CyberSecurity Headlines: Hack the Pentagon, North Korea’s Cyber Army and Pokemon Go
In the ever-changing landscape of CyberSecurity, it’s hard to keep up sometimes. Luckily, we’re here to keep you in the loop with all the current white-hat, grey-hat and black-hat hacker news of the day. Today, I sit down with Dennis Skarr to recap the recent events of the cybersecurity world.
Hack the Pentagon
- A bug bounty program is offered by many websites and software developers by which individuals can receive compensation for reporting bugs and vulnerabilities. The pentagon has launched their own bug bounty where the US government is allowing white hat hackers, security researchers, etc. to break into the department’s defense websites. Participants receive cash prizes, challenge coins and credibility for their resumes as security professionals. Google and other private corporations have run similar programs with payouts ranging from $100 to $15,000 to the person whom had identified multiple security gaps on their respective sites. In some cases, bug bounty hunters have found vulnerabilities which traditional penetration tests have missed.
North Korea’s Military Cyber Army
- There is very little information about the North Korean military cyber army, but many theories. As secretive as they are, gathering information and having insight as to what they are up to is difficult. What we do know, as of now, is that there have been ongoing attacks to South Korea and the Sony attacks have also been attributed to North Korea’s cyber army. Cyber, being very cost effective in comparison with traditional warfare, allows their efforts to be more impactful with less resources. More and more every year, North Korea’s cyber chops have been growing and where they lack in ability they make up for in intent- making them a cyber force to be reckoned with and a cyber entity to keep close tabs on. Bureau 121 is North Korea’s cyber offensive wing. Rumored to run out of a hotel in China, Bureau 121 runs on a bandwidth type which would otherwise be outside of North Korea’s scale.
- Pokémon Go has taken the world by storm as a forerunner of augmented reality video games. Downloading this software, working with the users’ GPS, opens up a number of options for hackers. One likely, more traditional, way for hackers to capitalize on this craze is by planting a back-end on a malware which would be downloaded at the point of which the app itself is downloaded. In one case, attackers put a software called droidjack.net on users’ phones to allow themselves remote access to not only the app, but nearly everything on the user’s phone. These instances are prevalent overseas where the app has not yet officially launched. In the U.S. we, luckily, don’t have so many concerns with the malware, but the human element is still prevalent and situational awareness is key to keeping ourselves safe from the perils of the physical world.