Cyberwars: Watching the US and China in Real-Time

norse-hacking-map-640x353Since the dawn of the internet age, there has been no shortage of stories about hackers, malware-peddling malcontents, online scams and identity theft. Add to that the growing consensus that wars in the future will be fought online through “cyberwarfare divisions”, and you can understand why such positive statements once made about the internet – like how it would bring the world together and create “a global village” – would seem incredibly naive now.

However, despite the prevalence of hacking and cyberwarfare-related fear, very few people have actually experienced what it is like. After all, the effects of hacking are mostly invisible to the untrained eye, with the exception of very-high-profile database breaches. Now, though, a security company has produced a fascinating geographic map that shows global hacking attempts in real-time. And of course, the ongoing battle between US and Chinese forces accounts for much of it.

norse-china-usa-hacking-smallerThe real-time map, maintained by the Norse security company, shows who’s hacking who and what attack vectors are being used. The data is sourced from a network of “honeypot” servers – essentially a juicy-looking target that turns out to be a trap -maintained by Norse, rather than real-world data from the Pentagon, Google, or other high-profile hacking targets. The Norse website has some info about its “honeynet,” but it’s understandably quite sparse on actual technical details.

If you watch the map for a little while, it’s clear that most attacks originate in either China or the US, and that the US is by far the largest target for hack attacks. You can also see that the type of hack used, indicated by the target port, is rather varied. Microsoft-DS (the port used for Windows file sharing) is still one of the top targets , but DNS, SSH, and HTTP are all very popular too. CrazzyNet and Black Ice – two common Windows backdoor programs often used by script kiddies and criminals – is also sure to pop up.

Unit-61398-Chinese-Army-Hacking-Jobs-With-Great-BenefitsOn occasion, the map is likely to show a big burst of coordinated attacks coming from China and directed towards the US. And while it is difficult to blame these attacks directly on the Chinese government (as they are adept at routing their attacks through other servers) government and independent researchers are confident the majority of these attacks are being directed by the People’s Liberation Army’s Unit 61398 – aka. the PLA’s cyberwarfare division.

A lot of hacks originate in the US, too, but their targets are much more varied. And in cases where Chinese facilities (or other nations that are nominally identified as hostile to the US) you can bet that the US Cyber Command at Fort Meade is behind the lot of them. But the map is still limited in that it uses Norse’s own honeypot operations to identify these attacks, and it therefore cannot be said with absolute certainty that real attacks happen in the same fashion.

nsa_aerialBut a general picture of the size and shape of global hacking and cyberwarfare can be divined by looking at the stats. Back in 2012, the US DOD reported that it was the target of 10 million cyber attacks per day. Likewise, the National Nuclear Security Administration says it saw 10 million attacks per day in 2012. In 2013, BP’s CEO said it sees 50,000 cyber attacks per day, and the UK reported around 120,000 attacks per day back in 2011.

While the extent and purpose of these attacks certainly varies, it is pretty clear that hacking and cyberwarfare is a global problem and something that governments, corporations, and institutions need to pay attention to. Last year, the Obama administration’s announced that it would not sit idly by in the face of stepped up attacks from China. However, the subsequent testimony and document leaks by Snowden showed that the US has been conducting its own attacks the entire time (and even beforehand).

And such is the nature of war, regardless of the context or the weapons used. States rattle their swords claiming they will not tolerate aggression, but there is always a fine line between maintaining one’s defenses and escalating a situation to the point that mutual destruction becomes inevitable. Perhaps the people who are currently fighting this alleged cyberwar should look to the past – specifically to the First World War and the Cold War – to see just how effective “arms races” are!

Source: extremetech.com, map.ipviking.com

A Kinder, Gentler Internet: California’s “Erase Button”

cyber bullyingIn the early nineties, the internet was greeted with immense optimism and anticipation. Scarcely a week went by without some major personality – Al Gore and Bill Gates come to mind – championing its development, saying it would bring the world together and lead to “the information age”. After just a few years, these predictions were being mocked by just about everyone on the planet who had access.

Rehtaeh_ParsonsYes, despite all that has been made possible by the internet, the heady optimism that was present in those early days seem horribly naive by today’s standards. In addition to making virtually any database accessible to anyone, the world wide web has also enabled child pornographers, hate speech, conspiracy theorists and misinformation like never before.

