Български Русский English
Far too dangerous: Why Russians weren't invited to hack the U.S. Air Force
Monday, 01 May 2017 02:33

An unwillingness to expose its systems to additional risks probably convinced the U.S. Department of Defense (DoD) not to invite Russian cybersecurity specialists to participate in its “bug bounty” program to hack the Air Force.

On April 26, the DoD announced the "Hack the Air Force" challenge for cybersecurity specialists from the U.S., U.K., Canada, Australia, and New Zealand, but denied entry to hackers from Russia.

Keep out, Russians

"Systems that might be targeted in order to identify security vulnerabilities may be those that are not connected to the internet and that are largely unknown to the public," said Oleg Demidov, a cybersecurity expert at PIR Center, a Moscow-based think tank.

The issue of trust is key for the DoD’s choice of countries whose citizens are licensed to perform such sensitive cyber operations. While the U.S., Canada, U.K., Australia and New Zealand are all members of the Five Eyes alliance that promote cooperation in the field of intelligence, Russia is not.

"Russians will never be invited to participate in such challenges because the U.S. military officials believe that knowledge and information about the Pentagon’s security systems that are obtained during such operations might be exploited and used against U.S. interests," Demidov said.

"Russian school"

Whether the DoD is losing out on opportunities by not inviting hackers from Russia to participate in its "bug bounty" competition is unclear. Experts disagree on whether there is a distinctive Russian hacker 'school,' and whether participation could have made a difference for the Pentagon.

Far too dangerous: Why Russians weren't invited to hack the U.S. Air Force

Some experts say compact code and non-standard solutions are features that pertain to the so-called "Russian school" of hacking. "What such hackers have in common is freedom of thinking - Russians usually seek non-standard solutions for standard tasks. This particular feature of Soviet education remains a distinctive feature of Russian hackers, who don't think according to conventional patterns," Alexei Lukatsky, a security consultant at Cisco Systems, told RBTH in a previous interview.

Other experts doubt hackers from the former Soviet Union comprise a distinct cyber community. "There is certainly no Russian community of hackers, but there is a global community of Russian-speaking cyber criminals dispersed throughout the world. So, it's impossible to define what is a 'Russian school of hacking' based on a single criteria," Demidov said.

At the same time, Demidov agrees there are criteria that when taken together could suggest that the hacker in question comes from the Russian-speaking community: language of communication, certain code patterns, and certain "darknet" connections that allow users to access friend-to-friend networks with non-standard software and communications protocols, etc.

Regardless of whether there is anything the U.S. could have gained by inviting hackers from Russia to participate in its "bug bounty" challenge, the DoD apparently decided not to expose its systems to additional risks and did not include Russia among the listed countries.

Difficult to control

Experts say the Russian Defense Ministry, in contrast to the Americans, relies more on private cybersecurity companies instead of the "bug bounty" challenges to unveil vulnerabilities in its systems. A private company signs a non-disclosure agreement, making it far less risky.

Since a "bug bounty" program is a deal that companies and government agencies offer to individual cybersecurity specialists to reveal hidden security vulnerabilities in their systems, it brings greater risks because it's more difficult for the client to control.

At the same time, a number of American companies occasionally announce cybersecurity challenges and invite hackers from Russia to participate. In January, Facebook paid $40,000 to a hacker from Russia for identifying a vulnerability in its system and reporting it to the company.

Read more: Why do Beijing and Moscow embrace cyber sovereignty?>>>

Crimea to become center of Russian shipbuilding

article thumbnail

During the Ukrainian era in the history of Crimea, the shipbuilding industry of the peninsula had been lost and forgotten. Routine repairs would not be conducted, equipment would not be upgraded either. The Ukrainian period has led to the decline of shipbuilding and ship repair in Crimea. Russia's  [ ... ]


Guns and fighters seep through Ukraine's porous Russian border

article thumbnail

Combatants engaged in last week's fighting say walked into the country 'to visit relatives' at poorly policed checkpointsIn late April, 65 Russian men in groups of five to 10 crossed the border with Ukraine on foot, telling border guards they were going to visit relatives.It wasn't a fond babushka  [ ... ]


Maria Sharapova to skip Wimbledon tournament

article thumbnail

Russian tennis player Maria Sharapova will not be able to take part in the WTA tournament in Birmingham and in the season’s third Grand Slam tournament at Wimbledon.She revealed the news on Facebook. "After an additional scan, the muscle tear that I sustained in Rome will unfortunately not allow m [ ... ]


source:
 http://rbth.com/international/2017/05/01/far-too-dangerous-why-russians-werent-invited-to-hack-the-us-air-force_753991

 

Advertisement