Radack-radack-radack. The 9.04-PM-Intercity train to Lausanne rattles through the Bernese Holligen-quarters. Sophus Siegenthaler, whiskers, Skull and crossbones T-Shirt, closes the window and squints in the morning sun. Between pipes, steel beams and decrepit filing cabinets, a raised Laptop. It is the only object that makes the space as an office visible. "Only just moved in," says Siegenthaler. Then he takes a SIP of Red Bull. "Must be," he says. "So early!"
Sophus Siegenthaler, early thirties, grew up in the Bern Region, is a professional Hacker. Since six years he is a member of a collective, for private Client work, from SMEs to large group. The business model he describes as: "you pay us so that we can find your IT systems from attack, and security vulnerabilities before the Bad guys."
In these days Siegenthaler is preparing for his next attack. It is perhaps the most challenging of his hacker life. As of Monday, under the Post your E-Voting System a public intrusion test pulls. This means that for Four weeks, the System will be available in the network. Whoever cracks it, will receive a prize of up to CHF 50'000.
"When we left on Monday Squirting, practically the whole of the Internet on our side."Sophus Siegenthaler, Hacker
The Test is a condition of the Confederation and the cantons. Only if it is passed, can be introduced to the E-Voting System in the Post regularly and all of the voters.
The interest is enormous: 2500 hackers from all over the world have already registered, Siegenthaler is one of them. "When we left on Monday Squirting, practically the whole of the Internet on our side," he says, and empties the can.
Seven years of work in the Test
At the other end of the city of Bern, at the headquarters of the Post, sits Denis Morel in a soberly-furnished room, next to him a dutiful spokesman, on the table of mineral water. Behind Morel gliding Intercity trains silently in the direction of Zurich. "I sleep well, am, at best, a little tense because of Monday," he says. But it is different than you think.
Denis Morel, in his mid-forties, a mathematician from Freiburg, is the father of the E-Voting programme of the Post. For seven years he and his Team are working on it. The Post has invested millions of dollars. And now, all of this is put to the test. Nobody knows what exactly will happen when the global Hacker Elite is attacking the System.
The technical level, says Morel, worrying for him. "I trust the System. We have already tested a lot, also with external people. We know what could happen to us." What he fears instead? That his organization is overwhelmed by the inputs of the 2500 hack. As of Monday noon, a special team handles at the Post office, the incoming knowledge of the attacker, if possible in real time.
"We did not expect so many applications."Denis Morel, E-Voting-in-chief of the Post
are The issues, is highly complex: Is there a security gap? How deep the hackers got into the System? Would have beaten the System Alarm? How much the prize money is paid out? All reports are discussed at special teams and at senior Manager level. The Post want to analyze the results quickly, classify, and publish. The Problem: "We were not expecting so many applications," says Morel. "This is Switzerland unique in. Since the Dialog with the logged-in hackers is a challenge."
Sophus Siegenthaler has dealt in recent days with the System, he will attack. "Recon" he calls it. The Software consists of 420'000 lines of Code, including comments. That's the equivalent of a book with ten thousand pages of technical Text. Where do I start? How do you find the weak spot?
With the power of the swarm
Siegenthaler already has one or the other idea. But in a hurry he didn't do it. First he delves into the Code. In Parallel he's been scouting the platform on which the E-Voting System runs. "It's like a gigantic Puzzle. You have to try to detect the particles," he says. What do you do exactly? How are you connected? What is the heart? How do you get there?
he is alone, speaks Siegenthaler with others in the scene. In the next four weeks, a hacker party. "Swarmen," says Siegenthaler. This means that More hackers will pounce on a spot, a Problem in the Code. "If you talk together about the System, you will understand it much better. And together, it of course has much more Power."
Siegenthaler and his friends have decided to sponsor a day's work per week for the intrusion test of the Post. "The prize money is nice and all, but it is not for us in the centre." The Challenge count. And that the System is as secure as possible, when it would be introduced. Whether Switzerland E-Voting needed at all? Siegenthaler leaves the question unanswered. Important the Test is for him.
"In the Offence you only have to come through with a % of your attacks. A lot more exciting!"Denis Morel, E-Voting-in-chief of the Post
In Public, most recently there were increased doubts about the security of electronic balloting. A double stress test for the Post: The hacker attacks the network, and the criticism in the media. How strongly the two are related, revealed this week. Two of the 2500 registered hackers have released the source code of the system, contrary to the rules of the game in the intrusion tests. Copy/paste, a children's game. But many media reported about it, as if someone had blown up the vault of the Post.
The deterioration has also Denis Morel. "There are a lot of hackers who want to improve the System. And there are still a few who only want to stir up emotions and raise its profile."
Sophus Siegenthaler and Denis Morel don't know. But there are a lot of things, what connects them. Siegenthaler has worked well defensively and systems are hardened. "At some point, I had had enough," he says. "In Defence you need to fight off one hundred percent of the attacks. In the Offence you only have to come through with a % of your attacks. A lot more exciting!"
Denis Morel with a smile. Yes, the hacker romance. Swap with Siegenthaler he doesn't want to. "Maybe it has to do with my character. I'll watch here the vault, the voting polls for the cantons and the people. Is there a better job?"
The next few days and weeks will show it.
Created: 23.02.2019, 07:30 PM