Jack Cable is 17 years old and unlike most high schoolers, he works as a white-hat hacker. He’s now in Ukraine, onboard the Antonov 225 Mriya, the heaviest aircraft ever built. Jack is in the company of hacking legends: the co-founder of Apple Steve Wozniak, the author of the legendary PGP email encryption app Phil Zimmermann, and dozens of other younger hackers. Why did they come to Kyiv? To participate in the international three-day private hackathon titled the HackIT Cup (the first of its kind in Eastern Europe) organized by a cybersecurity company Hacken.
The Antonov 225 strategic airlifter, which was currently being used as a somewhat exotic convention center, was provided by a subsidiary of Ukroboronprom-a major Ukrainian military defense corporation. Ukroboronprom is interested in amping up the country’s cyberdefense capacity in the wake of the ongoing cyberwar, which started in 2014 as a follow up to the military conflict in Donbas.
Another interested party, supporting the event not only with their endorsements but with money as well, are the local blockchain leaders. Ukrainian blockchain community is currently blossoming despite the ambiguous regulatory framework.
After numerous, notoriously successful, cyberattacks on cryptocurrency exchanges and infrastructure, the blockchain nouveau riche are eager to have their own cyber defense group with dedicated expertise.
What is Your Superpower?
Coming back to Jack Cable, it turns out this gifted teenager is not new to air bases. Prior to arriving in Ukraine, Mr. Cable won the Hack the Air Force bug hunting competition sponsored by the Pentagon. In Ukraine, Jack became the winner yet again, sharing this prestigious award with 27-year-old Tanner Emek from San Francisco.
The two worked as a team during the HackIT Cup, looking for vulnerabilities in the IT systems of four major ecommerce clients, all of which are new to bug bounty programs and requested to remain anonymous.
Tanner Emek spent the majority of his efforts hunting for business logic issues in the targeted apps. These types of bugs get introduced with coding errors specific to the application’s core functionality, typically not discoverable by automated scanners. Like Jack, his friend Tanner is quiet and unassuming. You would never have guessed that both guys have already made a fortune from computer code vulnerabilities.
Among other great teams and solo hackers who participated in the HackIT Cup (in order of points scored):
- the Egyptian team ‘3nters’, lead by Yasser @garagosy Ali, joined by Ebrahim Hegazy @Zigoo0, Ahmed Aboul Ela @aboul3la and @MazenGamal.
- Julian Keller and @Patrik Fehrenbach from Germany.
- @Shahmeer_Amir from Pakistan.
- Sandeep @geekboy Singh and @Parth_Malhotra from India.
- @SamEizad from Sweden.
- @AbdulahHusam from Iraq.
Hacking with a Faint Hint of the Desert Sand
Yasser Ali, originally from Egypt, now residing in UAE, flew to Kyiv from Dubai with a crew of hacker friends. They then hopped aboard the high speed intercity train to Kharkiv.
Yasser looks exactly how you might imagine a Middle Eastern intellectual to look. He becomes really excited when flipping through paperbacks next to a barista at a local indie café in the Zoloti Vorota [En.: The Golden Gate] quarter of Kyiv.
Yasser frequently joked about his expectations to be kidnapped by the local security forces and forced into slavery, on guard of the national cybersecurity of Ukraine. Surprisingly, this didn’t happen, for better or worse. Instead, Yasser and his hacker-friend Mazen Gamal were almost kidnapped by a crowd of vendors at Vsi Svoi marketplace, which specializes in high quality clothing, plates and souvenirs-all of which are of local origin.
A Man That (Almost) Never Sleeps
Shahmeer Amir from Pakistan has a grueling habit of sleeping for only 2 hours a night. On Thursday, right after arriving to Kyiv from the HackIT Cup bug bounty session in Kharkiv, he bumped into Dmytro Budorin, the co-organizer of HackIT Cup and the CFO of the Hacken Ecosystem. It all occurred online, while the two were skimming through their messengers. It was 5 AM in the morning and Shahmeer told Dmitry of his plans to wander around Kyiv.
The morning transformed into a 10 kilometer walk that intrigued both Shahmeer and Dmitry. The resulting friendship ended up with Shahmeer’s close involvement in building HackenProof, the novell bug bounty platform by Hacken. Mr. Budorin is planning to continue building HackenProof after the token sale of HKN-the first dedicated cryptocurrency for white-hat hackers. The alpha version of the platform should be released days before the upcoming token sale, planned for October 31, 2017.
Shahmeer definitely has some biz acumen, running his own international application and penetration testing firm Veiliux back home in Pakistan.
Indian Adventures: to Kharkiv and Beyond!
Sandeep Singh wears love beads around his wrists, smiles with a magnetic Shantaram smile, pulls pranks and various jokes and takes on the appearance of a cyber-hippie. His online alias ‘Geekboy’ adds a dash of nerd chic to the whole shabang. While this is all true, Geekboy is also a hard working influencer in the global hacking community, currently in the Top-3 of HackerOne.
Together with Parth Malhotra, wingman and a fellow hacker from India, Geekboy scouts Kharkiv night clubs after hours for non-stop hacking in a hotel room. There all the gang hangs out. The duo comes across a true catharsis when travelling to Kyiv in a dedicated railway ‘whisky bar’, in reality-an economy class old railway car, booked by the organizers from the local state-owned railway operator.
During a city tour in Kyiv, the guide leads the entire HackIT Cup group towards Andriyivsky Uzviz, a sloped street connecting downtown Podil to the old city. The street houses dozens of stalls selling various exotic souvenirs. At one stall, Jack grabs a cossack sheepskin hat and Parth tries mazepynka, a symbol of Ukraine’s centuries old fight for freedom, which is now the official headwear of the Ukrainian Army. The photographer quickly snaps a photo which beautifully captures the main idea behind the HackIT Cup: uniting the world’s best computer minds to protect peace and security online.
The First Bug Bounty Hackathon in Eastern Europe
Originally introduced by HackerOne during H1–702 in Las Vegas back in 2016, the bug bounty hackathons are gathering momentum. In 2017, Europe hosted its first bug bounty hackathon in Amsterdam. However, in Eastern Europe things have been quiet, until now that is…
Bug bounty hackathons have proven to be super instrumental tools in building community and promoting white-hat hacker ethics. Until recently, Ukraine was home to numerous international online businesses of dubious reputation. If local hackers go white hat, the country might become a powerful international player in the bug bounty business. This isn’t merely a pipedream.
The country already became one of the major IT outsourcing workhorses a decade ago. The goal of HackIT Cup is bolstering a nation’s hope for the betterment of the cyber community.
Rewards Paid in Dedicated Cryptocurrency for Hackers
The HackIT Сup is the birthplace of yet another remarkable phenomenon. For the first time ever, a bug bounty is paid not in US dollars or bitcoins, but rather in hackens – the new cryptocurrency, which will debut worldwide after a token sale on October 31, 2017.
All hackers, who had bug bounty contributions acknowledged by the clients, were awarded various amounts of HKN. If the upcoming token sale reaches the minimum milestone of 1.5M tokens being sold, HKN will become the only currency accepted by HackenProof bug bounty platform and other businesses comprising Hacken Ecosystem.