How much does it take to hack a mobile network?
Is electronic government secure
in the era of WikiLeaks and Anonymous?

Is SCADA hacking a Hollywood fiction
or the nowadays reality?
Internet banking: is there any chance to win
over the fraudsters?

Cyber-crimes, cyber-espionage, cyber-war: where do we draw a borderline?


Tuesday, June 3, 2014

Positive Hack Days IV: There are Doors that should be Opened Carefully

The famous quote of Friedrich Nietzsche about an abyss that gazes into you became the motto of the PHDays IV forum on practical security. Participants of the annual international conference learned about cyber threats for which the civilization is unprepared: attacks performed against power and transport systems of a city, a smart home turned into a trap, and hackers emptying a virtual bank account. Various ways of survival in today's digital world were also discussed during the forum.

The recipe for PHDays is the same: minimum ads, maximum useful information, entertaining contests, informal communication, rich performances, awkward questions at round-table discussions, and an atmosphere of a research during hands-on labs.

On May 21 and 22 more than 2,500 people from 18 countries visited the forum: leaders and specialists from information security departments of more than 700 financial, telecommunications and industrial companies, young scientists and businessmen, representatives of governmental authorities and the Internet society. Among speakers and panellists were representatives of the Ministry of Foreign Affairs, the Bank of Russia, FSB, the Federation Council, as well as campaign managers, Russian and foreign information security experts. 15,000 people from six countries participated in performances and contests that took place at 19 PHDays Everywhere venues.

"This is the most powerful event in Russia dedicated to information security. Organizers invited the best experts from Russia and abroad. The forum's program is full of events and informative reports. And what's important, there are lot of young people, and at such events they clearly see the advantages of applying their talents on the bright side", commented Sergey Himanich, Head of the Department of Information Security Project Implementation at Megafon.

Scenarios for a disaster film

Is it possible, that one attacker can disrupt a whole city's infrastructure? Participants of the Critical Infrastructure Attack contest tried to find an answer for this question. They needed to test SCADA systems that controlled a heating plant, transport management and illumination systems, cranes and industrial robots. After discovering vulnerabilities, they should demonstrate their exploitation on the contest city model.

The forum's organizers provided participants with a ready-to-run industrial system. Despite the toylike look, the model was managed by the latest SCADA software used in real life.

Alisa Shevchenko turned out to be the best to solve the task. The Russian Lisbeth Salander discovered a number of critical vulnerabilities in a popular industrial automation system that is used by world's largest companies. If exploited in real life, these vulnerabilities can cause harmful consequences, such as denial of service, functional failure of critical infrastructure management systems. Nikita Maksimov, Pavel Markov and Dmitry Kazakov took second to fourth places.

William Hagestad II, an expert in cyber-intelligence and counter-intelligence:

It is a unique event, where we can see how information security is created and find out who is who in the area. The forum is notable due to realistic contests, such as CTF, Critical Infrastructure Attack and the contest where participants are dealing with a smart home's obstacles.

Modern technologies

Cars, doors, vacuum cleaners and TVs all got out of control... It seems like something from Stephen King's novel. However, soon anyone will have to face the threat of his or her smart home becoming insane under the control of an attacker. According to Gartner, there will be more than 26 billion intelligent home appliances and the market size will grow to 300 billion dollars by 2020. A model of a real apartment, which was created by the forum's organizers and equipped with various electrical appliances and a smart home system, turned out to be a trial for those who decided to participate in the contest. Details about winners will be available shortly.

Today the number of users of remote banking services in Europe and US is more than 120 million, and security of these systems constantly increases. But at PHDays they always manage to crack everything! During the $natch contest, by detecting and exploiting new serious vulnerabilities hackers withdrew from a virtual bank account almost all the money (17 out of 20 thousand rubles). In the end of the second day, a hands-on lab on ATM security assessment was held, and then there was a contest, during which participants tried to hack an ATM. Unlike last year, though, this time no one was able to bypass the ATM's security system.

Tomorrow's army

Ten years ago, they said that if there happened to be a war with robots, Counter-Strike gamers were most likely to win it. But now we all know that hackers will win the war—they will just block this "heavy artillery". Capture the flag contests are among the most impressive activities of the forum. The contest was first launched not long ago, but it gives prestige to its participants: PHDays CTF winners are able to get through to the finals of other competitions held in that format.

PHDays CTF stands out against other CTF contests due to the original game scenario, real-life vulnerabilities and great visualization, thanks to which it was exciting not only to participate in the contest but also to watch the virtual battle.