What’s more, a person’s online presence opens them to new means of identity theft, cyberbullying, and all kinds of trolling and harassment. Who can forget the cases of Amanda Todd or Rethaeh (Heather) Parsons? Two young women who committed suicide due to relentless and disgusting bullying that was able to take place because there simply was no way to stop it all.

amanda_toddsuicide.jpeg.size.xxlarge.letterboxAnd with the ever expanding online presence of children and youths on the internet, and little to no controls to monitor their behavior, there are many campaigns out there that hope to reign in the offenders and protect the users. But there are those who have gone a step further, seeking to put in place comprehensive safeguards so that trollish behavior and hurtful comments can be stopped before it becomes a permanent part of the digital stream.

One such person is California Governor Jerry Brown, who recently signed a bill into law that requires all websites to provide an online “erase button” for anyone under 18 years of age. The stated purpose of the law is to help protect teens from bullying, embarrassment and harm to job and college applications from online posts they later regret. The law, which is designated SB568, was officially passed on Sept. 23rd and will go into effect Jan 1st, 2015.

kid-laptop-156577609_610x406Common Sense Media, a San Francisco based non-profit organization that advocates child safety and family issues, was a major supporter of the bill. In a recent interview, CEO James Steyer explained the logic behind it and how it will benefit youths:

Kids and teens frequently self-reveal before they self-reflect. In today’s digital age, mistakes can stay with and haunt kids for their entire life. This bill is a big step forward for privacy rights, especially since California has more tech companies than any other state.

The law is not without merit, as a 2012 Kaplan survey conducted on college admissions counselors shows. In that study, nearly a quarter of the counselors interviewed said they checked applicants’ social profiles as part of the admission process. Of those counselors, 35% said what they found – i.e. vulgarities, alcohol consumption, “illegal activities” – negatively affected their applicants’ admissions chances.

smartphoneteensBut of course, the bill has its share of opponents as well. Of those who voted against it, concerns that the law will burden websites with developing policies for different states appeared to be paramount. Naturally, those who support the bill hope it will spread, thus creating a uniform law that will remove the need to monitor the internet on a state-by-state basis.

At present, major social media sites such as Facebook, Twitter, Instagram and Vine already allow users of any age to delete their posts, photos and comments. California’s “eraser button” law requires that all websites with users in the state follow this policy from now on. And given the presence of Silicon Valley and the fact that California has one of the highest per capita usages of the internet in the country, other states are sure to follow.

facebook-privacyThe new law also prohibits youth-oriented websites or those that know they have users who are minors from advertising products that are illegal to underage kids, such as guns, alcohol and tobacco. Little wonder then why it was also supported by organizations like Children NOW, Crime Victims United, the Child Abuse Prevention Center and the California Partnership to End Domestic Violence.

In addition to being a legal precedent, this new law represents a culmination of special interests and concerns that have been growing in size and intensity since the internet was first unveiled. And given the recent rise in parental concerns over cyberbullying and teen suicides connected to online harassment, its hardly surprising that something of this nature was passed.

Sources: news.cnet.com, cbc.ca, huffingtonpost.com

The Future is Here: Passthoughts Replace Passwords

tcdsYou’ve heard of the Muse Headband, or perhaps the Neurosky Mindwave; devices that measure your brainwaves? Well as it happens, researchers at UC Berkley are using the technology to pioneer and new and revolutionary concept: passthoughts! Whereas accessing your computer, tablet or smartphone now is a matter of typing passwords on a (sometimes terribly small) keyboard, in the future it could be as easy as putting on a band and thinking.

Basically, the concept calls for the use of a mind-reading headband as a biometric identifier. Much like a person’s DNA or the blood vessels in their retina are specific to that individual, brainwaves also seem to be unique and can be used to identify them. An especially useful fact, if you want to log into a computer or otherwise prove your identity. Unlike passwords, credit card info or social security numbers, brainwaves cannot be stolen or faked… yet!


neurosky
To do this, the Berkeley researchers used a $100 commercial EEG (electroencephalogram), in this case the Neurosky. This device resembles a Bluetooth headset, with the slight difference of it having a single electrode that rests on your forehead and measures your brainwaves. These are then transmitted via a Bluetooth to a nearby computer. Much like a clinical EEG, the system has an error rate of less than 1%, but requires a single electrode instead of between 32 and 256.

To develop the brain-biometric process, participants were asked to complete seven different tasks with the EEG equipped. Three of the tasks were generic, requiring the participants to focus on breathing in and out, imagine moving their finger up and down, and listening for an audio tone. The other four tasks required participants to focus on an individual/personalized secret, such as singing a song of their choice, or performing a repetitive action.

brainwavesWhile performing these tasks, their brainwaves were monitored for heuristic patterns. And as it turns out, all seven tasks — even just sitting there and focusing on your own breathing — provided enough information to authenticate the subjects identity. So when it comes right down to it, this means of identifying oneself works effectively, and eliminates the need for passwords and could provide another layer of identity protection. All for the onetime price of $100.

