Herbert Hugh Thompson

Last updated
Hugh Thompson
Born
Nassau, Bahamas
Citizenship American
Alma mater Florida Institute of Technology
Known for security
Scientific career
Fields Computer science
Institutions Microsoft
Columbia University
RSA Conference
Blue Coat Systems
Symantec

Dr. Herbert Hugh Thompson is a computer security expert, an Adjunct Professor in the Computer Science Department at Columbia University, [1] and the Chief Technology Officer of NortonLifeLock. [2] He is also the Chairman of RSA Conference [3] the world's largest information security conference with over 25,000 attendees annually. Thompson is the co-author of a book on human achievement titled The Plateau Effect: Getting from Stuck to Success published by Penguin in 2013 [4] [5] and has co-authored three books on information security including, How to Break Software Security: Effective Techniques for Security Testing published by Addison-Wesley, [6] and The Software Vulnerability Guide published by Charles River 2005. [7] He is known for his role in exposing electronic voting machine vulnerabilities as part of the HBO Documentary Hacking Democracy. He was named one of the "Top 5 Most Influential Thinkers in IT Security" by SC Magazine [8] and has been referred to by the Financial Times as "One of the world’s foremost cryptology and internet security experts." [9]

Contents

Career

Thompson began his career as a research intern for Microsoft Corporation while working on his Ph.D. in Applied Mathematics at the Florida Institute of Technology, where he completed his degree in 2002. [10] He then went on to co-found Security Innovation Inc., an application security company and worked as their Chief Security Strategist. In 2007 he started another technology security company called People Security and also began teaching a course on "Software Security and Exploitation" at Columbia University that focused on methods to circumvent security mechanisms in software. [11] Thompson hosted a show that was sponsored by AT&T. [12] He has written several books and over 100 peer reviewed papers on Computer Security and Hacking. [13] [14] [15] Thompson has delivered keynotes at every RSA Conference since 2007. [16] He has been interviewed by top news organizations including BBC News, [17] Bloomberg Television, [18] CNN, [19] Fox News, [20] The New York Times [21] and the Associated Press. [22] He is also a contributor to the New York Times, [23] Scientific American [24] and IEEE Security & Privacy magazine. [25] Thompson was Senior Vice President at security infrastructure company Blue Coat Systems., [26] and was named CTO of Symantec after the acquisition of Blue Coat in August 2016. [2]

Electronic Voting Security

In 2006, Thompson participated in four hack tests for the nonprofit election watchdog group Black Box Voting. [27] Two of his tests involved altering election results reports on the Diebold GEMS central tally machines. Thompson also collaborated with Harri Hursti in the Black Box Voting projects in Leon County, Florida and Emery County, Utah. Thompson's GEMS central tabulator hack was achieved by inserting a Visual Basic script onto the GEMS server machine at election headquarters. Both the Visual Basic script hack by Thompson and the memory card hack by Hursti Hack can be seen in HBO's "Hacking Democracy" where Hursti and Thompson hacked into Diebold Election Systems's voting machines and central tabulator system in Leon County, Florida proving its vulnerability. [28]

Education

Thompson completed his bachelors, masters and Ph.D. in applied mathematics at the Florida Institute of Technology.

Books

Related Research Articles

The hacker culture is a subculture of individuals who enjoy—often in collective effort—the intellectual challenge of creatively overcoming the limitations of software systems or electronic hardware, to achieve novel and clever outcomes. The act of engaging in activities in a spirit of playfulness and exploration is termed hacking. However, the defining characteristic of a hacker is not the activities performed themselves, but how it is done and whether it is exciting and meaningful. Activities of playful cleverness can be said to have "hack value" and therefore the term "hacks" came about, with early examples including pranks at MIT done by students to demonstrate their technical aptitude and cleverness. The hacker culture originally emerged in academia in the 1960s around the Massachusetts Institute of Technology (MIT)'s Tech Model Railroad Club (TMRC) and MIT Artificial Intelligence Laboratory. Hacking originally involved entering restricted areas in a clever way without causing any major damage. Some famous hacks at the Massachusetts Institute of Technology were placing of a campus police cruiser on the roof of the Great Dome and converting the Great Dome into R2-D2.

Premier Election Solutions, formerly Diebold Election Systems, Inc. (DESI), was a subsidiary of Diebold that made and sold voting machines.

A backdoor is a typically covert method of bypassing normal authentication or encryption in a computer, product, embedded device, or its embodiment. Backdoors are most often used for securing remote access to a computer, or obtaining access to plaintext in cryptosystems. From there it may be used to gain access to privileged information like passwords, corrupt or delete data on hard drives, or transfer information within autoschediastic networks.

Bev Harris is an American writer, activist, and founder of Black Box Voting, a national, nonpartisan elections watchdog group. She helped popularize the term "black box voting", while authoring a book of that title.

