Jump to content

Cris Thomas

From Wikipedia, the free encyclopedia

This is an old revision of this page, as edited by Eatoz (talk | contribs) at 17:43, 24 May 2018 (Career: Added section on the Whacked Mac Archives). The present address (URL) is a permanent link to this revision, which may differ significantly from the current revision.

Cris Thomas
NationalityAmerican
Other namesSpace Rogue
Alma materUniversity of Massachusetts Lowell, Boston University
Occupation(s)Cyber Security Researcher, White hat hacker
Years active20
Known forHacker News Network (HNN), CyberSquirrel1 (CS1), Cyber Security

Cris Thomas (also known as Space Rogue ) is an American Cyber Security Researcher and White Hat hacker. A founding member and researcher at the high-profile hacker security think tank L0pht Heavy Industries, Thomas was one of seven L0pht members who testified before the U.S. Senate Committee on Governmental Affairs (1999) on the topic of government and homeland computer security, specifically warning of internet vulnerabilities and claiming that the group could "take down the internet within 30 minutes".[1]

Subsequently, Thomas pursued a career in Cyber Security Research while also embracing a public advocacy role as a cyber security subject-matter expert (SME) and pundit. Granting interviews and contributing articles,[2] Space Rogue's advocacy has served to educate and advise corporations, government, and the Public about security concerns and relative risk in the areas of election integrity, cyber terrorism, technology,[3] the anticipation of new risks associated with society's adoption of the Internet of things,[4] and balancing perspective (risk vs. hype).[5]

Personal life

Career

Cyber Security

A founding member of the hacker think tank L0pht Heavy Industries, Thomas was the first of L0pht's members to leave following the merger of L0pht with @Stake in 2000, and the last to reveal his true name.[6][7] Thomas was one of seven L0pht members who testified before the U.S. Senate Committee on Governmental Affairs (1999). Testifying under his internet handle, Space Rogue, the testimony of Thomas and other L0pht members served to inform the government of current and future internet vulnerabilities to which federal and public channels were susceptible. The testimony marked the first time that persons not under federal witness protection were permitted to testify under assumed names.[1]

Thomas continued a career in Cyber Security Research at Guardent, Trustwave (Spiderlabs),[8] Tenable,[9] and IBM (X-Force Red).[10] Selected to serve as a panelist during a 2016 Atlantic Council cyber risk discussion series,[3] and a webinar speaker for the National Science Foundation's WATCH series,[11][12] Thomas has embraced a public advocacy role as a cyber security subject-matter expert (SME) and pundit, granting interviews and contributing articles[2] to educate the public about security concerns and relative risk. Topics include election integrity, cyber terrorism, technology,[4], password security,[13] the anticipation of new risks associated with society's adoption of the Internet of things,[5] and balancing perspective (risk vs. hype).[14]

In response to a 2016 United States Government Accountability Office report[15] revealing the nation's nuclear weapons were under the control of computers that relied on outdated 8" floppy disks,[16] Thomas argued that the older computers, data storage systems, programming languages, and lack of internet connectivity would make it more difficult for hackers to access the systems, effectively reducing the vulnerability of the weapon control systems to hacking.[17]

Following cyber security mega-breaches at Target,[18] Home Depot,[19] and the U.S. Office of Personnel Management,[20] Thomas advocated for proactive implementation of basic security measures as the most effective means to thwart similar mega-threats.[21] Bluntly stating that the gap between knowledge and implementation leaves companies and individuals at unnecessary risk, Thomas’ recommendation focused on simple measures that have been known for one to two decades, but which organizations have not implemented universally.[21] Thomas had identified retail cyber security breaches, including that at FAO Schwarz, as early as 1999.[22][23]

The Whacked Mac Archives

The Whacked Mac Archives was an FTP download site managed by Thomas with the worlds largest collection of Apple Macintosh hacking tools. [24] The total size of all the tools on the site was 20MB.[25] A CD copy of the contents of the FTP site was advertised for sale in 2600: The Hacker Quarterly.[26]


