What the hack is going on?

Some of the best computer hackers on the planet are in Cork this week to take part in the world’s most prestigious computer hacking competition.

Hundreds of thousands of euros worth of prizes are up for grabs at the first Pwn2Own contest to take place in Europe.

This year’s event is being held at cybersecurity software company and contest sponsors Trend Micro’s European HQ on the Model Farm Road in Cork city.

The contest will see some of the most well-known names in the global hacking community go head-to-head to try to find previously unknown vulnerabilities in modern software and mobile devices.

“With the tech sector we have here in Cork, it made sense to bring something like this here,” said Robert McArdle, Director FTR - Cybercrime Research at Trend Micro, Cork.

“About 45 of the strongest hackers and vulnerability researchers in the world are currently in Cork, currently in the building,” he added.

Once discovered, the exploits are presented to Trend Micro who then work with the software manufacturers to make sure the vulnerability is addressed, and the software is made secure for customers.

“Somebody can send a simple message to your iPhone or your Samsung device and immediately take over your phone with no interaction on your side,” warned Mr McArdle.

“A vulnerability like that would be of keen interest to any number of criminal groups.

“By having this contest and putting these quite large cash prizes up, we entice these vulnerability researchers and hackers to instead disclose that responsibly to us. It's almost like removing a weapon from the market,” he added.

This year’s Pwn2Own contest started on Tuesday and runs until Friday.

The contest has already seen one hacker become €100k richer. Using nine previously unknown exploits, they were able to access a home internet router and compromise the network storage where somebody may keep personal documents. This was all done within a matter of seconds, explained Mr McArdle. “That's the kind of calibre of people we have showing up,” he said.

Cybercrime

According to Mr McArdle, cybercrime is something we'll never be free of.

“The same way you'll never get rid of drugs or weapons or anything in the real world. There will always be crime, this is just crime on the internet,” he said.

Cybercrime is constantly evolving; however, cyber criminals tend not to evolve the same way as the tech industry does, explained Mr McArdle.

He said: “The tech industry tends to be in a steady, almost exponential curve of innovation. Cyber criminals, by their very nature, being a criminal, you want to do the least amount of work and get paid the most amount of money. That's the entire point. So, they tend not to innovate unless they really have to. If their current business model is making them a lot of money, then they're happy to keep going with that.

“So, we see innovation in cybercrime much more gradually, and then it spikes when they realise something has stopped working,” he added.

When it comes to protecting critical systems from cyber-attacks, Mr McArdle said it comes down to three things.

He said: “One is making sure that all your systems are up to date. The second is having security software installed across anything you want to protect.

“And the third, which is key, is always assume that you are already compromised. Assume they're in there and that you're looking for them.”