Several hundreds of teams took part in PHDays CTF Quals. Ten teams from Russia, Spain, Poland, US and South Korea reached the final. During the two days of the forum, they fought for access to secret information, searched for vulnerabilities in the other teams' systems and protected their own systems.

This year, the Polish team Dragon Sector became the winner, Int3pids from Spain took second place, and BalalaikaCr3w, a Russian team, came third.

Cyber forecast 

The word "foresight" (methods of forecasting threats and providing preventive measures) became the most frequently used among participants of business sessions. Preemptive tactic is not luxury, but a virtual necessity—these issues were discussed at the round table "Critical Infrastructure Security". Participants spoke on measures that are taken for the protection of critical elements of various sectors: energy, banking, transport, telecommunications. They also attempted to classify cyber threats and assess incident-response readiness. And it is the right time to raise these issues: as it turned out, about one hundred security incidents occurred in each large organization last year. Positive Technologies specialists obtained these data during the security analysis of strategic companies that make the top 100 list in Russia. The main reasons of the current situation lie on the surface. It is all about unfixed vulnerabilities in systems and applications (the age of certain vulnerabilities is more than 7 years!).

Participants of the discussion "State and Cybersecurity" often referred to the need of active foresight as well. The keynote of this discussion was another quote of Nietzsche: "He who fights with monsters should look to it that he himself does not become a monster".

The round table organized by Skolkovo

The PHDays IV forum is designed not only for professionals. It's also a chance for talented young specialists to find themselves in the "white hats" society, present their reports, launch their own project. For these purposes, PHDays Young School, a competition of research papers of students, postgraduates, and young scientists, is held. This year, twenty-two reports were presented by researchers from Russia and other countries. Finalists of the competition spoke at fast tracks during the forum. First place went to Maria Korosteleva and Denis Gamayunov; they presented the report on "Ensuring Cryptographically Strong Group Communications with the Feature of Deniability". Yelena Doynikova took second place; Denis Kolegov and Nikolay Tkachenko, third. For more information, see the PHDays website.

Visitors of the round-table discussion "Prospects for Investment in Information Security" spoke about the future of Russian startups. The discussion was organized by Positive Technologies together with the Skolkovo information security cluster. Main security trends in banking, manufacture and government were discussed during the session. Organizational issues of startup events were also demonstrated. Skolkovo Foundation announced the launch of the competition of information security projects (for details see, which will last from June 2, 2014 till November. Skolkovo will grant financial assistance and tutorial support of leading experts to the winning participants.

Future of the information security market

During the session "IS Market: New Products, Questions, Answers", major players in the market demonstrated their products and solutions that might determine the development of the market in the near future. Cisco, Intel Security, RSA, Positive Technologies and Kaspersky Lab ran the marathon of new products.

According to the panellists, there are three or four main sectors of constantly rising interest. For instance, small and medium-sized businesses are interested in ready-made tools that can take into account their specific characters; big business wants products that can translate information about security threats into terms accessible to shareholders and risk managers.

Proactive defense for web applications and a variety of other applications is a topical problem as well. Their quantity and significance is growing constantly, and it is hard to protect them using old technics. Evgeniya Potseluevskaya, Head of the Analytical Group at Positive Technologies, presented the application security management system by telling about new security methods and unique functions of the new products PT Application Inspector and PT Application Firewall. It's worth mentioning that PT Application Firewall by Positive Technologies (released in the middle of the last year) is already listed as a secure WAF, according to Gartner, and was implemented by Megafon.

Ten most quoted reports

In several days after Positive Hack Days IV, the ranking of reports and sessions most quoted in social networks was formed. The topic of competitive intelligence turned out to be the most popular with the audience. Among the top three were the reports by Igor Ashmanov, Andrey Masalovich, Dmitry Kurbatov and Sergey Puzankov.

The list of the most popular reports at PHDays IV and video recordings of sessions are available on the event's website.

The musical performance

"The night of the cyberpunk eaters" at PHDays fitted in well with the theme of the event, filling the vacuum between the first and second day with inspiring stories about people creating and destroying digital worlds. During the first part, the audience met the MDS project, famous for reading classic and contemporary works on the radio: they read stories by Mersey Shelley and Bruce Sterling this time. After the performance, the night show started at the movie hall.