Hacker News Network

Serving as Editor-in-Chief,[27] Thomas founded and managed L0pht's online newsletter and website, known as the Hacker News Network (or simply Hacker News or HNN).[7] Originally created to rapidly share discoveries about computer security, Hacker News also became a forum for users to post security alerts as vulnerabilities were identified.[28] The publication grew, eventually supporting paid advertising and an audience that included technology journalists and companies with an interest in cybersecurity.[1] After L0pht's merger with @Stake in 2000, the Responsible disclosure-focused Hacker News Network was replaced with Security News Network.[1]

CyberSquirrel1 (CS1)

File:Cyber Squirrel 1.png

In 2013, Thomas created the project CyberSquirrel1 as a satirical demonstration of the relative risk of Cyberwarfare attacks on critical infrastructure elements such as the North American electrical grid.[29] Started as a Twitter feed, the CyberSquirrel1 project expanded to include a full website and CyberSquirrel Tracking Map;[30] as the dataset grew, Attrition.org's Jared E. Richo (alias Jericho) joined the project in 2014.[14] CyberSquirrel1's results disrupted public perception regarding the prevalence of nation-based hacking cyberwarfare attacks, concluding that damage due to cyberwarfare (for example, Stuxnet) was "tiny compared to the cyber-threat caused by animals".[29][31]

Election Security

As the 2015-2016 alleged Russian interference in the 2016 United States elections unfolded, public and media interest in hacking and hackers increased.[32] Leading up to the 2016 election, Thomas was interviewed for mainstream media productions, including CNBC's On the Money.[33][34] After the release of the Joint Analysis Report, Thomas called for expanded detail on Indicators of Compromise in Federal Joint Analysis Reports, indicating that increased transparency and IP address reporting were instrumental for enhancing security.[35]

