Post Syndicated from Jacob Roundy original https://blog.rapid7.com/2022/01/04/5-security-projects-that-are-giving-back/

Editor’s note: We had planned to publish our Hacky Holidays blog series throughout December 2021 – but then Log4Shell happened, and we dropped everything to focus on this major vulnerability that impacted the entire cybersecurity community worldwide. Now that it’s 2022, we’re feeling in need of some holiday cheer, and we hope you’re still in the spirit of the season, too. Throughout January, we’ll be publishing Hacky Holidays content (with a few tweaks, of course) to give the new year a festive start. So, grab an eggnog latte, line up the carols on Spotify, and let’s pick up where we left off.

While it’s always nice to receive gifts, the holiday season is more about giving – whether you’re buying something nice for the people you love or giving back to the community to help ensure others enjoy the holidays as much as you do.

Giving back is exactly what we’ll be focusing on in today’s Hacky Holidays post, as it’s a theme that truly resonates with those in the security industry. From white-hat hackers to those volunteering their time to make the internet a safer, more inclusive space, we’ve highlighted a few security-related projects that exemplify the spirit of giving back.

1. The Innocent Lives Foundation

The Innocent Lives Foundation aims to identify child predators and help bring them to justice. They do this by leveraging the combined power of the information security community to create tools that unmask anonymous child predators online. Then, using the data from Open Source Intelligence and cutting-edge techniques, they build a path to capturing evidence and then pass on those details to law enforcement for them to recreate.

The Innocent Lives Foundation was first started by Chris Hadnagy, who joined us on an episode of our Security Nation podcast back in 2020. He worked on a few cases at Social-Engineer, LLC, that tracked and captured predators who trafficked and exploited children. When he saw the impact these crimes had on innocent people, he knew he had to do something about it. As a leader in the information security community, he chose to rally a group of security experts and professionals in the social engineering field to address these problems and prevent crimes against future victims.

The foundation is serving endangered children and building a world in which all children can live innocent lives. It’s difficult, emotionally taxing work, but it’s making the world a better place, and it’s the perfect example of giving back.

If you’d like to donate to the cause — it can cost up to $10,000 to produce one file to send to law enforcement, so donations are needed and welcomed — you can do so here. Aside from donating, there are numerous other ways to get involved, including reporting a case, sharing support online, or even volunteering your security skills when applications are opened.

2. No More Ransom

Today, ransomware is rampant. This fact won’t surprise anyone working in the security industry, but many normal users around the world don’t know what ransomware is, how to defend against it, and what to do if they fall victim to a scam. That’s where No More Ransom comes into play.

No More Ransom is an initiative by the National High Tech Crime Unit of the Netherlands’ police, Europol’s European Cybercrime Centre, Kaspersky, and McAfee with a simple mission: to help victims of ransomware retrieve their encrypted data without paying criminals a single dime in the process.

The initiative aims to achieve this mission in two ways:

1. By compiling a repository of keys and applications that can decrypt data locked by different types of ransomware
2. By spreading awareness about ransomware and educating the world about prevention methods they can employ in their daily lives

While it’s not always possible to regain access to files encrypted by or systems locked by ransomware, No More Ransom has helped many do exactly that with its repository. And by sharing simple, easy-to-follow cybersecurity advice, the initiative is creating a better informed world of users who understand how to prevent falling victim to ransomware in the first place.

In the 5 years of since its creation, the No More Ransom initiative has:

• Built a library of 121 free tools
• Been able to decrypt 151 ransomware families
• Seen more than 6 million downloads of its tools
• Prevented $900 million in criminal profit

If you’d like to do your part, the No More Ransom project is always looking for new partners to spread their messaging, so if your organization wants to be more security-minded and give back to the security community in general, consider joining the list of many partners. If you ever fall victim to ransomware, you can also report the crime, which will help identify new types of ransomware and aid future prevention.

