Runa Sandvik

Last updated
Runa Sandvik
Kawaiicon 2019 Runa Sandvik (2) (cropped).jpg
Runa Sandvik at Kawaiicon in Wellington, New Zealand in 2019
Born1987 (age 3536)
Oslo, Norway
Occupation(s)Computer security expert, founder
Spouse Michael Auger

Runa Sandvik is a Norwegian-American [1] computer security expert and founder of Granitt. [2] She is noted for her extensive work in protecting at-risk civil society groups, including human rights defenders, lawyers, and journalists. [3] Sandvik was previously the Senior Director of Information Security at The New York Times, helping launch the company’s confidential tips page in December 2016. [4]

Contents

Career

33 US Department of Homeland Security photos, acquired through FOIA 33 DHS photos of Runa Sandvik.jpeg
33 US Department of Homeland Security photos, acquired through FOIA

Sandvik was an early developer of the Tor anonymity network, a cooperative facility that helps individuals obfuscate the Internet Protocol information they are using to access the Internet. [5] Sandvik is a technical advisor to the Freedom of the Press Foundation and serves on the review board of Black Hat Europe. [5] Sandvik interviewed Edward Snowden in May 2014. [6] In February 2015 Sandvik documented her efforts to retrieve information about herself through Freedom of Information Act requests. [7] Sandvik led efforts to make The New York Times a Tor Onion service, allowing Times employees and readers to access the newspaper's site in ways that impede intrusive government monitoring. [8]

Hacking of smart rifles

Sandvik and Auger demonstrated that the aiming computer of theTrackingPoint XS1 precision guided firearm was vulnerable to third party hacking. Precision Guided Firearm.jpg
Sandvik and Auger demonstrated that the aiming computer of theTrackingPoint XS1 precision guided firearm was vulnerable to third party hacking.

Sandvik, and her husband, Michael Auger, demonstrated how smart rifles with remote access can be remotely hacked. [9] The $13,000 TrackingPoint sniper rifle is equipped with an embedded linux computer. [10] According to Wired magazine , when used according to its specifications, the aiming computer can enable a novice to hit remote targets that would otherwise require a skilled marksman. However the manufacturers designed the aiming computer with WiFi capabilities, so the shooter could upload video of their shots. Sandvik and Auger found they could initiate a Unix shell command line interpreter, and use it to alter parameters the aiming computer relies on, so that it will always miss its targets. They found that a knowledgeable hacker could use the shell to acquire root access. Acquiring root access allowed an interloper to erase all the aiming computer's software—"bricking" the aiming computer.

Personal life

She acquired her first computer when she was fifteen years old. [11] She studied computer science at the Norwegian University of Science and Technology. [6] In 2014 Sandvik married Michael Auger, and the pair made their home in Washington, D.C. [12]

Related Research Articles

A cypherpunk is any individual advocating widespread use of strong cryptography and privacy-enhancing technologies as a route to social and political change. Originally communicating through the Cypherpunks electronic mailing list, informal groups aimed to achieve privacy and security through proactive use of cryptography. Cypherpunks have been engaged in an active movement since at least the late 1980s.

<span class="mw-page-title-main">Matt Blaze</span> American researcher

Matt Blaze is an American researcher who focuses on the areas of secure systems, cryptography, and trust management. He is currently the McDevitt Chair of Computer Science and Law at Georgetown University, and is on the board of directors of the Tor Project.

<span class="mw-page-title-main">Security hacker</span> Computer security term; someone who hacks computer systems

A security hacker is someone who explores methods for breaching defenses and exploiting weaknesses in a computer system or network. Hackers may be motivated by a multitude of reasons, such as profit, protest, information gathering, challenge, recreation, or evaluation of a system weaknesses to assist in formulating defenses against potential hackers.

<span class="mw-page-title-main">.onion</span> Pseudo–top-level internet domain

.onion is a special-use top level domain name designating an anonymous onion service, which was formerly known as a "hidden service", reachable via the Tor network. Such addresses are not actual DNS names, and the .onion TLD is not in the Internet DNS root, but with the appropriate proxy software installed, Internet programs such as web browsers can access sites with .onion addresses by sending the request through the Tor network.

<span class="mw-page-title-main">Jacob Appelbaum</span> American computer security researcher and journalist (born 1 April 1983)

Jacob Appelbaum is an American independent journalist, computer security researcher, artist, and hacker.

<span class="mw-page-title-main">Tor (network)</span> Free and open-source anonymity network based on onion routing

Tor, short for The Onion Router, is free and open-source software for enabling anonymous communication. It directs Internet traffic via a free, worldwide, volunteer overlay network that consists of more than seven thousand relays.

