The Internet of Things, Hacked

Count me as one who thinks this will soon be a big deal, if not by being hacked by being tracked.  We have already all voluntarily signed on the “track me anywhere” line, just promise me a 5% discount…

A hacked Chrysler Jeep Cherokee speeding along the highway, its engine shut down as an 18-wheeler truck rushed towards it, is a high-profile example of what can go wrong with the coming Internet of Things — objects equipped with software and connected to digital networks. The selling point for these well-connected objects is added convenience and better safety. In reality, it is a fast-motion train wreck in privacy and security.

The early Internet was intended to connect people who already trusted one another, like academic researchers or military networks. It never had the robust security that today’s global network needs. As the Internet went from a few thousand users to more than three billion, attempts to strengthen security were stymied because of cost, shortsightedness and competing interests. Connecting everyday objects to this shaky, insecure base will create the Internet of Hacked Things. This is irresponsible and potentially catastrophic. [NY Times]

Hacked autos and refrigerators may be a bit down the road, but hackers helping insider trading is already here.

From their suburban homes in the United States, dozens of rogue stock traders would send overseas hackers a shopping list of corporate news releases they wanted to get a sneak peek at before they were made public. The hackers, working from Ukraine, would then deliver how-to videos by email with instructions for gaining access to the pilfered earnings releases.

In all, 32 traders and hackers reaped more than $100 million in illegal proceeds in a sophisticated and brazen scheme that is the biggest to marry the wizardry of computer hacking to old-fashioned insider trading, according to court filings made public on Tuesday. One of the men, Vitaly Korchevsky, a hedge fund manager and former Morgan Stanley employee living in a Philadelphia suburb, made $17 million in illegal profits, the indictment said. [NY Times]

AND, if you have been thinking that passwords would and should soon be replaced by finger print recognition — more secure, etc.  Hold on!

While fingerprint scanners have become a popular way to avoid using a password or PIN, especially on mobile devices … research highlights some of the potential pitfalls of the tech: As a biometric marker, fingerprints are impossible to change.

They’re also public. You leave fingerprints on, well, almost everything you touch. And researchers have even been able to spoof fingerprints based onpublic photos — all of which makes fingerprints  a pretty hard sell as the future of authentication to some experts. If someone else can make a copy of your prints, they stop being an effective security mechanism. [WaPo]

Massive Hack Attack on European Networks

“A massive attack that exploited a key vulnerability in the infrastructure of the internet is the “start of ugly things to come”, it has been warned.
Online security specialists Cloudflare said it recorded the “biggest” attack of its kind on Monday.

Hackers used weaknesses in the Network Time Protocol (NTP), a system used to synchronise computer clocks, to flood servers with huge amounts of data.”

Specious Pretenses of Justice….

As I listen to each new maneuvering by the Grand old Plutocratic party, a ringing phrase used to characterize Diocletian, the last Roman Emperor but one before Constantine, (38th and 40th) [by Gibbon, in “The Decline and Fall of the Roman Empire” ] occurs:

He possessed ” the great art of …coloring his own interests with the most specious pretenses of justice and public utility…”
The latest, from the land of speciousness, are arguments from the U.S. Chamber of Commerce and Republicans in the House that big companies should not be told, in the name of national security, to institute certain security measures to help stop the onslaught of cyber-hacking: this would be ‘regulation’ and regulation is bad.  Tax breaks would be much more helpful….
Daniel Gaynor at the SF Chron catches us up:
Congress is debating two cybersecurity bills in the Senate. …

 Today, gas pipelines, nuclear power plants and water systems are all connected to computer systems. If those systems are hacked, there can be devastating consequences.

The Senate bills represent a real opportunity to reach a bipartisan solution on cybersecurity. The first bill is supported by conservatives in Congress and the U.S. Chamber of Commerce, and the second is backed by a bipartisan group of senators. Yet, even with the threat of cyber-attack being well established, partisan bickering may derail real progress from happening.

One of the clearest points of contention is whether to create minimal security standards for critical infrastructure – like gas pipes, nuclear power plants and subway systems. The chamber would prefer not to have required cybersecurity protection for all infrastructure providers, 85 percent of which are private companies. To the chamber and conservatives, protection requires regulation, and regulation is always a bad thing. In their view, requiring infrastructure providers to step up their cybersecurity defense is an added cost, not a long-term investment in public safety.

The bipartisan bill takes a more realistic approach. It would establish a base level of cybersecurity for infrastructure providers, fortifying the systems we rely on – our electricity grid, for example – from cyber-attacks. The bill recognizes a key fact: Hackers are targeting businesses and infrastructure providers. Indeed, the cost of global cyber-attacks, at $114 billion annually, is more than the annual global market for marijuana, cocaine and heroin combined.

The chamber should know the dangers of being unprepared: In 2010, Chinese hackers broke into its internal networks, stealing private information on its 3 million member businesses.

Read more:

And if you don’t believe someone in the “liberal” San Francisco Chronicle, how about Bloomberg News? Read more of this post