28 August 2019, interview: Alexandra Muheim, photo: Ivan Bütler
I’m Ivan Bütler, the founder and one of the managing directors of Compass Security. We look for weak spots in operators’ websites, in e-banking, trading systems, voting systems, remote access, Android, Mac and iPhone. We are, if you will, the good-guy hackers.
I set up the company with my colleague Walter Sprenger. We started out small and were able to expand very quickly; in the meantime we have offices in Bern, Zurich, Berlin and, since last December, in Toronto.
There are various motives for hackers and then different sub-categories. I personally like the following breakdown into four groups the best.
Can I answer the question with a question? Do you drive a car? And you know that it has safety belts and airbags and so on, because an accident might happen? But you carry on driving anyway? So that's what it’s like for me and the Internet. I’m aware of the risks and that you’re never safe despite taking every precaution. But I still use it because of the many advantages it offers.
I’d really rather not say, but so far there has been virtually no company we couldn’t hack. The problem is always people: If just one out of a hundred doesn’t pay attention, you can get in to the system. Even if the employees are warned and are careful.
For example, we had a case where we were supposed to hack a company and one person volunteered to be the test person. We then Googled this person and found out that she is registered on a website where you can find former classmates. We set up a g-mail account in the name of a former classmate and wrote to her: “Hello, I’m organizing a class reunion; I’ve already put the addresses I knew in the attached Excel file. Could you complete the list?” As soon as she opened the attachment, the Trojan was already on her computer.