<span class="mw-page-title-main">Tails (operating system)</span> Linux distribution for anonymity and privacy

Tails, or "The Amnesic Incognito Live System," is a security-focused Debian-based Linux distribution aimed at preserving privacy and anonymity. It connects to the Internet exclusively through the anonymity network Tor. The system is designed to be booted as a live DVD or live USB and never writes to the hard drive or SSD, leaving no digital footprint on the machine unless explicitly told to do so. It can also be run as a virtual machine, with some additional security risks. The Tor Project provided financial support for its development in the beginnings of the project, and continues to do so alongside numerous corporate and anonymous sponsors.

Freedom of the Press Foundation (FPF) is a non-profit organization founded in 2012 to fund and support free speech and freedom of the press. The organization originally managed crowd-funding campaigns for independent journalistic organizations, but now pursues technical projects to support journalists' digital security and conducts legal advocacy for journalists.

<span class="mw-page-title-main">TrackingPoint</span> Weapon technology company

TrackingPoint is an applied technology company based in Austin, Texas. In 2011, it created a long-range rifle system that was the first precision guided firearm.

<span class="mw-page-title-main">Guardian Project (software)</span>

The Guardian Project is a global collective of software developers, designers, advocates, activists, and trainers who develop open-source mobile security software and operating system enhancements. They also create customized mobile devices to help individuals communicate more freely and protect themselves from intrusion and monitoring. The effort specifically focuses on users who live or work in high-risk situations and who often face constant surveillance and intrusion attempts into their mobile devices and communication streams.

<span class="mw-page-title-main">Tailored Access Operations</span> Unit of the U.S. National Security Agency

The Office of Tailored Access Operations (TAO), now Computer Network Operations, and structured as S32, is a cyber-warfare intelligence-gathering unit of the National Security Agency (NSA). It has been active since at least 1998, possibly 1997, but was not named or structured as TAO until "the last days of 2000," according to General Michael Hayden.

<span class="mw-page-title-main">Freedom Hosting</span> Defunct Tor specialist web hosting service

Freedom Hosting is a defunct Tor specialist web hosting service that was established in 2008. At its height in August 2013, it was the largest Tor web host.

<span class="mw-page-title-main">Bullrun (decryption program)</span> Code name of a decryption program run by the NSA

Bullrun is a clandestine, highly classified program to crack encryption of online communications and data, which is run by the United States National Security Agency (NSA). The British Government Communications Headquarters (GCHQ) has a similar program codenamed Edgehill. According to the Bullrun classification guide published by The Guardian, the program uses multiple methods including computer network exploitation, interdiction, industry relationships, collaboration with other intelligence community entities, and advanced mathematical techniques.

<span class="mw-page-title-main">2010s global surveillance disclosures</span> Disclosures of NSA and related global espionage

Ongoing news reports in the international media have revealed operational details about the Anglophone cryptographic agencies' global surveillance of both foreign and domestic nationals. The reports mostly emanate from a cache of top secret documents leaked by ex-NSA contractor Edward Snowden, which he obtained whilst working for Booz Allen Hamilton, one of the largest contractors for defense and intelligence in the United States. In addition to a trove of U.S. federal documents, Snowden's cache reportedly contains thousands of Australian, British, Canadian and New Zealand intelligence files that he had accessed via the exclusive "Five Eyes" network. In June 2013, the first of Snowden's documents were published simultaneously by The Washington Post and The Guardian, attracting considerable public attention. The disclosure continued throughout 2013, and a small portion of the estimated full cache of documents was later published by other media outlets worldwide, most notably The New York Times, the Canadian Broadcasting Corporation, the Australian Broadcasting Corporation, Der Spiegel (Germany), O Globo (Brazil), Le Monde (France), L'espresso (Italy), NRC Handelsblad, Dagbladet (Norway), El País (Spain), and Sveriges Television (Sweden).

<span class="mw-page-title-main">Alec Muffett</span> Software engineer, security expert

Alec David Edward Muffett is an Anglo-American internet security expert and software engineer. His work includes Crack, the original password cracker for Unix, and for the CrackLib password-integrity testing library. He is active in the open-source software community.

