There is an old saying: the only sure things in life are death and taxes. While this pearl of wisdom has stood the test of time, in the not too distant future there could be an addition to that list: Cyberattack. That’s because cyberattacks on businesses and individuals are up nearly 50 percent in the past year alone. Where cybercriminals used to almost exclusively target big businesses with deep pockets, now that ransomware has become so prolific, small businesses and even individuals are finding their online assets and machines being hijacked. And why not, since most individuals and small businesses offer little in the way of resistance.
Enter the Cyber Sharks
It is impossible to forget the opening music to the movie Jaws. In it’s day, the novel and subsequent blockbuster motion picture was enough to keep people on the beaches and out of the surf. But as paranoid as many moms became about letting their kids frolic in the waves back in 1975, forty years later we should all be hearing the strains of da-da-dum-dum every time we surf the web. That’s because while Jaws was a work of fiction, the arrival of schools of Cyber Sharks is all too real.
There is no 100 percent reliable cyber shark repellent that can keep someone from putting the byte on your computer, tablet and/or Smartphone. Even worse is the fact that while individuals are woefully unprepared to be hacked, what’s even worse is the fact that many of the devices connected to the Internet of Everything have absolutely no protection whatsoever.
From appliances to medical devices to automobiles, everything is rapidly becoming Web-enabled. While this provides the public with even more interactivity, it also provides hackers with more ways to get to consumers and business owners. Just as most people make the mistake of thinking their smartphone is a phone instead of a computer that you can talk on, nearly everyone doesn’t realize that the average automobile being built today have 100 lines of code onboard. Many are now Wi-Fi enabled as well. You don’t have a car with q computer onboard. You have a computer that drives. Soon, these computer cars will do most of if not all of the driving. So if a hacker can take control of your car, what does that mean for the passengers and driver? (On a recent 60-Minutes telecast, hackers gained access to the car in which Leslie Stahl was driving, turning on the lights and windshield wipers. So this is not a hypothetical possibility.)
Who’s Watching Who?
Smart houses and appliances are beginning to become the norm. They’re also becoming easy pickings for hackers. If a hacker can crack your home’s security system, this makes breaking and entering child’s play. Don’t even get me started on what a hacker can do to your web-enabled Nanny Cam. The same smart TV that you just installed in your living room can be hacked with ease, since most contain little or no security.
A Feb. 24 ‘blog post by CNN’ (http://www.cnn.com/2015/02/11/opinion/schneier-samsung-tv-listening/index.html) said: Earlier this week, we learned that Samsung televisions are eavesdropping on their owners. If you have one of their Internet-connected smart TVs, you can turn on a voice command feature that saves you the trouble of finding the remote, pushing buttons and scrolling through menus. But making that feature work requires the television to listen to everything you say. And what you say isn’t just processed by the television; it may be forwarded over the Internet for remote processing. It’s literally Orwellian.
Last year, more than 10,000 Smart appliances were hacked, according to leading U.S. security firm Proofpoint. Once inside your smart TV or refrigerator, hackers can then gain access to other Web-enabled devices. Believe it or not, your refrigerator can spam your Smartphone, laptop or tablet once infected. Even if your device does come with some semblance of security, unless the protection is updated on a regular basis, it’s only a matter of time before a hacker will prevail.
How Do I Hack Thee? Let Me Count the Ways.
Nothing is unhackable these days. Everything from wearables to medical devices are becoming vulnerable to hacking. ‘Symantec reported on March 12’ (http://www.eweek.com/security/symantec-study-finds-home-smart-devices-wide-open-to-cyber-attack.html) that: “All of the devices failed to check whether they were communicating with an authorized server, leaving them open to man-in-the-middle attacks. One out of five devices did not encrypt communications and many did not lock out attackers after a certain number of password attempts, further weakening their security. All of the potential weaknesses that could afflict Internet of things systems, such as authentication and traffic encryption, are already well known to the security industry, but despite this, known mitigation techniques are often neglected on these devices”
Although Symantec’s report was referencing Smart appliances, in October of 2014, the U.S. government told the FDA to start taking medical device security seriously while citing the same problems that smart appliances were facing. The next time you go to the hospital for a dialysis treatment or to get your pacemaker checked out, you might like to ask your physician about the inherent hacking vulnerabilities of these systems. The number of ways that hackers can get into your devices is staggering. Below are some of the most popular tools of the hacker’s trade:
1. Sniffers — These are programs or device that monitors all data passing through a computer network. It sniffs the data and determines where the data is going, where it’s coming from, and what it is. In addition to these basic functions, sniffers might have extra features that enable them to filter certain types of data, capture passwords, and more.
2. The Hex Dump (aka Voodoo) — During the manufacturing stage, an electronic device is programmed with firmware. Hacking firmware is simply a matter of buying a programmer that can receive the memory dump and transmit it to a computer where the code can be altered. Then transmit the modified code back to the device.
3. Attacking Defaults – Nearly every piece of hardware on the market comes with a set of standard defaults, including username and password that provide access to the system. Since most people do not change these default settings, this is the easiest way to exploit a system.
4. SQL Injection – An SQL Injection attack is conducted by entering unexpected entries into a database and then probing the returned error messages to reveal information that can be used to hack the system. For instance, by entering metacharacters like #$%^ into a field that processes only alphanumeric information, the database could be tricked into revealing the contents of the database, or in some other way compromise an SQL server.
5. DDoS Attacks — Directed Denial of Service Attacks occur when hackers flood a targeted website with so much bogus traffic that it brings the victim’s server to a halt. This is usually followed by a demand for payment in order to restore service.
6. Data Extortion — Many computer users aren’t aware their data can be hijacked and held for ransom. This can take a number of different forms, including threatening to release sensitive information stolen from a machine, to locking a legitimate user out of their own website or machine by changing the password. Just as with DDos attacks, all too many extorted users don’t realize they’ve been hacked until a ransom note appears demanding payment. Even worse than DDos attacks, non-payment in this case can result in your website or data being erased. (Lately, online extortion has also extended to threats of having one’s reputation smeared online unless payment is rendered.)
7. Ratting — Remote Administration Tools are an often-used, sinister means of hacking everything from laptops to tablets and Smartphones. Once successfully deployed, a ratted machine is literally under the control of the hacker. Ratted machines can not only be rifled for information, but their webcams and built-in microphones can be surreptitiously turned on, allowing the rat to become the equivalent of a cyber peeping Tom. (There have been a number of high profile celebrities who have been ratted, resulting in compromising photos and videos making the rounds online.
Although all of the above-mentioned tactics require a bit of technical knowhow, there are many other hacking programs and devices that can be bought online. There are also online forums, hacking blogs and clubs that teach hackers the tools of the trade. There are also annual hacker conventions and hackathons such as the one held yearly in Las Vegas. If you don’t believe me, simply google, Hacking devices available online.”
The real danger is that the Cyber Sharks have the upper hand since detection, much less prosecution is hit and miss at best. Meanwhile hacking continues to proliferate nearly unchecked. ‘CNN recently reported’(http://money.cnn.com/2014/05/28/technology/security/hack-data-breach/index.html) that in 2014 hackers exposed the personal information of 110 million Americans, roughly half of the nation’s adults. So the next time you turn on your Smart TV or start your web-enabled car, don’t be surprised if the sound you hear emanating from your surround speakers is something like, “Da-da, dum-dum.”