Runa Sandvik

Last updated
Runa Sandvik
Kawaiicon 2019 Runa Sandvik (2) (cropped).jpg
Runa Sandvik at Kawaiicon in Wellington, New Zealand in 2019
Born1987 (age 3637)
Oslo, Norway
Occupation(s)Computer security expert, founder
Spouse Michael Auger

Runa Sandvik is a Norwegian-American [1] computer security expert and founder of Granitt. [2] She is noted for her extensive work in protecting at-risk civil society groups, including human rights defenders, lawyers, and journalists. [3] Sandvik was previously the Senior Director of Information Security at The New York Times, helping launch the company’s confidential tips page in December 2016. [4]

Contents

Career

33 US Department of Homeland Security photos, acquired through FOIA 33 DHS photos of Runa Sandvik.jpeg
33 US Department of Homeland Security photos, acquired through FOIA

Sandvik was an early developer of the Tor anonymity network, a cooperative facility that helps individuals obfuscate the Internet Protocol information they are using to access the Internet. [5] Sandvik is a technical advisor to the Freedom of the Press Foundation and serves on the review board of Black Hat Europe. [5] Sandvik interviewed Edward Snowden in May 2014. [6] In February 2015 Sandvik documented her efforts to retrieve information about herself through Freedom of Information Act requests. [7] Sandvik led efforts to make The New York Times a Tor Onion service, allowing Times employees and readers to access the newspaper's site in ways that impede intrusive government monitoring. [8]

Hacking of smart rifles

Sandvik and Auger demonstrated that the aiming computer of theTrackingPoint XS1 precision guided firearm was vulnerable to third party hacking. Precision Guided Firearm.jpg
Sandvik and Auger demonstrated that the aiming computer of theTrackingPoint XS1 precision guided firearm was vulnerable to third party hacking.

Sandvik, and her husband, Michael Auger, demonstrated how smart rifles with remote access can be remotely hacked. [9] The $13,000 TrackingPoint sniper rifle is equipped with an embedded linux computer. [10] According to Wired magazine , when used according to its specifications, the aiming computer can enable a novice to hit remote targets that would otherwise require a skilled marksman. However the manufacturers designed the aiming computer with WiFi capabilities, so the shooter could upload video of their shots. Sandvik and Auger found they could initiate a Unix shell command line interpreter, and use it to alter parameters the aiming computer relies on, so that it will always miss its targets. They found that a knowledgeable hacker could use the shell to acquire root access. Acquiring root access allowed an interloper to erase all the aiming computer's software—"bricking" the aiming computer.

Personal life

She acquired her first computer when she was fifteen years old. [11] She studied computer science at the Norwegian University of Science and Technology. [6] In 2014 Sandvik married Michael Auger, and the pair made their home in Washington, D.C. [12]

Related Research Articles

A cypherpunk is any individual advocating widespread use of strong cryptography and privacy-enhancing technologies as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since at least the late 1980s.

<span class="mw-page-title-main">Crypto-anarchy</span> Political ideology

Crypto-anarchy, crypto-anarchism, cyberanarchy or cyberanarchism is a political ideology focusing on the protection of privacy, political freedom, and economic freedom, the adherents of which use cryptographic software for confidentiality and security while sending and receiving information over computer networks. In his 1988 "Crypto Anarchist Manifesto", Timothy C. May introduced the basic principles of crypto-anarchism, encrypted exchanges ensuring total anonymity, total freedom of speech, and total freedom to trade. In 1992, he read the text at the founding meeting of the cypherpunk movement. Most Crypto-anarchists are anarcho-capitalists but some are anarcho-mutualists.

<span class="mw-page-title-main">Matt Blaze</span> American researcher

Matt Blaze is an American researcher who focuses on the areas of secure systems, cryptography, and trust management. He is currently the McDevitt Chair of Computer Science and Law at Georgetown University, and is on the board of directors of the Tor Project.

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.

<span class="mw-page-title-main">.onion</span> Pseudo–top-level internet domain

.onion is a special-use top-level domain name designating an anonymous onion service, which was formerly known as a "hidden service", reachable via the Tor network. Such addresses are not actual DNS names, and the .onion TLD is not in the Internet DNS root, but with the appropriate proxy software installed, Internet programs such as web browsers can access sites with .onion addresses by sending the request through the Tor network.

