Meet IT:U’s Ethical Hackers
How IT:U’s ethical hackers work on preventing cyber security attacks that could affect us all.
Most people would probably want to protect themselves from hackers. But what about welcoming them, albeit the ethical sort, for the public good? That’s what Professor Johanna Ullrich and her team of ‘ethical hackers’ at IT:U are trying to accomplish.
„Hacking always has the notion of doing something bad … but while white hat hackers basically have the same skillset, we want to know if we can overcome a system. But if we do so, we do not steal money or do anything mean, we do responsible disclosure, which is we contact either the operator or vendor and say, ‘there is something wrong, please fix it’.”
Johanna Ullrich, Professor of Security at IT:U.
She and her team actively look for and identify security risks, saying “we get the reward that we found the mistake”.
By doing so, they can help prevent major security breaches, which could end in power outages or a breakdown in other critical infrastructure.
The professor will chair an online conference this month (23 to 25 March), called Passive and Active Measurement Conference 2026, or PAM 2026, where like-minded researchers will meet to gain insight into the state of the internet and its role as critical infrastructure.
Hacking for society’s benefit
While some people offer their hacking services to organisations for a fee, Professor Ullrich and her team are doing it for the benefit of society.
“Sometimes you have companies or institutions that are important for society. They do not feel like they have a problem, but we can educate them that this is an issue, we go after new attack concepts.”
A few months ago, Professor Ullrich published a research paper on Ukraine, where she and her team made attacks on infrastructure visible through their servers in Austria.
The following chart shows when and where internet disruptions occurred across regions of Ukraine between 2022 and 2025. Each color represents a different network condition: red indicates confirmed outages, green shows other types of disruptions, blue marks routing issues (when internet paths break), gray means normal operation with no outage, and white indicates missing data.
© ACMYet this type of research is equally important in many other areas and, according to the Professor, needs to be explored further.
“We have to talk about our democracy here, we are used to a bunch of working infrastructure, and we want to maintain that for democracy, for wealth, for daily life.”
She adds that the internet is perceived as reliable but is in fact a fragile infrastructure that needs constant monitoring, ideally by people who work for the benefit of all.
Learn more/conference details:
The Passive and Active Measurement Conference 2026, or PAM 2026, is happening from 23 to 25 March and those interested can register and join online.