×
Enjoying ad-free content?
Since July 1, 2024, we have disabled all ads to improve your reading experience.
This commitment costs us $10,000 a month. Your support can help us fill the gap.
Support us
Our journalism is banned in Russia. We need your help to keep providing you with the truth.

Forum Helps Hackers to Obey Law

Hackers, experts and sofware vendors attended the forum on Friday. Guennadi Moukine

A Moscow-based security firm demonstrated how to hack an ATM without any additional tools to a large crowd of hackers, security experts and software vendors, gathered for the annual Positive Hack Days forum in Moscow.

“You don’t need much to take control of some ATMs,” Olga Kochetova, a security expert from Positive Technologies told The Moscow Times on Friday. “Some machines can be hacked just by using your usual bank card and the buttons located around the screen,” she said.

Banks try protecting ATMs, but sometimes they fail to remove things like pop-up system messages. Just by pressing buttons in the right time, when it happens, it is possible to access the operating system, steal information or even run your own program on the ATM’s computer.

Apparently, it doesn’t happen very often, Kochetova said, but only because people are honest and don’t press buttons when they see strange messages appear on the display.

In the past, industrial systems were designed to work in isolation and therefore programmed without any security in mind, said Gleb Gritsai, another expert attending the forum.

Some ATMs can be hacked just by using a usual bank cards and several buttons.

His team presented a model train set controlled through the same hardware and software that is used by the passenger train system in Russia. They gave a step-by-step instruction on how to assume control and then disconnect electricity, change direction of the train and operate a set of semaphore gates.

“It is dangerous for transportation companies and passengers,” said Dmitry Yefanov, a security guru. “The good thing is that in real life, the system is more protected. Normally, rail road control rooms and electrical stations are not connected to the Internet, it’s very difficult to gain access,” he added.

Babak Javadi, a technology expert from Toool.us, said the purpose of hacking is to find weaknesses in a system and find ways to circumvent the rules created for the system. Whether the system is a computer or a door lock, the point is to explore and understand the unexpected situations that can be encountered.

Sergei Gordeichik, the brain behind the forum, said he hoped that the event would bring people from different backgrounds under one roof, to show young people that, in principle, they can do what they love, be on the right side of the law and earn money at the same time.

 “A hacker is someone who has knowledge, ability and experience. Our goal is to create an environment to channel their abilities into the right direction, away from criminal activities,” Gordeichik said.

There is a perception that hackers are bad, negative people, continually plotting evil schemes, Yefanov said. It is completely wrong, he added.

 “I’m a hacker,” Marc Heuse, an independent security researcher, told The Moscow Times, “and I worked for some of the most notable organizations in the world: The U.N., Central Bank of Europe, KPMG and others. Companies not hiring hackers are making a big mistake.”

Heuse pointed out that while there are hackers who break into the internal system, there are also accountants who cheat their companies and steal money. These criminal activities have nothing to do with their interest in their profession; it has something to do with the person’s character, he said.

Hackers turn into security specialists as soon as their work becomes paid, experts agree. Some young people explore system vulnerabilities simply because they are bored. It doesn’t mean they are criminals — they are just curious.

“I would recommend businesses to work on their network security in order to find problems,” Gordeichik said. It will be much worse to learn about them from the news.

In a large, semi-dark hall, full of red bean bags, geeks with laptops and humming trance music, when a Moscow Times reporter inquired if Wi-Fi was available, an attendee said, “Yes, there is … but I wouldn’t recommend using it. You’ll be hacked.”

Contact the author at g.moukine@imedia.ru

… we have a small favor to ask. As you may have heard, The Moscow Times, an independent news source for over 30 years, has been unjustly branded as a "foreign agent" by the Russian government. This blatant attempt to silence our voice is a direct assault on the integrity of journalism and the values we hold dear.

We, the journalists of The Moscow Times, refuse to be silenced. Our commitment to providing accurate and unbiased reporting on Russia remains unshaken. But we need your help to continue our critical mission.

Your support, no matter how small, makes a world of difference. If you can, please support us monthly starting from just $2. It's quick to set up, and you can be confident that you're making a significant impact every month by supporting open, independent journalism. Thank you.

Once
Monthly
Annual
Continue
paiment methods
Not ready to support today?
Remind me later.

Read more