On FIC 2021, Futura met the ethical hackers of Yes We Hack, a platform that connects hackers and companies from the high-tech sector, industry, administrations and other organizations. These 2.0 bounty hunters met at the show for a challenge to find faults on the Doctolib service and the Red Cross site. Here is our report.
They are called Victor and Brice and they are hunters, that is, bounty hunter hackers. Their targets:, the flaws and vulnerabilities of , and online services. Their weapons: simple laptops and remote servers. If successful, these 2.0 Bounty Hunters get bug bounty, that is to say bonuses for bugs from the applications and services they come to scrutinize.
A small world in which everyone knows each other, at least in the form of nicknames
Our twoare Breton and have made it their profession for a few years. They even created a specialized company called . They sometimes spend hours, or months, flushing out vulnerabilities in online applications or services in exchange for bounties. A confidential sport practiced by a hundred French hackers.
A small world in which everyone knows each other, at least in the form of nicknames. And precisely, on this edition of the International Cybersecurity Forum 2021 (FIC) which was held in Lille until Thursday, the two friends are among twenty other hunters on the stand of a French organization called Yes We Hack.
Ethical hackers who stalk the loopholes
This platform, which is growing internationally, connects publishers and manufacturers of computer hardware who solicit hackers to seek and find the small or big beast that could endanger their product or service. Among its customers, is also the essential application. A good way to increase security. This technique of bug bounty is also employed by the biggest names in the sector and, at the forefront, Apple, and Google. The latter regularly announces cumulative bonuses of several million euros for these hunters.
A bonus of 10,000 euros in the event of a critical failure
And during this edition of the FIC, behind the stand of, hackers follow one another in an atmosphere specific to the famous , with the , sandwiches, cables and laptops whose hull is often covered with a multitude of stickers. On the black screens, scroll the essential lines of cabalistic in line with what can be expected from pirates. If they’re here, it’s once again to chase the bounty. And the targets of the day are not just any. This is the essential Doctolib which punctuated our months of and the Red Cross. For the latter, the premium is lower, but for , it amounts to 10,000 euros for the discovery of a critical flaw.
This is why, in this particular atmosphere, the hackers use the best of their resources to look for the little beast. On Wednesday, around 2:30 p.m., the starting signal was given and a few minutes before the start, the two accomplices set up their remote servers to benefit from a good bandwidth. They also activate their favorite tools to perform their penetration tests and other sleight of hand.
A few hours later, Victor explains that he found something interesting
Like athletes, they mentally project themselves into this ordeal. A few hours later, Victor explains that he found something interesting. He is already sending his report to Doctolib. On the competition screen, you can see the first results. But the challenge is far from over, since the hackers had until 4:30 p.m. this Thursday to reach the jackpot! Exhausted, but very satisfied, the two partners finally emerged as the big winners of this event by accumulating the maximum number of points. Confidentiality requires, we will not really know what are the flaws that have been detected in the two targets.
The European Cyber Cup also tracks bugs in e-sport
A little further on, another competition takes place. This is the first edition of, a competition of which has nothing to do with video games. Here too, it is a question of tracking down the bugs resulting from simulations. In all, 16 teams of ten members, from engineering schools or professionals in the sector, compete for two days. The same type of electric atmosphere reigns here, with rows of tables lined with computers and a giant screen in the center. At the end of the two-day test, the students gathered under the banner “ESNArcotrafiquants” (the École Supérieure du Applied) who are the big winners of the competition.