"Russian hackers are looking software systems at Shell, Philips and the Dutch Ministry of Defense for a way in. The systems are being probed. Without results for now", according well-known daily published in the Netherlands NRC Handelsblad.
According to the Handelsblad "there are tens of young men and women testing the software of businesses and government institutions. They call themselves white-hat hackers. The accountants wear slim fit suits; the Cyber Risk Services technical staff just wear jeans. In one of these flexible working spaces, there stands a Golden Cup, awarded for the Global CyberLympics Security Challenge. Here sit the wizards of our time, as director Jelle Niemantsverdriet calls his colleagues".
Jelle Niemantsverdriet said that "there are grandiose examples of state attacks. The American and Israeli Governments spread malicious software in 2010 to shut down the Iranian nuclear program's Siemens centrifuges. You can use a method like that once, but then you have revealed yourself quickly".
The number of potential cyber attacks rises steeply as soon as states start using the simple tricks of criminals. "Phishing," for example, the retrieval of a user's password by making him retype it. That is what Hillary Clinton's campaign manager John Podesta did and, according to the US intelligence services, Russia was behind it.
Niemantsverdriet lists several examples, such as software which is used in a different way than intended: "what happens if you upload a file containing a virus instead of a photo? What happens if you change a URL with user-id=2 to user-id=3? Do you possess someone else's data? Suppose that you put 3,000 characters in a user name field that only allows 30 characters? Then you get an error message".
"And that error message tells you something about the programming code".
0 comments: