This Week in Cloud: Cyber Espionage Hits Politicians and the NSA
Welcome to This Week in Cloud, digest of the most important cloud-related stories from the past few days. This week: Russian hacking tilts the US presidential election, the NSA’s trove of hacking tools gets hacked, and how bug hunters can make $200,000 per bug.
DNC Hack Verges on Cyberwar
After the DNC suffered a data breach of staff emails, experts attributed the hack to Russian state-sponsored groups based on the techniques used. While their suspicion was ultimately justified but inconclusive, a new study now shows over half of cybersecurity professionals think cybercriminals intend to influence the US election. While the details are still fuzzy, the attack on US political infrastructure has certainly raised the stakes of cyber crime. And in an ominous sign of things to come, 82 percent of IT professionals think state sponsored attacks targeting democratic elections should be considered acts of cyberwar.
Experts say cybercriminals are trying to manipulate the US election | Harriet Taylor, CNBC
Snowden speculates leak of NSA spying tools is tied to Russian DNC hack | Dan Goodin, Ars Technica
Blowing the Lid Off the NSA’s Stash of Zero-Days
Zero day vulnerabilities are the most valuable and controversial tools that government hackers exploit to compromise the data of surveillance targets. Experts are also pointing to Russian state-sponsored groups for an intrusion into the systems of the National Security Agency. In the data breach, attackers released complex zero-day vulnerabilities identified and exploited by the NSA. The breach undermines the NSA’s ability to conduct its operations and puts companies using vulnerable products at risk, since providers were not pre-notified before the disclosure. This hack will increase suspicions of the groups responsible and the NSA.
Those Hacked NSA Malware Names Are Funny, But Don’t Laugh Too Hard | Mathew Ingram, Fortune
NSA’s Use of Software Flaws to Hack Foreign Targets Posed Risks to Cybersecurity | Ellen Nakashima and Andrea Peterson, Washington Post
Bug Bounties Become Indispensable
One of the top headlines coming from the Black Hat Conference was Apple’s announcement of a bug bounty program, where hackers can get paid for disclosing vulnerabilities in Apple software. The payout will reach $200,000 for the most severe vulnerabilities. Bug bounty programs have proliferated in an effort by technology providers to find and patch vulnerabilities before they can be exploited in cyber attacks. Now, organizations from Airbnb to the Pentagon are employing “white hat” hackers to help find flaws in their software.
In an Age of Digital Insecurity, Paying Bug Bounties Becomes the Norm | Jeff Stone, Christian Science Monitor
Organizations Can Learn from Apple’s Bug Bounty Approach | Fahmida Rashid, InfoWorld
By the Numbers
The number of companies hit by a hacking campaign targeting manufacturing and engineering companies across the Middle East and other regions.
The amount of time given to participants in a social engineering contest to get data from a target company.
The value of loss to Bitcoin investors after an exchange hack thought to be “impossible”