Hackerek a Háborúban – Kerekasztal Beszélgetés

So good afternoon ladies and gentlemen welcome back from lunch the afternoon session begins with a with three presenters on the stage for a roundtable discussion hackers in the wall we have cross night Chaba face Ference and sub arch chair Mac Thank you very much. And we got this section as an opportunity to speak Hungarian. which is good, because then we will be a little more expressive and they can translate less what we say into different foreign languages, for example into Russian and Ukrainian, which obviously Attila and Dani, the organizers, asked me what it would be like to talk a little bit about the cyber war, what it would be like to talk a little bit about the role of hacker groups, the role

of hacktivist groups in the cyber war. And why did they think of me? I don't know, but maybe it's because I discussed this topic ten years ago in my doctoral thesis, that how we could involve the activist groups in the cyber war. And the activists of that time gave a pretty strong feedback that, So we thought that we would talk about the topic a little bit in 2022. And we look at it generationally, some started in the 90s, some in the 2000s, and some in the 2010s. Well, some of you may have missed the active part, unfortunately, but it looks like they are still allowed to talk here, so I hope we will have a good conversation. And please,

get involved, ask questions, and do what you have to do. And those of you who are present here, I would ask you to raise your hand if you started hacking in the 90s. Okay. 2000s? 2010s? Ah, great. Those who are actually just sitting here No connection. 2020. Okay. After February 24, 2022. Okay. So, there will be a little bit of a historical overview and everything, but the first topic that I would like to discuss with my colleagues is that in your opinion, compared to when you got involved in this whole story, and I will also add this, how much has the hackerism, the hacker scene, the hacker subculture changed? Feri? Hello. I had huge debates

in the last 20-30 years about whether there was a hacker subculture. I have known this since the late 80s, mid-90s, and I don't think there was. There were very smart guys who started dealing with it, they tried to define themselves, they tried to draw themselves into the circle of what they were. Because more and more people have grown up with the rise of the Internet, who are not interested in how things work, but in how they work and how they can be understood differently. And the 90s, and this will come back later, the 90s was the time when the so-called hack labs were created. France was a very serious where housekeepers, artists, carpenters and, by the way, the

Kolai hackers came together and read verses to each other, of course, because they didn't know anything else. And from these groups, at the time, if you remember, a movement started, we are talking about hacktivism, which were groups of activists who were almost connected to each other via the internet, and this was the Occupy movement from the mid-1990s. And from this, the Anonymous movement emerged. So this was the early stage of it, and I will return to this later when we talk about it, about the Ukrainian-Russian war, that there are very serious parallels between the activism of the early 90s and the current situation. Before I tell you about the 2010s, I will tell you how I lived through

all this. Here, perhaps few people know that the B-Sides' partner event, the HEC-tivity conference, was held in 2003. I took part in the activity from 2004 to 2010. I was the face of this event for a long time. Fortunately, I was involved in this subculture, which we lived as an absolute subculture back then, because a lot of things changed at the beginning of the 2000s. 2001 was the Budapest Agreement, when the government criminalized itself . early Anonymous, and then the development, so that kind of political hektivism, which I honestly do not feel in the hektivism environment at all at that time. However, such faces finally appeared in Hungary, those faces who were, say, around Wikileaks, it was possible to know that one or two of them

are in the Anonymous stories, but in fact it was not very visible here. And what Our community, which is a personal one, because we have been together many times beyond the Hectivity world and Hectivity. I felt that it really focuses on the fact that there is a changing web environment, because the community networks came in at that time. Hello. I would start with the fact that when I got into IT Security, as Feri said, it was the post-Bucharest era. My first conference was when Boráthor announced that he would stop blogging. I was already in this new era, I didn't notice many changes. Whether it was subculture or not, the fact that the profession came together at

