In conversation with Johannes Klick
The managing director of Alpha Strike Labs puts hackers out of business
Last year, Helmholtz-Zentrum Berlin and Berlin’s Museum of Natural History were hit by hacker attacks, and memories of a security breach at the Berlin School of Technology are still quite fresh. “The threat level in cyberspace is higher than ever before,” says the report on the state of IT security in Germany penned by the Federal Office for Information Security, or BSI. Among those giving support are the professional hackers of Alpha Strike Labs. Adlershof Journal spoke to the managing director Johannes Klick.
Adlershof Journal: What is the core business of Alpha Strike Labs?
Johannes Klick: Our clients commission us to give them a global hacker’s perspective on their business. To do so, we collect all the data an attacker could be using, from the internet, the deep net, and the dark net. This type of analysis is called open-source intelligence (OSINT). We generate an overview of vulnerable IT systems that can be accessed via the internet as well as the leaked e-mail addresses and passwords of employees that are made available in the deep and dark net. To accomplish this, most of the data we use comes from our in-house global search machine, which scans the internet and its three billion IP addresses for critical or vulnerable IT systems several times a day.
At present, how vulnerable are public infrastructures, government offices or research facilities?
In 2021, the year of the pandemic, we drew up a comprehensive study of 1,300 German hospitals and published it at CyCon, the International Conference on Cyber Conflict of NATO. Every third hospital and roughly every third network provider was vulnerable or exhibited insecure configuration. Analyses from so-called KRITIS companies (critical infrastructures) and government offices have shown that they also exhibit a great many vulnerabilities. We have created dashboards for every German federal state and its municipalities and can thus show that five to ten percent of all systems have shortcomings. Since the IT departments of KRITIS companies and public institutions tend to be short-staffed and their pay level is not competitive, this security situation will worsen in the years to come.
Who are your customers?
We provide our services to DAX companies, large medium-sized companies, and we support public agencies at the EU level.
How do you attract talent?
Our team currently consists of 13 employees, who dedicate themselves to daily research and development activities or the analysis of threats from the internet. Once a year, we host so-called LAN parties, where colleagues, interns, former colleagues, and their friends locally connect their computers and play video games for three days. The last party took place here in Adlershof in 2023, just before Christmas. Thanks to the open and casual atmosphere and the teamwork required by the video games, we get to know each other really well. We have attracted many new employees and student workers in this way.
What does your current working situation look like?
On two days a week, we have fixed office days for everyone. There are also some colleagues who like to work at the office daily. Many ideas or solutions come up during a lunch break or while chatting next to the coffee machine. That can hardly be emulated in online meetings. In addition to many experiments, we have found that this mode works well, one that combines flexibility and preserves social contacts.
What do you do to balance out your work?
I spend a lot of time with my family. I also like to play paintball with my clubmates, and I like to play PC games in the evenings with friends, some of whom I still know from my school days 20 years ago.
Peggy Mory for Adlershof Journal