<span class="mw-page-title-main">Edward Felten</span> American computer scientist (born 1963)

Edward William Felten is the Robert E. Kahn Professor of Computer Science and Public Affairs at Princeton University, where he was also the director of the Center for Information Technology Policy from 2007 to 2015 and from 2017 to 2019. On November 4, 2010, he was named Chief Technologist for the Federal Trade Commission, a position he officially assumed January 3, 2011. On May 11, 2015, he was named the Deputy U.S. Chief Technology Officer. In 2018, he was nominated to and began a term as Board Member of PCLOB.

<span class="mw-page-title-main">Election Systems & Software</span>

Election Systems & Software is an Omaha, Nebraska-based company that manufactures and sells voting machine equipment and services. The company's offerings include vote tabulators, DRE voting machines, voter registration and election management systems, ballot-marking devices, electronic poll books, ballot on demand printing services, and absentee voting-by-mail services.

<span class="mw-page-title-main">Peiter Zatko</span> American computer security expert

Peiter C. Zatko, better known as Mudge, is an American network security expert, open source programmer, writer, and hacker. He was the most prominent member of the high-profile hacker think tank the L0pht as well as the computer and culture hacking cooperative the Cult of the Dead Cow.

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.

<span class="mw-page-title-main">Jennifer Granick</span> American attorney and educator

Jennifer Stisa Granick is an American attorney and educator. Senator Ron Wyden has called Granick an "NBA all-star of surveillance law." She is well known for her work with intellectual property law, free speech, privacy law, and other things relating to computer security, and has represented several high-profile hackers.

<span class="mw-page-title-main">Ion Sancho</span>

Ion Voltaire Sancho was an elected official who served Leon County, Florida, as Supervisor of Elections for 28 years, from 1989 to 2017. During his time in office, he was admired for his integrity as a voter advocate and elections expert, and became nationally known for his role in the Florida presidential election recount of 2000. He was also known for his appearance in the 2006 investigative documentary Hacking Democracy.

<i>Hacking Democracy</i> 2006 film by Simon Ardizzone

Hacking Democracy is a 2006 Emmy nominated documentary film broadcast on HBO and created by producer / directors Russell Michaels and Simon Ardizzone, with producer Robert Carrillo Cohen, and executive producers Sarah Teale, Sian Edwards & Earl Katz. Filmed over three years it documents American citizens investigating anomalies and irregularities with 'e-voting' systems that occurred during the 2000 and 2004 elections in the United States, especially in Volusia County, Florida. The film investigates the flawed integrity of electronic voting machines, particularly those made by Diebold Election Systems, exposing previously unknown backdoors in the Diebold trade secret computer software. The film culminates dramatically in the on-camera hacking of the in-use / working Diebold election system in Leon County, Florida - the same computer voting system which has been used in actual American elections across thirty-three states, and which still counts tens of millions of America's votes today.

In computer science, attack patterns are a group of rigorous methods for finding bugs or errors in code related to computer security.

The Hursti Hack was a successful attempt to alter the votes recorded on a Diebold optical scan voting machine. The hack is named after Harri Hursti.

<span class="mw-page-title-main">Harri Hursti</span> Finnish computer programmer

Harri Harras Hursti is a Finnish computer programmer and former chairman of the board and co-founder of ROMmon, where he supervised in the development of the world's smallest 2-gigabit traffic analysis product that was later acquired by F-Secure Corporation.

Bob Sullivan is an American online journalist, author and one of the founding members of msnbc.com. Sullivan is the author of two New York Times Bestsellers entitled Stop Getting Ripped Off and Gotcha Capitalism. Sullivan is a journalist at BobSullivan.net and an author. Formerly, he was senior writer, technology correspondent and author of the popular blog, The Red Tape Chronicles, at msnbc.com, where he focused on technology crime and consumer fraud. He also regularly appears on air on MSNBC, CNBC's On the Money, NBC Nightly News, the Today show, and various local NBC affiliates.

FREAK is a security exploit of a cryptographic weakness in the SSL/TLS protocols introduced decades earlier for compliance with U.S. cryptography export regulations. These involved limiting exportable software to use only public key pairs with RSA moduli of 512 bits or fewer, with the intention of allowing them to be broken easily by the National Security Agency (NSA), but not by other organizations with lesser computing resources. However, by the early 2010s, increases in computing power meant that they could be broken by anyone with access to relatively modest computing resources using the well-known Number Field Sieve algorithm, using as little as $100 of cloud computing services. Combined with the ability of a man-in-the-middle attack to manipulate the initial cipher suite negotiation between the endpoints in the connection and the fact that the finished hash only depended on the master secret, this meant that a man-in-the-middle attack with only a modest amount of computation could break the security of any website that allowed the use of 512-bit export-grade keys. While the exploit was only discovered in 2015, its underlying vulnerabilities had been present for many years, dating back to the 1990s.