conferences was a very good thing, but there were no underground organizations. But now that fate has brought us together with young people, Here I feel that there is a kind of agreement, but not with such a typical hacktivism that we are going to move forward for a good or bad cause, but rather that because of the love of the profession, and the pleasure of hacking, but within legal framework. So I am thinking about the CTF team, which I could not even be a part of, because I don't have time for it at the moment. And I think that these are completely good and calm scenes right now. What did you do in the mainstream? I think that if I haven't changed yet, I

will. Or you have changed as a profession? Yes, absolutely. In 2013, if you told someone that you are a hacker, or that you are a hacker, everyone would look at you and say, "Wow, he can do a great job!" Nowadays, I have it at some level. Especially when you have to get back broken Facebook accounts. And the discos you play with. Yes, it is a mainstream change and I think it should have been. Because if IT security cannot become mainstream within a country, then wherever the world goes, and as the political initiative hacker groups are formed, they can go to a country if it is not prepared and IT security does not become mainstream there. If we stay on the level of

hacking as a separate cell, then we cannot say that they can build protection or launch a counterattack in the cyber space. Feri, did we become mainstream? I think so, yes. In the second half of the 90s, before the activity, whether as an event or as a series, we met in someone's apartment, in his apartment, and we were amazed at each other's codes. We started to talk a lot. I would like to add that in the early 90s we already wrote a TCP IP for Commodore and all the others. to connect our computers to the internet, because we didn't have a ready-made code. And these were isolated groups, they weren't mainstream. That's why I say that this subculture, looking back, is very beautiful,

very romantic, but it wasn't. And in the second half of the 90s, brought us to the conclusion that we were going to get money from this and then go to prison. But we didn't want to go to prison, so we thought about how we could make this a mainstream profession. It took me five years, starting in 1998, to understand that the Ministry of Education and the Ministry of Interior and the activity we do is related to crime prevention. We won the first OK and Lightstorm in 2003 for hacker training. And then there is the story of how many hackers we have created so far. But it became a profession. And since it became a profession, around 2010-2011, we can

say that it became mainstream. Today, we are already saying that someone is a hacker. Because if you look at the statements of the state, all the banks, or if not all, but most of them, or even the largest companies, have announced these statements. Today, we are already saying that an ethical hacker or an attacker is are called such people. The Certified Ethical Hacker or the Certified Ethical Hacker is the Hungarian equivalent of the OSCP, which is now a well-known and even a sought after entity. And from now on, I think we cannot regard it as not mainstream. And then we will have to deal with the current situation. In fact, this is now almost a weapon, not just an information security professional position. This is a very

serious 20 years that this mainstream has been created for. Just so you can imagine, is there anyone who grew up around the Crisis Lab? Raise your hand. We are a few. Now imagine those of you who saw this inside. In 2000, when I got there and they called me not Crisis, there was a laboratory in the Stokczek building. where we were mostly idle for about 5-6 weeks, and the dog didn't know that the Information Security Laboratory existed at the University of Art. Now, in comparison, Crisis is practically one of the most famous, most well-known laboratories of the University of Art. So yes, it became a profession. Then February 24, 2022 came, and the news came immediately that activist groups had become

active. Anonymous, a small media professional, asked me how I could become a member of Anonymous, what are the recording requirements. Szabolcs said it very well, this answer was born in me at first, that you should buy a mask and a cap with a cap, and wear green letters in the background, and then you will be a hacker. But now, to be a little more serious, the Ministry of Digital Transformation in Ukraine has called for the IT Army to join, as if the Ukrainian citizens and hackers are joining the Russians. The Ukrainian-supported non-Ukrainian hacker groups have appeared, the Russian-supported, formerly only called Lazan cybercrime groups, It seems that in addition, groups that are still under some kind of central control have appeared: the White Russians, pro and contra, and

the chaos around the hektivist groups has burst out, which is usually said in military terms that the proxy groups that were often given to them in the cyber space have appeared. the task of hacking. But let's talk about this a little bit. What is your opinion? How ethical, legal, good, tangible, effective, I don't know what, to involve such hacktivist hacker groups in a specific military operation during the execution? I would start with whether they were involved or wanted to be involved. Because this conflict is definitely and where the emotion appears, the mind sometimes gets stuck in the background. I am sure that many people said that I was in the Anonymous or the Ukrainian initiative without any knowledge.

