Jack Cable (software developer)

Last updated
Jack Cable
Employer
AwardsTime Magazine's 25 Most Influential Teens (2018) [1]
Website https://cablej.io/   OOjs UI icon edit-ltr-progressive.svg

Jack Cable (born February 18, 2000) is an American computer security researcher and software developer who currently serves as a Senior Technical Advisor at the Cybersecurity and Infrastructure Security Agency. He is best known for his participation in bug bounty programs, including placing first in the U.S. Department of Defense's Hack the Air Force challenge. [2] Cable began working for the Pentagon's Defense Digital Service in the summer of 2018. [3]

Contents

After discovering and reporting severe vulnerabilities in several states' electoral infrastructure, Cable joined the U.S. Cybersecurity and Infrastructure Security Agency (CISA) in the summer of 2020. [4] There, Cable served as a technical advisor to help protect state election systems against foreign hacking attempts. [5] Cable rejoined CISA in 2023 to help lead the agency's Secure by Design initiative. [6]

For his work, Cable was named one of Time Magazine's 25 Most Influential Teens of 2018. [1] Cable has spoken on vulnerability disclosure and election security at conferences including the DEF CON Voting Village, [7] Black Hat Briefings, [8] and the Wall Street Journal's Future of Everything Festival. [9] In 2019, Cable helped launch Stanford's bug bounty program, one of the first in higher education. [10]

Biography

Cable grew up in the Chicago suburbs and attended New Trier High School. [3] He began programming in middle school and discovered bug bounty programs at the age of 15 after finding a vulnerability in a financial website. [2] [11] Cable has founded a cybersecurity consulting firm, Lightning Security. [1] Cable studied computer science at Stanford, where he received a B.S. in computer science.

Cable joined cybersecurity consulting firm Krebs Stamos Group in 2021 as a Security Architect. [12]

Ransomware research

In 2021, Cable identified a workaround in a ransomware payment system to save victims $27,000, [13] for which he was acknowledged by U.S. Secretary of Homeland Security Alejandro Mayorkas. [14]

Cable also launched Ransomwhere, a crowdsourced ransomware payment tracker that aims to address the ransomware visibility problem. [15] [16]

Publications and articles

Related Research Articles

<span class="mw-page-title-main">Cybercrime</span> Type of crime based in computer networks

Cybercrime encompasses a wide range of criminal activities that are carried out using digital devices and/or networks. These crimes involve the use of technology to commit fraud, identity theft, data breaches, computer viruses, scams, and expanded upon in other malicious acts. Cybercriminals exploit vulnerabilities in computer systems and networks to gain unauthorized access, steal sensitive information, disrupt services, and cause financial or reputational harm to individuals, organizations, and governments.

A security hacker or security researcher is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.

<span class="mw-page-title-main">Jeff Moss (hacker)</span> American computer security expert (born 1975)

Jeff Moss, also known as Dark Tangent, is an American hacker, computer and internet security expert who founded the Black Hat and DEF CON computer security conferences.

<span class="mw-page-title-main">Bitdefender</span> Romanian cybersecurity technology company

Bitdefender is a multinational cybersecurity technology company dual-headquartered in Bucharest, Romania and Santa Clara, California, with offices in the United States, Europe, Australia and the Middle East.

EC-Council is a cybersecurity certification, education, training, and services company based in Albuquerque, New Mexico.

A cyberattack occurs when there is an unauthorized action against computer infrastructure that compromises the confidentiality, integrity, or availability of its content.

The Lazarus Group is a hacker group made up of an unknown number of individuals, alleged to be run by the government of North Korea. While not much is known about the Lazarus Group, researchers have attributed many cyberattacks to them since 2010. Originally a criminal group, the group has now been designated as an advanced persistent threat due to intended nature, threat, and wide array of methods used when conducting an operation. Names given by cybersecurity organizations include Hidden Cobra and ZINC or Diamond Sleet. According to North Korean defector Kim Kuk-song, the unit is internally known in North Korea as 414 Liaison Office.

<span class="mw-page-title-main">Katie Moussouris</span> American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure

Katie Moussouris is an American computer security researcher, entrepreneur, and pioneer in vulnerability disclosure, and is best known for her ongoing work advocating responsible security research. Previously a member of @stake, she created the bug bounty program at Microsoft and was directly involved in creating the U.S. Department of Defense's first bug bounty program for hackers. She previously served as Chief Policy Officer at HackerOne, a vulnerability disclosure company based in San Francisco, California, and currently is the founder and CEO of Luta Security.

