This week the cyber news goes explosive—literally, as in missiles from the Hermit State exploding, but not as intended. Also, the explosive debate over a gaming console and secret tools of the NSA exploding on the hacking scene.
Take a moment to sip your coffee and chill, because it’s a fiery week for this cyber week in review.
North Korean Explosion
Who wants to be in the room when a dictator gets angry? Stalin notoriously died when his nearby guards were afraid to even help him. Had he lived, they very well might have been the ones to meet an untimely demise.
While no one outside of the Dark Nation can say for sure, chances are Kim Jong Un was none too pleased when recent missile tests fizzled and failed.
The internet was instantly ablaze with rumors, stemming from a BBC interview with former British foreign secretary Malcom Riftkind. “It could have failed because the system is not competent enough to make it work,” he said, “But there is a very strong belief that the US—through cyber methods—has been successful on several occasions in interrupting these sorts of tests and making them fail.”
While Riftkind and others have also stated that other North Korean missile launches have been more successful, the appeal of the hacking story, as well as the seed of doubt, have been planted in public consciousness.
Really, in the art of foreign espionage, a kernel of doubt probably suffices. Once you cause an enemy to doubt himself and suspect interference, you likely cause plenty of internal disruption.
The Heat on Nintendo Switch
Another hot topic in hacker news: the bug bounty over at Nintendo on the Switch console. Most tech companies and even the US government have started offering big cash payouts (bug bounties) to hackers who find flaws in coding. The bigger the bug, the bigger the reward. But such sleuthing is like contract employment for tech—contractors you don’t have to pay unless they succeed! It’s a genuine win-win for software developers and freelance hackers both.
In the case of the Switch, Nintendo is offering up to $20,000.
So what’s the catch?
In the case of the Switch, the bugs themselves may be more valuable to gaming-types than that 20 Gs. Value such as:
- Piracy—the movies, music, and gaming industries battle piracy constantly.
- Home-brew—gamers of a certain type like to develop their own games and run them on systems, and the possibility of using the Switch in that way has tremendous appeal.
- Flexibility—Switch can be played as a handheld device or connected to a docking station, making home-brew apps even more appealing.
- Direct Sales—should a hacker crack the Switch, selling the exploit to users could translate to greater income than that 20k figure.
Of course, should cracks be found and patched, it may still be possible to reverse-engineer those patches to intentionally create exploitable flaws. That data could still be sold.
No matter how you slice it: the Switch has got a game for hackers. Despite the bug bounty announcement, no known exploits or payouts have happened to date.
Explosive New Tools Against Microsoft
While perhaps not as dark as the Hermit State, the National Security Agency (NSA) likes to maintain its own shroud of secrecy. Their in-house cyber team has been charged with cyber security and investigations for the US government. So it’s pretty safe to speculate that they wouldn’t be too thrilled about some powerful hacking tools getting released on the dark web.
When these things happen, the black and white of hacking can be a little difficult to distinguish.
White hat hacking means hacking for good. On at least a patriotic level, Americans might want for their own government to be engaged in this sort of hacking. So why, then, would the NSA have tools that allow external actors to exploit a variety of weaknesses in Windows servers and Windows operating systems, including Windows 7 and Windows 8?
If such exploits allow federal agencies to catch “bad guys” like child pornographers or the mafia or something, that’s okay, right?
That’s where black and white definitions can get a little murky: many hackers feel that releasing data just allows equal opportunity usage. If the NSA can “spy on people” with these tools, why can’t others?
The exploits were released by a hacking group (or individual, these things are difficult to pin down) going by the name of The Shadow Brokers.
Fortunately for Windows 7 and Windows 8 users, the exploits released have already been patched. Of course, Zero Day exploits such as these might be valid on a server or Windows system for many years after a patch has been issued, depending entirely on whether or not the end user has kept up-to-date with those software updates.
Each week we learn so many lessons from the cyber news. This week, we learned to always, always update software regularly. We learned why gamers love to hack the game. We also learned…not to upset a dictator?
Whatever the lessons gained, security breaches at any level, of any size, provide valuable insight for those hoping to enjoy the headlines but stay out of them.