But of course, there are some issues. For one, the bulk and unaesthetic nature of the EEG and the accuracy of the system, but these are both remediable. As it stands, no one would really want to wear a Neurosky EEG in public, but if the electrode were concealable – say, within a Bluetooth headset – this wouldn’t be a problem. As it stand, accuracy is the far more important issue. While a 99% accuracy rate is good, it is not good enough for serious and possibly security-based applications.

?????????????????But looking forward, it is not hard to imagine that the accuracy of the system will increase, as EEG hardware and biometric algorithms improve in quality. It is also very easy to imagine smartphones that can identify their users through their brainwaves, provided they are wearing a Bluetooth headset with an EEG equipped. In addition, computers that come equipped with headbands so people can log in and start working simply by sitting down and issuing the proper thoughts.

Thinking truly long-term, its not hard to imagine that the headband itself will be done away with in favor of a wireless EEG implanted underneath the skin. Much in the same way that these are allowing people to control robotic limbs, they may also allow us to log into computers, type documents, surf the net, and play video games with just our thoughts. Move over Xbox Connect! Here comes Xbox Thinx (patent pending!)

my_future_office_by_ishmakey-d3l9n3t

Source: Extremetech.com

Cyberwars: The Credit Card Info Stealing App

theft_creditcard1Want to steal someone’s credit card information? There’s an App for that! Yes, it seems that smartphones are the latest tool in the identity and info thief’s arsenal, just a few years after it was reported that laptops were being used for to read people’s passports. And the worst part of it is, it can be done using a technology that is perfectly legal, and worse, was designed to make the life of consumers that much easier.

MasterCard calls the App PayPass, while Visa calls it payWave. Simply wave your credit card over a sensor and you’ve made a transaction, without the hassle of having to remember or enter a PIN number. But one of the unintended downsides is that it also makes it that much easier for a third party to steal your credit card information, and just as quickly and conveniently.

theft_creditcard3An investigative report was recently performed by CBC News and Mandy Woodland, a St. John’s lawyer who specializes in technology and privacy law. Using a Samsung Galaxy SIII, one of the most popular on the market today, the team downloaded a free app from the Google Play store to read information such as a card number, expiry date and cardholder name simply holding the smartphone over a debit or credit card.

According to their report, a thief can simply walk by, pause and read the information through an unwitting person’s coat and wallet, and then the information can be sent to another phone. The entire process only takes five minutes to download the App, and just seconds to obtain the credit card info. After conducting the process with a team members credit card, they used the stolen information to buy a coke.

??????????????Naturally, the process could be used to pay for gas, a new computer, or plane tickets to a vacation paradise! And as Woodlands said in an interview with CBC:

It’s always a concern when a stranger could obtain my personal information and my banking and financial information just from a simple walk by, particularly the fact that that worked so quickly.

Furthermore, Michael Legary, who runs a security company called Seccuris Inc., claims they have investigated cases where phones paired with these apps were used to commit credit card fraud. Legary also claims that the app has become a tool for organized crime in Europe:

They don’t even need to talk to you or touch you, they can get information about who you are. That may make you more of a target for certain types of crime.

theft_creditcardBut of course, credit card companies would like their clients not to worry. In a written statement, Visa claimed that there have been no reports of fraud perpetrated by reading its payWave cards, in the manner shown by the CBC. Citing the many layers of protection and identity security, Visa points to its record, which it claims shows historic lows of fraud. Mastercard similarly claimed that its customers are protected, specifically their MasterCard’s Zero Liability Policy. My only answer to that is, wait a while…

At the same time, Google has announced, in response to this investigation, that it would remove any app that violated Google’s developer distribution agreement or content policies. However, the app in question is still available on Google’s download site.

In conjunction with other forms of identity theft and RFID skimming, this latest revelation only adds to the growing concern that technologies which are designed for convenience are being abused to make our lives more harassed and insecure. It also raises an important issue about corporate security in the digital age.

Much like with internet security and hackers, there appears to be a constant back and forth between thieves and credit card companies, the one erecting more and more barriers of security and the other coming up with more elaborate ways to beat them. As for the rest of us, it seems we can only be vigilant. But if possible, it might be smart to purchase an Faraday pouch for your personal effects!

In the meantime, here is a demonstration of the credit card “skimming” at work.


Sources: CBC.ca, huffingtonpost.ca

Hacker Wars: The Invasion Continues!

cyber-war-1024x843State-sponsored hacking has been a major concern lately. From Russia’s “Red October” virus, which spied on embassies and diplomats in multiple countries, to China’s ongoing intrusion into government and corporate databases in the US, it seems as though private hackers are no longer the only ones we need to worry about.

