Quebec city, November 27th 2012
On November 2nd & 3rd 2012 Hackfest 2012, Canada’s largest Information Security conference East of Toronto was held in Quebec City. Their host was the wonderful Plaza Hotel, located in Saint-Foy. Security professionals and enthusiasts, nearly 500 of them, attended Hackfest “Revolution”. Over 20 talks were given during the event, covering a wide range of topics such as current issues on cyber-security, research and hardware hacking. 26 speakers from all over made the trip to the Capital city. Several were from abroad (6) & Ontario (2), but there was also a strong local presence as 18 speakers were from the province of Quebec.
A few hot topics were Dimitri Soulelliac’s presentation on hardware hacking using a 35$ computer. Leftenant Jacques Oueillet’s “Anonymous Spring” was standing room only and Ben Sapiro, co-founder of OpenCERT and LiquidMatrix co-host, spoke on the subject of how to be more efficient when dealing with contracts in the information security field. Jim Manico from OWASP spoke of web application vulnerabilities and ex-counter intelligence agent Michel Juneau-Katsuya spoke of industrial espionage.
This year training was offered which is a first for Hackfest. Belgium’s Peter Van Eeckhoutte from Corelan came down and offered his well-known and highly respected class “Corelan Live – Win32 Exploit Development Bootcamp”. Starting November 1st, students from around the world (Denmark – UK - India to name a few) enrolled and participated in this 2 day, 12 hour a day course. Learning techniques in identifying and exploiting software vulnerabilities in Windows based applications.
Hackfest’s greatest accomplishment this year was the cyber war simulation game (Hackfest Cyberwar). It incorporated many of the technologies & concepts that make the Internet function the way it does. Making this game completely unique and never before seen at this type of event. 80 participants split up into 8 teams representing various countries needed not only to attack but also defend their nation’s IT infrastructure. The realism and the complexity involved in preparing this game took a team of 20 tech-savvy volunteers over 10 months to create.
A classic Capture The Flag event (Hackfest CTF), CTF for short, was also held on the event’s second day. Over 120 participants took part and tested their offensive skills and mental acuity against a wide variety of vulnerable installations, mind-benders and brainteasers.
Hackfest 2012 was the fourth installment of this yearly event, distinguishing themselves Internationally and bringing the information security communities from Quebec, Ontario and New-Brunswick together.
Results and observations during Hackfest’s cyber reality war game held on November 2nd 2012.
This year’s objective during our cyber war game was to create a realistic environment where students, beginners and veterans of the information security world could put their skills to the test. Representing various countries in a state of emergency, players would need to apply all their knowledge in order to successfully make their country prosper by attacking opposing forces. All the while defending their nation’s IT infrastructure.
The battlefield consisted of a simulated Internet, enterprise level services (e-mail server, web server, file servers etc.), online banking (complete with fluctuating interests rates, constant withdrawals and deposit). Other infrastructures such as Voice over IP telecommunications (VoIP), military bases with accompanying missile launchers, an anonymous communication network (TOR network) and several SCADA installations to name but a few. Challenges were as numerous as they were diverse, offering everyone a chance to get in on the action.
During this simulation, the competing teams adopted different behaviours and strategies. For example, many opted to concentrate on security; others took a more offensive approach, as others tried to find a balance between the two. Here are a few of more examples:
- Peace treaties between different countries were established.
- Mercenaries were employed to either help or hinder a team. Bribing an opposing team member was also observed.
- Physical attacks were used, such as taking pictures of computer screens and documentation theft.
- The “Denial of Service” (DoS) attack, be it physical or virtual, was also widely used.
- Deceitful alliances were declared in order to lull opposing teams into a false sense of security.
- Spies were used to steal valuable information, or cripple critical infrastructure.
- Economic collapse was caused by many nations losing control of their infrastructure. Massive bailouts were needed to rebalance the world’s economy.
As a whole, Hackfest 2012’s cyber game was a complete success. The participants enjoyed themselves and were able to practice skills that can only be used legally in only a handful of situations. Several professionals commented on the realism of the game. Pointing out the consequences of such attacks on important key infrastructures. But most of all, the game’s success can be attributed to the simple fact that Hackfest created a unique environment where security professionals and enthusiast can discuss and experiment.
Finally, be it a conference, security hacking games or just offering a place for the community to gather and discuss information security, Hackfest as again exceed its expectations towards promoting information security. We sincerely hope to see you again next year for our 5th installment of Hackfest and in our monthly hackspace meetings.
- Article from HP.com: http://h30499.www3.hp.com/t5/Following-the-Wh1t3-Rabbit/Wargames-on-a-New-Level-Hackfest-CA-in-Quebec-City/ba-p/5853669
- Article LaPresse (French): http://techno.lapresse.ca/nouvelles/internet/201210/29/01-4587968-quebec-au-coeur-dune-cyberguerre-virtuelle.php
- Article, Xivo Blog (French): http://blog.xivo.fr/index.php?post/2012/11/08/Hacking-at-the-Hackfest
- Article HF2012 by Zataz (French): http://www.zataz.com/news/22502/hackfest-2012--novembre--quebec.html
- Article CTF Challenge by Zataz (French): http://www.zataz.com/news/22505/Hackfest--quebec.html
- Article “Hardware Hacking” (French): http://securite-ti.com/?p=522
- French Radio-Canada (CBC): http://www.radio-canada.ca/Medianet/2012/CKTM/LeTelejournalMauricie201211031800.asx
- French Zataz (Europe): http://zatazweb.tv/hackfest-quebec-2012/