Alisa Shevchenko

Alisa Shevchenko
Alisa Esage Шевченко
Alisa Shevchenko; Alisa Esage Шевченко
Born	Russia
Other names	Alisa Esage, Alisa Esage Shevchenko
Occupation	Cybersecurity researcher
Organization	ZOR Security
Website	Homepage, Twitter

Alisa Shevchenko (Russian: Алиса Шевченко), also known as Alisa Esage Шевченко, is a Russian hacker, recognised for working with companies to find vulnerabilities in their systems. A self-described “offensive security researcher,” a 2014 profile in National Geographic says of Shevchenko: 'she was more drawn to hacking than programming.'[1][2] After dropping out of school she worked as a virus analytics expert for Kaspersky Labs for five years. In 2009, she founded the company Esage Labs, later known as ZOR Security (the Russian acronym stands for Цифровое оружие и защита, “Digital Weapons and Defense.”)

Shevchenko's company Цои Security was placed on a list of US sanctioned agents after being accused of "helping Vladimir Putin bid to swing the [2016] election for Trump". Regarding White House accusations, Shevchenko stated on the record that authorities either misinterpreted facts or were deceived.[3]

Achievements

Shevchenko was the winner of the PhDays IV, Critical Infrastructure Attack contest, successfully hacking a fake smart city and detecting several zero-day vulnerabilities in Indusoft Web Studio 7.1 by Schneider Electric.[4] Alisa was also awarded the Zero Day Initiative (ZDI), then owned by U.S. tech giant HP, for uncovering two vulnerabilities in Microsoft products in 2014. Her work has been featured in security industry publication virus BULLETIN.[5]

Motivation and personality

Regarding her driving motivations, Alisa Shevchenko has said: "It's kinda ironic that I am still aspiring to inspire women, an obvious anti-hero", and "I wonder what @google is doing as a government-"ltd" global player, while some big gov'ts are clashing in the absurdity show".[6]

Connections

Private security firm Wapack Labs, part of the corporate/cyber intelligence sharing community Red Sky Alliance, claim a former employee of Shevchenko company Цои Security was responsible for the BlackEnergy virus.[7] The BlackEnergy virus has been used against targets in Georgia and Ukraine, prior to Russian invasions of these nations. Poland and Belgium have also been targeted by the malware.[8] Attacks using the BlackEnergy virus and other malware thought to have been created by the same person or persons, or by connected persons, have been linked using the security services codename Sandworm.[9]

Connections have been made on Instagram between Shevchenko and software industry developer Peter David Carter[10]

Publications and exploits

Esage, Alisa (May 6, 2016). "The Art of Exploitation". Phrack Magazine. 69 (10).
"Microsoft Windows Media Center CVE-2014-4060 Remote Code Execution Vulnerability". SecurityFocus. August 14, 2014.
"(0Day) Microsoft Word Line Formatting Denial of Service Vulnerability". Zero Day Initiative. February 27, 2015.
"Rootkit evolution". Secure List.
"Case study: the Ibank trojan". Virus Bulletin.
"Microsoft Security Bulletin MS14-067 - Critical".
"Microsoft XML Core Services CVE-2014-4118 Remote Code Execution Vulnerability".

gollark: Why?

gollark: osmarkswebprograms™ always work well, reliably and fast.

gollark: I can do it for you.

gollark: V5 is Mini.

gollark: We don't even have a V6.

References

Fox-Brewster, Thomas (30 December 2016). "Meet The Russian Hacker Claiming She's A Scapegoat In The U.S. Election Spy Storm". Forbes.
Седаков, Павел (11 December 2014). "Контракт со взломом: как хакер построила бизнес за счет банков и корпораций". Forbes Russia (in Russian).
"Young Russian denies she aided election hackers: 'I never work with douchebags'". The Guardian. 6 January 2017. Retrieved 2017-01-06.
"Positive Hack Days: Smart City Hacked". Positive Hack Days. Retrieved 24 January 2017.
"Meet The Russian Hacker Claiming She's A Scapegoat In The U.S. Election Spy Storm". Forbes.com. Retrieved 24 January 2017.
"@alisaesage". Twitter. Retrieved 24 January 2017.
"From Russia With Malware: "Boris" and "Natasha"". Wapack Labs. Retrieved 3 March 2017.
"Russian BlackEnergy malware targeting European countries". Security Affairs. Retrieved 3 March 2017.
"U.S. firm blames Russian 'Sandworm' hackers for Ukraine outage". Reuters UK. Retrieved 3 March 2017.
https://www.instagram.com/alisaesage/

This article is issued from Wikipedia. The text is licensed under Creative Commons - Attribution - Sharealike. Additional terms may apply for the media files.

[1] Fox-Brewster, Thomas (30 December 2016). "Meet The Russian Hacker Claiming She's A Scapegoat In The U.S. Election Spy Storm". Forbes.

[2] Седаков, Павел (11 December 2014). "Контракт со взломом: как хакер построила бизнес за счет банков и корпораций". Forbes Russia (in Russian).

[3] "Young Russian denies she aided election hackers: 'I never work with douchebags'". The Guardian. 6 January 2017. Retrieved 2017-01-06.

[4] "Positive Hack Days: Smart City Hacked". Positive Hack Days. Retrieved 24 January 2017.

[5] "Meet The Russian Hacker Claiming She's A Scapegoat In The U.S. Election Spy Storm". Forbes.com. Retrieved 24 January 2017.

[6] "@alisaesage". Twitter. Retrieved 24 January 2017.

[7] "From Russia With Malware: "Boris" and "Natasha"". Wapack Labs. Retrieved 3 March 2017.

[8] "Russian BlackEnergy malware targeting European countries". Security Affairs. Retrieved 3 March 2017.

[9] "U.S. firm blames Russian 'Sandworm' hackers for Ukraine outage". Reuters UK. Retrieved 3 March 2017.

[10] ttps://www.instagram.com/alisaesage/