Cris Thomas

Last updated

Cris Thomas
American hacker Space Rogue (Cris Thomas).jpg
NationalityAmerican
Other namesSpace Rogue
Alma mater University of Massachusetts Lowell, Boston University
Occupation(s) Cyber Security Researcher, White hat hacker, Author
Years active25
Known forWhacked Mac Archives, Hacker News Network (HNN), CyberSquirrel1 (CS1), Cyber Security

Cris Thomas (also known as Space Rogue) is an American cybersecurity researcher, white hat hacker, and award winning [1] [2] best selling [3] author. A founding member and researcher at the high-profile hacker security think tank L0pht Heavy Industries, Thomas was one of seven L0pht members who testified before the U.S. Senate Committee on Governmental Affairs (1998) on the topic of government and homeland computer security, specifically warning of internet vulnerabilities and claiming that the group could "take down the internet within 30 minutes". [4]

Contents

Subsequently, Thomas pursued a career in Cyber Security Research while also embracing a public advocacy role as a cyber security subject-matter expert (SME) and pundit. Granting interviews and contributing articles, [5] Space Rogue's advocacy has served to educate and advise corporations, government, and the Public about security concerns and relative risk in the areas of election integrity, cyber terrorism, technology, [6] the anticipation of new risks associated with society's adoption of the Internet of things, [7] and balancing perspective (risk vs. hype). [8]

Career

Cyber Security

A founding member of the hacker think tank L0pht Heavy Industries, Thomas was the first of L0pht's members to leave following the merger of L0pht with @Stake in 2000, and the last to reveal his true name. [9] [10] Thomas was one of seven L0pht members who testified before the U.S. Senate Committee on Governmental Affairs (1999). Testifying under his internet handle, Space Rogue, the testimony of Thomas and other L0pht members served to inform the government of current and future internet vulnerabilities to which federal and public channels were susceptible. The testimony marked the first time that persons not under federal witness protection were permitted to testify under assumed names. [4]

While at the L0pht Thomas created The Whacked Mac Archives and The Hacker News Network. In addition he released at least one security advisories detailing a flaw in FWB's Hard Disk Toolkit. [11] [12]

Thomas continued a career in Cyber Security Research at @Stake, [13] Guardent, Trustwave (Spiderlabs), [14] Tenable, [15] and IBM (X-Force Red). [16] Selected to serve as a panelist during a 2016 Atlantic Council cyber risk discussion series, [6] and a webinar speaker for the National Science Foundation's WATCH series, [17] [18] Thomas has embraced a public advocacy role as a cyber security subject-matter expert (SME) and pundit, granting interviews and contributing articles [5] to educate the public about security concerns and relative risk. Topics include election integrity, cyber terrorism, technology, [7] password security, [19] the anticipation of new risks associated with society's adoption of the Internet of things, [8] and balancing perspective (risk vs. hype). [20]

In response to a 2016 United States Government Accountability Office report [21] revealing the nation's nuclear weapons were under the control of computers that relied on outdated 8" floppy disks, [22] Thomas argued that the older computers, data storage systems, programming languages, and lack of internet connectivity would make it more difficult for hackers to access the systems, effectively reducing the vulnerability of the weapon control systems to hacking. [23]

Following cyber security mega-breaches at Target, [24] Home Depot, [25] and the U.S. Office of Personnel Management, [26] Thomas advocated for proactive implementation of basic security measures as the most effective means to thwart similar mega-threats. [27] Bluntly stating that the gap between knowledge and implementation leaves companies and individuals at unnecessary risk, Thomas’ recommendation focused on simple measures that have been known for one to two decades, but which organizations have not implemented universally. [27] Thomas had identified retail cyber security breaches, including that at FAO Schwarz, as early as 1999. [28] [29]

In 2017, at the Defcon hacker conference Thomas assisted with escorting Rep. Will Hurd (R) and Rep. Jim Langevin (D) around the conference area through the various villages. [30]

At Defcon 27 in 2019 Thomas appeared on a panel with Rep. Langevin (D-RI), [31] Rep. Lieu (D-CA), [32] and former Rep. Jane Harman [33] entitled "Hacking Congress: The Enemy of My Enemy Is My Friend." [34] During the panel Thomas was quoted as saying “It’s up to us as a community to engage with those people…to educate them”, "But Congress doesn't work that way; it doesn't work at the 'speed of hack'. If you're going to engage with it, you need to recognize this is an incremental journey” [35] and “it takes 20 years to go from hackers in Congress to Congress at DEF CON”. [36]