I would start from a distance. This is not the only way. If you look at what happened between January and February with the Ukrainian critical infrastructure and then with the European one, you can see that the Russians, as they have done so far, have actually made a breakthrough. a cyber attack on the state-centered level, because those "wipers" that were sent by the Ukrainian crisis infrastructure were for the purpose of either the energy sector or the state-owned C2, the command and control sector, not sector, but command and control systems, or the industrial target The Russians were very prepared to put their feet in Ukraine before the special military operation. They had a very serious consequence in Europe before the cyber

attack. And the Ukrainians also stood by this question, and I say this in a very honest way, because it is exactly Ukraine who has the digital transformation minister. And they have been consciously prepared for this invasion in the last eight years. This is not just happening from one day to the next. More than 80% of Russian companies are still able to resist the attacks, and they have not been able to defeat them with these attacks. The Russian attackers have already tested this before. It is noteworthy that the Russian side has been in the middle of the state since 2002. the center of hacker attacks, capacities and information-based military operations. They were constantly testing these capabilities and constantly improving them. The Ukrainians, however, improved the

capabilities of the opposition, as they should. I suggest to everyone to take an example of how they prepared for this invasion with the Ukrainian companies. and cyber attacks, because they have been left on the shelf. And to this day, any physical damage is caused by their communication networks. 70% of them are provided by 4G networks, the wide-ranging mobile network, which is of vital importance to them. And this is where the bullying came in. Which is a genius idea, in the sense that thousands of people acquired their abilities with this, and they themselves have set up the international hacker community. That is another question, whether this is ethical, legal or not. I think that in a war, asking for

justice is another question, than in peacetime. In peacetime, it wouldn't be that, but in a war situation, I think this was a brilliant step to measure the election crash. Ukraine has a huge advantage in attacking Russia's back country, and with great success, by the way. months, and they have achieved incredible success. This shows that the Russians have developed their attack capacity. Every country has been on the attack capacity since 2007, while no one is protecting the country from the back. We have already talked a lot about how they operate the systems of injury. This is a very good example of how, if you do not strengthen the country from the back, Please support the attack, because this can be re-attacked. The international professionalism of the offensive

cyber operations, as if it was a military-intentioned professionalism, is, in fact, very limited. They do not write about it very often. We wrote about it at the University of Public Service, which has been in the publication since last year, and we will publish it in September. When we wrote it, I didn't think that the location could be tested in writing, but you can see it later. There is a article about the use of hacker groups. And if we look at it, it was very strange that even the Russians had a completely accepted solution, that they use either hacktivist or nationalist groups, or that cybercrime groups are colliding with internal intelligence services and the army, while on the

western side, and I don't want to focus on Ukraine, but on the groups supporting Ukraine, Anonymous and its partners, but Western NATO member states were not very interested in using proxy groups. So if there is military operation, then obviously the soldiers take action, or the secret service is disturbed by something, but the secret service is usually very quiet, so it was not very possible to see any effect of this. And compared to that, the war ends and a lot of groupings come from nothing, like the 72-year-old calculator. There are 72 groups, of which I think there are 20. The Russian side has a size of 20 and the rest is… Yes, so there are around 50 groups.

52 maybe, the Ukrainians. Yes, those who are pro-Ukraine. Where did these come from and how can they work together? And the military thinking or military logic is starting to stir in me here, that obviously there are so many very, very passionate people. But we know that hacking is just a way of getting people to step on a bad button and things die. And so far, there hasn't been much information about it, for example, that Russian-made infrastructure would have been placed in such a way that it would really hurt the country. It's no coincidence, because if this happens, it could be a war reason. and probably nobody wants to do that. But those who are laic,