<span class="mw-page-title-main">David Venable</span> Cyber security professional (born 1978)

David "Dave" Venable is a former intelligence officer with the United States National Security Agency, and current cyber security professional and businessman. He is an author and speaker on the topics of cyber security, cyberwarfare, and international security; has developed security-related internet protocols; is a US patent holder; and has been named as one of the most influential people in security.

<span class="mw-page-title-main">WannaCry ransomware attack</span> 2017 worldwide ransomware cyberattack

The WannaCry ransomware attack was a worldwide cyberattack in May 2017 by the WannaCry ransomware cryptoworm, which targeted computers running the Microsoft Windows operating system by encrypting data and demanding ransom payments in the Bitcoin cryptocurrency. It was propagated using EternalBlue, an exploit developed by the United States National Security Agency (NSA) for Windows systems. EternalBlue was stolen and leaked by a group called The Shadow Brokers a month prior to the attack. While Microsoft had released patches previously to close the exploit, much of WannaCry's spread was from organizations that had not applied these, or were using older Windows systems that were past their end of life. These patches were imperative to cyber security, but many organizations did not apply them, citing a need for 24/7 operation, the risk of formerly working applications breaking because of the changes, lack of personnel or time to install them, or other reasons.

<span class="mw-page-title-main">Alex Stamos</span> Greek American computer scientist

Alex Stamos is an American computer scientist and adjunct professor at Stanford University's Center for International Security and Cooperation. He is the former chief security officer (CSO) at Facebook. His planned departure from the company, following disagreement with other executives about how to address the Russian government's use of its platform to spread disinformation during the 2016 U.S. presidential election, was reported in March 2018.

<span class="mw-page-title-main">Rob Joyce</span> American cybersecurity official

Robert E. Joyce is an American cybersecurity official who served as special assistant to the President and Cybersecurity Coordinator on the U.S. National Security Council. He also began serving as White House Homeland Security Adviser to President Donald Trump on an acting basis after the resignation of Tom Bossert from April 10, 2018, to May 31, 2018. He completed his detail to the White House in May 2018 and returned to the National Security Agency, where he served as the Senior Advisor to the Director NSA for Cyber Security Strategy, until July 2019 when he went to London and served in the US Embassy as the NSA's senior cryptologic representative to the UK. Joyce previously performed as acting Deputy Homeland Security Advisor since October 13, 2017. On January 15, 2021, the NSA announced that Joyce would replace Anne Neuberger as its Director of Cybersecurity.

<span class="mw-page-title-main">Cybersecurity and Infrastructure Security Agency</span> Agency of the United States Department of Homeland Security

The Cybersecurity and Infrastructure Security Agency (CISA) is a component of the United States Department of Homeland Security (DHS) responsible for cybersecurity and infrastructure protection across all levels of government, coordinating cybersecurity programs with U.S. states, and improving the government's cybersecurity protections against private and nation-state hackers.

Internet security awareness or Cyber security awareness refers to how much end-users know about the cyber security threats their networks face, the risks they introduce and mitigating security best practices to guide their behavior. End users are considered the weakest link and the primary vulnerability within a network. Since end-users are a major vulnerability, technical means to improve security are not enough. Organizations could also seek to reduce the risk of the human element. This could be accomplished by providing security best practice guidance for end users' awareness of cyber security. Employees could be taught about common threats and how to avoid or mitigate them.

Bugcrowd is a crowdsourced security platform. It was founded in 2012, and in 2019 it was one of the largest bug bounty and vulnerability disclosure companies on the internet. Bugcrowd runs bug bounty programs and also offers a range of penetration testing services it refers to as "Penetration Testing as a Service" (PTaaS), as well as attack surface management.

Ryuk is a type of ransomware known for targeting large, public-entity Microsoft Windows cybersystems. It typically encrypts data on an infected system, rendering the data inaccessible until a ransom is paid in untraceable bitcoin. Ryuk is believed to be used by two or more criminal groups, most likely Russian or Ukrainian, who target organizations rather than individual consumers.