The Whacked Mac Archives

The Whacked Mac Archives logo Whacked Mac Archives Rippled Apple.gif
The Whacked Mac Archives logo

The Whacked Mac Archives was an FTP download site managed by Thomas with the world's largest collection of Apple Macintosh hacking tools. [37] The total size of all the tools on the site was 20MB. [38] A CD copy of the contents of the FTP site was advertised for sale in 2600: The Hacker Quarterly. [39]

Hacker News Network

Serving as Editor-in-Chief, [40] Thomas founded and managed L0pht's online newsletter and website, known as the Hacker News Network [41] (or simply Hacker News or HNN). [10] Originally created to rapidly share discoveries about computer security, Hacker News also became a forum for users to post security alerts as vulnerabilities were identified. [42] The publication grew, eventually supporting paid advertising and an audience that included technology journalists and companies with an interest in cybersecurity. [4] The website can be seen in several background shots of the video "Solar Sunrise: Dawn of a New Threat" [43] produced by the National Counterintelligence Center in 1999. [44]

After L0pht's merger with @Stake in 2000, the Responsible disclosure-focused Hacker News Network was replaced with Security News Network. [4] [45]

Hacker News Network, after a decade offline, set for a launch on Jan. 11, 2010, with video reports about security, [46] the last videos were published in 2011. [47] Hacker News Network in 2018 redirects to spacerogue.net [48] [49]

CyberSquirrel1 (CS1)

In 2013, Thomas created the project CyberSquirrel1 as a satirical demonstration of the relative risk of Cyberwarfare attacks on critical infrastructure elements such as the North American electrical grid. [50] Started as a Twitter feed, the CyberSquirrel1 project expanded to include a full website and CyberSquirrel Tracking Map; [51] as the dataset grew, Attrition.org's Brian Martin (alias “Jared E. Richo” a/k/a Jericho) joined the project in 2014. [20] CyberSquirrel1's results disrupted public perception regarding the prevalence of nation-based hacking cyberwarfare attacks, concluding that damage due to cyberwarfare (for example, Stuxnet) was "tiny compared to the cyber-threat caused by animals", [50] [52] referring to electrical disruptions caused by squirrels.

An archive containing the full data set and supporting material of the project was uploaded to the Internet Archive under the Creative Commons license on January 19, 2021.

Election Security

As the 2015-2016 alleged Russian interference in the 2016 United States elections unfolded, public and media interest in hacking and hackers increased. [53] Leading up to the 2016 election, Thomas was interviewed for mainstream media productions, including CNBC's On the Money. [54] [55] After the release of the Joint Analysis Report, Thomas called for expanded detail on Indicators of Compromise in Federal Joint Analysis Reports, indicating that increased transparency and IP address reporting were instrumental for enhancing security. [56]

Prior to the 2018 election Thomas continued his advocacy speaking with CBS News and other outlets about securing our elections and the vulnerability of voting machines. [57] [58] [59] [60]

Books

In February 2023 Thomas released his first book, Space Rogue: How the Hackers Known as L0pht Changed the World. [61] [62] Written as a personal memoir, the book detailed his childhood growing up in Maine, how he discovered the online world of BBS’s and met the other members of the hacker collective L0pht Heavy Industries. The book covers how the L0pht released security vulnerability information, created L0phtcrack, gained media recognition, and testified in front of Congress in 1998. The book also covers the L0pht’s transition to the security consultancy @Stake, and how the L0pht’s impact still ripples throughout the information security industry today.

The book spent several weeks in the Amazon top 10 in the Computer & Technology Biographies category and briefly hit number 1. [63] The book was a finalist in the 2023 International Book Awards. [64] and a winner of the 2023 National Indie Excellence Awards (NIEA). [65]

Related Research Articles

<span class="mw-page-title-main">Computer security</span> Protection of computer systems from information disclosure, theft or damage

Computer security, cybersecurity, digital security, or information technology security is the protection of computer systems and networks from attacks by malicious actors that may result in unauthorized information disclosure, theft of, or damage to hardware, software, or data, as well as from the disruption or misdirection of the services they provide.