<span class="mw-page-title-main">ANT catalog</span> Classified catalog of hacking tools by the NSA

The ANT catalog is a classified product catalog by the U.S. National Security Agency (NSA) of which the version written in 2008–2009 was published by German news magazine Der Spiegel in December 2013. Forty-nine catalog pages with pictures, diagrams and descriptions of espionage devices and spying software were published. The items are available to the Tailored Access Operations unit and are mostly targeted at products from US companies such as Apple, Cisco and Dell. The source is believed to be someone different than Edward Snowden, who is largely responsible for the global surveillance disclosures since 2013. Companies whose products could be compromised have denied any collaboration with the NSA in developing these capabilities. In 2014, a project was started to implement the capabilities from the ANT catalog as open-source hardware and software.

The Calyx Institute is a New York-based 501(c)(3) research and education nonprofit organization formed to make privacy and digital security more accessible. It was founded in 2010 by Nicholas Merrill, Micah Anderson, and Kobi Snitz.

Deep Lab is a women's collective group composed of artists, researchers, writers, engineers, and cultural producers. These women are involved in critical assessments of contemporary digital culture and, together, work to exploit the potential for creative inquiry lying dormant in the deep web. Outside of Deep Lab, the members engage in activities that range from magazine editing, journalism, various forms of activism, and teaching. The collective's research spans a variety of topics including privacy, code, surveillance, art, social hacking, capitalism, race, anonymity, 21st century infrastructures, and practical skills for real-world applications. Deep Lab draws influence from Experiments in Art and Technology (E.A.T.), Cypherpunks, Guerrilla Girls, Free Art and Technology Lab (F.A.T.), Chaos Computer Club, and Radical Software.

References

  1. "https://twitter.com/runasand/status/1539639909845241856". X (formerly Twitter). Retrieved 2023-09-14.{{cite web}}: External link in |title= (help)
  2. Whittaker, Zack (2022-07-15). "Runa Sandvik's new startup Granitt secures at-risk people from hackers and nation states". TechCrunch. Retrieved 2023-09-14.
  3. Crowell, Maddy. "The Hacker". Columbia Journalism Review. Retrieved 2023-09-14.
  4. Hiltner, Stephen (2017-03-03). "How to Tell a Secret in the Digital Age". The New York Times. ISSN   0362-4331 . Retrieved 2023-09-14.
  5. 1 2 "Runa Sandvik". Corporate Learning Hub . Retrieved 2018-07-27. She is a former developer with The Tor Project, a technical advisor to the Freedom of the Press Foundation and a member of the review board for Black Hat Europe.
  6. 1 2 Glenn Slydal Johansen (2016-03-08). "Norske Runa Sandvik skal jobbe med sikkerhet i New York Times" [Norwegian Runa Sandvik is going to work for safety in the New York Times]. Journalisten (in Norwegian). Retrieved 2018-07-27.
  7. Runa Sandvik (2015-02-26). "How I requested my photographs from the Department of Homeland Security". Medium magazine . Retrieved 2018-07-27. In response to a Freedom of Information Act request I filed in November 2014, the Department of Homeland Security released a document containing information collected about me under this program over the last four years.
  8. Runa Sandvik (2017-10-27). "The New York Times is Now Available as a Tor Onion Service". The New York Times . Retrieved 2018-07-27.
  9. Joseph Cox (2017-03-27). "Hacker Runa Sandvik Went From Hijacking a Smart Rifle to Securing The NYT". Vice motherboard . Retrieved 2018-07-27. Sandvik has helped the Times launch a new series of tip-lines, where potential sources can leak documents or information securely. The Times now has a public-facing Signal and WhatsApp number, as well as a SecureDrop instance.
  10. Andy Greenberg (2017-07-29). "Hackers Can Disable a Sniper Rifle—Or Change Its Target". Wired magazine . Retrieved 2018-07-27. The married hacker couple have developed a set of techniques that could allow an attacker to compromise the rifle via its Wi-Fi connection and exploit vulnerabilities in its software.
  11. "This Former Hacker Now Helps The Times Stay Safe Online". The New York Times . 2018-07-24. Retrieved 2018-07-27. Outside The Times, she is well regarded in the information security community, Mr. McKinley said. She frequently attends conferences, speaks at events and hosts CryptoParties, or events that aim to educate people about digital security in an accessible way (two weeks ago, she co-hosted a Times-sponsored CryptoParty). Her friends see her as a tough stalwart of a male-dominated industry.
  12. "Går det virkelig an å hacke en rifle?" [There is war in cyberspace. Hacker Runa Sandvik fits The New York Times]. Aftenposten (in Norwegian). 2016-10-06. Retrieved 2018-07-28.
This page is based on this Wikipedia article
Text is available under the CC BY-SA 4.0 license; additional terms may apply.
Images, videos and audio are available under their respective licenses.