3. CIAS Gaming

Established by the University of Texas at San Antonio, the Center for Infrastructure Assurance and Security (CIAS) conducts research into effective ways to engage students with cybersecurity principles through educational gaming — and as part of their work, they’re making cybersecurity relatable, fun, and engaging for kids.

The CIAS Gaming program targets 4 demographics: elementary school, middle school, high school, and colleges and universities. Their mission is to deliver quality research, training, competition, and exercise programs to advance community and organizational cybersecurity capabilities and collaboration.

Currently, the CIAS K-12 Program consists of a few educational tools. These include:

• A collectible card game and electronic download called Cyber Threat Defender
• A multiplayer card game for students in third through fifth grade called Cyber Threat Protector
• A card game for K-2 players with simple design and reinforced concepts called Cyber Threat Guardian
• An electronic game that teaches techniques for encoding and decoding ciphers to hide or discover information called Project Cipher
• A testing tool and platform that gives educators a way to create quizzes and introduce students to cybersecurity principles called the Pyramid of Knowledge
• Interactive activities, like activity sheets and games, introduced to kids by the CyBear cybersecurity mascots

CIAS Gaming is shaping the future of cybersecurity by training the next generation in cybersecurity best practices. You can access and download these tools and games via the links above, or reach out directly to CIAS to learn more about taking part in their competitions or trainings.

4. The Alliance for Securing Democracy

The Alliance for Securing Democracy (ASD) is a nonpartisan initiative housed within the German Marshall Fund of the United States that aims to combat autocratic efforts to undermine and interfere in democratic institutions around the world. The ASD contributes research and analysis on how a range of tools, from cyberattacks and disinformation to support for extremism, are being used to weaken democracies. It also provides public dashboards to expose the effects of online influence networks and the themes being promoted by foreign powers to threaten democratic institutions.

The ASD is independently funded by more than 175 private individuals and small family foundations across the political spectrum. Its team brings together a diverse staff with expertise across industries, including technology and cybersecurity, to provide research, policy recommendations, and even analysis of key issues and threats. It also has a technical advisory committee that features experts on disinformation, cybersecurity, illicit finance, and more.

The ASD has conducted a significant amount of work in the area of cybersecurity. It also has compiled a toolbox to spread awareness on various techniques being used by malign actors. Such tools include:

• The Authoritarian Interference Tracker, which exposes Russia and China’s foreign interference activities
• The Information Operations Archive, which houses data points from known Information Operations
• The Hamilton 2.0 Dashboard, which reveals autocracies’ state-backed messaging

In a more globalized and digitalized world, the work ASD is doing to protect the strength of free and open societies by shining a light on autocratic tactics, closing vulnerabilities in democratic systems, and imposing costs on those who undermine our institutions is more important than ever. You can reach them at [email protected] or donate to the cause.

5. Code for Social Good

Code for Social Good is a nonprofit organization that partners with other nonprofit companies to provide the technical help they need to achieve their missions for no cost. It’s all about volunteering to promote social good: Code for Social Good has built and fostered a volunteer community that promotes welfare by supporting nonprofits in need. And that global network consists of professionals from across the tech industry, including technical writers, coders, programmers, and more.

Whether you code for fun, experience, social good, or to make a better world, volunteering at Code for Social Good is a great way to give back. Anyone can sign up as a volunteer, and then, you can browse their list of projects. If you find one applicable to your skills, you can apply and wait for contact from the nonprofit. Nonprofits that need help can also post projects on the site and find volunteers to assist them.

As of this writing, Code for Social Good has 138 projects posted across 122 organizations based in 87 countries. The current volunteer community consists of 2,595 volunteers, and they’re always looking for more help. If you have some extra time, why not take a look and see if you can give back by volunteering your technical skills to a nonprofit in need.

Giving back is an important theme of the holidays and one that’s integral to the cybersecurity community. By giving back to the industry, we can encourage a healthy, flourishing practice that spreads awareness, leading to a better, safer, and brighter tomorrow.

If you’re looking for ways to give back, hopefully these examples inspire you to action. If you’d like to stay in the holiday spirit, check out the rest of our Hacky Holidays specials.