Skip to main content
banner image
venafi logo

So You Think You Can Hack An Air Force Satellite? Get in Line [Encryption Digest 12]

So You Think You Can Hack An Air Force Satellite? Get in Line [Encryption Digest 12]

picture of a thin man with his arms crossed in front of a pair of muscular arms drawn on a chalkboard
September 19, 2019 | Katrina Dobieski


Fool me once, shame on you. Fool me twice – and I’ll take this satellite to Defcon. How the government is not taking any chances with encryption--especially after the recent leakage of the 2010 Russian breach, and would-be secure FBI communications falling victim to decryption. Not wanting to come up against crypto-shortage, Mastercard is emptying their wallet to bet on girls in STEM programs, and how bad actors leverage your hard-earned reputation and provide a “responsible” sell on the Dark Web, as we pick apart the headlines in this week’s Encryption Digest.

 

 

Russian Diplomats Involved in “Brazen” FBI Decryption Ring


It seems like every day we hear an opinion about Russian involvement in the intimacies of American politics—voting, social media and relationships with elected officials. This latest news break just adds to the tensions.
 

The Russian diplomats ousted by the Obama Administration in 2016 may have been guilty of more than meddling in the 2016 election—recent reports reveal involvement in a nation-wide hacking circle, targeting US intelligence agents.
 

Government officials reported a marked increase in the Russians’ ability to “decrypt certain types of secure communications,” using the breached technology to track federal surveillance teams. The collateral exposure may have also included cracked computers not connected to the internet. All this with equipment that a former CIA official declared “a bit antiquated.”
 

As a result, the locations of FBI team members were compromised, as may have been the actual communications themselves. This hampered US efforts at a time when US-Moscow tensions were on the rise and put blind spots in homeland Russian surveillance.
 

“We were neither organized nor resourced to deal with counterintelligence in networks, technical networks, electronic networks” claims Joel Brenner, former head of U.S. counterintelligence and strategy from 2006 to 2009.
 

"We were neither organized nor resourced to deal with counterintelligence"

The sentiment was shared by Mike Rogers, who chaired the House Permanent Select Committee on Intelligence from 2011 to 2015. “Counterintelligence was always looked at as the crazy uncle at the party. I wanted to raise it up and give it a robust importance.”
 

As the US has come to acknowledge foreign powers as a formidable technical threat, encryption, cybersecurity and machine identity management move to become our most resourced tools in a cyberwar that is fought on all grounds.
 

How the government is protecting private data. Read more.
 

Related Posts:


 

Mastercard Says: Not Enough Women in Cyber


Women in tech and cryptology related fields are outnumbered five to one. While some stigmas remain and allegations of harassment still surface, Mastercard is playing an assertive role in making the  cybersecurity industry available to everyone.
 

In 2025, women are projected to make up 75% of the consumer market. “How can we possibly create products that are good for consumers if we don’t have representation of that gender in the decision-making and engineering processes?” queries Dana Lorberg, Executive Vice President of Operations and Technology at Mastercard.
 

Women are projected to make up 75% of the consumer market

To that end, their brainchild initiative Girls4Tech has reached nearly a half million girls in 26 different countries over five years. By 2025, they hope to have influenced one million.
 

What does a Girls4Tech outreach look like? STEM (science, technology, engineering and math) based classes are offered with a Mastercard touch – special focus in fraud detection, data analysis and encryption.
 

It seems to be taking effect as one middle schooler from New Jersey discovered a knack for sifting through large swaths of data, and another’s Girls4Tech journey lead her to computer classes and an Ivy League. It’s a start.
 

Will Mastercard's efforts be enough to balance the STEM workforce by 2025? Probably not. But one million more women in crypto will be one million more than we have now.
 

How well do you know your machine identity landscape? Forrester surveys execs.
 

Related Posts:


 

So You Think You Can Hack an Air Force Satellite? Get in line.
 


We associate the military with “top secret”. Only those with upper-echelon clearance can do this, or see that, or go there. So why is the Air Force allowing its multi-multimillion dollar satellite to be hacked in the middle of Vegas next year?
 

Because if Defcon doesn’t do it, someone else will.
 

Will Roper, assistant secretary of the Air Force for acquisition, technology, and logistics, explains the rules of the game: a camera on a live orbiting satellite will be open to harassment as teams of pre-selected hackers try to turn it towards the moon. They are to “take over the satellite by any means they find” according to Roper.
 

