Publication date: June 2, 2014

Positive Hack Days IV: There are Doors that should be Opened Carefully

The famous quote of Friedrich Nietzsche about an abyss that gazes into you became the motto of the PHDays IV forum on practical security. Participants of the annual international conference learned about cyber threats for which the civilization is unprepared: attacks performed against power and transport systems of a city, a smart home turned into a trap, and hackers emptying a virtual bank account. Various ways of survival in today's digital world were also discussed during the forum.

The recipe for PHDays is the same: minimum ads, maximum useful information, entertaining contests, informal communication, rich performances, awkward questions at round-table discussions, and an atmosphere of a research during hands-on labs.

On May 21 and 22 more than 2,500 people from 18 countries visited the forum: leaders and specialists from information security departments of more than 700 financial, telecommunications and industrial companies, young scientists and businessmen, representatives of governmental authorities and the Internet society. Among speakers and panellists were representatives of the Ministry of Foreign Affairs, the Bank of Russia, FSB, the Federation Council, as well as campaign managers, Russian and foreign information security experts. 15,000 people from six countries participated in performances and contests that took place at 19 PHDays Everywhere venues.

"This is the most powerful event in Russia dedicated to information security. Organizers invited the best experts from Russia and abroad. The forum's program is full of events and informative reports. And what's important, there are lot of young people, and at such events they clearly see the advantages of applying their talents on the bright side", commented Sergey Himanich, Head of the Department of Information Security Project Implementation at Megafon.

Scenarios for a disaster film

Is it possible, that one attacker can disrupt a whole city's infrastructure? Participants of the Critical Infrastructure Attack contest tried to find an answer for this question. They needed to test SCADA systems that controlled a heating plant, transport management and illumination systems, cranes and industrial robots. After discovering vulnerabilities, they should demonstrate their exploitation on the contest city model.

The forum's organizers provided participants with a ready-to-run industrial system. Despite the toylike look, the model was managed by the latest SCADA software used in real life.

Alisa Shevchenko turned out to be the best to solve the task. The Russian Lisbeth Salander discovered a number of critical vulnerabilities in a popular industrial automation system that is used by world's largest companies. If exploited in real life, these vulnerabilities can cause harmful consequences, such as denial of service, functional failure of critical infrastructure management systems. Nikita Maksimov, Pavel Markov and Dmitry Kazakov took second to fourth places.

William Hagestad II, an expert in cyber-intelligence and counter-intelligence:

"It is a unique event, where we can see how information security is created and find out who is who in the area. The forum is notable due to realistic contests, such as CTF, Critical Infrastructure Attack and the contest where participants are dealing with a smart home's obstacles".

Modern technologies

Cars, doors, vacuum cleaners and TVs all got out of control... It seems like something from Stephen King's novel. However, soon anyone will have to face the threat of his or her smart home becoming insane under the control of an attacker. According to Gartner, there will be more than 26 billion intelligent home appliances and the market size will grow to 300 billion dollars by 2020. A model of a real apartment, which was created by the forum's organizers and equipped with various electrical appliances and a smart home system, turned out to be a trial for those who decided to participate in the contest. Details about winners will be available shortly.

Today the number of users of remote banking services in Europe and US is more than 120 million, and security of these systems constantly increases. But at PHDays they always manage to crack everything! During the $natch contest, by detecting and exploiting new serious vulnerabilities hackers withdrew from a virtual bank account almost all the money (17 out of 20 thousand rubles). In the end of the second day, a hands-on lab on ATM security assessment was held, and then there was a contest, during which participants tried to hack an ATM. Unlike last year, though, this time no one was able to bypass the ATM's security system.

Tomorrow's army

Ten years ago, they said that if there happened to be a war with robots, Counter-Strike gamers were most likely to win it. But now we all know that hackers will win the war—they will just block this "heavy artillery". Capture the flag contests are among the most impressive activities of the forum. The contest was first launched not long ago, but it gives prestige to its participants: PHDays CTF winners are able to get through to the finals of other competitions held in that format.

PHDays CTF stands out against other CTF contests due to the original game scenario, real-life vulnerabilities and great visualization, thanks to which it was exciting not only to participate in the contest but also to watch the virtual battle.

Several hundreds of teams took part in PHDays CTF Quals. Ten teams from Russia, Spain, Poland, US and South Korea reached the final. During the two days of the forum, they fought for access to secret information, searched for vulnerabilities in the other teams' systems and protected their own systems.