in the sense of strategy, in this matter, how can they know how far they can go and how far they can't? This is what I really care about. And there are two solutions that are exciting in this regard. One is that obviously Obviously, if the Russians built some kind of direct contact with hacker groups, then there are such things on the western side as well. The other is that, as you know, we talk about this a lot, that we have to make emotions and control something along with emotions, but in the meantime, practice some kind of indirect control. This could be the other solution. Don't forget, Csaba, that I argue with you that it was

not successful. If you look at the map, the length of the damage caused by the crisis is not a problem. The Russian critical infrastructure, nuclear and any other infrastructure is built up in such a way that it is closed until it is necessary. but the analog pair is still there, so it can be controlled manually. And let's not forget that we are talking about two countries: Ukraine, which was digitized in the 90s, and Russia in the 46th century. So in Russia, the companies that have done this, for example, for cyber war activities, can be reached on the Internet. Those who cannot be reached on the Internet, of course, cannot. From this point on, the pirate ships were shot out, the Roscosmos, Rosatom, Rosneft and

all the others, which are Russian companies that have been digitally acquired, were attacked concretely. From the waterworks, gas, oil and all other goods were also attacked. In fact, oil wells were blown up, and SCADA leaders were put on the ground. because the guys were busy in the first week of the war, specifically in the first week of the war, they were busy with their navigational tools. And now the game is still going on, and the guys are talking about it, that they should start to beat them up or not, so they should move away from the field. But they can't calculate where they will fall, So these conversations are going on in the hacker channels, whether the software is available, whether we should throw

them away or not. But the point is that the bad cosmos was at war when the hackers attacked its system, the software management system, and, whatever, it was also stated that it was a war crime to attack these systems, the Russian critical infrastructure systems. Which is why in Russia, So it's not funny from this point of view. And if you look at the news yesterday, Russia's ambassador Ensz asked the international community very nicely, he is a 70 year old brother, that we should dematerialize the internet, because it is no longer working, the whole world is now fighting the Russians, while everyone knows what they are doing physically and what they are doing. It is not true that they did not attack them successfully, they have put down

the railway so that there would be no military transport, The water was closed in 8 towns, there was no water for days, the gas, the oil, the Russians could not tank the gas on the gas stations. So there was a lot of successful attack. which was then solved by hand control, because they know this, and they are very good at this, because the analog is still there. Let's not forget that the attackers also implemented four nuclear weapons. So, the last thought is where is the responsibility of the family of the given 16, 17, 28-year-old, I don't know, three children, who did this and broke it. and it doesn't press the red button or it does, that's another question. There is no control here. Szabolcs. Yes, I think we

should think about how much this organized or coordinated thing could have been. Because if there is a working hacker or even a very good expert, he is not sure that he will have the information to get to the wrong cosmos and how he will get there beyond the 66 million page. Whoever already has such information, can probably get into a circle, who, if he sees a news release, will send the information there. And on that level, it can be decided whether we press the button or not. At the same time, if there is a worker or an emotional hacker, or I don't know, who goes to the Russian infrastructure, that now I want to do something here, and starts, say, I don't know, to rob a or

deface a site. This can immediately cause a problem, if someone wants to come in, and the Russians can say: "Now we are going to close everything." So you can cause huge damage if you go out without a notice. as a member of the army, as a member of the army, that I don't want to put this company down. And maybe in the background, people who are already connected to me would work on it, that we get information from here, or we get involved with the lawyers, or we do anything, and a very sensitive person comes who takes the whole thing off the table, because it just seemed like a good idea for him to do

this. It doesn't matter, it doesn't matter, that at the beginning of the operations, no matter how organized or not, we want to reflect on how organized it is. Because on Telegram channels and on all the Darkweather channels that we follow, we see that they do the OSINT, they do the reconnaissance, they spread the infrastructure, they put it in. They also put together Docker images, they give you a stack, a footage, step-by-step descriptions, even for those who don't understand how to work with these tools. So I think there are many more hackers out there now than in the past 20 years. But to reach the organization, it actually started with the Russian, the pro-Russia hacker group, the largest hacker groups,

