This Week in Getting Hacked: “Crackas with Attitude” Edition

All aboard the cybersecurity train! CHOOO CHOOOO! Each week we bring you the greatest and most terrifying cybersecurity and hacking-related news on the web. This is….THIS WEEK IN GETTING HACKED!

The Former Director of Spying on You the NSA and CIA, Gen. Michael Hayden has suggested that private firms take over cybersecurity of major infrastructures and data rather than the US government. The reason? Politics and the government take forever to get things done, and aren’t really known to be ahead of the curve, but find themselves catching up most of the time.

Do you really want those people protecting the power grid? They’d probably wait till we’re in the dark to make any changes. Private firms are always at the forefront of technology, so it makes sense that you’d want that guarding our most important assets.

Maybe that guy that was responsible for spying on you actually knows what he’s doing.

And he might be right, considering that the government can’t come to an agreement on how to handle controversial cybersecurity regulations that wants to keep hacking tools out of the reach of “the bad guys”. Some are arguing that it would restrict security research, and hamper any information about cyber terrorism threats being shared, and just be overall horrible for digital security worldwide.

In effect, they’re arguing over proponents in the Wassenaar Arrangement, which allows the government to control dual-use technologies like lasers, and other military-turned-commercial goods. In 2013, the Wassenaar Arrangement was revised to include software sales and the vague “intrusion software” terminology which is software that allows you to access, modify and extract data.

Photo Credit: foreignpolicy.com

The problem lies in the fact that this type of software is also used to help companies in penetration testing to determine the security of their networks and software. Tech companies are arguing that they need it to create more secure programs, while some in the government are arguing that revising the Arrangement will allow said hacking software to get into the wrong hands.

They are attempting to work out an agreement on a revision to the Wassenaar Arrangement that would allow tech companies to get this software without any hoops to jump through.

The power grid is the biggest risk and the biggest target in the cybersecurity world. Take out the power, and you technically have all the power. That’s exactly what’s happened to nearly 80,000 citizens in the Ukraine, as they found themselves the victim of the first known power outage by hackers.

Experts say that the attacked was caused by Russian state-sponsored hackers using the BlackEnergy Malware to gain access and control. How did they get control? Spear-phishing. Essentially, they targeted a high-level employee—usually C-level—to get critical information to gain access to the system.

We’ve said it time and time again, humans are the biggest cybersecurity weakness in the world. Fortunately, the power was only out for about 6 hours until control was regained.

Hey, remember that teenager that hacked the CIA Director’s e-mail? Well, he’s back to mess with more people—this time, the US spy chief Director of National Intelligence James Clapper. They hacked into basically all of his accounts—even rerouting calls to his home phone number to the Free Palestine Movement– and a spokesperson for the Office of the Director of National Intelligence confirmed he had been hacked.

Photo Credit: huffingtonpost.com

My favorite part of the story is that the teenager and his hacking friends have named themselves “Crackas With Attitude”. Kudos, gentlemen.

Remember last year when hackers got access to the VTech children’s toys? Well, hackers have gone to the Dark Side and have maybe exposed a vulnerability in a Bluetooth-powered BB-8 Star Wars toy.

Photo Credit: store.sphero.com

Don’t worry, though, because there needs to be an incredibly coincidental set of circumstances for this hack to even remotely happen: there has to be a vulnerability in the Android or iOS Bluetooth stack, and a hacker has to be nearby while the BB-8 owner is updating the toys firmware at the same time.

Also, it has to be a Tuesday, approximately 2:38 PM, mostly sunny, your name has to be Dave…

That’s it for this week! Stay safe out there!