On April 8-11, Hotel Okura will host the 2013 Amsterdam edition of the world-renowned Hack In The Box (HITB2013AMS) security conference. Since this edition also promises to be highly interesting, we’ve asked Dhillon Kannabhiran, the CEO and founder of HITB, to do an interview with us.
We’ve learned some interesting things about the upcoming conference, but the security expert has also been kind enough to share some insight on the current threat landscape and hacktivism. Softpedia:
We know that Edward Schwartz from EMC / RSA and Bob Lord from Twitter will be there. Is there anything you can tell us about other people that will be present at HITB2013AMS?
Yep. The Call for Papers (CFP) for the conference closed on the 8th of February and the first set of accepted speakers has just been announced with a lot of good stuff lined up!
All four members of the Evad3rs jailbreak team will be speaking at the conference. They are behind the Evasi0n iOS 6.1 jailbreak used on well over 7 million devices in its first week of release.
Swiping Through Security by team members Cyril aka @pod2g
, David @planetbeing
Wang, Nikias @pimskeks
Bassen and Eric aka @musclenerd
will discuss the immense work that went into creating the Evasi0n jailbreak - including details of the 8 vulnerabilities used!
Russian security researcher Nikita Tarakanov also returns with a brand new kernel pool exploit that works against all versions of Microsoft Windows from Windows NT up till Windows 8.
A pair of Dutch security researchers will be presenting their work relating to a remotely exploitable vulnerability in DSL (digital subscriber line) modems. Needless to say, with over 300 million DSL modems in use worldwide, this is a pretty serious vulnerability.
There’s more. How about being able to remotely hack an aircraft without user intervention?
Hugo Teso of nRuns will be presenting his three years' worth of research in a paper he’s calling Aircraft Hacking: Practical Aero Series. He aims to demonstrate how to remotely attack and take full control of an aircraft by targeting vulnerabilities in its on-board systems.
Of course in addition to all the conference goodies on the 10th and 11th, we also have juicy new hands-on trainings in the two days prior. This year’s training include a very special course on Mobile Hacking conducted by Blake 'HotWan' Turrentine and Joshua 'p0sixninja' Hill from Chronic Dev plus Cyril aka @pod2g!
Needless to say, with three world-famous trainers in one room this 2-day course is definitely going to be popular with the iOS fans. The training material also covers Android and ARM internals, so there’s something for everyone: http://conference.hitb.org/hitbsecconf2013ams/tech-training-4-mobile-hacking-ii/ Softpedia:
What can you tell us about this edition’s CTF? The race idea sounds interesting. Dhillon Kannabhiran:
Sponsored by Trustwave Spiderlabs, this year’s Capture The Flag competition will still be a team based game, but unlike the attack and defense setup from last year, this year’s contest will be an attack focused affair with each team represented as ‘race cars’ competing in a no holds barred death rally!
Team start with similarly configured, ‘non-modified’ cars and gain upgrades to their vehicles by solving CTF challenges. Upgrades range from giving cars improved armory, better weapons and additional power-ups. Weapons can be unlocked by submitting flags, and can then be used against opponent vehicles in order to slow them down.
We’re already overbooked for the game this year with 11 teams signed up to compete - quite impressive considering we’re still 2 months away from game day! Softpedia:
Has anyone signed up for the HITB CommSec Village yet? Dhillon Kannabhiran:
The CommSec village at HITB in The Netherlands routinely brings together a mix of Dutch and European hackerspaces to show off their local projects and folks like TOOOL NL (The Open Organization of Lock Pickers).
For #HITB2013AMS, 4 Dutch hackerspaces have already confirmed their participation with more expected in the coming weeks. A new exhibit addition this year is NIKHEF (http://nikhef.nl) – The Dutch National Institute for Subatomic Physics! Say hello to sub atomic hacking! Softpedia:
So far, HITB has been full of surprises. New jailbreaks have been announced, you got Mikko Hypponen to cut his ponytail. Have you got anything planned for HITB2013AMS? Dhillon Kannabhiran:
I think the first set of papers announced already gives you an idea that you can expect more surprises this year. Plus we’re already short-listing the next set of presentations filled with more digital kungfu. Surprises happen onsite – and to know this year’s surprises, there’s only one way to find out – be there! Softpedia:
Why should security enthusiasts attend #HITB2013AMS? Dhillon Kannabhiran:
Because it’s probably one of the few places where you’ll get to see the latest and greatest attack and defense research but more importantly, where you’ll actually get to meet with the speakers in an informal but professional atmosphere.
HITBSecConf gives you a chance to not only learn but also have meaningful discussions with attackers, defenders, law enforcement and policy makers, all under one roof. In short, if you’re concerned about the next generation of attacks and want to learn from the best; you’ll want to come to HITB. Softpedia:
At the end of 2012, security experts made some interesting predictions for 2013. Do you have any cyber security predictions for this year or the upcoming period in general? Dhillon Kannabhiran:
2012 was perhaps the year of APT (RSA, Google) and I think we’ll see a continuation of these types of attacks and also targeted attacks against mobile platforms and critical infra. I think we’ll also see more attacks against the cloud and cloud storage and also against social networks.
With both Twitter and just recently Facebook admitting to being breached in some shape or form, I wouldn’t be surprised to hear of even more ‘big name’ companies being hit – if it can happen to RSA and Google, I think it’s safe to say, it could happen to anyone. Softpedia:
I know you’ve been following the work of hacktivists. One of the predictions made by McAfee for 2013 was that we would see the decline of Anonymous. Do you agree? Dhillon Kannabhiran:
As a collective group and compared to the ‘original’ Anonymous, perhaps the group appears less coordinated as a whole, though I think the ‘idea’ of hacktivism as a means to be heard and as a valid form of protest is gaining much wider acceptance.
So will we see a decline of Anonymous? I think not - the fact that every attack, whether it’s a DDoS, defacement or a massive information leak that doesn’t have a specific ‘group name’ attached to it is automatically tagged as an ‘anonymous attack’ only helps in the numbers game.
While we may not see the same level of coordinated efforts like what happened with #OpSyria, I think we’ll definitely see more politically motivated hacking and digital protests. If it worked once, what’s not to say it wouldn’t work again elsewhere?