Bonn · Germany's second-best hacker lives in Brüser Berg: Moritz Samrock hijacked a fictitious nuclear power plant in a competition. In his professional life, he faces a criminal business worth millions.
Six hours and he was in. As a reward, there was a banging sound and a cloud of smoke rose. Since then, Moritz Samrock from Brüser Berg can officially call himself Germany's second best hacker. In the nationwide competition of the same name, the IT security expert came out on top against 1,300 competitors a few days ago.
In the final round among the 25 best in Munich, Samrock was the one who was able to penetrate the network of a fictitious nuclear power plant through a supposed data leak and interrupt the cooling circuit after almost six hours. The bang was subdued because it was only a cardboard model - similar to the kit in the Geman cult sketch "Christmas at Hoppenstedt's" by Vicco von Bülow alias Loriot. In the final ranking, another competitor came in first, who was able to present his approach and corresponding safety recommendations even better.
The experience did not give Samrock sleepless nights, even though the "challenge", as such a competition is called among hackers, released plenty of adrenaline. "In reality, the controls of power plants are separate from the company networks," he explains. A hostile takeover via the internet is thus ruled out, he says.
Nevertheless, hostile hackers can cause great damage, especially in companies or even to private individuals, reports Samrock, who himself checks company networks for weak points as a partner of the Euskirchen-based IT start-up Laokoon. "A real criminal industry with multi-million profits has emerged in the last five to ten years," he warns. From Paypal to Uber to the University of Giessen, there are many prominent victims. An electronics store chain is said to have paid 50 million Euro to keep its customers' data from being published on the Darknet.
Could he also infiltrate a bank's network himself and tap customer data? The 29-year-old stirs for a moment in his oat milk cappuccino. Banks are potentially particularly protected. It probably won't work in six hours. But Samrock doesn't want to rule it out either. However, most financial institutions now use double authentication for their online banking, for example via an app or SMS. Even if criminals have the account number and the customer password, they cannot access the account. After all, refusing digital offers is not a solution either.
Samrock owes his interest in IT security to a teacher in high school. Actually, the son of two professional musicians from Diez an der Lahn wanted to study music himself. He learned the trombone at the Rhineland-Palatinate Music High School in Montabaur. But a basic course in computer science led him astray.
Training as a penetration tester
In Munich, he studied electrical engineering and technical computer science and was trained as a so-called penetration tester. This involves checking IT networks for security gaps using targeted hacker attacks. In addition to his work, Samrock is currently enrolled in the first year of the new MBA "Startup Development" at Bonn-Rhein-Sieg University of Applied Sciences. The Cyber Security Cluster Bonn is also a great source of inspiration, he says.
A deeper understanding of the algorithms and programme interfaces that run behind the user interface of programmes - that is what Samrock is striving for. He is amazed at how ignorantly not only senior citizens but also people of the same age use the apps on their smartphones and, for example, share intimate pictures without hesitation. Both one's own protection and exaggerated fears can be well controlled with a solid basic understanding. "It's actually obvious that a bank doesn't call and ask for pin or password," he wonders. Interpol also does not call people and ask for sensitive data. "The state still sends letters today," he says.
Nevertheless, the methods of the criminal hackers are becoming more and more professional. With mass requests, they paralyse entire servers without even having to hack them. Whether the attacks come from Germany or abroad can rarely be determined. It remains a cat-and-mouse game in which criminal hackers and security experts are hot on each other's heels. "Yesterday's knowledge quickly loses its meaning. You have to learn new things all the time," says Moritz Samrock.
He finds that exciting. But he cannot imagine changing sides. Protecting society and its values is important to him. "It is very satisfying to be involved in this," he says. After all, money is not everything. And as an expert in IT security, you don't earn too badly either. On the contrary, in late autumn he and his company want to invite even promising talents to a Hacker Challenge in Bonn. (Original text: Martin Wein / Translation: Mareike Graepel)