June 13, 2016
Modern life comes with an ever widening set of connections, growing in complexity and diversity every day. With each new type of connection comes the potential for hacking. Every new Internet of things (IoT) device comes with the potential for loss of privacy. With each new type of counter-surveillance comes the potential for abuse from the government and criminals as well. Most of the technology we have invented sprang from an idea of how to make things easier, more user-friendly, and more useful to the average person. This approach often neglects the necessary safeguards needed to protect unsophisticated users from very intelligent and sophisticated criminals bent on taking advantage of the loopholes present in technology that has been rushed to market. In this episode of Working the Web to Win, we will cover the current state of U.S. Internet privacy and security, so that every consumer will be prepared for the onslaught of loss of privacy that is coming. So read on and learn how to protect yourself in the current era of Internet insecurity.
How Did We Get Here?
Our love affair with technology goes all the way back to the Stone Age. Technology for the most part is designed to make life easier. In fact, it expands our capabilities. Some would argue that our ability to create and use technology is what separates us from the animal kingdom. But there is such a thing as too much of a good thing! Especially if that “good thing” is not well thought out. Technology evolves faster than does our wisdom to employ it safely. That occurs for the most part due to the fact that our mental evolution is not linear.
Society is not consistent when it comes to understanding, using and even being responsible for the proper implementation of technology. (The Manhattan Project is an example of the yin and yang inherent whenever mankind makes a technological leap.) Using technology requires training, lots of learning and practice. To make matters worse, new tech products are often released with minimal testing. In fact, the release of today’s Internet-enabled products is often tested in the real world. This laissez-faire attitude with products connected to the internet (i.e. The Internet of Things) has left us very vulnerable to all kinds of malicious hacker attacks. At the same time, it has made it possible for a massive invasion of our privacy.
Big Brother Built-In
Many new products are designed to eavesdrop and track most of what we do in our everyday lives. Some would say that the scenario can’t get any more Orwellian, but it can and will. Many of these new IoT products have artificial intelligence built into them as well. This new technology is being implemented with minimal privacy safeguards. Since all of these IoT devices are connected via the Internet, the possibility of losing control of the infrastructure of our lives depend upon is extremely high.
What do I mean by losing control of the infrastructure of our lives?
Today, traffic lights, water systems, electricity, banking, gas lines, security monitoring, cellphone communications, air traffic control, our nation’s defense, food distribution scheduling, you name it, all most everything is now managed via some kind of Internet connection. Now many of these services are becoming more automated. That means these new AIIoT devices are very susceptible to hacking. Criminals, enemy governments, and terrorist groups no longer have to possess weapons of mass destruction to do this country real harm. All they have to do is master the hacking of IoT. Today anything from Barbie Dolls to your Jeep Grand Cherokee can be hacked.
Courtesy of hackersnewsbulletin.com
An article in WIRED called How the Internet of Things Got Hacked says: “Security researchers Charlie Miller and Chris Valasek forever altered the automobile industry’s notion of “vehicle safety” in July when they demonstrated for WIRED that they could remotely hack a 2014 Jeep Cherokee to disable its transmission and brakes. Their work led Fiat Chrysler to issue an unprecedented recall for 1.4 million vehicles, mailing out USB drives with a patch for the vulnerable infotainment systems and blocking the attack on the Sprint network that connected its cars and trucks.”
The hacking of smart TVs is another example. In an article from alphr.com in their Technology section written by Nicole Kobie states: “One of the first devices to go “smart” was the TV – so it’s unsurprisingly one of the first to be hacked.
Columbia University researchers Yossef Oren and Angelos Keromytis revealed a vulnerability in the main spec for the Digital Video Broadcasting consortium, Hybrid Broadcast-Broadband Television (HbbTV), which is used by the vast majority of smart TV makers.
Dubbed the “red-button attack”, this man-in-the-middle hack could be used to intercept data – including sound and pictures – and use the stream to takeover apps being shown on the TV, letting hackers post to your Facebook, for example. “
My final example is one from MIT Technology Review written by Tom Simonite that discusses how the Chinese were caught trying to infiltrate U.S municipal water control systems. The article states: “The group, known as APT1, was caught by a research project that provides the most significant proof yet that people are actively trying to exploit the vulnerabilities in industrial control systems. Many of these systems are connected to the Internet to allow remote access (see “Hacking Industrial Systems Turns Out to Be Easy”).