Conti, Travel and all the others, They immediately cut it down, but they immediately rolled it down. The FSB realized that it doesn't have a hacker team that could continue to destroy it, but it had to rethink and take advantage of the APT28-29 attack teams again, because the public cyber-terrorism teams which were working in cover for the FSB and GRU, were taken down on the first day. The Russians attacked the Ukrainian infrastructure with destructive cyber weapons, and then the European ones, and it continued. By the way, the Ukrainians have taken down all the known hacker groups that could have destroyed them. And from here on, such a kind of a data loop is being created, while the targets are not randomly selected and

the operations are not randomly carried out, but there are teams that specialize in this, that cover up the target infrastructure, that put the vulnerable groups in the middle, This can be observed in the Telegram channel, where they go with a specific goal. So it's almost the same as in a physical practice. The geo-coordinators, AP titles and domain names are given from the discovery, and methods are also given, and even aids are given. And that 400,000 people Sorry, 400,000 hackers who attack Russians on the Ukrainian side, obviously they don't cry for no reason, that there is a problem, it hurts them, it's not random, it's not random. And we are just starting to get started, but the time is almost up. So,

if you have any questions, please think about it. I would like to throw in one last question. Again, it is a journalist's question. I have received it very often. We have already talked about how to join the Onimus. The second favorite question is: Are there any people in Hungary who participate in this project? I know that we are the most aware of this, but can we know? We don't know. No. Actually, I believe you know this, obviously this is a nonsense thing. I am in the part of the whole IT security world that does not see this direction in geopolitical terms or anything else, so I rather look at the tech part. But considering how many reports came from where and how many groups have been

activated, I cannot imagine that there would be a country from the world, from where there would be no Moroccan people who would join this business. Okay, I get it. You understand this. You would be an excellent cyber soldier in this situation, and now you would decide whether you would like to support Ukraine. You don't have to say it in detail, but would there be any idea how to get involved in this operation? I would definitely check what Telegram channels there are. Google's first search for "how to join the Ukrainian IT army"? What is not there in Google does not exist. So if there is such an opportunity, it will be there in Google, of course. But even if

we talk about the Ukrainian cyber army, there were public calls that those who did not live under a rock know what kind of channels they should go to and see what they can attack. I am not saying that anyone should do this, because it is still a violation of the law, even if, for example, But we will tell you what you should do, right? Of course, this is a crime in Hungary. There are still crimes in Hungary. It remains, I think, and that's fine. There are companies and institutions that are engaged in this on a daily basis. There is a framework for this, but I have to say that no one should start it. If you haven't started it

yet, don't do it. It's much better. Because this is a crime. Even if Russia is an aggressor, if a Hungarian Cyber Army member commits a crime and his identity is exposed, he can be punished on Hungarian law and on the basis of law, on the basis of Russian law. Once again, this is a death sentence in Russia. and that is why it is considered a crime of war. So we have to think twice about this. But there are obviously a number of guys in Hungary who are dealing with this now. We have five minutes left. You can ask if you want to, if you dare. If not, I will ask. Gavi, because of the stream.

What do you think will happen if the war is over? What will happen to this capacity that is now being trained? Well, if I may start with the answer, this capacity was not trained just now. This capacity has been put together. What we talk about a lot, many times, is that those who are in the cyber army, for example, But they also take part in attacks from the Russian side. Those are the families, grandparents who then go home and take their children to the kindergarten, kindergarten and so on, and they deal with this during their work. There are almost 120,000 IT experts in Russia who can be hired at any time for a single assignment, but they also go home. It is very

nice to see when the attacks are over, when the time for the withdrawal is up, just when Russia was forced to withdraw from the office. And to put it another way, it is not now that it is being imagined. What is really dangerous is that there is so little experience of a foreign war, because we can call it that now, there is no idea what it is, because the war We cannot put definitions into words, but that is how we call it. that those guys who really read the articles on a Telegram channel, they download it step by step, they start the docker, they get an IP address and they see that the Russian side has been buried, and they are very happy. This

