Inti De Ceukelaire: ‘Hacking is only 20 percent technical knowledge, 80 percent logical thinking’

How did you get into the world of hacking?

“When I was 14, my mom gave me a PlayStation Portable for Christmas, even though I actually asked for a Nintendo. So with tutorials I found on the internet, I started looking for ways to run Nintendo games on that PlayStation. The first step in that process was to try to break down the device. Everyone thought I was crazy because they thought it was impossible. Many people were looking for it, but no one had found anything useful yet. After many fruitless attempts, it’s almost me and stumbles managed to cause it to crash. For connoisseurs: with one buffer overflow. That was my ticket to the hacker scene, because I had pretty much found the holy grail. By accident, of course, but hey, no one knew of course.” laughs Inti De Ceukelaire.

After some wanderings, a company eventually grew out of it: Intigriti. What exactly do you do?

“All that time I was into hacking and computers, and I also did programming, but I knew pretty quickly that I didn’t want to be a consultant who writes the reports that no one reads. I worked in a supermarket when I was sixteen and I attended one bug bounty hunt from Google. That is, Google pays people to help them find bugs and vulnerabilities in their software. After a week of toiling I finally found a bug and Google paid me $1200 for it. More than I ever made at the supermarket.” laughs Inti De Ceukelaire.

“After that I started participating in more and more competitions like that, even in Las Vegas. And then after a while I bumped into my Aalst friend Stijn Jans. And now I run Intigriti together with him. We organize ourselves bug bounty hunt commissioned by companies, with a few thousand hackers on the other side trying to find these bugs.”

How hackers are used to sway public opinion these days…it’s psychological warfare.

How do you look for vulnerabilities when you dive into the systems of an average company?

“Let me start by saying that total security is impossible. There is always a way to break in. Only: you can make it as difficult as possible for the hackers so that they need as much time and resources to break into losing interest. Well, much of today’s technology is based on standards that are thirty years old or even older. But those standards are now being used for very different things than what they were intended for. And that creates opportunities for hackers. A lot of mistakes also lie in what I call the shadow zone of responsibility. For example, if both a vendor and a developer assume that the other has done their job. Often, that’s not the case.”

“What you also see a lot is that two separate systems are well secured in themselves, but fail when they have to work together. These are the first, obvious things I look for when I hack. Hacking is actually only 20 percent based on technical knowledge. 80 percent is logical thinking: if I were the developer of this software, what mistake would I probably make? If you reason like that, you’ll usually find something pretty quickly (laughing).”

With all?

“Gee, if we look closely at a customer, we find a critical error in about 70 percent within 48 hours. So an error that is already quite dangerous. It’s a lot, yes. But it’s not a bad thing, because every bug we find is another that can be fixed. A lot also depends on how companies deal with this. When they go into a defensive spasm, it’s often problematic. Sometimes they don’t search at all, ah yes, because they find no leaks (laughing). Any leak you find is actually good news.” says Inti De Ceukelaire.

Does a small country like Belgium actually play a role in cyber security??

“Oh yes, yes. You can bet that Intel, Google and Apple know Belgium. And that’s thanks to KU Leuven among other things. They really do research in computer security on a global level. Besides beer, chocolate and Manneken Pis, our country should also be known for cyber security. We just don’t shout that from the rooftops, it’s probably also typically Belgian.”

What are things in cyber security that the general public isn’t really worried about?

“The fact that everything on the web can be manipulated to some degree. And the amount of data that comes online is really huge. From your address to your blood type, it can be found somewhere. The big problem, of course, is that you don’t see the best hackers. Or that they don’t get caught until years later. What also worries me is the way hackers are used to influence public opinion these days. We saw that in the last presidential election in America, for example. It is actually psychological warfare. They are no longer hacking voting computers, but the hacking attempts serve to improve mindset to change people. And it is irreversible, because every vote that was cast is a valid vote,” explains Inti De Ceukelaire.

“I also sometimes see vulnerabilities in, for example, blockchain that can potentially cause hundreds of millions of euros worth of damage. Or the metaverse… something like that. If these kinds of digital identities become commonplace, we’re going to experience something else. I hope it never takes off, I don’t see the added value of it at all.”

How do you see all this developing? For example, what role will AI play?

“I don’t see AI replacing humans at the moment because the creativity in AI is still based on existing data. AI will play an increasingly important role, but humans will remain in the game driver’s seatI think.”

Smart
fact

Did you have another dream profession before becoming a hacker?

“I’ve always loved the creativity behind advertising. Many people have good ideas but can’t get them to sell. As a result, their idea never gets implemented. You also have to be able to communicate a good idea to others, otherwise nobody knows how good it is.”

Leave a Comment