The largest technological companies joined PHDays as partners of the event: Cisco, EMC, ICL-КME CS, Intel Security, Kaspersky Lab and Mail.Ru were among them. The forum was organized with the informational support of 27 leading business and specialized media companies. Main media partners are the Expert magazine, BFM.RU (a business information portal), the Hacker magazine, the Internet portals and, and the Bankir.Ru news agency.


  1. Replies
    1. Great Article
      Cyber Security Projects

      projects for cse

      Networking Projects

      JavaScript Training in Chennai

      JavaScript Training in Chennai

      The Angular Training covers a wide range of topics including Components, Angular Directives, Angular Services, Pipes, security fundamentals, Routing, and Angular programmability. The new Angular TRaining will lay the foundation you need to specialise in Single Page Application developer. Angular Training

  2. Who can write an essay faster and in a better quality than services? My answer is no one. I have tried many companies but kept on moving to another. Now, when I found I have writers to write my essay for me for already 2 years. I am completely satisfied.

    1. This comment has been removed by the author.

  3. So we can words cheat for words with friends.

  4. I Thinks this is nice post. Keep it Up . Thanks Digital Whatsup
    Always help others. Cheers

  5. I found your post so interesting. Thank you for the valuable information.

  6. شركة كشف تسربات المياة ببريدة
    شركة مكافحة حشرات ببريدة
    شركة مكافحة النمل الابيض ببريدة
    شركة رش مبيدات حشرية ببريدة
    شركة تنظيف منازل ببريدة
    شركة تنظيف مجالس ببريدة
    شركة تنظيف كنب ببريدة
    شركة تنظيف فلل ببريدة
    شركة تنظيف شقق ببريدة
    شركة تنظيف ببريدة
    يعتبر التنظيف من الامور الضرورية والتى يجب على ربه المنزل الفيام بها يومين ولكن قبل المناسبات وبعدها تحتاج الى تنظيف كامل وشامل للمنزل وهذا يحتاج الى وقت وجهد وخصوصا ان فى الدول العربية تتعرض لاتربة كثيرة تجعل ربات المنزل تكسل فى القيام بالتنظيف بشكل يومى لانه يضيع الوقت والجهد عليها ولهذا تلجأ الى شركات التنظيف لكى تحصل على عاملات تنظيف متخصصين فى هذا المجال ومن هذة الشركات هى شركة تنظيف ببريدة فهى تسهل على ربات المنزل الحصول على عاملات للتنظيف فى المملكة العربية السعودية وتقدم الشركة خدمات عديدة للتنظيف منها تنظيف المنازل والفلل والقصور و المؤسسات والشركات والكنب والسجاد وغيرها

  7. Some toys are portable, so they can be fun to play with Vietnam hair

  8. Do you want to learn something new about essay writing checklist? Here you can find some useful tips

  9. The is an amazing and inspirational article. Thanks so much for sharing.

  10. I love this information and my favt is mini militia. Check out its hacks and its mod apk.
    Download Mini Militia
    Mini militia Game Hack

  11. You information is very helpful, as it improvises an individual's knowledge.
    QuickBooks users can now take any kind of technical assistance related to QuickBooks directly from QuickBooks Contact Number.


  12. Great post ! I am pretty much pleased with your good post.You put really very helpful information

    โปรโมชั่นGclub ของทางทีมงานตอนนี้แจกฟรีโบนัส 50%
    เพียงแค่คุณสมัคร Gclub กับทางทีมงานของเราเพียงเท่านั้น
    สมัครสล็อตออนไลน์ >>> goldenslot
    สนใจร่วมลงทุนกับเรา สมัครเอเย่น Gclub คลิ๊กได้เลย


  13. Excellent Post as always and you have a great post and i like it thank you for sharing

    เว็บไซต์คาสิโนออนไลน์ที่ได้คุณภาพอับดับ 1 ของประเทศ
    เป็นเว็บไซต์การพนันออนไลน์ที่มีคนมา สมัคร Gclub Royal1688
    และยังมีหวยให้คุณได้เล่น สมัครหวยออนไลน์ ได้เลย
    สมัครสมาชิกที่นี่ >>> Gclub Royal1688

  14. Good Work And Really authentic Stuf
    Shipex usa

  15. This Is Really Great Work. Thank You For Sharing Such A Good And Useful Information Here In The Blog U.S. And Canadian Work Safety Laws Explained

  16. We offer research paper help online services, term paper help and dissertation writing help specialized in delivering original, custom-written and creative pay for research papers services which are delivered within the deadline.