<span class="mw-page-title-main">Samy Kamkar</span> American privacy and security researcher, computer hacker, whistleblower and entrepreneur

Samy Kamkar is an American privacy and security researcher, computer hacker and entrepreneur. At the age of 16, he dropped out of high school. One year later, he co-founded Fonality, a unified communications company based on open-source software, which raised over $46 million in private funding. In 2005, he created and released the fastest spreading virus of all time, the MySpace worm Samy, and was subsequently raided by the United States Secret Service under the Patriot Act. He also created SkyJack, a custom drone which hacks into any nearby Parrot drones allowing them to be controlled by its operator and created the Evercookie, which appeared in a top-secret NSA document revealed by Edward Snowden and on the front page of The New York Times. He has also worked with The Wall Street Journal, and discovered the illicit mobile phone tracking where the Apple iPhone, Google Android and Microsoft Windows Phone mobile devices transmit GPS and Wi-Fi information to their parent companies. His mobile research led to a series of class-action lawsuits against the companies and a privacy hearing on Capitol Hill. Kamkar has a chapter giving advice in Tim Ferriss' book Tools of Titans.

<span class="mw-page-title-main">Jacob Appelbaum</span> American computer security researcher and journalist (born 1 April 1983)

Jacob Appelbaum is an American independent journalist, computer security researcher, artist, and hacker.

<span class="mw-page-title-main">Tor (network)</span> Free and open-source anonymity network based on onion routing

Tor, short for The Onion Router, is free and open-source software for enabling anonymous communication. It directs Internet traffic via a free, worldwide volunteer overlay network that consists of more than seven thousand relays.

<span class="mw-page-title-main">Tails (operating system)</span> Linux distribution for anonymity and privacy

Tails, or "The Amnesic Incognito Live System", is a security-focused Debian-based Linux distribution aimed at preserving Internet privacy and anonymity. It connects to the Internet exclusively through the anonymity network Tor. The system is designed to be booted as a live DVD or live USB and never writes to the hard drive or SSD, leaving no digital footprint on the machine unless explicitly told to do so. It can also be run as a virtual machine, with some additional security risks.

Freedom of the Press Foundation (FPF) is a non-profit organization founded in 2012 to fund and support free speech and freedom of the press. The organization originally managed crowd-funding campaigns for independent journalistic organizations, but now pursues technical projects to support journalists' digital security and conducts legal advocacy for journalists.

<span class="mw-page-title-main">TrackingPoint</span> Weapon technology company

TrackingPoint is an applied technology company based in Austin, Texas. In 2011, it created a long-range rifle system that was the first precision guided firearm.

<span class="mw-page-title-main">Tor Mail</span> Defunct Tor email service

Tor Mail was a Tor hidden service that went offline in August 2013 after an FBI raid on Freedom Hosting. The service allowed users to send and receive email anonymously to email addresses inside and outside the Tor network.

<span class="mw-page-title-main">Tailored Access Operations</span> Unit of the U.S. National Security Agency

The Office of Tailored Access Operations (TAO), now Computer Network Operations, and structured as S32, is a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA). It has been active since at least 1998, possibly 1997, but was not named or structured as TAO until "the last days of 2000," according to General Michael Hayden.

<span class="mw-page-title-main">Bullrun (decryption program)</span> Code name of a decryption program run by the NSA

Bullrun is a clandestine, highly classified program to crack encryption of online communications and data, which is run by the United States National Security Agency (NSA). The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the Bullrun classification guide published by The Guardian, the program uses multiple methods including computer network exploitation, interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques.

<span class="mw-page-title-main">2010s global surveillance disclosures</span> Disclosures of NSA and related global espionage

During the 2010s, international media news reports revealed new operational details about the Anglophone cryptographic agencies' global surveillance of both foreign and domestic nationals. The reports mostly relate to top secret documents leaked by ex-NSA contractor Edward Snowden. The documents consist of intelligence files relating to the U.S. and other Five Eyes countries. In June 2013, the first of Snowden's documents were published, with further selected documents released to various news outlets through the year.

<span class="mw-page-title-main">Alec Muffett</span> Software engineer, security expert (born 1968)

Alec David Edward Muffett is an Anglo-American internet security expert and software engineer. His work includes Crack, the original password cracker for Unix, and for the CrackLib password-integrity testing library. He is active in the open-source software community.