Courtesy of securityaffairs.co
APT1, also known as Comment Crew, was lured by a dummy control system set up by Kyle Wilhoit, a researcher with security companyTrend Micro, who gave a talk on his findings at the Black Hat conferencein Las Vegas.
The attack began in December 2012, says Wilhoit, when a Word document hiding malicious software was used to gain full access to his U.S.-based decoy system, or “honeypot.” The malware used, and other characteristics, were unique to APT1, which security company Mandiant has claimed operates as part of China’s army (see “Exposé of Chinese Data Thieves Reveals Sloppy Tactics”).”
An Internet search will reveal hundreds of examples of how IoT devices are being hacked. I know that security experts are working on plugging the security holes, but a lot of that work is happening after the fact, not in pre-release testing. No one is testing cheap Chinese electronic devices being sold everywhere (Including on the internet). Heck, I would be willing to bet that some smart hacker is going to start selling his own vulnerable IoT devices to the unsuspecting public so that they can have their own crew of zombie devices in the field, ready to do their bidding – without having to actually hack them. They will just use the built-in back door already there.
Courtesy of ilkleyitservices.co.uk
What can we do as individuals?
Take responsibility for your own privacy and Internet security by thoroughly completing your due diligence on any IoT product you plan on purchasing or using. Make sure you have proper safeguards in place to protect your personal information and assets. We have written blogs about how to protect yourself from hackers in the past. Check out the recent article we wrote called “The Crypto Crunch – Ransomware Run Amuck” – to find 13 things you can do to protect your digital devices.
What can we do as a Business to protect itself? A lot!
Read our article called “Are You Prepared for the Onslaught of Cyber-Attacks?” It provides more than two dozen ways a business can implement procedures, security products and techniques to protect themselves.
You can purchase dedicated security devices to increase network protection for the office. You can also employ intruder traps and a variety of hardware, software detection devices to help stem the tide of cyber-attacks by hackers. Using a commercial grade secure smartphone can also be a wise move as well. US government officials use specially hardened smartphones to protect their communications. Anyone can purchase a Blackphone or encryption software from Silence Circles (and others) to exponentially increase their privacy and security.
Courtesy of arkwebshost.com
Use a VPN to Mask your IP Address
Virtual Private Networks are not new. However, using them as a gateway to get on the Internet will hide your IP address is. Hiding your IP address makes your IP address anonymous and thus eliminates many forms of censorship and tracking. An Article on Guiding Tech by Yadon provides a great explanation on what it is and how it works. By using a VPN, you can mask your IP address which ensures a greater level of privacy and security.
Plugins and browser settings can increase privacy and security. You can always turn off cookies in your browser and many browsers have an incognito mode (although not totally private) as well. I use SearchLock in my Chrome Browser and it provides a higher level of privacy than just using the incognito setting. If you go to the browser store and search for privacy plug-ins you will find several you can try. Along these same lines you can get popup/Adware blockers you can add to your browsers as well. We have mentioned many ways to protect your systems privacy and security in other articles. In my article the “Piracy of Privacy – The looting of Privacy in America”, I provide 12 ways you can improve your privacy without breaking the bank. In my article entitled “Is Google Watching you”, I further provide another half dozen ways to protect your privacy on the Internet.
To these 18 ways to protect yourself, I would also add:
Courtesy of dailymail.co.uk
• Minimize the use of Artificially Intelligent devices. These devices keep your private information on tap to function.
• Use a throw away email address whenever possible (one you get from Gmail, yahoo etc.).
• Use one-time use credit cards to limit your financial exposure.
• Only use https addresses when browsing on the internet. These addresses are more likely to be legit, which is why Google gives them a higher ranking factor.
• Use PayPal to add an additional layer of protection to your purchases.
• When traveling (especially overseas) use a prepaid smart phone without installing any of your private info on it.
• If you want the best security, buy a secure smart phone like the Blackphone from Silent Circle.
Society is now dependent on the Internet for many daily activities. These include: banking transactions, product and service purchases, travel reservations, TV access, most of our communications, you name it, we rely on the internet for too many things to be without it now. Americans would go through tremendous withdrawal pains to say the least. With this in mind, we need to step up to the plate and take responsibility to protect ourselves and to urge the business community and our government to take decisive action to make the Internet safer. This responsibility starts with educating ourselves and taking action using what we have learned.
Hector Cisneros is the president and COO for W Squared Media Group LLC. A digital Marketing Agency in the N.E. Florida Area. He is also the co-host of the BlogTalkRadio Show Working The Web To Win. W Squared Media also does Business as Working The Web To Win online and in Florida.