Tag Archive for: paid

SpaceX says researchers are welcome to hack Starlink and can be paid up to $25,000 for finding bugs in the network

/in


SpaceX Starlink internet terminal next to CEO Elon Musk.

Elon Musk’s SpaceX is encouraging security researchers to hack Starlink in a non-disruptive way.Getty Images

  • Elon Musk’s SpaceX said it encourages researchers to hack Starlink in a non-disruptive way.

  • If researchers submit findings through SpaceX’s bug bounty program, they could be paid up to $25,000.

  • One researcher recently said he hacked into Starlink using a $25 homemade device.

SpaceX says responsible researchers are welcome to hack into its satellite internet network, Starlink. It added that it could pay them up to $25,000 for discovering certain bugs in the service.

The announcement came after security researcher Lennert Wouters said last week he was able to hack into Starlink using a $25 homemade device. He said he performed the test as part of SpaceX’s bug bounty program, where researchers submit findings of potential vulnerabilities in Starlink’s network.

In a six-page document entitled “Starlink welcomes security researchers (bring on the bugs),” SpaceX congratulated Wouters on his research.

“We find the attack to be technically impressive, and is the first attack of its kind that we are aware of in our system,” SpaceX said in the document. Wouters’ hack involving a homemade circuit board shouldn’t worry any Starlink users and won’t directly affect the satellites, SpaceX added.

The company’s own engineers are always trying to hack Starlink to improve the service and make it more secure, SpaceX said in the document. It welcomed any security researchers who wanted to help secure Starlink, saying they should consider joining the team or contributing their findings to the company’s bug bounty program.

“We allow responsible security researchers to do their own testing, and we provide monetary rewards when they find and report vulnerabilities,” SpaceX said in the document.

On SpaceX’s bug bounty website, it says researchers who carry out non-disruptive tests on Starlink, report the findings, and discover vulnerabilities within scope can be rewarded between $100 and $25,000.

The site lists 32 researchers who SpaceX said reported important security issues in Starlink. It also says the average payout in the last three months was $973.

Testing that disrupts the service for…

Source…

Ethical hacker gets paid for cracking IT systems

/in


AJ Dumanhug, a 26-year-old ethical hacker and cybersecurity expert who co-founded Secuna, makes a living out of cracking the IT systems of companies, organizations, and government agencies with the purpose of making them more secure and protected.

His interest in IT began a decade ago while playing online games. “From there, it grew the desire to understand the best way to use technology,” he says in an interview via email.

Dumanhug decided to become an ethical hacker after learning that companies are willing to provide cash rewards to people who responsibly disclose a security flaw they find in the company’s product. 

“Ethical hackers can counter cybercriminal attacks, and risks from these web threat attempts can be mitigated by doing deep dives into how these digital terrorists think, plan and operate. Given these cybercriminals’ considerable skills and the support from their own network, their attacks can be countered by an equally knowledgeable and skilled community—but this time, one that is on the side of the digital angels,” he says.

In 2017, he helped establish a company composed of trusted international cybersecurity professionals called white hat hackers or simply ethical hackers to identify potential security flaws.

“Having a large network of ethical hackers is a huge advantage for Secuna in helping companies, organizations, and even the government secure their digital assets. As hackers, they are also privy to cybercriminals’ ways, mindsets, and methods, enabling them to stay one step ahead,” says Dumanhug.

IT degrees

Dumanhug, who obtained Bachelor of Science Information Technology degree from STI College, studied short courses at the University of the Philippines, and took Professional Science Master in Cybersecurity at Holy Angel University, is now the chief executive at Secuna—a Philippines-based cybersecurity firm that offers penetration testing services.

“Secuna is my first professional job, but I also worked as a full-time consultant for almost three years for the University of the Philippines System under UP Information Technology Development Center. I am a cybersecurity mentor for startups through…

Source…

The teenage hackers paid millions to expose corporations’ weak spots

/in


The 19-year-old sat at his desk, eyes hooked on the screen. Displayed on it was a corporate-looking website. At a casual glance it was just another nondescript web page, perhaps a little sparser than the colourful social media platforms he might be expected to browse.

But the American teenager had in fact gained access to the TAT-14 submarine telecommunications cable system. In operation until December 2020, the vital global commerce conduit stretched for more than 9,500 miles between France, Germany, Denmark, the Netherlands, Britain and the US.

“I came across this one web server. And the title was super interesting. So I wanted to see if I could hack it,” says Corben Leo.

His method was shockingly simple: Leo navigated to a very specific web address and refreshed the page twice. Thanks to a hitherto undetected flaw, the website treated his computer as if he had logged in with an administrator account.

It gave him the same level of control as the owners of TAT-14, resting his fingers on the artery of transatlantic trade in March 2019. And nobody knew he was there.

Leo’s hack is just one among a global community of bug bounty researchers: ethical hackers who investigate companies’ web servers for security flaws – bugs – and then reveal their findings to the owners, usually in return for payment.

“I could add admin access to all of their accounts. I could manage them, I had access to all of the internal cable documentation,” says Leo. “Everything that had to do with the inner workings of the cable, how the cable was physically structured, their maintenance periods.”

Not yet old enough to even buy a beer at the time, he could have triggered stock market crashes, disrupted governments or sparked accusations of international espionage.

Instead, he says, “I reported it to the telecommunication company as part of their security programme.

“I didn’t try to do too much because it was an undersea cable. I was fearful of getting thrown at a CIA black site!”

A lucrative pastime

For the most highly skilled hackers, bug bounties can be a lucrative pastime. Leo, now aged 22, claims he has earned “close to a million dollars” from his research efforts. As a…

Source…

High School students learning cyber security training through paid internship with VMI

/in


LEXINGTON, Va. – The Virginia Military Institute is helping high school students better understand cyber security through a paid internship program.

Seven local high schoolers are currently participating in this fully immersive program and are gaining a better understanding of cyber security by working with VMI Cadets.

The students come from Rockbridge County High School, Parry McCluer High School and a homeschool group. They meet every day after school for two hours to work on two separate projects.

The first project they have been working on is called the Internet of Things Box, which represents the smart interconnected devices people use at home and work. Interconnected devices include items like a web camera, smart outlets, Google Homes or an Alexa.

With this project, the students learned the secrets of the networks and devices, built them by hand and then attempted to hack them.

Ad

“The students are learning new stuff and trying to figure out those hard problems with a little push from my team, but a lot of this is on their own,” said Cole Corson, a VMI student. “They are really self-motivated. They have to go out there and figure out what the solution is to their problem and that’s what I think is the core and the best part about this program. It teaches them how to go find the answer to their problems themselves, and in the pre-science world, computers and the internet help with that a lot.”

The second project students are working on is called the “Turnout” app. This app is designed to provide cadets with notifications that have information about cyber events. Students worked with cadets to learn, design and develop complete software programs.

“Cyber security and programming and all this computer stuff is my hobby,” said Jonas Squires, a homeschool student participating in the program. “It is what I do at home, and so the opportunity to do it here with all sorts of technology that I don’t have access to at home and learn new things was just an opportunity that I couldn’t pass up.”

Ad

This program is in partnership with Virginia Tech. Two Virginia Tech graduate students brought innovative tools to the internship site.

This experience is allowing a younger…

Source…