Similar to the last years we are doing a review of our work in 2017 and will try to give a short outlook on our plans for 2018.
In 2017 there have been some personal and also industry-wide events. The Windows-Malware “WannaCry” affected a large number of computers across the globe in May. It impressively showed how important computers are in a modern and digitalized world and that there can be enormous threats due to security risks. Mainly due to our research in 2016 (we found three vulnerable waterworks located in Germany which were exposed to the internet) we were invited to speak at a hearing of the european parliament (in Brussels / Belgium). We outlined our experiences and impressions on the internet security topic with a focus on IoT-Security and this (lobbyism) was was a new, exciting experience for us. It is very important that, next to industry representers, civil society groups get the possiblilty to contribute to a political debate in order to archieve a better balance of interests.
Finally #WannaCry was the reason for our new sticker ;)
The ”Federal Office for Information Security (German: Bundesamt für Sicherheit in der Informationstechnik, abbreviated as BSI)” mentioned our findings (hackable waterworks and mobile traffic light systems) in their report about Germany’s IT security situation (page 14). Unfortunately, we are only mentioned in the German, but not English version.
Another highlight of the year was that both, Tim and Sebastian, finished their Bachelor’s degree, but more about that in the “personal success” section.
Lately, we were informed by several friendly people that our website is listed as “dangerous” on some Anti-Virus blacklists. We are not completely sure why it happened (perhaps it has something to do with our article about cryptomining malware), but we are working hard on getting this fixed. If you see a strange warning or our domain on a blacklist - we would be happy to get an email from you! Contact us here.
Media reports
In 2017 we continued our plan to share our research results with the media in order to outline the importance of information security to the general public. As a side effect it helps to bring the project into a not-only-for-the-tech-community perspective. A handful of well-known TV broadcasters like ARD, ZDF interviewed us about our research findings and opinions on certain topics. Unfortunately the videos are in German, but feel free to have a look at them anyway :)
- https://www.zdf.de/verbraucher/wiso/wiso-clip-3-hackerangriffe-auf-infrastruktur-wasser-strom-werke-100.html
- https://www.tagesschau.de/multimedia/sendung/bab/bab-3971~_bab-sendung-363.html
- https://www.zdf.de/dokumentation/zdfzoom/zdfzoom-datenklau-und-cyberwar-100.html
- https://www.taz.de/Gehackte-Daten-aus-dem-Bundestag/!5436704/
- https://www.politico.eu/article/hacked-information-bomb-under-germanys-election/
The only English report is on politico.eu: http://www.politico.eu/article/hacked-information-bomb-under-germanys-election/
golem.de
We have a good cooperation with one of the biggest german tech-blogs called “golem.de”. Their reach is way higher than ours and that’s why we sometimes post the findings there. All posts are in German, but maybe Google translator will help :)
- Luxury clinic Switzerland found on the Internet
- Debate about the new OWASP Top10
- G20 Portal (police) has legal problems due to missing HTTPs
- Background article about wind power and information security
Conferences and talks
Last year we attended several conferences.
Sebastian took part in the RuCTF finals as part of the @ENOFLAG team for the second time. As usually, a three-day conference was part of the event.
I had fun with my colleagues from @ENOFLAG at the @ructf finals!
— Sebastian Neef (@gehaxelt) 24. April 2017
Nice venue, nice challenges, nice people. 10/10 :) #ructf pic.twitter.com/l6DXaPjUMz
A conference organized by Golem.de about Quantum computing took place in June and we were invited. The talks about that topic (for us a relatively new topic) were quite interesting and enlightening. People believe that quantum computing will break classic cryptography, but at the moment most of the quantum computers don’t have enough Qubits (compute power) to effectively do so. We are curious how this will develop in the next few years and we will definitely have a look at it.
Woop woop! I'm ready for quantum computing and interesting talks. Thanks for the invitation, @golem :) pic.twitter.com/PsISBA1hKB
— Sebastian Neef (@gehaxelt) 23. Juni 2017
In September 2017 Tim was at Z2X which is a kind of a future festival for young people between 20 and 30 - it was organized by the online department of ”DIE ZEIT” (a big german newspaper). He presented our project’s idea and in the end it was voted on the second place by the 800 Z2X participants. We are happy about the positive feedback and plan to share our work more often on such events. In 2018 Z2X is definitely on our list and Sebastian would like to join next time!
#Z2X17-Finalist: https://t.co/3ygE9usCVt will das Internet durch Hacking sicherer machen pic.twitter.com/FMQC9a5vTF
— z2xfest (@z2xfest) 3. September 2017
At the end of the year we were at the largest, european hacker congress, the 34th edition of the Chaos Communication Congresses for the 4th time in a row. The hacker-atmosphere was great and we enjoyed interesting talks and met a lot of friends and followers! Just as last year, we had our own “assembly” that we used as a gathering/communication point. The conference moved from Hamburg to Leipzig what lead to a few challenges and changes, but we all had a wonderful time. We can’t wait for this year’s edition #35c3!
Thank you for a very nice #34c3
— Internetwache.org (@internetwache) 30. Dezember 2017
Amazing talks, friendly discussions and hacking around! Looking forwars to #35c3 ^ts pic.twitter.com/bOgLmp0EX0
The new “Wannacry” stickers have been considered “better than last year” and we managed to distribute all of them (1000 pcs). Did you (not) get a sticker? Let us know :)
We distributed around 1000 new stickers at the #34C3. Who got a fancy #wannacry sticker on his laptop now? ^sn pic.twitter.com/71WdIEpQ1M
— Internetwache.org (@internetwache) 4. Januar 2018
Personal success
Sebastian (@gehaxelt) finished his Bachelor degree with a thesis about the Implementation and Evaluation of a Framework to calculate Impact Measures for Wikipedia Authors. After that achievement, he drove 12,000 kilometers with a Audi 100 through most countries of Eastern Europe in companionship of a good friend. Interesting experiences, people and memories were collected during this 2.5 month long roadtrip. For 2018, he plans to study abroad and begin his master degree.
Tim (@TimPhSchaefers) also finished his Bachelor. In his thesis he deals with an evaluation of “Privileged Access Management” solutions. Furthermore, Tim was named a Junior-Fellow by the German Informatics Society. He also finished his second book (together with a fellow student) with the name “WLAN Hacking” that will be published in January 2018. As part of the Junior-Fellowship, Tim especially wants to point out the importance of IT-Security and Privacy.
2017 in numbers
With more than 2200 followers on our @internetwache twitter profile, we count a daily growth of ~1.6 followers per day during the last year.
Regarding our page impressions on our blog, we only have positive news! We are counting more than 40.000 visitors and a total of 52.000 pageviews. It is an increase of around 50% in comparision to 2016. Most of the traffic comes from our international readers, because the English blog is frequented three times more often than the German one. This surprised us a bit, because we only wrote merely three new blogposts last year! Sadly we did not have more time for more research and blogposts, but as we said last year: Quality >>> Quantity!
We hope to publish our ongoing research in early 2018, so stay tuned for more :)
Outlook on 2018
Originally, we planned to host another CTF this year, because our first CTF in 2016 was so much fun and we got mostly good feedback. However, we did not find the time to write all the challenges and organize everything. Maybe we will manage to do it this year!
We would like to continue our cooperation with the media and attend more conferences (and even give talks). Furthermore, we would like to purse and publish more research. At least we have enough ideas!
We wish everybody a successfull 2018!
Tim & Sebastian
The Team of Internetwache.org