Keen is a bunch of white hat hackers

Absrtact: Obtain the bank's plane drawing and the security system, gets to the main control room person in charge's retina picture and the entrance password, through the accurate computation safely avoids the laser protection net, in the shortest time pry open the safe password lock, succeeds after the invasion traffic department's computer,

Get the bank's graphic drawings and security systems, get to the main control room in charge of the retina picture and enter the password, through accurate calculation safely avoid laser protection nets, in the shortest possible time to pry open the safe password lock, succeeded after the invasion of the traffic Department of the computer, control the entire street traffic lights, and finally escape the chaos successfully ... This is a lot of Hollywood movies in the theme of the film often appear in the bridge section. If you think this is an exaggerated expression of the film, it may be a surprise to you, because in reality there are such a high grade hacker groups appear.

The CEO of Wang, a cloud computing technology company based in the first financial journal, said that, in addition to not being so fast and cool in the movies, most of these could be achieved by technical means.

Although the reality is not so cool, but the team has another cool name keen, meaning keen. This is an information security research team, and the research they do is easy to hook up with hackers who specialize in hacking into other people's systems. But Wang told reporters, in fact, there are also good people in the hacker community, this group has a name of their own is "white hat hacker." "Keen is a group of white hat hackers. "I think there is no one in the country than they can be" black "Wang smiled and said," We are in fact to do the theft, against advanced attacks that kind of (hackers). ”

From obscurity to a war of fame

Using system vulnerabilities to remotely manipulate each other's computers and use Trojans to control another computer, this seems to be a keen of some pediatrics. If the hacker industry to classify the structure of the practitioners, the present is a pyramid-shaped structure, the bottom of a large number of low-level hackers, the popular word is to do bad things to accumulate people, and the more toward the top of the pyramid, the hacker's Dan Higher.

What keen does is different from the low-level hackers, whose job is to hand over the discovered vulnerabilities to vendors in a timely manner, to help them fix vulnerabilities and security risks, and not to disclose all details before they are fixed to prevent outsiders from using them.

Although keen and Wang name for the general public is very strange, but in the white hat hacker this minority circle, nickname as "Big Bullfrog" Wang is definitely a resounding name. In the international security competition, 15 seconds to find OS vulnerabilities, 20 seconds to find Windows8.1 vulnerabilities, 30 seconds to find iOS vulnerabilities, these are Wang and his team's masterpiece.

This has nothing to do with Wang's experience. He was the first technical head of Microsoft's China Security Response Center, setting up Microsoft's top security Response center outside of U.S. headquarters and also head of Bing search security engine development.

Past years of experience in the area of security has made him feel that his role may be more than just a security guarantee, from simply helping companies find security holes, and how to use security experience to help businesses more successful business is his greater "ambition", and this is the biggest reason he made his own way in 2011.

As a result, in 2011, Wang set up a keen team focused on promoting cybersecurity, with most of its members being the original class of Microsoft China responsible for security vulnerabilities and repairing responses. In fact, the average age of only "three-character" team in the past 10 years handled more than 2000 domestic and foreign information security emergency response incidents, including China's Taiwan administrative authorities, the Malaysian Prime Minister's office network intrusion incident, and to Microsoft, Apple, Google and other world-renowned manufacturers have submitted hundreds of security vulnerabilities, Is the team that finds and reports most security vulnerabilities worldwide.

In Wang's view, he and the team more often like an unknown physical therapist, "it is no exaggeration to say that one night we can get more than 10 phone call is the website or the system is hacked, we need to quickly emergency treatment to help them solve the problem." "It's just that the attackers and the attackers don't want to advertise such things, so we've been doing so much quietly in the past," he said. ”

At the same time, Wang also frankly, the courage to admit their own problems and can solve their own enterprises are not many. Especially at home, many companies do not have much security awareness and are skeptical about the purpose of their actions.

To this end, the initial keen had to face although there are talent and technology, but no fame, hard to develop security products know low and no one believe the dilemma. Helpless, Wang decided to take part in international competitions, because the sense of network security in foreign countries has matured, this only after the 2013 and 2014 keen two consecutive years in the International top security Pwn2Own Championship, and become Pwn2Own's first Asian champions team.

It is necessary to introduce the background of Pwn2Own, this is one of the world's most famous hacker competition, by the Pentagon intrusion protection system suppliers TippingPoint DVLabs organization, Microsoft, Apple, Google, BlackBerry and other hardware and software manufacturers to provide sponsorship. In the view of these manufacturers, if security researchers can break their latest systems, they can help them improve security.

In fact, in foreign countries, such as Google, Microsoft and other giants have their own security centers, and in the domestic bat has established its own Security Center, the department's biggest responsibility is to collect loopholes.

Attack is to better keep

At the end of last year keen became a partner in Google's Googleprojectzero global hacking program, an alliance of world-class hackers, keen is the only team in Asia.

At present, and keen deal with all of them quite the same, Google, Microsoft, Apple ... The newest is the world's most popular Tesla. At the Geekpwn Security Geek Carnival a few months ago, the keen team demonstrated that Tesla was quietly and remotely controlled in a moving state, and that the move suddenly turned into reversing and even stalling, a Tesla hole found by a team of 10 people in keen within 100 days of continuous work.

Wang told reporters that after the demonstration of the event, keen to Tesla United States headquarters to submit the Tesla models involved in the 6 security flaws reported. The feedback from Tesla's security chief, Kyleosborn, is that the vulnerabilities found in keen provide important help for securing Tesla's security, which is now being repaired.

"A loophole seems to be technically small, such as the disclosure of credit card passwords, but the consequences will be great." "So Wang will consciously choose the user base of a huge operating system target to help the mobile end of the intelligent product mining vulnerabilities, on the other hand, now in the cloud to provide security inspection advisory services."

He told reporters that a vulnerability report to a partner often requires several key points: the level of vulnerability, the source of the vulnerability, and the recommendations given. "We are not responsible for the final repairs, which will be done by the company's own team, because many times a loophole may have an impact on other aspects, which the enterprise needs to assess, and we just give advice." "Wang said.

Although, now in the domestic Real network security research team is rare, but Wang See, the domestic environment for information security understanding and attention to the degree has been improved, while the trend of intelligent security life has been unstoppable, the future of the network information security needs will be more and more big.

According to Wang, the big project they've been studying recently is access to all smart devices. His view is that the more vulnerabilities are detected and eliminated, the safer the product will be.

"The attack is for the better, we are studying advanced attack technology to make the most powerful security protection technology." "Wang said decisively.