<span class="mw-page-title-main">L0pht</span> American hacker collective

L0pht Heavy Industries was a hacker collective active between 1992 and 2000 and located in the Boston, Massachusetts area. The L0pht was one of the first viable hackerspaces in the US, and a pioneer of responsible disclosure. The group famously testified in front of Congress in 1998 on the topic of ‘Weak Computer Security in Government’.

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

<span class="mw-page-title-main">Peiter Zatko</span> American computer security expert

Peiter C. Zatko, better known as Mudge, is an American network security expert, open source programmer, writer, and hacker. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the computer and culture hacking cooperative the Cult of the Dead Cow.

<span class="mw-page-title-main">Chris Wysopal</span> American computer security expert (born 1965)

Chris Wysopal is an entrepreneur, computer security expert and co-founder and CTO of Veracode. He was a member of the high-profile hacker think tank the L0pht where he was a vulnerability researcher.

ATstake, Inc. was a computer security professional services company in Cambridge, Massachusetts, United States. It was founded in 1999 by Battery Ventures and Ted Julian. Its initial core team of technologists included Dan Geer and the east coast security team from Cambridge Technology Partners. Its initial core team of executives included Christopher Darby, James T. Mobley, and Christina Luconi.

<span class="mw-page-title-main">Axis Communications</span> Swedish manufacturer of surveillance cameras

Axis Communications AB is a Swedish manufacturer of network cameras, access control, and network audio devices for the physical security and video surveillance industries. Since 2015, it operates as an independent subsidiary of Canon Inc.

<span class="mw-page-title-main">FK Bregalnica Štip</span> Football club

FK Bregalnica Štip is a football club based in Štip, Republic of North Macedonia. They are currently competing in the North Macedonian Second League.

<span class="mw-page-title-main">KF Shkëndija</span> Macedonian association football club

Klubi i Futbollit Shkëndija commonly known as Shkëndija, is a football club based in Tetovo, North Macedonia. Their home stadium is Ecolog Arena and they currently play in the Macedonian First League. In the 2010–11 season of the Macedonian First Football League, the club won its first major championship.

<span class="mw-page-title-main">Jeff Moss (hacker)</span> American computer security expert (born 1975)

Jeff Moss, also known as Dark Tangent, is an American hacker, computer and internet security expert who founded the Black Hat and DEF CON computer security conferences.

A supply chain attack is a cyber-attack that seeks to damage an organization by targeting less secure elements in the supply chain. A supply chain attack can occur in any industry, from the financial sector, oil industry, to a government sector. A supply chain attack can happen in software or hardware. Cybercriminals typically tamper with the manufacturing or distribution of a product by installing malware or hardware-based spying components. Symantec's 2019 Internet Security Threat Report states that supply chain attacks increased by 78 percent in 2018.

Korea Internet Neutral Exchange, the only carrier-neutral Internet exchange (IX) in South Korea, is a B2B company that specializes in Internet infrastructure. KINX provides Internet data center (IDC), content delivery network (CDN), and cloud computing services to customers. The headquarters is in Seoul, South Korea. As of March 2020, KINX has 126 employees.

The 26th Network Operations Squadron, United States Air Force, is a network operations unit located at Gunter Annex, in Montgomery, AL.

<span class="mw-page-title-main">Electrical disruptions caused by squirrels</span> Events and circumstances in which squirrels have caused major power outages

Electrical disruptions caused by squirrels are common and widespread, and can involve the disruption of power grids. It has been hypothesized that the threat to the internet, infrastructure and services posed by squirrels may exceed that posed by cyber-attacks. Although many commentators have highlighted humorous aspects of the concern, squirrels have proven consistently able to cripple power grids in many countries, and the danger posed to the electrical grid from squirrels is ongoing and significant. This has led to tabulations and maps compiled of the relevant data.

Assured Compliance Assessment Solution (ACAS) is a software set of information security tools used for vulnerability scanning and risk assessment by agencies of the United States Department of Defense (DoD). It performs automated vulnerability scanning and device configuration assessment. ACAS was implemented by the DoD in 2012, with contracts awarded to Tenable, Inc. (then known as Tenable Network Security) and Hewlett Packard Enterprise Services to improve cybersecurity within the DoD. It is mandated by regulations for all DoD agencies and is deployed via download. Part of the ACAS software monitors passive network traffic, new network hosts, and applications that are vulnerable to compromise. It also generates required reports and data that are remotely accessible, with a centralized console, and is Security Content Automation Protocol (SCAP) compliant. The Defense Information Systems Agency's Cyber Development (CD) provides program management and support in the deployment of ACAS. The Army's Systems Engineering and Integration Directorate said in 2016 that ACAS gives the Army "a clear, specific and timely picture of cyber vulnerabilities and how they are being addressed. Not only does the technology streamline processes at the operator level, it also enables broader goals such as the Cybersecurity Scorecard and automated patching for improved mission assurance."

