Happy Halloween! Do you know what’s scarier than ghosts or goblins? Hackers and malware, that’s what. Halloween, it just so happens, is also the last day of Cybersecurity Awareness Month. (Do your part. #BeCyberSmart)
So here’s a Halloween treat from all of us at Certification Magazine: A spooky cybersecurity quiz about famous hacks and other digitally destructive distractions. Be safe knocking on doors to get candy this weekend, and be safe online! Don’t fall for someone else’s Halloween trick!
1) What do Barack Obama, Kanye West, Elon Musk, Bill Gates, and Kim Kardashian have in common?
2) Which powerful U.S. lobbying group, based in Virginia was targeted by Russian hackers, who took aim and fired just before Halloween in 2021?
3) Which Microsoft Windows exploit was featured in a second-season episode of Mr. Robot?
4) Which U.S. government agency inadvertently sent out thousands of spam e-mails in 2021 warning of a pending cyberattack by an "extortion gang" linked to a prominent security researcher?
5) What ransomware announces itself with an ASCII art image of characters from Star Trek?
6) What 2019 hacking incident is believed to have involved two of the richest individuals in the world?
7) What do actor Hugh Jackman, Wisconsin lawman Sheriff David Clarke, presidential son-in-law Jared Kushner, and disgraced movie producer Harvey Weinstein have common?
8) What plush toy brought about the downfall of its manufacturer through weak passwords and insecure databases?
9) How long would it take a computer to crack the password "MyPasswordIsPassword"?
10) What early 1990s film production was nearly shut down by U.S. government officials because of its depiction of hacking technology?
1) They all have tens of millions of Twitter followers — which is part of the reason each was targeted by hackers who briefly seized control of their individual Twitter accounts on July 15, 2020, as part of scheme to bilk bitcoins. An estimated 130 accounts of high-profile individuals and organizations were compromised in the attack.
2) The National Rifle Association. Thirteen internal NRA documents were posted online by the Russian hacking group Grief on Oct. 27, 2021, as part of ransomware attack. NRA officials did not disclose the extent of the attack or its ultimate resolution.
3) Mimikatz. On the show, Angela Moss (played by actress Portia Doubleday), uses mimikatz to steal her manager's password. The mimikatz exploit was developed by French programmer Benjamin Delpy, who shared it on GitHub in 2012.
4) The Federal Bureau of Investigation. The e-mails, signed by the Department of Homeland Security, were sent out from the FBI's external e-mail system on Nov. 13, 2021. The text of the fake e-mails alleged that security researcher and ethical hacker Vinny Troia, founder of Night Lion Security, had prepared a "sophisticated chain attack" in concert with hacker group The Dark Overlord.
5) Kirk. Victims are greeted by an image of Captain James T. Kirk and Lieutenant Commander Spock. Kirk, also known as Kirk Ransomware, is a Trojan horse program disguised as an open-source network stress testing tool known as Low Orbit Ion Cannon (LOIC). Affected files are renamed with the extension "kirked" and the program demands payment in cryptocurrency Monero.
6) The purported (but not entirely proven) hack of Jeff Bezos' Apple iPhone. It's widely believed that Amazon founder Bezos' phone was hacked at some point in 2018 using an encrypted video file that was delivered via Bezos' friendly exchanges with Mohammed bin Salman, crown prince of Saudi Arabia, on WhatsApp. The alleged phone hack is believed to have contributed to the distribution of private phone messages that revealed Bezos' affair with TV news anchor Lauren Sánchez.
7) All four are among the many individuals successfully impersonated by spoof e-mailer James Linton over a five-month period in 2016 and 2017. Linton, a web developer, shared some of his pranks on Twitter using the handle Sinon_Reborn (a reference to the mythological Greek soldier who got a certain wooden horse inside the walls of Troy). Linton's method was to create plausible-sounding e-mail addresses and use them to contact celebrities and other high-profile individuals.
8) CloudPets. Toy company Spiral Toys went out of business after a wave of data breaches connected to its briefly popular line of stuffed animal toys that used Bluetooth technology to let parents and children send each other audio messages.
9) According to the password strength tool at Security.org, 16 quadrillion years. It would only take 15 billion years if there were no capital letters.
10) Sneakers. The 1992 film about a team of penetration testers was ordered to halt production by representatives of the Office of Naval Intelligence (ONI) for depicting a handheld codebreaking device. Writer-director Phil Alden Robinson consulted with lawyers for Universal Pictures before realizing that the visit had been a prank.