Ethical Hacker Site Has Been Caught Spreading Ransomware

Security isn’t as black and white as people think, sometimes people do the bad things for the right reasons. This is the area that ethical hackers deal with, testing websites by employing the same techniques that those who want to cause harm or profit from your information illegally. Imagine the surprise then when a site used to support these ethical hackers was caught spreading ransomware this week.

Ransomware is a particularly nasty version of malware (malicious software) that works by encrypting your data, meaning you either pay the fee they want or potentially lose access to your data forever. Recently it’s affected several hospitals and even the FBI say you should just pay.

EC-Council is responsible for administrating the ethical hacker program, a system by which people can become trained and certified that their hacks are for legitimate and protective reasons, rather than malicious and illegal.

The site started spreading TeslaCrypt on Monday and seems to be targeting specific people. Those who visit the site using Internet explorer and only when they are redirected from a search engine are affected. If this didn’t cause enough trouble the hack seems to also use people’s IP addresses to determine their geographic location, meaning it targets a narrow group of people and makes its behavior seem more erratic, and thus harder to track and fix.

Requesting 1.5 bitcoins (around £442), the redirect exploit that allowed the ransomware to be installed was published by FOX News on Thursday after attempts to alert them privately yielded no responses.

Ethical hacking is a difficult business, with some companies considering you more foe than friend, but the help they provide stops issues like this (ironically) from happening.

GCHQ Releases Christmas Card Brainteaser

GCHQ is the UK’s intelligence monitoring agency which collects data in the interests of national security. In recent times, the organization has come under a great deal of scrutiny for abusing their powers via the Tempora computer system. This system was used to buffer internet communication extracted for fibre-optic cables. As as result, the system can access individual’s data without any trace being left or making service providers suspicious. The UK’s obsession with surveillance is a worrying trend and some critics argue GCHQ isn’t acting in a democratic manner.

In the run up to festive season, GCHQ has decided to release a Christmas card designed to test people’s cryptography skills:

From the offset, you can see how baffling this brainteaser is and GCHQ has set a very difficult challenge. For those of you struggling, (most of us), here’s some advice from the organization:

“In this type of grid-shading puzzle, each square is either black or white. Some of the black squares have already been filled in for you.”

“Each row or column is labelled with a string of numbers. The numbers indicate the length of all consecutive runs of black squares, and are displayed in the order that the runs appear in that line. For example, a label “2 1 6” indicates sets of two, one and six black squares, each of which will have at least one white square separating them.”

This is certainly an interesting way to gauge the reasoning skills of the general population and I wouldn’t be surprised if a member of the public managed to solve the entirety of GCHQ’s challenges. Perhaps, this is seen as a recruitment drive, and successful entries could be offered a role at the organization.

Have you managed to work out the first puzzle yet?