Election cybersecurity or election security refers to the protection of elections and voting infrastructure from cyberattack or cyber threat – including the tampering with or infiltration of voting machines and equipment, election office networks and practices, and voter registration databases.

<span class="mw-page-title-main">Cybersecurity and Infrastructure Security Agency</span> Agency of the United States Department of Homeland Security

The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers.

Log4Shell (CVE-2021-44228) is a zero-day vulnerability in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021. Before an official CVE identifier was made available on 10 December 2021, the vulnerability circulated with the name "Log4Shell", given by Free Wortley of the LunaSec team, which was initially used to track the issue online. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The exploit was simple to execute and is estimated to have had the potential to affect hundreds of millions of devices.

References

  1. "2023 International Book Awards". 24 Jun 2023. Archived from the original on 8 July 2023. Retrieved 17 Jul 2023.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  2. "National Indie Excellence Awards". 1 Jul 2023. Archived from the original on 17 July 2023. Retrieved 17 Jul 2023.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  3. "Amazon Best Sellers". Amazon. 17 Feb 2023. Archived from the original on 17 February 2023. Retrieved 17 Jul 2023.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  4. 1 2 3 4 Timberg, Craig (22 Jun 2015). "A disaster foretold — and ignored. LOpht's warnings about the Internet drew notice but little action". The Washington Post . USA. Retrieved 8 Dec 2017.
  5. 1 2 Article examples
    *Rogue, Space (1 Jul 2015). "Opinion: An Underwriters Laboratories for cybersecurity is long overdue". csmonitor.com. The Christian Science Monitor . Retrieved 18 Dec 2017.
    *Thomas, Cris (1 Sep 2015). "Understanding malware". Network Computing. Network Computing. Retrieved 18 Dec 2017.
    *Thomas, Cris (19 Sep 2016). "Zero trust policy the answer to fed cybersecurity challenges". The Hill . Capitol Hill Publishing Corp. Retrieved 18 Dec 2017.
  6. 1 2 Sweeney, Terry (10 Aug 2016). "Government, Hackers Learn To Make Nice". Dark Reading. Washington, D.C., USA. Retrieved 10 Dec 2017.
  7. 1 2 Naraine, Ryan (26 June 2007). "The iPhone security non-story". ZDNet . Retrieved 18 Dec 2017.
  8. 1 2 Raywood, Dan (10 Apr 2014). "Inadequate 'Internet of Things' Security Puts Our Lives at Risk". ibtimes.co.uk. International Business Times . Retrieved 16 Dec 2017.
  9. McMillan, Robert (23 Jul 2009). "Hacker Group L0pht Makes a Comeback, of Sorts". PC World . USA. Retrieved 7 Dec 2017.
  10. 1 2 "Space Rogue". Forbes . USA. 7 Feb 2000. Retrieved 18 Dec 2017.
  11. Anonymous (2003). Maximum Security. Sams Publishing. p. 571. ISBN   978-0672324598 . Retrieved 2018-09-29.
  12. Rogue, Space (1998-10-30). "[L0pht Advisory] MacOS - FWB passwords easily bypassed". packetstormsecurity.com. Retrieved 2018-09-29.
  13. Penenberg, Adam (7 Feb 2000). "Space Rogue". Forbes . USA. Retrieved 25 May 2018.
  14. "A cyber terrorist ate my hamster". infosecurity-magazine.com. Reed Exhibitions, Ltd. 20 Jul 2012. Retrieved 16 Dec 2017.
  15. "Space Rogue from L0pht and Hacker News Network Joins Tenable Network Security". tenable.com. Tenable, Inc. 7 Jan 2014. Retrieved 10 Dec 2017.
  16. Thomas, Cris (27 Jul 2017). "Hello, My Name Is Space Rogue". securityintelligence.com. IBM . Retrieved 10 Dec 2017.