A global wave of cyberattacks and data breaches began in January 2021 after four zero-day exploits were discovered in on-premises Microsoft Exchange Servers, giving attackers full access to user emails and passwords on affected servers, administrator privileges on the server, and access to connected devices on the same network. Attackers typically install a backdoor that allows the attacker full access to impacted servers even if the server is later updated to no longer be vulnerable to the original exploits. As of 9 March 2021, it was estimated that 250,000 servers fell victim to the attacks, including servers belonging to around 30,000 organizations in the United States, 7,000 servers in the United Kingdom, as well as the European Banking Authority, the Norwegian Parliament, and Chile's Commission for the Financial Market (CMF).

Log4Shell (CVE-2021-44228) is a zero-day vulnerability reported in November 2021 in Log4j, a popular Java logging framework, involving arbitrary code execution. The vulnerability had existed unnoticed since 2013 and was privately disclosed to the Apache Software Foundation, of which Log4j is a project, by Chen Zhaojun of Alibaba Cloud's security team on 24 November 2021. Before an official CVE identifier was made available on 10 December 2021, the vulnerability circulated with the name "Log4Shell", given by Free Wortley of the LunaSec team, which was initially used to track the issue online. Apache gave Log4Shell a CVSS severity rating of 10, the highest available score. The exploit was simple to execute and is estimated to have had the potential to affect hundreds of millions of devices.

Gregory Falco is an American inventor and researcher. Falco is a professor at Cornell University. He is a pioneer in the field of cybersecurity research and its aerospace applications. Falco is the founding chair of IEEE's Standard for Space System Cybersecurity and the NATO Country Project Director for the NATO Science for Peace and Security effort to reroute the internet to space.

The U.S. Ransomware Task Force (RTF), also known as the Joint Ransomware Task Force, is an interagency body that leads the American government's efforts to address the threats of ransomware attacks. It is jointly headed by the Department of Homeland Security’s cyber arm, the Cybersecurity and Infrastructure Security Agency (CISA), and the Federal Bureau of Investigation.

References

  1. 1 2 3 "TIME's 25 Most Influential Teens of 2018". Time Magazine. Retrieved 3 November 2019.
  2. 1 2 "This 17-year-old hacked the Air Force". NPR Marketplace. Retrieved 3 November 2019.
  3. 1 2 "How a New Trier Student Became an Internationally Known Ethical Hacker". Chicago Magazine. Retrieved 3 November 2019.
  4. "Putin Is Well on His Way to Stealing the Next Election". The Atlantic. Retrieved 20 April 2021.
  5. "Meet the 20-year-old super-hacker who was the youngest member of the Pentagon's 'SWAT team of nerds' and is now fighting for election security with Homeland Security". Business Insider. Retrieved 20 April 2021.
  6. @CISAgov (January 19, 2023). "We're delighted to welcome top cyber talent like senior technical advisor Jack Cable to the team!" (Tweet) via Twitter.
  7. "DEF CON 27 Voting Village Report" (PDF). DEF CON. Retrieved 3 November 2019.
  8. "Black Hat CISO Summit". Black Hat. Retrieved 3 November 2019.
  9. "WSJ Future Of Everything Festival - Speakers". The Wall Street Journal. Retrieved 3 November 2019.
  10. "Stanford Bug Bounty Launch". Stanford University IT. Retrieved 3 November 2019.
  11. "Meet the 17-Year-Old Who Hacked the U.S. Air Force". Nextgov. Retrieved 14 November 2019.
  12. "Ransomware attack struck between 800 and 1,500 businesses, says company at center of hack". The Washington Post. July 6, 2021. Retrieved 26 March 2022.
  13. "Stanford student finds glitch in ransomware payment system to save victims $27,000". CyberScoop. April 22, 2021. Retrieved 26 March 2022.
  14. @secmayorkas (April 23, 2021). "Great work by @jackhcable! From disrupting #ransomware schemes to working with @CISAgov to #Protect2020, you are a tremendous example of how even a single person can make a difference" (Tweet) via Twitter.
  15. "This crowdsourced payments tracker wants to solve the ransomware visibility problem". TechCrunch. July 9, 2021. Retrieved 26 March 2022.
  16. "Jack Cable, Stanford student and cyber whiz, aims to crowdsource ransomware details". CyberScoop. July 9, 2021. Retrieved 11 May 2024.
  17. Cable, Jack. "Every Computer Science Degree Should Require a Course in Cybersecurity". Harvard Business Review. Retrieved 3 November 2019.
  18. Cable, Jack. "Why the U.S. government needs you to hack it". Fast Company. Retrieved 20 April 2021.
  19. Cable, Jack. "Preventing Ransomware Attacks at Scale". Harvard Business Review. Retrieved 11 May 2024.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.