Skip to content Go to main navigation Go to language selector
Saab Global

Stop trusting the tech - Midnight Sun CTF will show you why

6 min read

What is the situation with online security and how accurate is our perception of this among us? "It affects us enormously," says Stefan Larsson, one of Saab's experts in cyber espionage. The question is again relevant when the winner of the hacker competition Midnight Sun is decided this week in Stockholm.

Few things affect the geopolitical situation today as much as the Internet. With today's modern solutions, life is made easier for many: orders are placed quickly and easily at the touch of a button, we are tracked in real time via geotargeting and the Internet of Things and thus get the top suggestions for restaurants in the palms of our hands. At the same time, doors are opened for others, who often have anything but good intentions.


Midnight Sun Capture the Flag - happening September 18-19

The qualifying rounds were held in April. On 18–19 September, the world's best hackers will decide who has the sharpest analytical abilities – and who can create the smartest code. Follow the competition as it unfolds on a live scoreboard!

Espionage is no longer something we should associate with James Bond movies, rather it is about code, ones and zeros, and crimes that can be committed from an armchair anywhere in the world.

Awareness must increase – stop trusting the technology!

Stefan Larsson, Strategy & Portfolio, Combat Systems, currently works with combat cloud strategies at Saab's product area for combat command systems. He has extensive experience of cybersecurity and for the past 14 years has developed technical solutions for both Swedish high-profile government agencies as well as foreign companies in the encryption industry, and holds lectures on industrial espionage. He believes that data intrusion and cybersecurity should be given much higher importance internationally.

"Geopolitically, cyber warfare is extremely powerful, and well-executed attacks have disproportionate effects," Stefan explains. "As a defence company, Saab mainly works with what we call our domains – air, sea and land. We also work with cyber security issues, and it is the only domain that can be said to be constantly active, says Stefan Larsson."

We also talk about Jus ad bellum, the regulation that determines whether a country exposed to an attack of any kind has the right to strike back. For the domains air, sea and land, the rules are clear. But for cyber attacks, there is still a grey area.

"There are presently certain rules from the UN regarding warfare, but there are often also attribution problems, that is, you can rarely prove who did what. It's like having a submarine war without effective fire. A provocation in itself but without visible effect or causality. What we have here are people sitting behind and office desk or at home in an armchair who can be extremely dangerous, and with only negligible personal and low political risk.

"Furthermore, ransomware is utilised to create economy in the model, but the underlying reason why someone engages in cybercrime may be completely different."

How far, so to speak, have we come in terms of cybercrime?

"We are still not yet seeing the truly dangerous attacks, because hackers are waiting to carry those out until there is a real geopolitical conflict. But in theory, we could see conventional state-of-the-art weapon systems being disabled. If you knock out a system digitally, you have saved yourself a lot of operational risks, and it can be done entirely clandestinely."

What is the most common mistake that companies make, and how does one avoid exposure to unnecessary risks?

"In essence, I would say that the biggest problem is that we rely on the technology too much, when we often need to create systems that make it difficult to make mistakes. A larger study, which included 4,000 different systems, showed that just one of those systems was free from vulnerabilities, that could potentially have been exploited. Every time you upgrade software, there is a risk of introducing new vulnerabilities, and this is why processes and what we call zero-trust architecture are needed.

"The Swedish Armed Forces do this well. And so does Saab. On the other hand, security requirements can differ from country to country and over time, which means that you need to continuously work both with a changing demand picture from customers and everyone needing to work continuously with a constantly changing threat environment in digital systems."

Are most people today sufficiently aware?

"People are seldom particularly familiar or aware of either the threats or the capabilities of the espionage being used against us. Most have probably understood that we always leave data behind, but not how much. Not so long ago, hackers managed to map US secret service personnel via geolocation, despite the fact that they had turned off location services in their mobile phones.

"I was shocked by the extent the other day when I was looking for recipes and had read about how to preserve cucumbers on a typical Swedish site. That little read resulted in very large amounts of data being shared, not only with the company that owned the site itself, but also with many completely different parties, even including my physical position."


Last year's edition of Midnight Sun Capture the Flag brought a lot of competition.

Midnight Sun Capture the flag – the world's best hackers competing 18–19 September

The qualifying rounds were held in April. On 18–19 September, the world's best hackers will decide who has the sharpest analytical abilities – and who can create the smartest code.

Simply put, hacking is about finding vulnerabilities and exploiting them. Daniel Wengelin, Head of DevOps Product Unit Cyber, is responsible for September's big matchup where some of the world's best hackers will meet in Midnight Sun Capture the Flag.

In addition to the global teams that qualified earlier this spring, qualified student teams from countries in the Baltic Sea region will also compete.

"We wanted to create an event for everyone who works with cybersecurity," Daniel Wengelin explains. "We also want to conduct it from a learning perspective".

Midnight Sun CTF is about finding errors, so-called vulnerabilities, in programs by determining the thought processes of the programmer who put together the program, and then finding ways to exploit the vulnerabilities to access confidential data. To do this, you use the same tools that the programmers usually use when the software us created, such as Python, but also special analysis tools.

With self-written programs, the hacker "tickles" the systems by entering broken data in order to find faulty code, which is then further exploited.

In the end, the one who is quickest to find the confidential data wins, extracting a “flag” hidden in the software, which has given the competitive form its name.

Follow the competition in real time.

A scoreboard is being updated as the competition progresses at


Emerging technologies: fundamental to our future

Our successful history is built on being an innovative and competitive company. If we are to maintain our position in the years ahead we must understand and benefit from the emerging technologies that are fundamental to our future.