As the information age gives way to the imagination age, we are increasingly becoming a digitized species. Our social lives are increasingly migrating online, with our personal information & data along for the ride. It’s practically impossible to find a company nowadays that isn’t partially – if not fully – internet based, with companies (especially those in IT), governmental services, and institutions using the internet to share and warehouse data.
With our collective digitization comes new forms of threats. It’s no surprise that the realm of cybersecurity has been called the new battlefront. The public is rapidly getting a taste of the sort of cyberattacks (such as WannaCry) and security bugs (such as Heartbleed, or the recent Equifax vulnerability) that IT companies have been privately facing for decades. These public-facing cybersecurity threats are just the beginning; it is predicted that cyberattacks among the general public will only increase going forward.
Unfortunately, our regulatory frameworks on a global scale have yet to catch up with the pressing need for better cybersecurity infrastructure. Companies can hire cybersecurity experts to vet their security & alert them to flaws, but many choose not to (or fail to successfully heed the warnings they receive, as in the recent case with EquiFax.)
Ethical hackers – known as white hats, as opposed to their less-ethical and anarchistic counterparts, black hats – are often dissuaded from reporting security flaws. One on end of the spectrum, this is due to lack of adequate compensation, on the other, do-gooders face the possibility of prosecution. Unfortunately, this means that one of the places that hackers can make a living via finding security vulnerabilities is the dark web, where zero days (flaws in source code that can be utilized for nefarious purposes) and exploits (methods of interacting with the software that can provide unintended access or permissions to computers or servers) are traded for cryptocurrency.
One group of ethical hackers & experienced blockchain developers would like to remedy the lack of an appropriate & fair framework for increased cybersecurity worldwide. Meet Hacken.
Hacken: Where cybersecurity infrastructure and ethical community meet
Hacken is a company hailing from Ukraine, one of the leading international hubs for cybersecurity, and home for many of the world’s best white hat firms. Hacken was founded by a group of ethical hackers & blockchain experts on a mission: create an ecosystem that remedies much of the systemic issues in cybersecurity today.
Hacken’s approach to achieving this goal is mutlifacted. Their ultimate aim is utilize blockchain tech as well as a self-titled native token to create an ecosystem that provides hackers and companies with legal, ethical opportunities to ensure better cybersecurity practices. To accomplish this, their platform has a few primary goals:
- Provide ethical hackers with a platform for being compensated for finding vulnerabilities & security flaws
- Allow companies to use this platform to audit their products and receive certification of cybersecurity auditing & best practices
- Foster a community of built upon ethical hacking & best cybersecurity practices, localized in Eastern Europe but available worldwide
Their proposed ecosystem contains four major platforms, each of which is geared to both provide functionality to clients as well as build a community built on ethical principles.
HackenProof: Certified software auditing for companies, premium payment for hackers
HackenProof is Hacken’s platform for providing software source code auditing for companies. It is built upon the principle of “fair share,” with both sets of participants supporting each other: companies receive the best software auditing available, while auditors (white hats) are compensated at a premium fee.
The structure of this ecosystem affords business customers a money-back-guaranteed certificate that proves that their code was audited for any vulnerabilities, with the option to showcase what countermeasures were taken to patch security flaws.
When a client signs up to have their software audited, Hacken creates a mini-blockchain for that client, which contains a timestamped history of the software’s path through the project.
Here’s a breakdown of each individual step of the process.
- Businesses sign up for “bug bounty” program, a form of bounty hunting aimed at finding flaws in source code
- Customers have full customization control over the nature of said program; HackenProof utilizes safe measures such as VDI, VPN, and PAM solutions to allow bounty hunters to participate without having potentially dangerous access or permissions
- Experts from the Hacken team and select members from community are available to help set up and customize program per client’s needs, with option to have experts manage program if desired; customer portal for selection process is self-service and can be run by a wizard and/or fully automated
- After the security assessment and project scope is established, Hacken community (hackers) are invited to participate, evaluating code for vulnerabilities
- Collectively, community members submit and prioritize vulnerabilities; submissions are checked by community for relevance and originality
- Discoverers of vulnerabilities deemed valuable by the community are rewarded with Hacken’s native token
- Customer can additionally order advice from Hacken’s security solutions architects to develop countermeasures, or can use external sources of patch vulnerabilities
- Once the vulnerabilities have been patched, the client’s software receives a certificate for audited source code from Hacken.
The three major steps of the process – selecting an audit program, having the source code checked, then having the source code patched – are each placed on an individual 3-piece blockchain solely identified with that particular piece of software. Customers will have the option to do what they want with their blockchain: their chain can be completely transparent or available selectively.
Unreported Zero-day Remuneration Platform: Ethical and anonymous compensation for discovering security flaws
A zero day is a flaw in the source code of any given piece of software that is unbeknownst to parties interested in removing that flaw (i.e., developers and users.) Zero days are behind some of the most well known attacks in history, and their primary discovers are hackers. Those with less stringent ethical conduct than white hats – the malicious black hats, or sometimes unethical but not generally malevolent grey hats – are not always incentivized to do the right thing: on one end of the spectrum, hackers may not receive any compensation for their efforts, or can face prosecution in some states. As such, these zero days are often sold for cryptocurrency on the dark web, where they’re then typically used with malicious intent.
