December 2013 – CYBER ARMS – Computer Security

Help Improve Security by Playing Video Games made by DARPA

The Defense Advanced Research Projects Agency (DARPA) recently announced a new project to use video games to help test computer software for security vulnerabilities.

The military and government use a lot of Commercial Off-the-Shelf (COTS) applications, and they need to go through a formal verification process to make sure they are free of security issues.

DARPA’s Crowd Sourced Formal Verification (CSFV) has created several games to try to make the process fast, easy and fun:

“We’re seeing if we can take really hard math problems and map them onto interesting, attractive puzzle games that online players will solve for fun,” said Drew Dean, DARPA program manager. “By leveraging players’ intelligence and ingenuity on a broad scale, we hope to reduce security analysts’ workloads and fundamentally improve the availability of formal verification.”

The five games: CircuitBot, Flow Jam, Ghost Map, StormBound, Xylem are available on Verigames.com.

I took CircuitBot for a spin and found it mildly entertaining. The game walks you through a how-to-play tutorial to get you up to speed. The tasks seem pretty scripted, but the graphics were pretty good and it did feel like you were playing a turned based builder game.

I think it is a great idea to turn mundane complicated tasks into a crowd sourced game.

Honestly my only concern about the project is how willing citizens will be to installing government code on their systems, especially with all the NSA spying that has been revealed.

Drone Autohacks other Drones, and you can Build one Too!

With Amazon making headline news about their automatic drone deliveries, a security consultant has released his plans for making a predatory type drone that takes over other drones.

Skyjack “Zombie Drone” software created by Samy Kamkar turns a Parrot AR Quadcopter drone into a flying hacking station that uses a Raspberry Pi and the Aircrack NG tools to find and take over other Parrot drones.

Non-Parrot drones should be safe from his design though, as it searches out for the Parrot’s particular MAC address, and only attacks Wi-Fi signals.

Let’s hope no one puts something like a WaveBubble on one of these Zombie Drone Attackers:

A WaveBubble, though highly illegal to actually build, finds and jams all RF signals in its proximity. This includes GPS, Wi-Fi, Cell Phones, BlueTooth, etc…)

A drone equipped with both technologies (which we don’t support or recommend) could, in effect, try to hack a Wi-Fi based drone and take it over, and if that didn’t work, could possible jam the drones signals and cause it to crash.

Oh the joys of technology…

Sammy has released the plans for his project, see the above YouTube page for links.

Compromised Google, Facebook, Twitter Password is the Least of your Problems

American news media and blog sites have been flooded with warnings from cyber do-gooders for everyone to change their Google, Facebook, Yahoo and Twitter passwords after more than 2 million accounts have been compromised.

But if your system was one that was compromised, changing your password is the least of your worries.

Trustwave Spiderlabs announced on Tuesday that a Russian Pony Botnet server has been identified that had stolen credentials for about 2 million accounts. But this isn’t that big of a deal to Americans as of these, the mass majority were from systems in the Netherlands: