What is it like to participate in Hâck The Hague? Wietse Boonstra is ethical hacker and one of the winners of Hâck The Hague 2019. He won first place in the category 'most sophisticated hack'. In this interview, we ask him 7 questions about himself and how he experienced the event in 2019.
How did you become a hacker?
‘According to Wikipedia, hacking is searching for applications which were not intended by the creator.’ I’ve done this ever since I was a little boy. My father always tinkered (or ‘hacked’) with old radios, rotary telephones or other electrical devices. This sparked my interest; I wanted to understand how things worked. Once computers became common, it was a logical next step for me.
How old were you when you touched your first computer? And what type of computer was it?
‘As long as I can remember, we have always had some computers in the house. My father was a ‘electronic device’-hacker and he owned a Sinclair ZX81 and an Acorn Electron Plus 1. Through the radio program ‘Hobbyscoop’ on Sunday evenings we were able to “download” games on the computers. We also had books filled with basic-code. You had to manually – and hopefully, flawlessly - type over the lines of code to be able to play games. When I was about 8 years old, we got a PC and that is when the real adventure started for me.’
How did you learn the tricks of the trade?
‘In the past, I have made mistakes while working as a system administrator. I now recognize these mistakes and exploit them with pentesting. I also try to learn as much as I can from other hackers: how they approach their work, what techniques they use to find vulnerabilities and how to exploit them. '
What do you think is the difference between real hackers and those portrayed in films & tvshows?
‘Hahaha, that’s an interesting question. What you see on tv is enough to make you cringe. A few vertical green letters, 2 mouse-clicks, and 3 keyboard strokes and the fictional hackers are ‘in’. In reality, it’s of course 1 mouse-click and 2 keyboard strokes. All jokes aside, as a hacker you often have to piece together smaller findings to gain a better picture and to make a bigger impact. This does not happen in 2 minutes. Its searching, searching, searching and more searching; and at times there’s nothing you can find that you can use.’
What’s your favorite food when you are searching, or during a hackathon, or CtF, or ‘bug hunting’?
‘Mmmh…I eat too little and drink too much coffee. Usually, I close myself off from the outside world: a bomb could go off and I would not realize it. But I do try to have breakfast, lunch and dinner with my family. Thanks to my girlfriend that its usually healthy too.'
During HTH19, you won the prize for the Most
sophisticated hack. Was this your most memorable hack?
‘No, although the search for this hack was quite fun. It was a combination of small vulnerabilities which led to one critical vulnerability. By participating in HTH19 I did however get new assignments. And of course, I am very proud that I won the “Most sophisticated hack”.’
So which hack was the most memorable?
‘One special hack was under a responsible disclosure with one of the internet exchanges. The challenge was to get around a Web Application Firewall (WAF). After probing for a few days, I managed to do this; then I needed to get a shell on the system. Naturally, the shell was discussed with the owner of the internet exchange. I could have done a lot of damage with it if I had any malicious intent.'