  17. "The Washington Area Trustworthy Computing Hour (WATCH) seminar series". nsf.gov. National Science Foundation. 2017. Retrieved 16 Dec 2017.
  18. "WATCH - 35 Years of Cyberwar: The Squirrels are Winning". nsf.gov. National Science Foundation. 20 July 2017. Archived from the original on 4 January 2018. Retrieved 16 Dec 2017.
  19. Brown, Leah (28 Nov 2017). "IBM's Space Rogue explains how hackers easily crack your password". TechRepublic. Retrieved 3 Apr 2018.
  20. 1 2 Gallagher, Sean (16 Jan 2017). "Who's winning the cyber war? The squirrels, of course. CyberSquirrel1 project shows fuzzy-tailed intruders cause more damage than "cyber" does". Ars Technica . USA. Retrieved 28 Nov 2017.
  21. Powner, David. "INFORMATION TECHNOLOGY: Federal Agencies Need to Address Aging Legacy Systems". U.S. Government Accountability Office Report . Retrieved 30 Nov 2017.
  22. Szoldra, Paul (25 May 2016). "America's nukes are still controlled by 8-inch floppy disks". Business Insider . Retrieved 30 Nov 2016.
  23. Szoldra, Paul (16 May 2016). "A hacker explains why US nukes controlled by ancient computers is actually a good thing". VentureBeat . Retrieved 30 Nov 2017.
  24. Roman, Jeffrey (26 Mar 2014). "Senate Report Analyzes Target Breach - Pinpoints Apparent Missed Opportunities to Prevent Incident". databreachtoday.com. Retrieved 24 Nov 2017.
  25. Kitten, Tracy (1 Jun 2016). "Court Clears Way for Banks' Home Depot Suit to Proceed - Judge Rejects Dismissal, Citing Security Negligence Allegations". databreachtoday.com. Retrieved 24 Nov 2017.
  26. Chabrow, Eric (2 Dec 2015). "China: Chinese Criminals Hacked OPM - American Experts Skeptical About Chinese Claim of No Government Involvement". databreachtoday.com. Retrieved 24 Nov 2017.
  27. 1 2 Schwartz, Mathew (15 Jun 2016). "'Space Rogue' on Déjà Vu Security Failures Old Security Mistakes Keep Getting Repeated, Says Tenable's Cris Thomas". Bank Info Security. USA. Retrieved 24 Nov 2017.
  28. Glave, James (3 Feb 1999). "FAO SCHWARZ SPRINGS A LEAK". Wired.com. Wired (magazine). Retrieved 16 Dec 2017.
  29. Beckett, Jamie (5 Feb 1999). "FAO Schwarz Patches Hole In Web Site". sfgate.com. San Francisco Chronicle . Retrieved 16 Dec 2017.
  30. Strom, David (13 Jun 2017). "Space Rogue: A Security Rebel Turned Pen Tester". securityintelligence.com. Retrieved 13 Jun 2017.
  31. Robinson, Teri (12 Aug 2019). "Def Con: Lieu, Langevin call on security community to help fed gov't bolster cyber, harden election security" . Retrieved 12 Sep 2019.
  32. Brumfield, Cynthia (9 Aug 2019). "U.S. Rep Lieu hopeful for election security bill prospects" . Retrieved 12 Sep 2019.
  33. Peterson, Scot (12 Aug 2019). "Black Hat 2019: Election Security Gets Top Billing at Black Hat, Def Con" . Retrieved 12 Sep 2019.
  34. Sheridan, Kelly (12 Aug 2019). "Security Pros, Congress Reps Talk National Cybersecurity at DEF CON" . Retrieved 12 Sep 2019.
  35. Thomson, Iain (12 Aug 2019). "US still 'not prepared' in event of a serious cyber attack and Congress can't help if it happens" . Retrieved 12 Sep 2019.
  36. Peterson, Scot (12 Aug 2019). "Black Hat 2019: Election Security gets Top Billing at Black Hat, Def Con" . Retrieved 12 Sep 2019.
  37. This Machine Kills Secrets: Julian Assange, the Cypherpunks, and Their Fight to Empower Whistleblowers , p. 199, at Google Books
  38. Rogue, Space (2012-06-11). "The Return of Zuc.A and Ancient OSX Viruses?". SpiderLabs Blog. Trustwave. Archived from the original on 2018-05-24. Retrieved 2018-05-24.
  39. 2600 Magazine Vol 13 , p. 49, at Google Books
