of Ukraine, Kyiv, but also evolved into even greater and multi-formatted organization. HackIT 4.0 included four days of the conference, a bug bounty marathon known as Hacken Cup, Attack Day and Defense Day, a series of roundtable discussions, and spent one day traveling to the Chernobyl zone to see a real man-made disaster.
As was promised, the conference was full of new knowledge, networking, and fun.
Read how it went below in our postrelease!
Day 1. October 8. Hacken Cup
Despite being an integral part of the HackIT Forum, the onsite bug bounty marathon is an independent event. The HackenProof team selected 25 top hackers from all over the world. After that, the HackenProof team started to choose target companies for our hackers to crack. Eventually, three companies agreed to be tested: Uklon, Crypviser, and a social media network.
So Hacken Cup began and so did the countdown. After 9 tense but terrific hours, the competition was coming to an end. We received 102 bug reports!
The leaderboard shuffled the teams from one position to another; however, the leading teams were defined during the first several hours.
The team that won the most reputation at the event and scored the highest points was TAXI-DRIVERS. In addition to the award, they received 500 HKN as a bonus. CUBETEAM won the most money at the event. The team RYANANDSOPHIA found the weirdest bug in the weirdest way.
After the marathon, the CTO at Uklon and the CEO at Crypviser thanked all the participants for the great job they had done.
The final point of the day was the afterparty, where all the hackers could exchange their thoughts and hang out. One of the keynote guests, Mike Boxmining, received a special gift from the Hacken team for his wedding anniversary!
Each and every hacker who chose to be with us is vital for the cybersecurity and white hat hackers communities, and we had to remind them — we appreciate their talent, knowledge, and worldview.
Day 2 Networking Day
On Tuesday, October 9, at 7:30 speakers, hackers, and VIP guests came to the meeting point to start their Chernobyl tour.
On April 26, 1986, at 1:23 A.M. a series of explosions destroyed the fourth power unit of the Chernobyl nuclear power station. Unfortunate testing resulted in the catastrophe.
There is no coincidence that Chernobyl was chosen as the destination during HackIT. This tour had not just a networking aim but was also a reminder of the importance of a responsible approach to the technological advances of humanity. Inventions that make our lives easier, with careless handling can turn into tragedies.
During the tour, the guests were accompanied by the tour guides with dosimeters to determine the level of radiation. Visitors crossed the 30-kilometer zone (exclusion zone of an unconditional (compulsory) evacuation) and 10-kilometer zone (the “ghost towns” of Chernobyl and Pripyat as well as the observation deck of the “Shelter”). By 20:00, all the visitors returned to Kyiv to take a rest and head to the afterparty.
Day 3 Attack Day
The topic of the responsible use of technology continued at the conference which started the next day.
On October 10 and 11, participants gathered at the Parkovy Exhibition and Convention Center for a two-day conference on cybersecurity. The event included two streams of lectures, several roundtables, panel discussions, and an exhibition on an area of 1000 sq.m. The first day was devoted to cyber attacks, and the second to the latest protection tools that are applicable in business.
CEO of Hacken, Dmytro Budorin opened the first day of the conference.
Technologies can unite humanity, they help us to blur the boundaries between people, to develop business, and to build connections. But these same technologies make us vulnerable. It is important to combine the efforts of cybersecurity experts to protect products, businesses, and government systems.
Our goal is to make Ukraine the center of cyber security in Eastern Europe, where top industry experts will meet regularly. And we can already say with confidence that HackIT 4.0 is a successful step in this direction.
Members of the Ukrainian Government and Institutions also attended this year’s #hackit2018conference. The Minister of Infrastructure of Ukraine Volodymyr Omelyan gave a welcome speech to the conference participants.
Each speaker prepared an outstanding informative lecture. Let’s mention some of them.
Sophia d’Antoine, Senior Security Researcher at Trail of Bits in NYC, and Ryan Stortz, Principal Security Researcher at Trail of Bits in NYC, presented evm2vec, a tool which uses machine learning to assist in vulnerability discovery through highlighting areas of interest, i.e abnormalities, and inconsistencies which may be of interest to security researchers. They also mentioned other methods of tool-assisted security audits of smart contracts such as symbolic execution using Manticore, static analysis using Slither, and property based fuzzing using Echidna.
Brian Gorenc, Director of Vulnerability Research at Trend Micro Zero Day Initiative, elaborated on “Modern Day Entomology Examining the Inner Workings of the Bug Bazaar”. The lecture covered the inner-workings of the exploit marketplace, the main players in various sectors, and the winding, often controversial lifespan of a security bug.
