Happy Halloween from All of Us at GoCertify

Happy Halloween! Celebrate with our cybersecurity-themed quiz.

Boo! Something wicked this way comes, kiddies. Here in the United States, where GoCertify has its global headquarters, we're celebrating Halloween this week. That is some people's absolute favorite holiday on the calendar, and makes other people want to punch the whole world in the face.

Whichever camp you fall into, we have a fun holiday treat from our friends at Certification Magazine. In honor of the final day of October and all of the trick-or-treaty goodness that comes with it, the CertMag team has created a topical quiz and graciously allowed us to repost it here.

(Topical, of course, because October, in addition to containing everyone's favorite jack-o-lantern-themed autumnal celebration, is also Cybersecurity Awareness Month. Do your part. #BeCyberSmart)

See how you do! The answers appear below the questions.

1) What do Barack Obama, Kanye West, Elon Musk, Bill Gates, and Kim Kardashian have in common?

2) Which powerful U.S. lobbying group, based in Virginia was targeted by Russian hackers, who took aim and fired just before Halloween in 2021?

3) Which Microsoft Windows exploit was featured in a second-season episode of Mr. Robot?

4) Which U.S. government agency inadvertently sent out thousands of spam e-mails in 2021 warning of a pending cyberattack by an "extortion gang" linked to a prominent security researcher?

5) What ransomware announces itself with an ASCII art image of characters from Star Trek?

6) What 2019 hacking incident is believed to have involved two of the richest individuals in the world?

7) What do actor Hugh Jackman, Wisconsin lawman Sheriff David Clarke, presidential son-in-law Jared Kushner, and disgraced movie producer Harvey Weinstein have common?

8) What plush toy brought about the downfall of its manufacturer through weak passwords and insecure databases?

9) How long would it take a computer to crack the password "MyPasswordIsPassword"?

10) What early 1990s film production was nearly shut down by U.S. government officials because of its depiction of hacking technology?


ANSWERS

1) What do Barack Obama, Kanye West, Elon Musk, Bill Gates, and Kim Kardashian have in common?  2) Which powerful U.S. lobbying group, based in Virginia was targeted by Russian hackers, who took aim and fired just before Halloween in 2021?  3) Which Microsoft Windows exploit was featured in a second-season episode of Mr. Robot?  4) Which U.S. government agency inadvertently sent out thousands of spam e-mails in 2021 warning of a pending cyberattack by an "extortion gang" linked to a prominent security researcher?  5) What ransomware announces itself with an ASCII art image of characters from Star Trek?  6) What 2019 hacking incident is believed to have involved two of the richest individuals in the world?  7) What do actor Hugh Jackman, Wisconsin lawman Sheriff David Clarke, presidential son-in-law Jared Kushner, and disgraced movie producer Harvey Weinstein have common?  8) What plush toy brought about the downfall of its manufacturer through weak passwords and insecure databases?  9) How long would it take a computer to crack the password "MyPasswordIsPassword"?  10) What early 1990s film production was nearly shut down by U.S. government officials because of its depiction of hacking technology?    ANSWERS  1) They all have tens of millions of Twitter followers — which is part of the reason each was targeted by hackers who briefly seized control of their individual Twitter accounts on July 15, 2020, as part of scheme to bilk bitcoins. An estimated 130 accounts of high-profile individuals and organizations were compromised in the attack.  2) The National Rifle Association. Thirteen internal NRA documents were posted online by the Russian hacking group Grief on Oct. 27, 2021, as part of ransomware attack. NRA officials did not disclose the extent of the attack or its ultimate resolution.  3) Mimikatz. On the show, Angela Moss (played by actress Portia Doubleday), uses mimikatz to steal her manager's password. The mimikatz exploit was developed by French programmer Benjamin Delpy, who shared it on GitHub in 2012.  4) The Federal Bureau of Investigation. The e-mails, signed by the Department of Homeland Security, were sent out from the FBI's external e-mail system on Nov. 13, 2021. The text of the fake e-mails alleged that security researcher and ethical hacker Vinny Troia, founder of Night Lion Security, had prepared a "sophisticated chain attack" in concert with hacker group The Dark Overlord.  5) Kirk. Victims are greeted by an image of Captain James T. Kirk and Lieutenant Commander Spock. Kirk, also known as Kirk Ransomware, is a Trojan horse program disguised as an open-source network stress testing tool known as Low Orbit Ion Cannon (LOIC). Affected files are renamed with the extension "kirked" and the program demands payment in cryptocurrency Monero.  6) The purported (but not entirely proven) hack of Jeff Bezos' Apple iPhone. It's widely believed that Amazon founder Bezos' phone was hacked at some point in 2018 using an encrypted video file that was delivered via Bezos' friendly exchanges with Mohammed bin Salman, crown prince of Saudi Arabia, on WhatsApp. The alleged phone hack is believed to have contributed to the distribution of private phone messages that revealed Bezos' affair with TV news anchor Lauren Sánchez.  7) All four are among the many individuals successfully impersonated by spoof e-mailer James Linton over a five-month period in 2016 and 2017. Linton, a web developer, shared some of his pranks on Twitter using the handle Sinon_Reborn (a reference to the mythological Greek soldier who got a certain wooden horse inside the walls of Troy). Linton's method was to create plausible-sounding e-mail addresses and use them to contact celebrities and other high-profile individuals.  8) CloudPets. Toy company Spiral Toys went out of business after a wave of data breaches connected to its briefly popular line of stuffed animal toys that used Bluetooth technology to let parents and children send each other audio messages.  9) According to the password strength tool at Security.org, 16 quadrillion years. It would only take 15 billion years if there were no capital letters.  10) Sneakers. The 1992 film about a team of penetration testers was ordered to halt production by representatives of the Office of Naval Intelligence (ONI) for depicting a handheld codebreaking device. Writer-director Phil Alden Robinson consulted with lawyers for Universal Pictures before realizing that the visit had been a prank.

