Introduction
For Week 7 there has been interesting news articles. Of course there is another data breach, but this one happened outside of the United States. The Unites States Air Force has been following the other branches of the military and will start their own bug bounty program.
Bug Bounty
The United States Air Force has started a bug bounty program. The bug bounty program is designed to pay hackers or security researchers to find vulnerabilities on their systems. The pay is based on the vulnerabilities found and how critical they are. Hackers and security researchers are invited from the United States and five other countries. The countries are the United Kingdom, Canada, Australia, and New Zealand (Kumar, 2017). For the “Hack the Air Force” program people must go through a background check and not have a criminal record. The reason for the background check and no criminal record is because people could access top secret materials and exfiltrate data. This will be one of the largest bug bounty programs put on by the United States military.
Allowing hackers inside the military network is a great idea! The best part is that if the hackers don’t find anything the military doesn’t need to pay them. The last event per the article had over 14,000 hackers and they found 138 vulnerabilities, plus 75,000 dollars was paid out in reward money (Kumar, 2017). Giving hackers a chance to use their skills to get paid is awesome! Hackers usually break into systems or steal information because they are bored or they want to make more money. Problems with this are vulnerabilities can be leaked out or information taken if a person is not ethical. In the end, paying individuals instead of a company can result in more vulnerabilities being found depending on the skill of the person.
Payday Loan Breach
A payday loan provider called Wonga has had its customer’s data stolen. Around 245,000 Wonga customers in the United Kingdom and 25,000 Wonga customers in Poland have been affected by the breach (Lomas, 2017). There is no information about how Wonga was broken into, but there will be more information in the following weeks. Wonga’s site has information about the data breach located at https://www.wonga.com/help/incident-faq. The hackers may have gotten access to people’s names, email addresses, home addresses, phone numbers, the last four numbers of their credit / debit card and or bank account numbers, plus the sort codes (Lomas, 2017). Wonga believes that passwords weren’t taken during the incident, but as a safety precaution, they want everyone to change their passwords.
The data breach happened on April 7, 2017, but there has been no update as to how the hackers got in. They will not release the information because it could be damaging to the company. An educated guess would be Wonga left a security hole in an external facing site. United Kingdom businesses in 2018 are going to want to better protect their customer’s data because of an upcoming law. The new EU law will require companies notify the data protection authorities with 3 days or face a fine up to 10 million euros (Lomas, 2017). Some people have even said that the hackers won’t get much from the company’s customers because they don’t have much money. Without knowing how the breach occurred it is hard to say if the issue can be fixed.
Summary
If a company can’t hire their own internal security engineers, they need to pay companies to look at their security. The internet is not going away and with customers wanting more convenience, cyber security will only get more important. With the United Kingdom implementing new laws that companies must report data breaches is a new concept. The United States does not have laws like the United Kingdom, but they are coming. Soon there will be a branch of the FBI that will investigate data breaches and fines if people’s personal information is not kept “up to code”. The other problem is every company wants all types of information and most of it is not stored correctly. The way the information is stored in some industries is not regulated at the current moment in the United States.
References
Lomas, N. (2017, April 10). Payday loan firm Wonga suffers data breach affecting up to 270,000. Retrieved April 29, 2017, from https://techcrunch.com/2017/04/10/pay-day-loan-firm-wonga-suffers-data-breach-affecting-up-to-270000/
Kumar, M. (2017, April 27). Hack'em If You Can - U.S. Air Force launches Bug Bounty Program. Retrieved April 29, 2017, from http://thehackernews.com/2017/04/hack-the-air-force.html
No comments:
Post a Comment