This Week in Cloud: Cyber Espionage Hits Politicians and the NSA

Welcome to This Week in Cloud, digest of the most important cloud-related stories from the past few days. This week: Russian hacking tilts the US presidential election, the NSA’s trove of hacking tools gets hacked, and how bug hunters can make $200,000 per bug.

DNC Hack Verges on Cyberwar

After the DNC suffered a data breach of staff emails, experts attributed the hack to Russian state-sponsored groups based on the techniques used. While their suspicion was ultimately justified but inconclusive, a new study now shows over half of cybersecurity professionals think cybercriminals intend to influence the US election. While the details are still fuzzy, the attack on US political infrastructure has certainly raised the stakes of cyber crime. And in an ominous sign of things to come, 82 percent of IT professionals think state sponsored attacks targeting democratic elections should be considered acts of cyberwar.

Experts say cybercriminals are trying to manipulate the US election | Harriet Taylor, CNBC

Snowden speculates leak of NSA spying tools is tied to Russian DNC hack | Dan Goodin, Ars Technica

Blowing the Lid Off the NSA’s Stash of Zero-Days

Zero day vulnerabilities are the most valuable and controversial tools that government hackers exploit to compromise the data of surveillance targets. Experts are also pointing to Russian state-sponsored groups for an intrusion into the systems of the National Security Agency. In the data breach, attackers released complex zero-day vulnerabilities identified and exploited by the NSA. The breach undermines the NSA’s ability to conduct its operations and puts companies using vulnerable products at risk, since providers were not pre-notified before the disclosure. This hack will increase suspicions of the groups responsible and the NSA. 

Those Hacked NSA Malware Names Are Funny, But Don’t Laugh Too Hard | Mathew Ingram, Fortune

NSA’s Use of Software Flaws to Hack Foreign Targets Posed Risks to Cybersecurity | Ellen Nakashima and Andrea Peterson, Washington Post 

Bug Bounties Become Indispensable

One of the top headlines coming from the Black Hat Conference was Apple’s announcement of a bug bounty program, where hackers can get paid for disclosing vulnerabilities in Apple software. The payout will reach $200,000 for the most severe vulnerabilities. Bug bounty programs have proliferated in an effort by technology providers to find and patch vulnerabilities before they can be exploited in cyber attacks. Now, organizations from Airbnb to the Pentagon are employing “white hat” hackers to help find flaws in their software.

In an Age of Digital Insecurity, Paying Bug Bounties Becomes the Norm | Jeff Stone, Christian Science Monitor

Organizations Can Learn from Apple’s Bug Bounty Approach | Fahmida Rashid, InfoWorld

By the Numbers

130

The number of companies hit by a hacking campaign targeting manufacturing and engineering companies across the Middle East and other regions. 

25 minutes

The amount of time given to participants in a social engineering contest to get data from a target company.

$65 million

The value of loss to Bitcoin investors after an exchange hack thought to be “impossible”

Download the New Survey

Read what other IT leaders are saying about hiring trends, IT skills for the next 5 years, and more.

Download Now