After the speeches, the panel discussion was organized to discuss Japan fintech and blockchain trends as well as cybersecurity concerns. The speakers included a representative of Ginco Inc — Muuto Morikawa), Chris Dai from Longhash, Hideo Ohashi from Mitsubishi, and Paulo D’Alberti from Blockchain/DAG platform made in Japan Bexam. Speakers shared insights and the latest field news in Japanese markets, discussing the trends in the blockchain industry, the most viable ways of monetization, and why all the big hacks happen in Japan.
A featured guest and speaker was the founder of Signal and former Head of the Security Team at Twitter — Moxie Marlinspike. He busted all the myths and hopes about the genius of decentralization.
In addition, the Cyber School, which will train cybersecurity experts, was introduced on the HackIT scene. Education will be free of charge and will last 5 months (full time), but to get into the school, you need to pass testing and competitive selection. Applications are accepted on the website from October 16 to October 25. The program starts on November 27th.
Day 4 Defense Day
The second day was opened by a member of the French Senate, the head of the Cyber Security Committee, Senator Olivier Cadic. He noted that a responsible attitude is important not only in technological but also in governmental and communications spaces.
“The security of cyberspace needs to be protected together, it’s ridiculous to try to solve the issue within one small country. Close cooperation with partners and allies in this area is absolutely necessary. European cyber defense and cybersecurity must be restructured. […] Do not wait until September 11 in cyberspace. We ask you to help us make the world safe now!”
Head of Cyberpolice Department in Ukraine Sergiy Demedyuk also gave his opening words at HackIT.
The “Defense Day” was not any less informative and exciting.
GDPR pannel was one of the most crowded. The speakers included Patrick Pennincx (Information Society at Council of Europe, Head of Department), Dr. Attila Kiss (Presidential Cabinet, Head of Unit National Authority for Data Protection and Freedom of Information), and Ario Dehghani (Redcliffe Partners, Counsel and Head of the Compliance and EU law practices). They presented GDPR regulation through the eyes of experts. The speakers explained the GDPR impact on European countries, legislation, businesses, as well as how the regulation is applied in the blockchain. The main idea was to review GDPR from a cybersecurity perspective: the main challenges and key requirements to be compliant with.
Peter Todd, the BTC developer, discussed what types of attacks existing hardware wallets can and can’t protect against, how peer review and open source works with respect to hardware wallets, and how they compare to other ways of securing digital assets.
Bohdan Kossak, CTO and founder at CryptoLions.io elaborated on “A short history of EOS bugs, fixes, testing in the Jungle Testnet, and discussion regarding the stability of the EOS chain.”
Dejan Podgoršek, IBM Software Channel Technical Leader and CEE, revealed whether Hyperledger Fabric is secure enough for the Business?
There was another special event that cannot go unmentioned — Roundtable organized by Crypto Exchange Ranks. Hacken’s recent product invited prominent players of the crypto industry — BTC-Alfa, EXMO, KUNA, BEXAM, CEX.io, Rokkex, Bitfury Labs, Crystal — to discuss ways of improving the global standards of security and business dealing for the exchange market.
The Smart Contract Roundtable took place on Defense Day as well. 9 people took part in the discussion including representatives of Hacken, Smartdec, Pandorabox, Ambisafe, Blocksoft, and InCrypto. The participants were brainstorming practices for smart contracts security development. As a result, they committed to creating Developers Guide for smart contract secure SDLC. The results are going to be published on GitHub by DevCon 4.
A total of 46 speakers took the floor at the conference, including director of Trend Micro Zero Day Initiative Brian Gorenc, applied cryptography consultant and BTC Core developer Peter Todd, the expert in computers Ph.D. and founder of Monero Hardware team Dr. Michael Schlon von Bennewitz, and senior security consultant at Deloitte Ebrahim Hegazi.
Global losses from hacking attacks in 2018 amounted to $1.8 billion, which exceeds the total number of losses between 2011 and 2017. A huge sum of the funds belonged to investors and users in the field of cryptocurrency and blockchain — which commercial value will increase to almost 180 billion dollars by 2025. Such results and forecasts were shared by experts of the cybersecurity forum HackIT 4.0, which was held in Kyiv from October 8 to 11.
The general conclusion of experts: investment in cybersecurity in the blockchain sphere will only grow. “We have to create a vaccine against malevolent hacker interference and manipulation to make the world free,” said Senator Olivier Cadic, entrepreneur, head of the subcommittee on cybersecurity of the Senate Defense Committee of the French People’s Republic.
P.S. We are already brainstorming about HackIT 5.0. But first