Friendly hacking of an F-15 “could have shut it down"

A notoriously hush-key agency, the Air Force is tiptoeing out of its black box to subject its private coding to public scrutiny. And not a moment too late—the Hack the Air Force initiative uncovered an eyewatering 120 flaws last December and this year’s friendly hacking of an F-15 “could have shut it down.”
 

They are now relying on the private sector to unleash its baddest—before the bad guys do.
 

A lot of the less mission-critical components come from smaller companies that don’t have the resources of a Northrop Grumman to put towards cybersecurity—an issue, Roper says, when facing a “peer competitor” like China. “There’s no reason not to do it other than the historical fear that we have [of] letting people external to the Air Force in.”
 

So what are your chances of hacking an Air Force issued satellite?
 

“We are still carrying cybersecurity procedures from the 1990s,” Roper drops.
 

How is the army protecting new encrypted tech in soldiers’ uniforms? And other stories.
 

Related Posts:

 


Software Execs are “Perfect Victim” for Code Signing Sting
 


You’ve got a real career if you’re a great actor. It all depends on your big break, and for these fraudsters, it just might have come.
 

Software companies are the “perfect victim” for these online impresarios, who study public records of company execs and then fake their identities to CAs in order to purchase legitimate code signing certificates. They go so far as to re-route company emails and set up fake domains. 
 

Once in hand, the digital certificates are sold on the dark web. Their current buyers? Malware-spreading sites that are just looking for a little legitimacy.
 

“Certificates are valuable resources to threat actors, as their mere presence can reduce the chance of early malware detection,” explains Tomislav Pericin, chief architect and co-founder of ReversingLabs, the firm that discovered the operation. “This is particularly true for financially motivated actors.”
 

"Certificates reduce the chance of detection for bad actors"

The threat actors in question make sure to do their due diligence before the re-sell. Putting the certificates through a public antivirus scanning service, they assure their nefarious clientele that the poached cert will boast a ‘clean bill of health’.
 

Is nothing sacred? With code signing certificates created to protect code, what will be created to protect code signing? Often those who are the best at managing their machine identities are the ones who are threatening ours.
 

If cancerous malware sites know enough to sign their code, do you?
 

Related Posts:


 

Video: “What Would You Do?”
Eddie Glenn, Venafi code signing expert, asks us “If tomorrow a third party comes to you and says ‘We found malware on the internet and its signed with a legitimate code signing certificate from your company’ - what would you do to start tracking that down?”

 

 

 

 

Like this blog? We think you will love this.
microsoft-office-macro-ban-backtrack
Featured Blog

Microsoft Backs Off Internet Office Macro Ban [Update]

Microsoft disabled macro years ago by default

Read More
Subscribe to our Weekly Blog Updates!

Join thousands of other security professionals

Get top blogs delivered to your inbox every week

See Popular Tags

You might also like

TLS Machine Identity Management for Dummies
eBook

TLS Machine Identity Management for Dummies

Certificate-Related Outages Continue to Plague Organizations
White Paper

CIO Study: Certificate-Related Outages Continue to Plague Organizations

About the author

Katrina Dobieski
Katrina Dobieski

Katrina writes for Venafi's blog and helps optimize Venafi's online presence to advance awareness of Machine Identity Protection.

Read Posts by Author
get-started-overlay close-overlay cross icon
get-started-overlay close-overlay cross icon
Venafi Risk assessment Form Image

Sign up for Venafi Cloud


Venafi Cloud manages and protects certificates



* Please fill in this field Please enter valid email address
* Please fill in this field Password must be
At least 8 characters long
At least one digit
At last one lowercase letter
At least one uppercase letter
At least one special character
(@%+^!#$?:,(){}[]~`-_)
* Please fill in this field
* Please fill in this field
* Please fill in this field
*

End User License Agreement needs to be viewed and accepted



Already have an account? Login Here

×
get-started-overlay close-overlay cross icon

How can we help you?

Thank you!

Venafi will reach out to you within 24 hours. If you need an immediate answer please use our chat to get a live person.

In the meantime, please explore more of our solutions

Explore Solutions

learn more

Email Us a Question

learn more

Chat With Us

learn more