This year, the Polish team Dragon Sector became the winner, Int3pids from Spain took second place, and BalalaikaCr3w, a Russian team, came third.

Cyber forecast

The word "foresight" (methods of forecasting threats and providing preventive measures) became the most frequently used among participants of business sessions. Preemptive tactic is not luxury, but a virtual necessity—these issues were discussed at the round table "Critical Infrastructure Security". Participants spoke on measures that are taken for the protection of critical elements of various sectors: energy, banking, transport, telecommunications. They also attempted to classify cyber threats and assess incident-response readiness. And it is the right time to raise these issues: as it turned out, about one hundred security incidents occurred in each large organization last year. Positive Technologies specialists obtained these data during the security analysis of strategic companies that make the top 100 list in Russia. The main reasons of the current situation lie on the surface. It is all about unfixed vulnerabilities in systems and applications (the age of certain vulnerabilities is more than 7 years!).

Participants of the discussion "State and Cybersecurity" often referred to the need of active foresight as well. The keynote of this discussion was another quote of Nietzsche: "He who fights with monsters should look to it that he himself does not become a monster".

The round table organized by Skolkovo

The PHDays IV forum is designed not only for professionals. It's also a chance for talented young specialists to find themselves in the "white hats" society, present their reports, launch their own project. For these purposes, PHDays Young School, a competition of research papers of students, postgraduates, and young scientists, is held. This year, twenty-two reports were presented by researchers from Russia and other countries. Finalists of the competition spoke at fast tracks during the forum. First place went to Maria Korosteleva and Denis Gamayunov; they presented the report on "Ensuring Cryptographically Strong Group Communications with the Feature of Deniability". Yelena Doynikova took second place; Denis Kolegov and Nikolay Tkachenko, third. For more information, see the PHDays website.

Visitors of the round-table discussion "Prospects for Investment in Information Security" spoke about the future of Russian startups. The discussion was organized by Positive Technologies together with the Skolkovo information security cluster. Main security trends in banking, manufacture and government were discussed during the session. Organizational issues of startup events were also demonstrated. Skolkovo Foundation announced the launch of the competition of information security projects (for details see, which will last from June 2, 2014 till November. Skolkovo will grant financial assistance and tutorial support of leading experts to the winning participants.

Future of the information security market

During the session "IS Market: New Products, Questions, Answers", major players in the market demonstrated their products and solutions that might determine the development of the market in the near future. Cisco, Intel Security, RSA, Positive Technologies and Kaspersky Lab ran the marathon of new products.

According to the panellists, there are three or four main sectors of constantly rising interest. For instance, small and medium-sized businesses are interested in ready-made tools that can take into account their specific characters; big business wants products that can translate information about security threats into terms accessible to shareholders and risk managers.

Proactive defense for web applications and a variety of other applications is a topical problem as well. Their quantity and significance is growing constantly, and it is hard to protect them using old technics. Evgeniya Potseluevskaya, Head of the Analytical Group at Positive Technologies, presented the application security management system by telling about new security methods and unique functions of the new products PT Application Inspector and PT Application Firewall. It's worth mentioning that PT Application Firewall by Positive Technologies (released in the middle of the last year) is already listed as a secure WAF, according to Gartner, and was implemented by Megafon.

Ten most quoted reports

In several days after Positive Hack Days IV, the ranking of reports and sessions most quoted in social networks was formed. The topic of competitive intelligence turned out to be the most popular with the audience. Among the top three were the reports by Igor Ashmanov, Andrey Masalovich, Dmitry Kurbatov and Sergey Puzankov.

The list of the most popular reports at PHDays IV and video recordings of sessions are available on the event's website.

The musical performance

"The night of the cyberpunk eaters" at PHDays fitted in well with the theme of the event, filling the vacuum between the first and second day with inspiring stories about people creating and destroying digital worlds. During the first part, the audience met the MDS project, famous for reading classic and contemporary works on the radio: they read stories by Mersey Shelley and Bruce Sterling this time. After the performance, the night show started at the movie hall.


The largest technological companies joined PHDays as partners of the event: Cisco, EMC, ICL-КME CS, Intel Security, Kaspersky Lab and Mail.Ru were among them. The forum was organized with the informational support of 27 leading business and specialized media companies. Main media partners are the Expert magazine, BFM.RU (a business information portal), the Hacker magazine, the Internet portals and, and the Bankir.Ru news agency.

All news