<span class="mw-page-title-main">ANT catalog</span> Classified catalog of hacking tools by the NSA

The ANT catalog is a classified product catalog by the U.S. National Security Agency (NSA) of which the version written in 2008–2009 was published by German news magazine Der Spiegel in December 2013. Forty-nine catalog pages with pictures, diagrams and descriptions of espionage devices and spying software were published. The items are available to the Tailored Access Operations unit and are mostly targeted at products from US companies such as Apple, Cisco and Dell. The source is believed to be someone different than Edward Snowden, who is largely responsible for the global surveillance disclosures since 2013. Companies whose products could be compromised have denied any collaboration with the NSA in developing these capabilities. In 2014, a project was started to implement the capabilities from the ANT catalog as open-source hardware and software.

Deep Lab is a women's collective group composed of artists, researchers, writers, engineers, and cultural producers. These women are involved in critical assessments of contemporary digital culture and, together, work to exploit the potential for creative inquiry lying dormant in the deep web. Outside of Deep Lab, the members engage in activities that range from magazine editing, journalism, various forms of activism, and teaching. The collective's research spans a variety of topics including privacy, code, surveillance, art, social hacking, capitalism, race, anonymity, 21st century infrastructures, and practical skills for real-world applications. Deep Lab draws influence from Experiments in Art and Technology (E.A.T.), Cypherpunks, Guerrilla Girls, Free Art and Technology Lab (F.A.T.), Chaos Computer Club, and Radical Software.

References

  1. "https://twitter.com/runasand/status/1539639909845241856". X (formerly Twitter). Retrieved 2023-09-14.{{cite web}}: External link in |title= (help)
  2. Whittaker, Zack (2022-07-15). "Runa Sandvik's new startup Granitt secures at-risk people from hackers and nation states". TechCrunch. Retrieved 2023-09-14.
  3. Crowell, Maddy. "The Hacker". Columbia Journalism Review. Retrieved 2023-09-14.
  4. Hiltner, Stephen (2017-03-03). "How to Tell a Secret in the Digital Age". The New York Times. ISSN   0362-4331 . Retrieved 2023-09-14.
  5. 1 2 "Runa Sandvik". Corporate Learning Hub . Retrieved 2018-07-27. She is a former developer with The Tor Project, a technical advisor to the Freedom of the Press Foundation and a member of the review board for Black Hat Europe.
  6. 1 2 Glenn Slydal Johansen (2016-03-08). "Norske Runa Sandvik skal jobbe med sikkerhet i New York Times" [Norwegian Runa Sandvik is going to work for safety in the New York Times]. Journalisten (in Norwegian). Retrieved 2018-07-27.
  7. Runa Sandvik (2015-02-26). "How I requested my photographs from the Department of Homeland Security". Medium magazine . Retrieved 2018-07-27. In response to a Freedom of Information Act request I filed in November 2014, the Department of Homeland Security released a document containing information collected about me under this program over the last four years.
  8. Runa Sandvik (2017-10-27). "The New York Times is Now Available as a Tor Onion Service". The New York Times . Retrieved 2018-07-27.
  9. Joseph Cox (2017-03-27). "Hacker Runa Sandvik Went From Hijacking a Smart Rifle to Securing The NYT". Vice motherboard . Retrieved 2018-07-27. Sandvik has helped the Times launch a new series of tip-lines, where potential sources can leak documents or information securely. The Times now has a public-facing Signal and WhatsApp number, as well as a SecureDrop instance.
  10. Andy Greenberg (2017-07-29). "Hackers Can Disable a Sniper Rifle—Or Change Its Target". Wired magazine . Retrieved 2018-07-27. The married hacker couple have developed a set of techniques that could allow an attacker to compromise the rifle via its Wi-Fi connection and exploit vulnerabilities in its software.
  11. "This Former Hacker Now Helps The Times Stay Safe Online". The New York Times . 2018-07-24. Retrieved 2018-07-27. Outside The Times, she is well regarded in the information security community, Mr. McKinley said. She frequently attends conferences, speaks at events and hosts CryptoParties, or events that aim to educate people about digital security in an accessible way (two weeks ago, she co-hosted a Times-sponsored CryptoParty). Her friends see her as a tough stalwart of a male-dominated industry.
  12. "Går det virkelig an å hacke en rifle?" [There is war in cyberspace. Hacker Runa Sandvik fits The New York Times]. Aftenposten (in Norwegian). 2016-10-06. Retrieved 2018-07-28.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.