On Monday 30 September, 79 ethical hackers sat down in the Atrium of City Hall to hack the IT-systems of the Municipality of The Hague and several of its suppliers. The event was the third instalment of the yearly event ‘Hâck The Hague 2019’. The initiative was co-organised by the Municipality of The Hague and Dutch cyber security company Cybersprint, with the goal to test the digital infrastructure of the Municipality and its suppliers for vulnerabilities. The municipality of The Hague has passed the test and is very pleased with the 102 reports of vulnerabilities found and is working with them.
The 79 ethical hackers (of whom 67 Dutch, and 12 international hackers from six different countries) reported a total of 102 ‘vulnerabilities’ and ‘bugs’ during the six-hour long hackathon.
The hacker’s findings
“A great result,” said deputy mayor Rachid Guernaoui, who is responsible for the municipality’s IT-infrastructure. “I’d rather have ethical hackers discover flaws in our systems, than malicious hackers. Our digital systems are monitored for vulnerabilities 24 hours a day, so there is practically no reason to doubt its security. Still, it’s wise to regularly put our systems to the test. Every organisation has its digital challenges, and large municipalities such as The Hague are no exception. We keep improving the security of our IT-systems by collaborating with qualified organisations and talented hackers. Today’s results illustrate the importance of such tests”.
The hacker’s dome
The Hague’s City Hall was transformed into a true ‘hacker’s dome’. The hackers tried to penetrate the municipality’s digital defences, while sitting right in the middle of the Atrium. Similar to last year’s edition, both professional hackers as well as students signed up to compete. All ethical hackers had to agree to the rules of engagement and responsible disclosure of the contest: it was compulsory to report all findings to the organisation - and only to the organisation.
Pieter Jansen, CEO of Cybersprint: “Organising this hack event, inviting so many ethical hackers, is an important way to test the digital infrastructure. Organising a hacking competition with so many ethical hackers is an excellent way to test digital systems, as well as checking digital security on a daily basis”.
Four categories, 12 prizes
Alderman Guernaoui rewarded the money prizes in four different categories.
- The most surprising hack: Redteam-R
- The most sophisticated hack: Wietse Boonstra
- The most impactful hack for students: Picco Bello
- The most impactful hack for professionals: dickonvio
Each category knew a third, second and first place; winning €500, €1000 and €2000 respectfully.
It was the third consecutive year the municipality and Cybersprint organised the hack event. Deputy mayor Guernaoui: “With ‘Hâck The Hague’, we are at the forefront. I can highly recommend such an approach to other municipalities, as it keeps us on our toes.”
Following ‘Hâck The Hague’ is the ‘One Conference’, which starts on Tuesday 1 October. It is the international cyber security conference with many prominent speakers sharing developments, ideas and insights. The One Conference is an initiative of the Dutch National Cybersecurity Centre (NCSC) and Ministry of Economical Affairs and Climate, in cooperation with the municipality of The Hague. NCSC director Hans de Vries awarded the winners of ‘Hâck The Hague’ with tickets to the One Conference as an extra prize. The conference is from 2 to 4 October 2019.