The ROCA vulnerability is a cryptographic weakness that allows the private key of a key pair to be recovered from the public key in keys generated by devices with the vulnerability. "ROCA" is an acronym for "Return of Coppersmith's attack". The vulnerability has been given the identifier CVE-2017-15361.

Static application security testing (SAST) is used to secure software by reviewing the source code of the software to identify sources of vulnerabilities. Although the process of statically analyzing the source code has existed as long as computers have existed, the technique spread to security in the late 90s and the first public discussion of SQL injection in 1998 when Web applications integrated new technologies like JavaScript and Flash.

<i>Kill Chain: The Cyber War on Americas Elections</i> 2020 HBO documentary film

Kill Chain: The Cyber War on America's Elections is an American television documentary film produced by Ish Entertainment, Blumhouse Productions and HBO Films. The film examines the American election system and its vulnerabilities to foreign cyberwarfare operations and 2016 presidential election interference. The film also features hackers at the conference DEF CON in their attempts to test the security of electronic voting machines.

Sarah Teale is a British-American documentary film producer and director, known for her Emmy nominated HBO documentaries Hacking Democracy, Dealing Dogs, The Weight of the Nation and Kill Chain: The Cyber War on America’s Elections.

References

  1. Columbia University course page for COMS E6998-9 Software Security and Exploitation
  2. 1 2 Symantec Management Team
  3. RSA Conference Appoints Dr. Herbert H. Thompson as Program Committee Chair and Advisory Board Member
  4. Schawbel, Dan. "Bob Sullivan: How Plateaus Prevent You From Career Success". Forbes.
  5. Coffey, Laura (2 May 2013). "Hey, high-achieving women! Here's how perfectionism holds you back". Today.
  6. Whittaker, James (2003). How to Break Software Security. Addison Wesley. ISBN   0321194330.
  7. Thompson, Herbert (2005). The Software Vulnerability Guide. Charles River Media. ISBN   1584503580.
  8. "IT security reboot 2006: Top 5 influential security thinkers". SC Magazine.
  9. Jones, Sam. "Encryption expert offers support to UK's GCHQ chief". Financial Times.
  10. Thompson, Herbert (2002). A Bayesian model of sequential test allocation for software reliability estimation. Florida Institute of Technology. ISBN   0493619062.
  11. Columbia University: COMS E6998-9: Software Security and Exploitation
  12. "AT&T Can't Pay An Audience To Agree With Internet Filtering". Wired.
  13. Thompson, Herbert H. "Why security testing is hard." IEEE Security & Privacy 1.4 (2003): 83-86.
  14. Whittaker, James A., and Herbert H. Thompson. "Black Box Debugging." Queue 1.9 (2003): 68.
  15. Thompson, Herbert H., and James A. Whittaker. "Rethinking software security." DOCTOR DOBBS JOURNAL 29.2 (2004): 73-75.
  16. RSA Conference USA 2010: The Hugh Thompson Show 4/5 , retrieved 2023-05-26
  17. "How safe is the 'internet of things'?". BBC News. Retrieved 2023-03-07.
  18. Bloomberg Television, First Up with Susan Li, "Cyber Security Threat Dynamic, Dangerous". https://www.bloomberg.com/video/cyber-security-threat-dynamic-dangerous-thompson-VBG2kLSxRb6aBvXmoqUvvQ.html
  19. CNN transcripts Archived May 22, 2011, at the Wayback Machine
  20. Snyder, Christopher (2015-03-24). "Increase in 'One-Day Wonder' websites helps disguise malware". Fox News. Retrieved 2023-03-07.
  21. Perlroth, Nicole (2014-06-11). "Security Needs Evolve as Computing Leaves the Office". Bits Blog. Retrieved 2023-03-07.
  22. R. Satter, "RESEARCHERS STYMIED BY HACKERS WHO DROP FAKE CLUES", AP, 10 December 2014. http://hosted.ap.org/dynamic/stories/E/EU_HACKER_WHODUNIT
  23. Sullivan, Bob, and Hugh Thompson. "Brain, Interrupted," New York Times, May 5, 2013, pg. SR12.
  24. Thompson, H. "How I Stole Someone’s Identity." Scientific American, online feature posted August 18 (2008).
  25. Hugh Thompson, "The Human Element of Information Security", IEEE Security & Privacy, vol.11, no. 1, pp. 32-35, Jan.-Feb. 2013, doi:10.1109/MSP.2012.161
  26. "Blue Coat Names Security Market Visionary Dr. Hugh Thompson as Senior Vice President and Chief Security Strategist".
  27. Black Box Voting site containing Thompson and Hursti projects Archived July 16, 2007, at the Wayback Machine
  28. HBO's documentary "Hacking Democracy" Archived January 7, 2010, at the Wayback Machine
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.