Hacking machines
They represent the seven teams that are about to enter the big battle: finding security holes to infiltrate the enemy system. The commentators stand around three big screens explaining the match – in fact invisible – because they happen on cyberspace and no hacker controls the giant machines – all operate on their own. thanks to artificial intelligence (AI).
The scene above is the trailer of a new science fiction movie? No, that's what really happened on the finale of the Defense Advanced Research Project Agency (DARPA) Cyber Grand Challenge, the agency that specializes in the advanced defense technologies of the US Department of Defense, the team. function.
These seven supercomputers are called "hacked machines", because they were created to replace security experts. The final of Cyber Grand Challenge is organized in the form of robbery, a popular type of competition in security circles: the mission of each team is to find holes in the enemy's system to attack, and ensure the system itself My system also has no errors for competitors to exploit.
Such virtual chess robbery contests are not rare, but this is the first time that "contestants" have entered the competition completely without human intervention. Finally, the machine developed by ForAllSecure Startup Company named Mayhem (Chaos) won the first prize of $ 2 million.
 |
| Hackers have created cyberwar or not, but the damage from the recent intrusions is huge |
Robot hackers help the world safe …
In the latest report, Symantec Security Company estimates that there are about 5,500 new security holes discovered globally only in 2015. Technology circles believe that there will not be enough manpower to resist attacks. The network is increasing today.
Moreover, as DARPA warns, "it will take a year for network security experts to discover a security solution to find a solution", and this time is sufficient for systems. Crucially compromised.
Machines that find and fix security bugs, therefore, are expected to be of great help in cyber wars where the bad guys – the attackers – often have an advantage over the defenders.
"Finding a single vulnerability and exploiting it is much easier than protecting all weaknesses in a system," explains David Brumley, ForAllSecure's CEO.
In fact, systems are currently programmed to detect intrusions, but can only be alarmed. In 2013, hackers hacked into the system of Target (US) supermarket chain and stole credit card information of 40 million customers.
Target's security software alerted its IT department as soon as it was discovered, but "this very important warning sinks in a bunch of other security warnings that are still being sent every day" – according to Bloomberg.
When completed, hacking machines like Mayhem will definitely solve the problems mentioned above.
 |
| Turn victims into ATM withdrawals |
… what about the machine that created the counter?
Excited with "hacking machines", the technology world still has reason to worry. What if the computer after finding security holes, not patching it again, exploiting these errors to perform an attack? "Then we don't have supercomputers to protect us from hackers, but they're hackers," warns CNET.
On July 14, when DARPA just announced the Cyber Grand Challenge, technology genius Elon Musk warned of the scary prospect.
"Everything will be fun and just a game until …" – Musk wrote on Twitter, accompanied by a link to the Skynet article on Wikipedia after three ellipsis.
Many tech news sites say it is unclear whether Musk jokes when it implies hacked machines will create Skynet – the product of the fictional series Terminator , which dominates the entire computer system and robot with the goal of destroying. kill humanity. But he once called AI "the greatest threat to human survival."
But in the short term, Brumley thinks his hacking machines like Mayhem are not bad. "As with any tool, you need to use them ethically – he says – We believe our technology will make computers around the world safer and more secure."
The cyberwar is not what we thought?
| In the context of anyone being a victim of hackers, being careful and protecting yourself more than ever is the key. A report published at Black Hat indicates that people tend to click on links that are unknown to their source via social networks more than double that of email. A Google research group also experimented with pretending to drop 300 USB on the campus of the University of Illinois Urbana – Champaign to see how many people are willing to plug in strange USB sticks to get into the machine. As a result, 98% of USB drives are picked up, and half of them take them home plugged into the device and even open the files there, even if it's not clear what it is. |
Neal Pollard, a researcher at the Cyber Statecraft Initiative program of Think Tank Atlantic Council, said that "The cyberwar is actually happening not as expected."
In the article with such a title on the Politico website on August 6, Pollard said that the United States would not be subject to a "online Pearl Harbor" caused by terrorists or hostile nations like the former. US defense chief Leon Panetta predicted 2012.
Pollard said that no cyberwar took place but that the attacker aimed at the national electricity network or sabotaged key works such as factories and airports … In contrast, cyber attacks were is aimed at other purposes such as "political influence or even threats".
To demonstrate, Pollard led a scandal leaked by WikiLeaks emails at the US Democratic Party National Convention in July, the 2014 attack on Sony Pictures Entertainment, and how terrorist organizations used social networks to publishes beheaded videos.
The expert explained that email leaks were thought to be caused by Russia to influence the US election, the Sony case being North Korea's response to The Interview , and terrorist organizations using the home network. weak to recruit members, propagate and spread fear. "Countries will still leverage cyberspace for intelligence operations to pursue such strategic results, but never a public military campaign," he concluded.
Meanwhile, according to The Economist , a valuable resource on virtual space that bad guys always aim at is trust. Hackers may not need to compromise the banking system to steal money, but just break the trust between banks and customers, intervene and destroy the database, is enough to break the financial market. . "When customers no longer believe in banks, they will withdraw money and run," wrote The Economist . All these consequences are as terrible as the scenario of cyberbullying war in the film
New security challenges
The finale of the hacked machines is also at the Black Hat USA 2016 conference that ended after six days of taking place in Las Vegas. At the same time, the DEF CON hacker conference series also opened in this city. Both of these annual security and cyber security events introduce new trends and attack technologies that, if abused by the bad guys, will cause a lot of information security disasters.
At Black Hat USA, ZeroFox Company introduced SNAP_R, a chatbot (software that communicates with humans) is said to be a "new weapon" of phishing circles (trick victims into clicking on links containing malicious code to steal information) aimed at victims on Twitter. SNAP_R broods all the victims share on Twitter to learn their habits and behavior.
This information makes chatbot easy to win the victim's trust, causing them to click on the dirty link (usually in the form of bit.ly) and "stick". ZeroFox affirms successful cheat rate up to 60%.
According to information at DEF CON, cyber criminals have changed their strategy to install ransomware and see victims as "ATMs", can only release money and do nothing else. . At DEF CON, a introduced ransomware can infiltrate automatic thermostats at smart apartments. "Imagine you hurry home to escape the 38-degree heat outside, and then the thermostat again forces you to pay $ 100, otherwise it will keep the room temperature at 37oC" – McAfee, for example, to describe the scary of this malware.