References

  1. ^ a b c d Timberg, Craig (22 Jun 2015). "A disaster foretold — and ignored. LOpht's warnings about the Internet drew notice but little action". The Washington Post. USA. Retrieved 8 Dec 2017.
  2. ^ a b Article examples
    *Rogue, Space (1 Jul 2015). "Opinion: An Underwriters Laboratories for cybersecurity is long overdue". csmonitor.com. The Christian Science Monitor. Retrieved 18 Dec 2017.
    *Thomas, Cris (1 Sep 2015). "Understanding malware". Network Computing. Network Computing. Retrieved 18 Dec 2017.
    *Thomas, Cris (19 Sep 2016). "Zero trust policy the answer to fed cybersecurity challenges". The Hill (newspaper). Capitol Hill Publishing Corp. Retrieved 18 Dec 2017.
  3. ^ a b Sweeney, Terry (10 Aug 2016). "Government, Hackers Learn To Make Nice". Dark Reading. Washington, D.C., USA. Retrieved 10 Dec 2017.
  4. ^ a b Naraine, Ryan (26 June 2007). "The iPhone security non-story". ZDNet. Retrieved 18 Dec 2017.
  5. ^ a b Raywood, Dan (10 Apr 2014). "Inadequate 'Internet of Things' Security Puts Our Lives at Risk". ibtimes.co.uk. International Business Times. Retrieved 16 Dec 2017.
  6. ^ McMillan, Robert (23 Jul 2009). "Hacker Group L0pht Makes a Comeback, of Sorts". PC World. USA. Retrieved 7 Dec 2017.
  7. ^ a b "Space Rogue". Forbes. USA. 7 Feb 2000. Retrieved 18 Dec 2017.
  8. ^ "A cyber terrorist ate my hamster". infosecurity-magazine.com. Reed Exhibitions, Ltd. 20 Jul 2012. Retrieved 16 Dec 2017.
  9. ^ "Space Rogue from L0pht and Hacker News Network Joins Tenable Network Security". tenable.com. Tenable, Inc. 7 Jan 2014. Retrieved 10 Dec 2017.
  10. ^ Thomas, Cris (27 Jul 2017). "Hello, My Name Is Space Rogue". securityintelligence.com. IBM. Retrieved 10 Dec 2017.
  11. ^ "The Washington Area Trustworthy Computing Hour (WATCH) seminar series". nsf.gov. National Science Foundation. 2017. Retrieved 16 Dec 2017.
  12. ^ "WATCH - 35 Years of Cyberwar: The Squirrels are Winning". nsf.gov. National Science Foundation. 20 July 2017. Retrieved 16 Dec 2017.
  13. ^ Brown, Leah (28 Nov 2017). "IBM's Space Rogue explains how hackers easily crack your password". TechRepublic. Retrieved 3 Apr 2018.
  14. ^ a b Gallagher, Sean (16 Jan 2017). "Who's winning the cyber war? The squirrels, of course. CyberSquirrel1 project shows fuzzy-tailed intruders cause more damage than "cyber" does". Ars Technica. USA. Retrieved 28 Nov 2017.
  15. ^ Powner, David. "INFORMATION TECHNOLOGY: Federal Agencies Need to Address Aging Legacy Systems". U.S. Government Accountability Office Report. Retrieved 30 Nov 2017.
  16. ^ Szoldra, Paul (25 May 2016). "America's nukes are still controlled by 8-inch floppy disks". Business Insider. Retrieved 30 Nov 2016.
  17. ^ Szoldra, Paul (16 May 2016). "A hacker explains why US nukes controlled by ancient computers is actually a good thing". VentureBeat. Retrieved 30 Nov 2017.
  18. ^ Roman, Jeffrey (26 Mar 2014). "Senate Report Analyzes Target Breach - Pinpoints Apparent Missed Opportunities to Prevent Incident". databreachtoday.com. Retrieved 24 Nov 2017.
  19. ^ Kitten, Tracy (1 Jun 2016). "Court Clears Way for Banks' Home Depot Suit to Proceed - Judge Rejects Dismissal, Citing Security Negligence Allegations". databreachtoday.com. Retrieved 24 Nov 2017.
  20. ^ Chabrow, Eric (2 Dec 2015). "China: Chinese Criminals Hacked OPM - American Experts Skeptical About Chinese Claim of No Government Involvement". databreachtoday.com. Retrieved 24 Nov 2017.
  21. ^ a b Schwartz, Mathew (15 Jun 2016). "'Space Rogue' on Déjà Vu Security Failures Old Security Mistakes Keep Getting Repeated, Says Tenable's Cris Thomas". Bank Info Security. USA. Retrieved 24 Nov 2017.
  22. ^ Glave, James (3 Feb 1999). "FAO SCHWARZ SPRINGS A LEAK". Wired.com. Wired (magazine). Retrieved 16 Dec 2017.
  23. ^ Beckett, Jamie (5 Feb 1999). "FAO Schwarz Patches Hole In Web Site". sfgate.com. San Francisco Chronicle. Retrieved 16 Dec 2017.
  24. ^ This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight to Empower Whistleblowers, p. 199, at Google Books
  25. ^ Rogue, Space (2012-06-11). "The Return of Zuc.A and Ancient OSX Viruses?". SpiderLabs Blog. Trustwave. Retrieved 2018-05-24.
  26. ^ 2600 Magazine Vol 13, p. 49, at Google Books
  27. ^ Glave, James (12 Jan 1999). "CONFUSION OVER 'CYBERWAR'". Wired. USA. Retrieved 8 Dec 2017.
  28. ^ Timberg, Craig (27 Jun 2015). "In 1998, these hackers said the Internet would become a security disaster. Nobody listened". The Daily Herald. USA. Retrieved 7 Dec 2017.
  29. ^ a b "Squirrel 'threat' to critical infrastructure". BBC. 17 Jan 2017. Retrieved 28 Nov 2017.
  30. ^ Hern, Alex (14 Jan 2016). "The power grid's greatest enemy has four legs and a bushy tail". The Guardian. Retrieved 28 Nov 2017.
  31. ^ Wagenseil, Paul (14 Jan 2017). "Worried About Cyberwar? Worry About Squirrels Instead". Tom's Guide. USA. Retrieved 28 Nov 2017.
  32. ^ "2016 Presidential Campaign Hacking Fast Facts". CNN. 31 Oct 2017. Retrieved 24 Nov 2017.
  33. ^ CNBC On the Money: Hacking the Vote (Television production). CNBC. 5 Nov 2015. Retrieved 10 Dec 2017.
  34. ^ Grubbs, Alex (15 Aug 2016). "Experts Fear Possible Voting Machine Tampering in November". CNSNews.com. USA. Retrieved 30 Nov 2017.
  35. ^ Lamb, Eleanor (19 Jan 2017). "Tenable Expert Urges Stronger Language for 'Grizzly Steppe' Report". Meritalk: Improving the outcomes of government IT. Retrieved 24 Nov 2017.