1) They all have tens of millions of Twitter followers — which is part of the reason each was targeted by hackers who briefly seized control of their individual Twitter accounts on July 15, 2020, as part of scheme to bilk bitcoins. An estimated 130 accounts of high-profile individuals and organizations were compromised in the attack.

2) The National Rifle Association. Thirteen internal NRA documents were posted online by the Russian hacking group Grief on Oct. 27, 2021, as part of ransomware attack. NRA officials did not disclose the extent of the attack or its ultimate resolution.

3) Mimikatz. On the show, Angela Moss (played by actress Portia Doubleday), uses mimikatz to steal her manager's password. The mimikatz exploit was developed by French programmer Benjamin Delpy, who shared it on GitHub in 2012.

4) The Federal Bureau of Investigation. The e-mails, signed by the Department of Homeland Security, were sent out from the FBI's external e-mail system on Nov. 13, 2021. The text of the fake e-mails alleged that security researcher and ethical hacker Vinny Troia, founder of Night Lion Security, had prepared a "sophisticated chain attack" in concert with hacker group The Dark Overlord.

5) Kirk. Victims are greeted by an image of Captain James T. Kirk and Lieutenant Commander Spock. Kirk, also known as Kirk Ransomware, is a Trojan horse program disguised as an open-source network stress testing tool known as Low Orbit Ion Cannon (LOIC). Affected files are renamed with the extension "kirked" and the program demands payment in cryptocurrency Monero.

6) The purported (but not entirely proven) hack of Jeff Bezos' Apple iPhone. It's widely believed that Amazon founder Bezos' phone was hacked at some point in 2018 using an encrypted video file that was delivered via Bezos' friendly exchanges with Mohammed bin Salman, crown prince of Saudi Arabia, on WhatsApp. The alleged phone hack is believed to have contributed to the distribution of private phone messages that revealed Bezos' affair with TV news anchor Lauren Sánchez.

7) All four are among the many individuals successfully impersonated by spoof e-mailer James Linton over a five-month period in 2016 and 2017. Linton, a web developer, shared some of his pranks on Twitter using the handle Sinon_Reborn (a reference to the mythological Greek soldier who got a certain wooden horse inside the walls of Troy). Linton's method was to create plausible-sounding e-mail addresses and use them to contact celebrities and other high-profile individuals.

8) CloudPets. Toy company Spiral Toys went out of business after a wave of data breaches connected to its briefly popular line of stuffed animal toys that used Bluetooth technology to let parents and children send each other audio messages.

9) According to the password strength tool at Security.org, 16 quadrillion years. It would only take 15 billion years if there were no capital letters.

10) Sneakers. The 1992 film about a team of penetration testers was ordered to halt production by representatives of the Office of Naval Intelligence (ONI) for depicting a handheld codebreaking device. Writer-director Phil Alden Robinson consulted with lawyers for Universal Pictures before realizing that the visit had been a prank.

MORE HISTORIC HACKS
Would you like more insight into the history of hacking? Check out Calvin's other articles about historical hackery:
About the Author

GoCertify's mission is to help both students and working professionals get IT certifications. GoCertify was founded in 1998 by Anne Martinez.