Hackers spread their wings into your home

As everyday items become connected to the web, more avenues open up for devices to fall victim to cyber attacks

President Barack Obama at the G20 Summit in St Petersburg last September. A security company claimed that the PCs of five visiting foreign ministries were hacked. Photograph: Jewel Samad/AFP/Getty Images

President Barack Obama at the G20 Summit in St Petersburg last September. A security company claimed that the PCs of five visiting foreign ministries were hacked. Photograph: Jewel Samad/AFP/Getty Images

 

A web-connected baby monitor shouting obscenities at a two-year old child in Texas probably isn’t the best advertisement for the “internet of things”. However, as everyday items become more connected, it opens more avenues for devices to be hacked.

While the culprit behind the Texan baby monitor hack was collared last August, Threatscape MD Dermot Williams warns that now “your fridge or your TV” can be connected online, domestic hacking incidents may become commonplace.

So far, he says, such incidents remain obscure, but unfortunately in almost every other corner of the internet the hacking industry is thriving.

“The problem is that there’s a massive digital underground where people sell expertise, sell you a piece of code that exploits a vulnerability, or even sell you their time – providing hacking as a service.”

Such cyber criminal activities, coupled with revelations regarding the US National Security Agency’s surveillance of online traffic, means that in terms of “privacy paranoia”, as Rafael Laguna, co-founder and CEO with open source software company Open-Xchange puts it, “2013 has changed everything”.

Laguna says he now has friends and colleagues who are giving up email, avoiding online retail and almost any online activity. It’s an “overreaction” he says, but with the internet more unsafe for data than ever before he admits that he himself has “encrypted hard drives and sensitive files”.

But what kind of activity has them all so worried? Last year seemed to bring together years of accusations of governments spying on other nation states. Take the allegation from the former head of the CIA, Michael Hayden, that it “goes without saying” that Chinese telecoms giant Huawei spies for Beijing.

Furthermore, security company FireEye claimed that before last September’s G-20 Summit in St Petersburg, the PCs of five visiting foreign ministries were hacked by the Chinese government, hiding malware in a file sent to staff email addresses with the tantalising title of “US_military_options_in_Syria”.

Speaking of which, supporters of Syrian president Bashar al-Assad, dubbed the Syrian Electronic Army (SEA), continually caused online chaos, claiming responsibility for attacks on the website of popular communications app, Viber, and getting under the skin of US satirical site, The Onion, eventually gaining control of its Twitter account.

Elsewhere, editorials on Anonymous may have decreased, but the group’s disruptive activities continued.

Take the case earlier this month of Eric J Rosol, of Black Creek, Wisconsin, who was ordered to stump up more than €30,000 in compensation after taking part in a distributed denial of service (DDoS) attack organised by the group. The target was the website of multinational corporation, Koch Industries, which was taken offline for 15 minutes.

While there were some major pluses for law enforcement agencies – such as tracking down Roman Vega, a 49 year-old Ukrainian who co-founded the “largest and most sophisticated credit card fraud site” in the cyber criminal underworld, CarderPlanet, and sentencing him to 18 years in prison – there were some less than glorious moments to report too.


Chain of events
Take the 42 year-old NYPD detective, Edwin Vargas, who was caught spending the guts of €3,000 to hire an email hacking service. The motive? To check in on whether any one of 19 suspected colleagues had had begun to date his ex-girlfriend.

Back in the UK, the prison system came under scrutiny as well, due to an unfair dismissal case taken by IT lecturer, Michael Fox, in March. The case slowly uncovered a staggeringly inept chain of events that allowed convicted founder of the GhostMarket cyber criminal forum, Nicholas Webber, to hack into his own prison’s network having somehow been allowed to join Fox’s IT class aimed at helping prisoners once they left jail.

Elsewhere, the competence of police authorities to handle cyber crime was derided by Juniper Networks’ director of security Henrik Davidsson, who said the security industry should instead group together to help solve cyber criminal activities.

“The problem is too big for the authorities to handle,” said Davidsson in June, adding “we’ve simply reached a stage where the IT security industry needs to be able to protect itself.”

Laguna told The Irish Times that lawmakers don’t have the expertise to effectively tackle cyber crime either.

“Politicians are just totally incompetent in this field. You had [Angela] Merkel saying the internet is “new territory” for people like her, politicians. Can you believe this?

“It’s 20 years since we have the web. My guess is it’ll take 20 more years before politics and legislation is really effective in this field.”

One cyber criminal the Canadian authorities did manage to track down, though, was a particularly special case. Well, special in the sense that he had to get the day off school to be sentenced.

A 14-year-old Quebec boy was called before the courts in October to answer allegations he’d caused more than €40,000 worth of damage to local health and police websites, as well as that of the Chilean government as part of the Anonymous-backed “Operation Quebec”. He was sentenced to 18 months’ probation and 30 hours community service.

Whatever about wearable technology and the “internet of things”, 2014 promises to feature even more of a focus on privacy debates and security breaches.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
GO BACK
Error Image
The account details entered are not currently associated with an Irish Times subscription. Please subscribe to sign in to comment.
Comment Sign In

Forgot password?
The Irish Times Logo
Thank you
You should receive instructions for resetting your password. When you have reset your password, you can Sign In.
The Irish Times Logo
Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.
Screen Name Selection

Hello

Please choose a screen name. This name will appear beside any comments you post. Your screen name should follow the standards set out in our community standards.

The Irish Times Logo
Commenting on The Irish Times has changed. To comment you must now be an Irish Times subscriber.
SUBSCRIBE
Forgot Password
Please enter your email address so we can send you a link to reset your password.

Sign In

Your Comments
We reserve the right to remove any content at any time from this Community, including without limitation if it violates the Community Standards. We ask that you report content that you in good faith believe violates the above rules by clicking the Flag link next to the offending comment or by filling out this form. New comments are only accepted for 3 days from the date of publication.