Interview

Hacking is also a weapon of war

Niels Hofmans, Intigriti

In times when phishing is sweeping across the globe and cyberwarfare is all over the news, the word 'hacking' has a decidedly negative connotation. But it doesn't always have to be that way. Intigriti proves this. The online platform works with 'positive hackers' who only have our best interests at heart. Referred to as 'researchers', they try to find out how companies are vulnerable to cyber-attacks and whether they are sufficiently protected. 

The Belgian organisation Intigriti profiles itself as a 'bug bounty platform'. Via this platform, organisations can check the security of their websites and apps. A team of 50,000 'ethical hackers' or researchers who have joined the online platform, track down the vulnerable spots in the security of said websites or apps. Intigriti relies on the power of numbers. After all, 50,000 ethical hackers see more than the ICT team of the average company. If they find a vulnerable spot in the company's security, a bug or other error in an application, the client rewards them with a bounty. The company then has the hole in its security closed.  

"Companies - but also citizens - are still too little aware of cybercrime and the risks associated with it."

Niels Hofmans, Head of Security with Intigriti

Organisations that contract Intigriti do so because they are aware of the possible security risks they run. But not all companies have reached this point yet. "Companies that have the financial resources to recruit security profiles are usually ahead of the game. The same applies to organisations that are strong in ICT and are modernising their infrastructure." Unfortunately, the rest of the business world is lagging behind. "Those organisations still have a lot of catching up to do. Fortunately, awareness is growing." says Niels Hofmans, Head of Security at Intrigriti. 

Cyberwarfare  

The growth of awareness is partly due to the increasing media attention for cybercrime. "There are groups active with strong - suspected - links to state actors. I'm not just thinking of Russia. A few years ago, for example, a British intelligence service penetrated Proximus. You also have strong criminal organisations that try to hack into the container terminals in the major ports, for example." But likewise there are also small gangs, or even just groups of teenagers, who engage in hacking as a hobby. Very often it is hard to find out who was responsible for an attack. After all, cybercrime is very accessible. "With a laptop and a web browser you can already inflict harm on someone," says Niels Hofmans. 

In the context of a war - as is currently the case with the conflict in Ukraine - the importance of the digital war machine is increasing. "We see this, among other things, in the disinformation campaigns that pop up online," Niels Hofmans continues. "This is not new, as we also saw these campaigns around the election of Donald Trump and in the run-up to Brexit. "Specifically in the conflict between Russia and Ukraine, we see that cyber warfare is an important part of it, both in the 'official' and 'unofficial' war. "Hackers attempt, for example, to disable the opponent's communications just before a physical attack. But there is also active espionage and hacking, for example by releasing malware on the systems of border posts so that people have a harder time fleeing the country." 

"In cyberwar, it's not just about disabling or damaging critical infrastructure, but also spreading disinformation."

Critical infrastructure 

The cyber part of conflicts and wars gaining in importance may also be deduced from Defence Minister Dedonder's plans to reinforce the Belgian army with cyber soldiers by 2025. "Hacking governments, utilities, banks and other organisations is now inherent in modern warfare," says Niels Hofmans. "Critical infrastructure is not spared in the process." But ethical hackers can play a role there too, for example by checking the security of nuclear power stations, telecom providers, water companies and other critical infrastructure. 

At the same time, there may be a more subtle cyber threat. The finger is often pointed at China, which supplies technology on a massive scale, including in our country. "We cannot deny that there is political interference by the Chinese government in Chinese companies," says Niels Hofmans. "The government can request the personal data of users of technology arbitrarily. But that is just as true for American companies. It is a risk that we apparently accept, as users of Chinese and American technology. Using a Chinese smartphone is not so dangerous in itself. But using Chinese technology in our army? Surely that's something to think about thoroughly."  

Dries Van Damme has more than twenty years of experience as an ICT journalist. He has published in (amongst others) Data News and is the manager of the media office Bureau 44.

Read more on cyberwar