menu
FI EN

FAQ

What is the Next Gen Hack Challenge?

The Next Gen Hack Challenge is a national influencer network of Finnish companies, authorities, and organizations in the cybersecurity field. It brings together cybersecurity experts to offer young people interested in security testing and hacking high-quality and diverse challenges in a safe environment.

The network organizes and conducts an annual hacking competition at challenge.fi while also forming a community of influencers aimed at promoting knowledge of the field and ensuring its attractiveness to future professionals. The initiative, which started in 2020, has continuously attracted new organizers and supporters.

History of the Hacking Challenge

2021: The first hacking challenge campaign was launched.

2022: An official representative team was selected from the challenge participants, allowing Finland to participate for the first time in ENISA's European Cyber Security Challenge, where they placed 12th.

2023: The hacking challenge was renamed, but the concept remained the same. A team representing Finland was selected from the participants to compete in ECSC in Norway.

What is CTF?

CTF (Capture The Flag) is a common principle in hacking challenge competitions. CTF is usually a competition-form challenge or a set of challenges where the aim is to, for example, find a vulnerability in code or decrypt a part of a file, enabling the player to extract a "flag" or answer, which they submit for a set number of points.

By completing multiple challenges, a player earns more points. CTF is typically the best and safest way to get acquainted with hacking, as it offers various difficulty levels from beginners to professionals. CTF competitions also test a variety of problem-solving skills, allowing participants to better understand their skill level and areas needing improvement.

Many cybersecurity experts participate in different CTF competitions alongside their work, and CTF competitions can also be used in recruitment.

Can anyone participate in the Next Gen Hack Challenge?

Anyone can participate in the challenge competition, but rewards (including spots in ENISA's national team for the European Cyber Security Challenge) are intended only for those aged 15-25. Additionally, a spot on Finland's representative team requires Finnish citizenship.

How can I get started with hacking?

You can learn hacking by familiarizing yourself with various tools and participating in different challenge competitions. Curiosity, patience, and a learning-from-mistakes approach will help you achieve your goals. One of the best aspects of hacking is that you can never fully master it.

Platforms like HacktheBox or TryHackMe offer good opportunities to practice hacking skills with challenges tailored to your skill level.

I've already completed all the challenges. What's next?

Great! Next, you might want to check out the #crowdsourcelinks channel on the Next Gen Hack Discord server, where we've listed the most interesting and challenging Capture The Flag competitions. It's worth exploring!

My friends aren't interested in CTF or cybersecurity. Where can I meet others who are?

We strongly recommend getting to know communities interested in information technology and cybersecurity, such as Next Gen Hack, Women4Cyber Finland, Testausserveri, or HelSec on Discord. These communities welcome anyone interested in the field and related topics!

Join the Discord channels:

In Finland, there are also strong regional cybersecurity communities focused on different cities, known as CitySec communities.

Join the CitySec discussions on CitySec Mattermost: https://citysec.disobey.fi/login

Where can I get more information about the competition's progress?

The official communication channels of Next Gen Hack are Instagram and Discord.

I feel that cybersecurity is my thing. How can I enter the field?

Great! We recommend you explore the places that interest you and the related qualifications/training requirements. There is no single path to the cybersecurity field. Hacking will surely be beneficial if you are interested in more technical roles. And while technical skills and interest are a plus, the field also requires many other forms of expertise now and in the future!

If you have any questions, feel free to ask professionals in the mentioned community channels!

Why do authorities and companies encourage young people to hack?

The importance of cybersecurity has grown worldwide, impacting companies, public actors, and individuals alike. At Next Gen Hack, we recognize the significance of cybersecurity for Finland's future and aim to address it by encouraging young people to take an interest in the field early on. Through our collaboration, we want to convey that Finland has a culture of cross-sector cooperation and a strong sense of community.

Entering the cybersecurity field is worthwhile for many reasons, not least because the range of tasks is very broad. A good understanding of the variety of roles can be gained from the Next Gen Hack channel on Discord, where participants can interact with representatives of the organizing entities during the challenge.

Is hacking legal?

The legality of hacking depends on the methods used, the intentions, and the target. The basic principle is that the same rules apply to digital information or services (e.g., websites) as they do offline.

For example, unauthorized access to someone else's user account is considered a data breach, punishable under Finnish criminal law. The method by which someone obtained another person's username does not matter. Additionally, acquiring and distributing malware or hacking tools can be illegal depending on the tool and its intended use. There are over 26 different cybercrime offenses in Finnish criminal law. Those interested in hacking should familiarize themselves with online legislation to avoid surprises.

You can read more about cybercrimes on the Finnish Police website here: https://poliisi.fi/kyberrikokset

Vulnerabilities vs. Mindset

There are many different types of vulnerabilities in the online environment that anyone can find and exploit.

Testing security on your own initiative involves risks that can, at worst, lead to criminal liability. When identifying vulnerabilities, it is essential to recognize your responsibility to report the found vulnerability and remember that exploiting the vulnerability can lead to criminal liability. The fact that something is possible does not make it legal or remove personal criminal liability. Adopting ethical, sustainable, and legal security practices in everyday life is a crucial part of growing into a future cybersecurity professional.

The best way to ensure that your actions are legal is to:

  • practice in safe, purpose-built online environments
  • familiarize yourself with programming and other tools
  • participate in CTF competitions or join a company's bug bounty program

Tips

Organizations are generally interested in findings that improve security, and they may even offer monetary rewards for them. The smartest organizations use reward programs for vulnerability hunting in their operations.

Here are a few tips:

  • If you are unsure about the legality of an action, do not do it.
  • If it is a vulnerability, ensure that the information holder/owner/Cybersecurity Center is informed.
  • Do not disclose the vulnerability without permission; the general principle of responsible disclosure is to let the service provider report the vulnerability.

Report vulnerabilities to the Cybersecurity Center.

You can report a vulnerability or security incident to the Cybersecurity Center electronically at https://www.kyberturvallisuuskeskus.fi/fi/ilmoita

Reports can also be made anonymously.

You can also find support and more information on handling different security incidents on their website.

I suspect I've encountered criminal activity online, what should I do?

If you suspect you have been a victim of a crime, you should report it to the police as soon as possible. You can file a crime report electronically through the police's e-service: https://asiointi.poliisi.fi/yksityis/rikos.

If you notice suspicious activity online or suspect you have encountered illegal material or content, you can easily report it to the police through the Nettivinkki service at https://poliisi.fi/nettivinkki. Nettivinkki is for reporting non-urgent matters. Describe as precisely as possible the content or activity you have encountered and where. You can leave the tip anonymously if you wish. The police will review the tips and take further action if there is reason to suspect a crime.

Support for transitioning to a legal path

Concerned about a friend's online behavior? Or do you feel your hacking may have crossed into illegal territory and need support to disengage from criminal activity?

The Finnish National Bureau of Investigation's Cybercrime Exit project is a preventive special activity of the police aimed at preventing youth cybercrime, increasing awareness of legal and illegal online activities, and supporting young people in disengaging from a criminal lifestyle. The project targets 12-25-year-olds.

The activity is voluntary and confidential, focusing on supporting a crime-free lifestyle by helping identify the boundaries between legal and illegal activities, mapping out work and study opportunities that support skills, providing other life situation support if needed, and guiding towards networks that support legal activities.

You can contact the Cybercrime Exit project via email at cybercrime.exit.krp@poliisi.fi.