Research examines 'white hat' hackers in cyber warfare

Uploaded on 2015-02-05 in NEWS-News Analysis, TECHNOLOGY--Hackers

From the Heartbleed bug that infected many popular websites and services, to the Target security breach that compromised 40 million credit cards, malicious hackers have proved to be detrimental to companies' financial assets and reputations.

To combat these malevolent attackers, or "black hats," a community of benign hackers, i.e., "white hats," has been making significant contributions to cybersecurity by detecting vulnerabilities in companies' software systems and websites and communicating their findings. Researchers at Penn State's College of Information Sciences and Technology (IST) are studying white hat behaviors and how the talents of the white hat community can be most effectively used.

According to the researchers, undisclosed vulnerabilities in publicly and privately deployed software systems are a significant contributing factor to potentially damaging security incidents. Black hat hackers search for unknown software vulnerabilities and attempt to derive benefit by either exploiting such vulnerabilities to steal data and damage service availability or by selling information about such vulnerabilities on black markets.

A recent example is the Heartbleed security bug that was discovered in April and dubbed one of the biggest security threats the Internet has ever seen. Heartbleed's target is the open-source software called OpenSSL that's widely used to encrypt Web communications. Heartbleed can reveal the contents of a server's memory, where sensitive data such as usernames, passwords and credit card numbers are stored. A further complication is the interconnected nature of the Internet—an attack on an individual website or server has the potential to affect numerous websites.

For example, in August 2013, a group claiming to be the Syrian Electronic Army was able to take down the New York Times by hacking into a website in Australia. According to media reports, the group gained control of the Times' domain name registrar, Melbourne IT. A domain name registrar is a site that sells domain names and controls a domain name server (DNS). By hacking into the DNS server, the group could redirect the traffic going to nytimes.com. The Syrian Electronic Army also said it hacked Twitter, which also reportedly uses Melbourne IT.

http://cyberwar.einnews.com/article/245756848/EXuY3KwTy6b32O1Z

« UK: New £3m cyber innovation centre in Gloucester
New Cyber Security School opening in London: »

CyberSecurity Jobsite
Perimeter 81
Cyrin

Real Attacks. Real Tools. Real Scenarios.
Schedule a demo

Go Cyber

Training that transforms behaviours

Sign Up: Cyber Security Intelligence Newsletter

Directory of Suppliers

LockLizard

LockLizard

Locklizard provides PDF DRM software that protects PDF documents from unauthorized access and misuse. Share and sell documents securely - prevent document leakage, sharing and piracy.

North Infosec Testing (North IT)

North Infosec Testing (North IT)

North IT (North Infosec Testing) are an award-winning provider of web, software, and application penetration testing.

Syxsense

Syxsense

Syxsense brings together endpoint management and security for greater efficiency and collaboration between IT management and security teams.

The PC Support Group

The PC Support Group

A partnership with The PC Support Group delivers improved productivity, reduced costs and protects your business through exceptional IT, telecoms and cybersecurity services.

MIRACL

MIRACL

MIRACL provides the world’s only single step Multi-Factor Authentication (MFA) which can replace passwords on 100% of mobiles, desktops or even Smart TVs.

ManagedMethods

ManagedMethods

ManageMethods Cloud Access Monitor is the only Cloud Access Security Broker (CASB) that can be deployed in minutes, with no special training, and with no impact on users or networks.

SRI International

SRI International

SRI International is a research institute performing client-sponsored R&D in a broad range of study areas including computing and cybersecurity.

NTOP

NTOP

NTOP develop high-quality network traffic analysis and DDoS protection software used by small individuals as well by large telecom operators.

Mitre

Mitre

At Mitre we work across government to tackle challenges to the safety, stability, and well-being of our nation. Areas of expertise include Cybersecurity.

NFIR

NFIR

NFIR is a specialist in the field of cyber security incident response and digital forensics.

Keynetic Technologies

Keynetic Technologies

Keynetic focuses on developing cybersecurity solutions for Industry 4.0.

Zymbit

Zymbit

Zymbit provides hardware security modules (HSM) for IoT devices, including Raspberry Pi and other single board computers.

International Data Sanitization Consortium (IDSC)

International Data Sanitization Consortium (IDSC)

IDSC is a group composed of individuals and companies dedicated to standardizing terminology and practices across the data sanitization industry.

Optimum Speciality Risks

Optimum Speciality Risks

Optimum Speciality Risks are an experienced team of cyber insurance experts, backed by Lloyds of London.

CISO Global

CISO Global

CISO Global (formerly Cerberus Sentinel) are on a mission to demystify and accelerate our clients’ journey to cyber resilience, empowering organizations to securely grow, operate, and innovate.

FortKnoxster

FortKnoxster

FortKnoxster is a cybersecurity company within the Crypto & FinTech space. Our encryption technologies are blockchain integrated.

Nomios

Nomios

Nomios develops innovative solutions for your security and network challenges. We design, secure and manage your digital infrastructure.

One82

One82

Serving emerging small and medium-sized businesses in California and neighboring regions for over 20 years, One82 has established itself as the most dependable provider of IT support services.

CAT Labs

CAT Labs

CAT Labs is building digital asset recovery and cybersecurity tools to enable governments to fight crypto crime and to protect investors from hacks, fraud and scams.

ASRC Federal

ASRC Federal

ASRC Federal’s mission is to help federal civilian, intelligence and defense agencies achieve successful outcomes and elevate their mission performance.

Applied Insight

Applied Insight

Applied Insight work closely with government agencies and industry to overcome technical and cultural hurdles to innovation, empowering them with the latest cloud, data and cyber capabilities.