Tag Archive for: story

A sticky story: How, and why, hackers love stickers on laptops

/in


“My other computer is your computer”, “Sniff networks, not drugs”, “Hacking is not a crime”. Anybody who knows cyber security will have seen laptops adorned with such stickers and when you see one in the wild, you know you’re in the presence of a hacker.

As an accidental cyber security journalist, this reporter often uses the term “cyber community”, and as a social anthropology graduate I am fascinated by stories of human communities and ideas, and am motivated to write about hacking because I want to know why people do the things they do.

We can talk all we like about indicators of compromise and common vulnerabilities and exposures, but at its heart, the story of cyber is far more human than it is technological.

What is a community anyway?

What does this have to do with stickers? To answer this, it’s helpful to understand how stickers, and other forms of cyber swag such as t-shirts or socks, tie to concept of community.

Anthropologists have struggled to define community for as long as the discipline has existed. American anthropologist Robert Redfield proposed four fundamental elements of a community. First, they are small in scale; second, their members exhibit homogeneity in activity and state of mind; third, they are aware of their distinctiveness; and finally, they are self-sufficient and sustaining. Others went deeper; George Hillery, who specialised in observing Trappist religious communities, identified more than 90 distinct characteristics – many of them highly specific to a silent order of monks.

Broadly speaking, Redfield’s four tenets show that the idea of sticking together in a community is an evolutionary advantage in humans, whether armed with spears and facing a sabre-toothed tiger, or armed with Dells and facing a Cozy Bear.

And for a group of humans who enjoy breaking things that other humans don’t want broken, it is easy to see how and why hackers stick together.

As BugCrowd founder and CEO Casey Ellis explains, being beyond the law was a fact of life for early hacking groups such as Cult of the Dead Cow, which pioneered hacker branding in the 1980s, and disseminated ideas and content that educated a generation of hackers,…

Source…

Attracting the Right Talent Requires the Right Story

/in


The-Right-Talent-the Right-Story

A recent article in Forbes Magazine by HYPR’s CEO Bojan Simic discussed the cybersecurity skills gap and how practitioners and executives can address the technical workforce shortages. While that article highlighted why and how companies should look beyond current job experience, this post looks holistically at how to attract talented people. It highlights what we do at HYPR to attract and retain our talented team members from a more personal approach.

AppSec/API Security 2022

Seven years ago I met our (now) CEO for the first time. Back then, HYPR resembled an aspiring rock band. It had all the elements needed for success, and a sound that was different yet relatable to all who heard it. Throughout my career, I’ve either been recruiting for or selling enterprise software, mostly within the Information Security industry. I’ve been involved with launching some great technology, and have met some extraordinary people that I now call friends. However, little did I know that initial meeting with Bojan would eventually land me here at HYPR, working with some of the best people I’ve ever known.  

Come for the Tech, Stay for the Team

One of the major reasons I was drawn to HYPR was, of course, the innovative technology. The sheer economic advantage of our approach makes it an obvious choice for anyone who logs into a computer, web or mobile application. We’ve found a way to easily and completely get rid of passwords and finally fix the way the world logs in — and HYPR delivers. Beyond the technology though, I quickly discovered that HYPR was so much more than a tech company. 

Within my first days, I realized HYPR embodies dedication to a level I had never experienced. Dedication to what we build, dedication to our customers, dedication to each other, to having fun, to being transparent, to being empathetic, to doing it over and over again. It’s not just Engineering or Sales, or Marketing or Operations for that matter. It’s each and every person within each and every team. Yes there are challenges, but people go above and beyond to meet them together. This matters. It also raises a question — why and how do some companies go above and beyond and others don’t or can’t?

Telling the…

Source…

The inside story of the CIA vs Russia

/in


In the early 1990s, Senator Patrick Moynihan campaigned for the abolition of the CIA. The brilliant campaigner thought the US Department of State should take over its intelligence functions. For him, the age of secrecy was over.

In a New York Times opinion piece, Moynihan wrote:

For 30 years the intelligence community systematically misinformed successive presidents as to the size and growth of the Soviet economy … Somehow our analysts had internalised a Soviet view of the world.

In the speech introducing his Abolition of the CIA bill in January 1995, Moynihan cited British author John le Carré’s scorn for the idea that the CIA had contributed to victory in the cold war against the Soviet Union of Leonid Brezhnev and his successors. “The Soviet Empire did not fall apart because the spooks had bugged the man’s room in the Kremlin or put broken glass in Mrs Brezhnev’s bath,” Le Carré had written.

Source…

The neverending story of Advanced Persistent Threats

/in


As the name would suggest, advanced persistent threats are attacks that use a continuous and sophisticated hacking technique to gain access to a system and remain inside for a prolonged period, which may result in potentially destructive consequences.

The Global Research and Analysis Team (GReAT) at Kaspersky has been publishing quarterly summaries of advanced persistent threat activity. And one of the biggest examples of a successful advanced persistent threat attack was the SolarWinds incident. According to its report, the evidence suggested that the threat actor behind the attack, DarkHalo, had spent six months inside OrionIT’s networks to perfect their attack. And the rest of course is history.

Another example of an advance persistent threat attack is HoneyMyte. HoneyMyte modified a fingerprint scanner software installer package on a distribution server in a country in South Asia. Not only did it modify a configuration file, but it was also able to work on installation even without network connectivity. The Trojanized installer appears to have been staged on the distribution server from March to June.

GReAT researchers feel that 2022 is going to see advanced persistent threats becoming more advanced and target more areas as well. One of the biggest changes will be from the Politicization that is playing an increasing role in cyberspace, the return of low-level attacks, an inflow of new advanced persistent threat actors, and an explosion of supply chain attacks.

What’s more concerning is how the private sector is seeing an influx of new advanced persistent threat players. This includes the recent Project Pegasus surveillance spyware. The researchers also have seen developers of advanced surveillance tools increasing their detection evasion and anti-analysis capabilities – as in the case of FinSpy – and using them in the wild – as was the case with the Slingshot framework.

(Photo by DENIS CHARLET / AFP)

Other targeted threat predictions for 2022 include:

  • Mobile devices – 2021 saw wild zero-day attacks on iOS devices and is expected to continue in 2022. Simply because security products on iOS are either…

Source…