  40. Glave, James (12 Jan 1999). "CONFUSION OVER 'CYBERWAR'". Wired . USA. Retrieved 8 Dec 2017.
  41. "HNN - H a c k e r N e w s N e t w o r k". 17 August 2000. Archived from the original on 17 August 2000. Retrieved 24 July 2018.
  42. Timberg, Craig (27 Jun 2015). "In 1998, these hackers said the Internet would become a security disaster. Nobody listened". The Daily Herald. USA. Retrieved 7 Dec 2017.
  43. Kevin Poulsen (September 23, 2008). "Video: Solar Sunrise, the Best FBI-Produced Hacker Flick Ever". Wired News . Retrieved May 23, 2009.
  44. Solar Sunrise Dawn Of A New Threat (VHS) (Video). National Counterintelligence Center. 1999. Event occurs at 3:18. Retrieved October 30, 2018. Alt URL
  45. "(Sort of) New Hacker Resource site - Geek.com". geek.com. 27 July 2000. Archived from the original on 24 July 2018. Retrieved 24 July 2018.
  46. "Hacker Group L0pht Makes a Comeback, of Sorts". PCWorld. Retrieved 24 July 2018.
  47. "HackerNewsNetwork". YouTube. Retrieved 24 July 2018.
  48. "Old Site Archive - SPACE ROGUE". www.spacerogue.net. Retrieved 24 July 2018.
  49. "Space Rogue from L0pht and Hacker News Network Joins Tenable Network Security". tenable.com. 7 January 2014. Retrieved 24 July 2018.
  50. 1 2 "Squirrel 'threat' to critical infrastructure". BBC . 17 Jan 2017. Retrieved 28 Nov 2017.
  51. Hern, Alex (14 Jan 2016). "The power grid's greatest enemy has four legs and a bushy tail". The Guardian . Retrieved 28 Nov 2017.
  52. Wagenseil, Paul (14 Jan 2017). "Worried About Cyberwar? Worry About Squirrels Instead". Tom's Guide. USA. Retrieved 28 Nov 2017.
  53. "2016 Presidential Campaign Hacking Fast Facts". CNN . 31 Oct 2017. Retrieved 24 Nov 2017.
  54. CNBC On the Money: Hacking the Vote (Television production). CNBC. 5 Nov 2015. Retrieved 10 Dec 2017.
  55. Muradian, Vago (14 Oct 2016). "Tenable's Space Rogue on Hacking US Elections, Cyber Vulnerabilities". defaeroreport.com. Retrieved 19 Sep 2018.
  56. Lamb, Eleanor (19 Jan 2017). "Tenable Expert Urges Stronger Language for 'Grizzly Steppe' Report". Meritalk: Improving the outcomes of government IT. Retrieved 24 Nov 2017.
  57. Patterson, Dan (19 Sep 2018). "Why voting machines in the U.S. are easy targets for hackers". CBSNews.com . USA. Retrieved 19 Sep 2018.
  58. Patterson, Dan (27 Sep 2018). "Campaign 2018: Voting machines are vulnerable to hacking". CNet.com . USA. Retrieved 28 Sep 2018.
  59. "Report: Americans concerned about cyber attack on voting systems as midterms near". WTNH . USA. 25 Oct 2018. Retrieved 30 Oct 2018.
  60. Patterson, Dan (29 Oct 2018). "Election hacking: The myths vs. realities". techrepublic.com . USA. Retrieved 30 Oct 2018.
  61. Thomas, Cris (2023). Space Rogue: How the Hackers Known As L0pht Changed the World. p. 362. ISBN   979-8987032404.
  62. "Hacker Space Rogue to Release Book on Hacking Group L0pht Heavy Industries in February". 12 Jan 2023. Archived from the original on 17 July 2023. Retrieved 17 Jul 2023.{{cite news}}: CS1 maint: bot: original URL status unknown (link)
  63. "Amazon Best Sellers". Amazon. 17 Feb 2023. Archived from the original on 17 February 2023. Retrieved 17 Jul 2023.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  64. "2023 International Book Awards". 24 Jun 2023. Archived from the original on 8 July 2023. Retrieved 17 Jul 2023.{{cite web}}: CS1 maint: bot: original URL status unknown (link)
  65. "National Indie Excellence Awards". 1 Jul 2023. Archived from the original on 17 July 2023. Retrieved 17 Jul 2023.{{cite web}}: CS1 maint: bot: original URL status unknown (link)