Hacken wants to change this by creating a platform upon which ethical hackers can turn in found zero days anonymously. Hacken intends to use a substantial amount of the funds raised during their token sale to research and create a regulatory and legislative framework to make this possible in major jurisdictions, especially Europe.
Cybersecurity Analytics Center
As part of their commitment to building a platform for hackers predicated on a strong sense of ethics, Hacken wants to create a team of analysts to perform fundamental cybersecurity research, while monitoring and auditing existing & upcoming cybersecurity products. This center would also be available to corporations to conduct outstaffed cybersecurity research.
The Hacken Cybersecurity Analytics Center newsletter will be available to the public free of charge, with a version containing in-depth analytics available via subscription and direct acquisition.
The Center will focus on four primary areas of research:
- Blockchain security, vulnerabilities, and countermeasures
- Classification, comparison and market research of cybersecurity products
- Cryptography, secure communications, and data protection
- Big data analytics and visualization in cybersecurity
Center will be run by a well known formation specializing in Capture The Flag (a form of contest held at hacking conventions) with international advisors, tasked with developing an infrastructure and framework for research and analysis.
The center will also host an internship primarily aimed at students from Ukraine but welcoming international students.
Hacken Accelerator: Inspire and incentivize innovation and creation within the cybersecurity space
Hacken wants to create an accelerator in their community, in a nod to Google’s method of providing company resources for employee’s personal projects – which has led to several key aspects of Google’s software suites as well as many beloved startup. Hacken wants to incentivize their community to branch out onto their own ventures, with support from the company and surrounding community.
In particular, Hacken has identified that there is a lack of decent angel investors and high players in the cybersecurity space in Eastern Europe. To remedy this, Hacken wants to create an investment platform that creates a reputable framework for the community to vouch for community members, then providing respected and original members with a variety of benefits:
- Hacken will co-finance projects and share risk; up to 25% equity
- Marketing platform and marketing team will be made available to train participants, jointly develop market entry strategy, then help execute
- Hacken Analytics Center will help participants to know the market (i.e., competitors and relevant customer segments, develop customer value proposition)
HackIT Conference: An international cybersecurity forum, in the world’s new home of cybersecurity
HackIT is an international forum held in Khariv, Ukraine. It was started in 2016 by Dmitiry Budorin, the founder of Hacken, and is an upcoming cybersecurity event: the first year featured 450 participants from 2 countries; the second, 650 from 6.
The event features speaking panels from experts, as well as various competitions, such as Capture The Flag, a race-to-the-top style hacking game much beloved by hackers of all stripes. Attendees can enter into the HackIT cup, wherein the best participants from earlier games pit off against each other in competitions, such as an instant payout bug bounty. The conference ends with the Battle of Hackers, where each participant has 30 minutes to solve the maximum amount of assignments and earn points, on stage, as their screens are displayed to a captivated audience.
HKN: The Hacken native token
The Hacken ecosystem will be run on HKN, the Hacken token. Hacken’s approach to their token is particularly novel, as they are both implementing an unusual take on the concept of “burning,” and state in their whitepaper that the token is used primarily for intra-platform interactions. As such, it is not intended to be a digital currency (i.e., a store of value), commodity, or financial instrument. The primary usecase is to run interactions and activities on the platform as well as to compensate hackers within the community.
The totally supply for the coin is capped at twenty million. 1.3 tokens were sold during the presale, with 18.7 million remaining for the main token sale.
The Hacken token sale: sign up before October 23rd
In order to participate in the Hacken token sale, investors must register on the whitelist before October 23rd.
Details about the tokensale:
- The token sale started with pre-sale on October 12th, with the sale starting on October 31st and running until November 11th. Investors MUST sign up on the whitelist by October 23rd to participate in the tokensale.
- Initial equivalence is 1 HKN = 1 ETH
- Currencies accepted: BTC, ETH, DASH, LTC, USD, EUR, TaaS
- Bonuses within the tokensale based upon time from onset:
- 1 – 4 hours: 25%
- 1 – 2 days: 20%
- 3 – 7 days: 15%
- 1 – 2 weeks: 10%
Hacken token Burning principle:
Hacken is taking a unique approach to token burning, for a multitude of reasons. One of the reasons is a legal workaround for regulatory restrictions on investing and token issuance. The primary reason behind the burn, however, is to expedite the growth of liquidity while lessening volatility.
Their burn model is specific to each platform and is explained in depth in their whitepaper. However, the approach is primarily the same among all aspects of their platform: 50% of the company-held tokens within the ecosystem will be destroyed, i.e. burned.
This process will change the settled exchange rate of Hacken to other currencies, causing it to raise. Hacken would like to emphasize that this will reduce fees within the ecosystem and raise the value of HKN for tokenholders, without otherwise affecting tokenholders.