Hackers spread their wings into your home

As everyday items become connected to the web, more avenues open up for devices to fall victim to cyber attacks

A web-connected baby monitor shouting obscenities at a two-year old child in Texas probably isn't the best advertisement for the "internet of things". However, as everyday items become more connected, it opens more avenues for devices to be hacked.

While the culprit behind the Texan baby monitor hack was collared last August, Threatscape MD Dermot Williams warns that now "your fridge or your TV" can be connected online, domestic hacking incidents may become commonplace.

So far, he says, such incidents remain obscure, but unfortunately in almost every other corner of the internet the hacking industry is thriving.

“The problem is that there’s a massive digital underground where people sell expertise, sell you a piece of code that exploits a vulnerability, or even sell you their time – providing hacking as a service.”


Such cyber criminal activities, coupled with revelations regarding the US National Security Agency's surveillance of online traffic, means that in terms of "privacy paranoia", as Rafael Laguna, co-founder and CEO with open source software company Open-Xchange puts it, "2013 has changed everything".

Laguna says he now has friends and colleagues who are giving up email, avoiding online retail and almost any online activity. It’s an “overreaction” he says, but with the internet more unsafe for data than ever before he admits that he himself has “encrypted hard drives and sensitive files”.

But what kind of activity has them all so worried? Last year seemed to bring together years of accusations of governments spying on other nation states. Take the allegation from the former head of the CIA, Michael Hayden, that it "goes without saying" that Chinese telecoms giant Huawei spies for Beijing.

Furthermore, security company FireEye claimed that before last September’s G-20 Summit in St Petersburg, the PCs of five visiting foreign ministries were hacked by the Chinese government, hiding malware in a file sent to staff email addresses with the tantalising title of “US_military_options_in_Syria”.

Speaking of which, supporters of Syrian president Bashar al-Assad, dubbed the Syrian Electronic Army (SEA), continually caused online chaos, claiming responsibility for attacks on the website of popular communications app, Viber, and getting under the skin of US satirical site, The Onion, eventually gaining control of its Twitter account.

Elsewhere, editorials on Anonymous may have decreased, but the group’s disruptive activities continued.

Take the case earlier this month of Eric J Rosol, of Black Creek, Wisconsin, who was ordered to stump up more than €30,000 in compensation after taking part in a distributed denial of service (DDoS) attack organised by the group. The target was the website of multinational corporation, Koch Industries, which was taken offline for 15 minutes.

While there were some major pluses for law enforcement agencies – such as tracking down Roman Vega, a 49 year-old Ukrainian who co-founded the "largest and most sophisticated credit card fraud site" in the cyber criminal underworld, CarderPlanet, and sentencing him to 18 years in prison – there were some less than glorious moments to report too.

Chain of events
Take the 42 year-old NYPD detective, Edwin Vargas, who was caught spending the guts of €3,000 to hire an email hacking service. The motive? To check in on whether any one of 19 suspected colleagues had had begun to date his ex-girlfriend.

Back in the UK, the prison system came under scrutiny as well, due to an unfair dismissal case taken by IT lecturer, Michael Fox, in March. The case slowly uncovered a staggeringly inept chain of events that allowed convicted founder of the GhostMarket cyber criminal forum, Nicholas Webber, to hack into his own prison's network having somehow been allowed to join Fox's IT class aimed at helping prisoners once they left jail.

Elsewhere, the competence of police authorities to handle cyber crime was derided by Juniper Networks' director of security Henrik Davidsson, who said the security industry should instead group together to help solve cyber criminal activities.

“The problem is too big for the authorities to handle,” said Davidsson in June, adding “we’ve simply reached a stage where the IT security industry needs to be able to protect itself.”

Laguna told The Irish Times that lawmakers don't have the expertise to effectively tackle cyber crime either.

“Politicians are just totally incompetent in this field. You had [Angela] Merkel saying the internet is “new territory” for people like her, politicians. Can you believe this?

“It’s 20 years since we have the web. My guess is it’ll take 20 more years before politics and legislation is really effective in this field.”

One cyber criminal the Canadian authorities did manage to track down, though, was a particularly special case. Well, special in the sense that he had to get the day off school to be sentenced.

A 14-year-old Quebec boy was called before the courts in October to answer allegations he'd caused more than €40,000 worth of damage to local health and police websites, as well as that of the Chilean government as part of the Anonymous-backed "Operation Quebec". He was sentenced to 18 months' probation and 30 hours community service.

Whatever about wearable technology and the “internet of things”, 2014 promises to feature even more of a focus on privacy debates and security breaches.