Korean start-up knows how to build steel armour against white-hat hacking
“Hacking” is generally understood as malicious activities to break into digital devices, software, and online networks. But Chanam Park’s interest has been particularly focused around white-hat hacking, which is to find ways to block such unlawful, illicit attempts of cybercriminals to compromise digital systems.
Hacking has been a part of Park’s life for as long as he can remember. Starting with learning the basics of hacking during his elementary school years, Park was able to win in many prestigious hacking competitions. Such as the world’s biggest hacking conference DEF CON, Codegate and Hack in the Box. At the age of 20, Park was recruited as a team lead of a security company, which was his first job as a cyber security expert.
Cyber Security Industry
Park’s career in the cyber security industry took a dramatic turn in 2015.
Park, who was 23-year-old then, founded his own company STEALIEN with his fellow white-hat hacker colleagues. The name STEALIEN is an abbreviation of “We STEAL ALIEN technology”, which represents the company’s motto: make difficult technologies in easier forms for the public.
“It is not like we had a great reason to found this company,” Park said during an interview with 4i Magazine.
White-hat hacking: “We founders wanted to make a better environment for hackers (to block malicious activities). Moreover, we hackers know how cyber threats worked like — which enables us to make improved digital security systems from the attacker’s point of view.”
Park’s initiative to build a stronger armour against cyber-attacks has gained the media’s attention over the past years. In 2018, Forbes named Park as one of 30 Under 30 Asia visionaries, and this year in March, Financial Times listed STEALIEN in Asia-Pacific High Growth Companies.
Park and his colleagues at STEALIEN share their ideas on how to keep our networks and systems safe from unlawful cyber-attacks.
Hacker-to-Hacker Talk: White-Hat Hacking
Park says that cyber security can be defined as protecting devices, software, networks, and systems from “cyber threats, including information theft, destruction, and manipulation”.
Unlike many people’s understanding, a hacker is not always a cybercriminal. Hacker, according to its literal meaning, is an entity who knows how to use computer technology to break into other entities’ data and systems. When a hacker has an unlawful motive and tries to penetrate a network or a system without the developer’s approval. For example, to steal someone’s data for his benefit, then they become a criminal.
Cyber threats can be presented in various forms, along with common technical tricks. Yes, they can be malware that activates even when the user does not interact with it. But some other tactics include psychological strategies, like tricking the user into clicking their malware program with an innocent-looking file attached to an email or a pop-up button.
Catching a cybercriminal is not an easy task either. Attackers may elude by hiding their connection routes with the use of virtual private networks, alias, anonymity, or systems of an unwitting host. They also often use methods to hinder legal authorities from tracking them down or even committing cyber crimes in countries where they won’t be held responsible. Authorities often have to request cooperation from third-party companies, organisations and governments to hunt the malicious attackers, which eventually costs additional time and money.
Therefore, the most recommended preemptive measure against such digital threats is to keep one’s defence system strong and up-to-date. However, this is easier said than done without the help of experienced hacking professionals. So, STEALIEN steps in to provide services to those who hope to strengthen their defence systems.
Building Cyber Security Armours
Park says there are three different products that represent STEALIEN. The first service he introduces is the AppSuit series, a product that can protect operational systems of mobile applications.
“It is called AppSuit because it can protect our clients’ applications by putting on an Iron Man-like armour on them,” Park reiterated. AppSuit can block attempts to “forge” or “modify” applications. The series is currently applied to applications from a wide range of fields, from finance to the public sector.
The company also does “penetration testing”. Penetration testing, better known as a pen test, is a security drill where a white-hat hacking or cyber security expert tries to detect flaws in a computer’s defence system and finds ways to improve it. The owners or developers of a tested computer system can learn their venerabilities before attackers exploit them.
Since the company started its business, Park says that STEALIEN has recorded a 100 per cent success rate of discovering critical weak spots.
“Some clients expect their defence system will be difficult to break through because they know they have invested much effort and money into it,” Park said. “Clients often get surprised when we discover their critical vulnerabilities, contrary to their expectations. Cyber threats always happen in a way we have never thought of, however.”
The last product that STEALIEN offers is the research and development of high-advanced hacking, security technologies. The company has been doing this for clients that are in need of globally competitive cyber security expertise.
“The research and development work includes studying about weak spots (of a computer system) and developing useful tools. Some of our clients are from the army, national research institutes, or big corporations,” Park said.
As for this year, STEALIEN plans to focus on promoting the AppSuit series in the global market and doing more R&D projects on hacking and cyber security technologies.
“STEALIEN has many competent employees who previously either won hacking competitions or detected vulnerabilities in software built by globally-renowned developers such as Google and Apple,” Park said. “We are confident that our R&D projects will continue the momentum with our professional expertise in cyber security.”
Constant, Maintained Efforts to Protect a System
Cyberwarfare is many people’s interest, especially with Russia’s recent cyber-attacks in Ukraine. Suspected Russian hackers targeted two banks and the Ukrainian defence ministry in February this year, trying to overwhelm their websites by sending millions of reloading requests.
Park says that it is important to build an effective cyber defence system as cyber-attacks can take place across borders.
“Protectors should not take too much confidence in their current system of cyber security,” Park said. “You have to start from an assumption that your system can be, or already has been, penetrated. Regular check-ups of security systems and solutions to minimise the damage for the worst-case scenarios are necessary.
“Doing pen tests or taking security consultations from companies like us can be helpful, too. People will be able to find ways to improve their security systems through such tests before malicious cyber threats take place.”
Park thinks that governments can build a stronger cyber defence system through sustained investment in studying and developing their own hacking, security technologies. This is because governments may not be willing to share their technologies with others due to political or financial interests.
“The demand for technologies related to cyber warfare is bigger than their supply across many countries,” Park said. “It is important to obtain such technologies beforehand. Cyberwar can occur any time without warning. It is necessary for governments to acquire relevant technologies through R&D for a stronger defence system.”