  17. Norton antivirus is especially used for the information technology security.

  18. I really happy found this website eventually. Really informative and inoperative, Thanks for the post and effort! Please keep sharing more such blog.

    kaspersky activation code

    free pogo games

    roadrunner email

    aol mail

  19. Office comes with all the Latest tools to make your presentation great. The has evolved into a new powerful tools with lovely and Beautiful User interface, and not only just for the User Interface but everything including the classy icons, and Lovely Graphic that shows every aspect of the powerful Suite that is put on your Computer.for the setup of the ms word please visit to our website

  20. Positive Hack Days (PHDays) is a computer security conference held every year in Moscow. ... There were other hacking contests, and during one of them a participant ... a workshop on hacking ATM, a workshop from The Open Organisation Of ... participants should hack web applications and have a strong drink when fail.
    see here Official Feedback website and MY BK Experience Live

  21. Thanks for sharing this with us......this is really appreciating. |

  22. While converting voice, thing to keep in mind is that the meaning should remain same. ... What is the passive voice of 'he carefully locked all the doors of the house before he went out'? .... What's the passive voice of who opened the door? ... When there are two past actions, we use the past perfect for the action that ... & Download

    1. FaceTime has been on the top of the list of reliable video/audio chat platforms for years now.

  23. This content is simply exciting and creative. I have been deciding on an institutional move and this has helped me with one aspect.

  24. Alternately known as The Black Magic,
    clash of magic server 1 mod apk download is the modded version of the game.
    The gamers can enjoy all the mods available for the game ...

  25. I am glad that I saw this post. It is informative blog for us and we need this type of blog thanks for share this blog, Keep posting such instructional blogs and I am looking forward for your future posts.
    Cyber Security Projects for Final Year

    JavaScript Training in Chennai

    Project Centers in Chennai

    JavaScript Training in Chennai

  26. Install norton com setup and enjoy the best system security protection from online threats, viruses, malwares
    and spywares. It protect your device and smartphone from any possible or existing viruses and does not make
    affect system performance in any manner.

  27. I have never found a website like this; it is valuable and informative also. For a seo services company in Delhi visit for more information.
    seo company in india
    seo india
    best seo company in india

  28. There is visibly a lot to identify about this. I suppose you made various good points in features also.
    corporate film makers in delhi
    corporate film makers
    corporate video maker

  29. I really happy found this website eventually. Commenting on a blog is an art. Thanks a lot for the information.
    office setup

  30. Trend micro protects your multiple online works such as visiting sites, online data transfer online shopping, online banking, uploading data and files online, social media, and many others. |Trend Micro Geek Squad | www.trendmicro/bestbuypc

  31. AVG AntiVirus provides a very interesting capability which allows administrators to remotely install and configure the software from a single location. | | |
    install avg with license number |
    avg download

  32. Webroot SecureAnywhere Antivirus scans your system quickly and protects you from viruses, rootkits, keyloggers and other harmful programs. | | Install Webroot With Key Code

  33. AVG Secure is designed to keep your digital info safe and secure. Learn about its pricing, security features, and more in this review. | | AVG Download |


  34. The Norton Setup Norton setup is a process where reach you enter the Norton Setup Key at to trigger & install Norton product. One can get your hands on Norton from retail include or online.

  35. Great…!! that’s great advice, I read and also saw your every post, nice article very useful your post Thank you so much for sharing this and the information provide..
    latest Govt jobs

    Staying up to date with the industry is the most important thing because the outdated content does work. One should adopt the new changes and trends.
    Anyways thanks for this nice post . Education & tech

    thanks for the great article to become a expert blogger .. i will surely put all the tips on my blog
    Specialized Healthcare & Medical Education


  36. Thanks for sharing this informative blog with us. The point you discussed is very important Keep blogging.. i think you also love to buy Residential properties of india & If You Are looking for Flats in Ghaziabad to live the luxury life. We have the Best Option for you in Divyansh Onyx Tower

    Divyansh Onyx likewise has different Variattion of 2/3 BHK flats in various classes. Every one of these apartments are structured with style and are pressed with present day luxuries for the solace of its occupants. How about we investigate the floor plans for the 2/3 BHK flats of Divyansh Onyx:

    2/3 BHK Apartments in Divyansh Onyx are likewise accessible in three space alternatives – 1485 sq. ft., 1490 sq. ft. just as 1535 sq. ft. For the ones searching for 3 BHK flats in Ghaziabad or close by choices of houses available to be purchased in vasundhara Ghaziabad, apartments of Divyansh Onyx are only the ideal decision.

