"Above all, assume you are being hacked"
Socializing with friends, online shopping and banking, etc., the internet is so incredibly useful that almost everyone uses it, and a lot. It connects us more than ever, but it does not come without risks. Ethical hacker and world champion Inti De Ceukelaire points out the dangers.
How did you become a hacker?
As a child, I really enjoyed cheating. Not because I couldn't stand losing or because I'm a bad person, but just because it requires a lot of creativity. Getting around banal rules, that was my thing. When I was about fifteen, I bought a PlayStation because all my friends had one too. I used to be a fan of Mario Bros, but I found out too late that you still needed a Nintendo for that. There was only one way to get that twisted little plumber on my PlayStation – by hacking the game. I locked myself in my room for a whole vacation trying to crack that thing. Happily, I succeeded in the end. Meanwhile, I came across an issue that professional hackers had spent months looking for. They then accepted me in their community and the rest is history.
Why did you become an ethical hacker afterwards?
Hacking raised a lot of questions for me – how in God's name do they succeed? How does it work? Am I secure? I believe people are entitled to that knowledge. My primary concern is to create awareness among people who are less aware of what is happening in the hacking world. Because you only know how to protect yourself when you understand how hackers work. I also want to make a call for hackers' skills to be used to do good. Ethical hackers are a necessity for our security.
How dangerous is cybercrime actually? Aren't people sometimes made too afraid?
Cybercrime comes in various forms and degrees. Anyone can fall victim to it. That sounds very scary, but fortunately not everyone becomes prey of criminal hackers. But it is still very important to keep on using different ways to remind people about the dangers of cybercrime.
Where do you think the greatest dangers are on the internet?
Rogue hackers are mainly after money. And they try to get hold of it in various ways: with phishing emails, false invoices and ransomware, but in some cases through extortion too. A reputable company paid $100000 to a hacker last year to prevent him - or her - compromising captured data.
People often have very little knowledge about cybercrime. How do you try to make the consequences as clear and concrete as possible?
I always try to give real examples. For example, sometimes I create an application that allows people to see for themselves whether they have been a victim of a particular hack or not. Or I show them what data of theirs there is on the street. Although this is of course a very serious matter, I always try to add a little humour to it in one way or another. This makes the information lighter and more accessible.
Can we actually fully arm ourselves against cybercrime?
I suppose you could live somewhere in a cave on a desert island and be completely safe. But that's about it.
What can we do to protect our privacy?
Use our common sense and be healthily sceptical. Above all, assume you are being hacked, and try to limit any damage. I automatically delete all my emails and messages after a while. Anyone who gets to know my password still has to find out a security code I receive on my smartphone through two-step verification.
What is the best way to respond when we notice that something is going wrong on the internet?
Stay calm, and don't be alarmed by threatening pop-ups or warnings. They are not even real, in many cases. Take your time to look at the situation calmly, and only click then.
Are companies sufficiently aware of the risks they run?
The realization is gradually starting to penetrate. Unfortunately, action is often only taken after things really go wrong. And the things that do go wrong are often not the fault of the IT department, but of the management, which can then suddenly free up money for IT security, but only after a hack...
What are the risks for businesses?
By the nature of things, any list of cyber risks is incomplete. The security world is changing every day and there are many threats that have not yet seen the light of day. Every company should keep up to date on vulnerabilities that have already surfaced. Sometimes things can go very quickly, and the first hacks appear almost immediately when a new leak is published. To defend yourself against this, you have to switch quickly and flexibly. And that is something top-heavy companies just cannot do.
Are you still a fan of social media and the internet in general?
Believe it or not, I am a huge fan of social media and use them pretty much every day. We really don't have to all get paranoid and disown social media. We must remain vigilant, and work to prevent the downsides of social media from becoming dominant. We are far from there and we are bound to have many difficult questions coming our way, but we should certainly not shy away from them.