is the entry point. The problem is that its evolution was from the 80s, We grew up through small successes. Then, 15 years later, we had to decide whether to stay on the dark side or start teaching on the whiteboard side. I chose the second one. Many of my colleagues don't. They are no longer on the field today. They are somewhere in the stone's throw. But the point is that that this is what awaits them. The young people, the elderly, they know what to do. And this is very good. And everyone is based on this. The Russians have been doing this for two or three years, since the beginning of the war, in the military sense. The Ukrainians have this new, and the world is new, so I was

much more afraid of the young people, because they don't have this control. But It's not the '90s anymore, where there was this violation of the law, but now it's the case of the BTK. So this is the difference between the two. And there is no good regulation for this. We can't handle this. I think it's very legally difficult to handle, because it's not a statement that "I was a victim of the Ukrainians", it doesn't work like that. And let's not doubt that there will be a lot of more from this. I think that this is not the best question, what will happen to human resources as a mass, but rather how much do the states notice and how much do they start to build a relationship

with these people and how much do they integrate them into their own defense or even their own attack capacities. How much will there be a It is like a cyber-sauce, for example, in a single army, where they say that if someone is dealing with IT-sacks and has to line up, then he doesn't have to send it to the frontline, but he has to put it next to the computer, because it has a much greater effect on it and it is much more useful for the whole operation than if we send it to the front, either by car or completely by train. I think that knowing the history, basically such teams have three outputs. gets a

uniform, a virtual uniform, another goes home and lives the life of a citizen, and the third one is punished. The problem is that there will be many people from the third one who will teach us in the coming years, what do they call it, the remnants of the rags. We have one more minute for someone, perhaps. Let's not interrupt the next speaker, we will probably continue the conversation outside. I will be quick, my question is: do you think we overestimated Russia's cyber capabilities or Ukraine's capabilities? We overestimated Russia's cyber capabilities, but not in terms of attack capacity, but in terms of defense capacity. What we have realized since February is that they are practically standing in front of the protests

with their hands down, because the shipwrecks were put on default land and with such well-known injuries that we did not even notice. What the world has forgotten is that Ukraine is a software development So, Ukrainian developers are playing a very important role in the supply chain, and Ukrainian developers are also developing a lot of Russian companies, and even military developments. For example, Ukrainian developers are developing the software for the target-setting equipment of military vehicles. From then on, the Russians could not reproduce a tank because there was no target deployment. There are many "goals" in this matter. We knew about the Ukrainians that they were very strong in this area. In the digitalization, in how they prepared for the current capacity, their attack capacity

was not in terms of cybercrime, but because the Russians were cooperating with the Russians, It is also very exciting that Russian and Ukrainian cyber-terrorist groups have been attacking the world for a very long time together. They are now working in a different place. We have known the Russian capabilities of the attack from 2002 onwards. It is very strong. But why strong? Because our defense capabilities are weak. They work with very simple methods, with a rock-shape, but they are very effective to this day. But my father never talked about how powerful they are on the defense side. We have to say that not so much. They destroyed everything that could be. The attackers in Russia. They attack just as sophisticatedly as they defend, right?

I was honestly surprised by how low the Russian side was at the beginning. I looked at statistics, the attack of WordPress pages, where they attack from, what we know is that it is not a very precise geolocation, but it can still give a direction. Although the Russian attacks started, for example, that the power of the web pages is taken over, and you can jump from there, and you can attack further using a jumpboard. But the majority of the world was really a group of people and they were pushed down very hard, in quantity and probably in technology as well. I look at Danila and think that we could continue this for hours, but what about the next presenter? So my suggestion is that I would like to

take the next presenter away from the audience, but we would like to continue this conversation outside, there, at the door. And I thank you very much for the invitation, and thank you Feri, and thank you Szabi for coming, and thank you to myself for coming too. Thank you very much for listening. There are still hours left, but we would like to continue the conference with you, so I will give the opportunity to the next presenter. Hello. Thank you very much.