    Visit the Following Link to get more detail

    ghaziabad flat sale | ghaziabad flats sale | nh 24 flats sale | nh 24 flat sale | flat in ghaziabad for sale | ghaziabad flats for sale | ghaziabad apartments for sale | Residential flats for sale in ghaziabad | ghaziabad residential flats for sale | ghaziabad residential flats sale | ghaziabad residential flats | ghaziabad flats on nh 24 | residential property in ghaziabad | new projects in ghaziabad | affordable flats in ghaziabad | cheap flats in ghaziabad | buy house in ghaziabad | residential projects in ghaziabad | nh 24 ghaziabad flats   flats in ghaziabad nh 24 | flats sale in ghaziabad | flats sale on nh 24 | ghaziabad nh 24 flats

  37. You're a gifted blogger. I have joined your feed and anticipate looking for a greater amount of your awesome post. Additionally, I have shared your site in my informal communities!

  38. Awesome blog, thanks for sharing with us. Get amazing ppc services by jeewangarg in Delhi and also get SEO Services for your website promotion.
    seo services india
    seo services in india
    affordable seo services india

  39. Amazing and Interesting things to read and learn. Its amazing to find something interesting and cool stuff. Enjoy shayari and dost shayari and share them.

  40. I can tell you have put a lot of work into it. Posts are all wonderful.

    Dentists Guelph


  42. Garena Free Fire is a battle royale game, developed by 111 Dots Studio and published by Garena for Android and iOS. It became the most downloaded mobile game globally in 2019.
    The game received the award for the "Best Popular Game" by the Google Play Store in 2019

    free fire for pc
    free fire for mac
    free fire for windows Phone
    free fire for ios
    free fire Apk
    free fire for Laptop
    free fire for blackberry
    free fire pc requirements
    free fire for pc lite Version

  43. SHAREit for PC supports on Windows XP, Vista, 7, 8, 8.1, 10 which allows you to share all kind of files from one device to another with a speed that is 200 times quicker than Bluetooth

    SHAREit for PC Download
    SHAREit for ios
    SHAREit for blackberry
    SHAREit for mac
    SHAREit for windowsphone
    SHAREit for laptop
    SHAREit old Version
    SHAREit for jio phone
    Mi Drop for PC
    Wi-Fi File Transfer for PC
    Files Go for PC
    SilFer File Transfer for PC
    ES File Explorer for PC
    Mx Share Karo for PC
    VITA Video Editor for PC
    Moj App for PC

  44. Howdy, I’m Luz. I’m a software engineer living in Glasgow, United Kingdom. I am a fan of writing, web development. I’m also interested in Technology. You can hire me with a click on the button below.,

  45. Among other courses, nursing healthcare coursework writing services have become popular since students seek Healthcare Research Writing Services and healthcare essay writing services.

  46. Howdy, I’m Luz. I’m a software engineer living in Glasgow, United Kingdom. I am a fan of writing, web development. I’m also interested in Technology. You can hire me with a click on the button below.
    McAfee Login,,

  47. We are very thankful for all your ideas and for sharing them to all your readers. Keep it up and we will continue to support your web posts.

    Masonry Edmonton Company


  48. You're a gifted blogger. I have joined your feed and anticipate looking for a greater amount of your awesome post. Additionally,

    I have shared your site in my informal communities!

  49. If you are interested in your favorite actors' net worth and detailed information, please take a look at celeb networth database.

  50. Hii there. Thanks for the article. If you are studying at university and you lack writing skills, this writing service can help you to find the way out

  51. The content How to Configure PuTTY Settings which is used for connecting to your hosting account or a VPS server is outstanding in terms of information. It seems like a well written and well researched content.

  52. Hi! I am Alice . I always get inspired by motivational blogs and articles. This site gave me excellent content. If anyone is interested in reading about data security, take a look at my site

  53. I truly like this thought. I've been to your blog startlingly and I've become your fan. Continue to make as I read it never-endingly. Your blog is so sharp. stay aware of a confusing work! If you have some problem with Error Code 0xc0000225 click the link. Website: Error Code 0xc0000225

  54. Enter your 25 digits product key Follow the on-screen instructions to get your and follow the on-screen instructions

  55. few minutes to complete the Safeway Customer Feedback Survey and get a great chance to enter the Safeway Sweepstakes for a chance to win one of 10 weekly prizes of a $100 Safeway gift card.