Alisa Shevchenko

Alisa Shevchenko
Алиса Шевченко
Born Russia
Other names Alisa Esage, Alisa Esage Shevchenko
Occupation Cybersecurity researcher
Organization Цои Security

Alisa Shevchenko (Russian: Алиса Шевченко), also known as Alisa Esage Шевченко, is a Russian hacker, recognised for working with companies to find vulnerabilities in their systems. A self-described “offensive security researcher,” according to a 2014 profile in Russia Shevchenko was more drawn to the hacking than programming.[1][2] After dropping out of school she worked as a virus analytics expert for Kaspersky Labs for five years. In 2009, she founded the company Esage Labs, later known as Цои Security (the Russian acronym stands for Цифровое оружие и защита, “Digital Weapons and Defense.”)

Shevchenko's company Цои Security was placed on a list of US sanctioned agents after being accused of ‘helping Vladimir Putin bid to swing the [2016] election for Trump’, though no further evidence of this has been disclosed.[3] Regarding White House and/or false-flag supposed White House accusations that Shevchenko had been involved in hacking the US election at least one representative of one mainstream media outlet believed that Shevchenko was on record as believing that authorities either misinterpreted facts or were deceived.[4]

Achievements

Shevchenko was the winner of the PhDays IV, Critical Infrastructure Attack contest, successfully hacking a fake smart city and detecting several zero-day vulnerabilities in Indusoft Web Studio 7.1 by Schneider Electric.[5] Alisa was also awarded the Zero Day Initiative (ZDI), then owned by U.S. tech giant HP, for uncovering two vulnerabilities in Microsoft products in 2014. Her work has been featured in security industry publication virus BULLETIN.[6]

Motivation and personality

Regarding her driving motivations, Alisa Shevchenko has said: "It's kinda ironic that I am still aspiring to inspire women, an obvious anti-hero." She has also made statements said to imply a clever and subversive wit such as: "I wonder what @google is doing as a government-"ltd" global player, while some big gov'ts are clashing in the absurdity show.".[7] Various references have been made to her in the private and confidential Slack chat owned by Rolling Moss Games Ltd. but there is no absolute proof of the allegations made there.[8]

Connections

Private security firm Wapack Labs, part of the corporate/cyber intelligence sharing community Red Sky Alliance, claim a former employee of Shevchenko company Цои Security was responsible for the BlackEnergy virus.[9] The BlackEnergy virus has been used against targets in Georgia and Ukraine, prior to Russian invasions of these nations. Poland and Belgium have also been targeted by the malware.[10] Attacks using the BlackEnergy virus and other malware thought to have been created by the same person or persons, or by connected persons, have been linked using the security services codename Sandworm.[11]

Publications and exploits

  • The Art of Exploitation in Phrack Inc.[12]
  • Microsoft Windows Media Center CVE-2014-4060 Remote Code Execution Vulnerability in SecurityFocus[13]
  • (0Day) Microsoft Word Line Formatting Denial of Service Vulnerability in Zero Day Initiative[14]
  • RootkIt Evolution in SecureList[15]
  • Case Study: the Ibank Trojan in virus BULLETIN[16]
  • MS14-067 MSXML Remote Code Execution Vulnerability CVE-2014-4118 in Microsoft Security TechCenter[17]
  • Microsoft XML Core Services CVE-2014-4118 Remote Code Execution Vulnerability in SecurityFocus[18]

References

  1. Fox-Brewster, Thomas (30 December 2016). "Meet The Russian Hacker Claiming She's A Scapegoat In The U.S. Election Spy Storm". Forbes.
  2. Седаков, Павел (11 December 2014). "Контракт со взломом: как хакер построила бизнес за счет банков и корпораций". Forbes Russia (in Russian).
  3. Baker, Neal (7 January 2017). "IS THIS PUTIN'S HACKER". The Sun. Retrieved 2017-01-07.
  4. "Young Russian denies she aided election hackers: 'I never work with douchebags'". The Guardian. 6 January 2017. Retrieved 2017-01-06.
  5. "Positive Hack Days: Smart City Hacked". Positive Hack Days. Retrieved 24 January 2017.
  6. "Meet The Russian Hacker Claiming She's A Scapegoat In The U.S. Election Spy Storm". Forbes.com. Retrieved 24 January 2017.
  7. "@alisaesage". Twitter. Retrieved 24 January 2017.
  8. "Operation Silk Scarf". Slack. Retrieved 11 May 2017.
  9. "From Russia With Malware: "Boris" and "Natasha"". Wapack Labs. Retrieved 3 March 2017.
  10. "Russian BlackEnergy malware targeting European countries". Security Affairs. Retrieved 3 March 2017.
  11. "U.S. firm blames Russian 'Sandworm' hackers for Ukraine outage". Reuters UK. Retrieved 3 March 2017.
  12. "The Art of Exploitation". Phrack Inc. Retrieved 26 January 2017.
  13. "Microsoft Windows Media Center CVE-2014-4060 Remote Code Execution Vulnerability". SecurityFocus. Retrieved 26 January 2017.
  14. "(0Day) Microsoft Word Line Formatting Denial of Service Vulnerability". Zero Day Initiative. Retrieved 26 January 2017.
  15. "RootkIt Evolution". Secure List. Retrieved 26 January 2017.
  16. "Case Study: the Ibank Trojan". virus BULLETIN. Retrieved 26 January 2017.
  17. [MS14-067 MSXML Remote Code Execution Vulnerability CVE-2014-4118 "MS14-067 MSXML Remote Code Execution Vulnerability CVE-2014-4118"] Check |url= value (help). Microsoft Security TechCenter. Retrieved 26 January 2017.
  18. "Microsoft XML Core Services CVE-2014-4118 Remote Code Execution Vulnerability". SecurityFocus. Retrieved 26 January 2017.
This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.