DeepSec 2017 Talk: Hacking The Brain For Fun And Profit – Stefan Hager
You are what you think. At least we think so. Is this mental model the right way to explore our surroundings and our interconnected world? Well, let’s find out by thinking about it.
When we’re talking and thinking about security, we very often have a rather fixed mindset and keep using what we think are proven methods. We tend not to question our decisions and thoughts, and the way how our brains work reaffirms our bias and our mediocre choices. In this talk we take a closer look at how we are thinking, and how we can change or expand this as well as our perception, by hacking into our own brains in order to get a clearer picture of what we really want and need. New ways of thinking and creativity can be a vital new asset for blue and red teams.
We asked Stefan Hager a few questions about his topic of interest:
Please tell us the top 5 facts about your talk.
- Your brain is not telling you the whole truth (and it never will).
- Perception can be hacked.
- The mind can be treated like a black box system and it’s fun to experiment with it.
- New ways of thinking give creativity a boost and can give red and blue teams (everyone, really) an edge in their work.
- Reality is what you can get away with.
How did you come up with it? Was there something like an initial spark that set your mind on creating this talk?
The perception of an individual reality as opposed to consensus reality has fascinated me since ages, and for me it is one of the most intriguing subjects. It’s also quite nice that humans are so meta that they can think about how they think; and in my opinion it inevitably broadens one’s mind. My professional background is not in psychology or something similar, but Infosec. Although maybe not obvious at the first glance, there are similarities between huge modern networks and their defence mechanisms and the way our perceptions and subconscious interact with the conscious parts of our brains.
Why do you think this is an important topic?
Creative and new ways of doing things is the difference between a mediocre pentest and something that’s more useful to the client, or a run-of-the-mill network setup and a well-defended one. Thinking outside the box is such an overused term, but thinking about the box itself -the way we think- doesn’t come naturally. We tend to take our perceptions for granted and rarely question our daily decisions. I think it’s important to become aware of some of the firewalls and defence mechanisms of our brain and to start fitting them to our personal needs.
Is there something you want everybody to know – some good advice for our readers maybe?
Change yourself by closely observing yourself (without judging yourself) and analyse what happens. Some recursion involved.
Breaking out of behavioural patterns by thinking in new ways can help to overcome a bit of ego, and thus create a bit less misery for oneself and those around us.
A prediction for the future – what do you think will be the next innovations or future downfalls when it comes to particularly your field of expertise / the topic of your talk?
Tricky – I think that human mind-computer interfaces will be very hard to establish without being able to think in uncommon ways. The human mind seems to be able to adapt more easily to new situations than an API, no matter how advanced. Security Awareness and Security Thinking are topics which are going to get even more important in the near future.
Stefan is a member of the Internet Security team at the software company DATEV eG. After starting out as a programmer in the nineties he switched to cybersecurity shortly afterwards. Since 2000 he has been securing networks and computers for various enterprises in Germany and Scotland. His main focus nowadays is threat research, raising security awareness and discussing new ideas concerning threat mitigation. When not trying to do any of the stuff mentioned above, he is either travelling, fiddling around with hardware or trying to beat some hacking challenge. Stefan also writes blog posts (in English and German) on his site cyberstuff.org.