The latest incident in this invasion of privacy and airing of personal information comes again from Russia, where a mysterious website has been posting personal information about some rather high-profile American figures. These include First Lady Michelle Obama, Vice-President Joe Biden, Jay-Z, Britney Spears, U.S. Attorney General Eric Holder, Sarah Palin, Arnold Schwarzenegger, and the head of the FBI.

michelle-obama_fullIn addition to taunting messages and unflattering pictures, the site includes Social Security numbers, credit reports, addresses and phone numbers. No reasons are listed on the site as to why these particular people were selected, but it seems clear at this point that they were chosen due to their high-profile nature and/or positions of importance within the US government. As of last Tuesday, both the FBI and Secret Service announced that they were investigating the website.

Though it is not definitively clear where the hackers are operating from, all indications point to Russia. The first clue came when it was revealed that site bore the internet suffix originally assigned to the Soviet Union (.su), a practice which is not uncommon with Russian hackers these days. In addition, it is also connected to a Twitter account, which carried an an anti-police message posted in Russian.

hackers_securityAt the moment, neither the White House or the Secret Service is offering assessments or comments on the matter. But some thoughts have been offered by Los Angeles Police Commander Andrew Smith, who spoke on behalf of Chief Charlie Beck, who’s information was also posted. According to Beck, this is not the first time that top police officials have had their private information posted online:

“People get mad at us, go on the Internet and try to find information about us, and post it all on one site. The best word I can use to describe it is creepy. It’s a creepy thing to do.”

Frank Preciado, assistant officer in charge of the LAPDs online division, added that the information on the police chief was likely taken from what is supposed to be a secure database of city employees. And it might just offer some insight into this latest, sweeping act of inforpiracy. When all is said and done, it appears that this may simply be a case of a small but qualified group of misfits engaging in public mischief.

internetHowever, of greater concern is the fact that with this latest act of high-profile hacking, a trend that citizens were forewarned might be coming true. In December of 2012, internet security company McAfee warned of an impending attack by Russian hackers against American banks. Dubbed “Project Blitzkrieg”, the threat of the attack surfaced on a Russian hacking forum in the previous September, and McAfee was quick to advised that it was a credible one.

As of December 2012, Russian hackers had effectively infected 500 databases in the US with the promise of more to come. The cybercriminal known as vorVzakone – whose name means ‘thief in law’ – was identified as the head of the operation, whose plans called for the release of a Trojan horse virus that would allow him and his accomplices to seize control of banks’ computers to steal information and money.

cold_war

Clearly, all of these incidents amount to a major public concern. But of greater concern to me is the fact the lines being drawn in this new era of cyber-warfare are eerily familiar. Not long ago, China and Russia were locked in an ongoing feud with the US and its allies, a war fueled by ideology but based on the cultivation of technology and espionage networks.

Granted, only China’s case of cyberwarfare against the US appears to be government-backed. But between the “Red October” virus,  “Project Blitzkrieg”, and the fact that Russian hackers are in the habit of using a Soviet-era suffix to designate their activities, it seems that Russia is fertile ground for a renewed standoff with the West as well. And given that the targets have been western governments and financial institutions, would it be so farfetched to assume the government might be marginally involved?

The means may have changed, but the overall purpose remains the same. Infiltrate, destabilize, and steal information from the enemy. Are we looking at a renewed Cold War, or just the last gasps of an ideological confrontation that was supposed to have died years ago? Only time will tell…

Sources: cbc.ca, dailymail.co.uk

Should We Be Afraid? A List for 2013

emerg_techIn a recent study, the John J. Reilly Center at University of Notre Dame published a rather list of possible threats that could be seen in the new year. The study, which was called “Emerging Ethical Dilemmas and Policy Issues in Science and Technology” sought to address all the likely threats people might face as a result of all developments and changes made of late, particularly in the fields of medical research, autonomous machines, 3D printing, Climate Change and enhancements.

The list contained eleven articles, presented in random order so people can assess what they think is the most important and vote accordingly. And of course, each one was detailed and sourced so as to ensure people understood the nature of the issue and where the information was obtained. They included:

1. Personalized Medicine:
dna_selfassemblyWithin the last ten years, the creation of fast, low-cost genetic sequencing has given the public direct access to genome sequencing and analysis, with little or no guidance from physicians or genetic counselors on how to process the information. Genetic testing may result in prevention and early detection of diseases and conditions, but may also create a new set of moral, legal, ethical, and policy issues surrounding the use of these tests. These include equal access, privacy, terms of use, accuracy, and the possibility of an age of eugenics.

2. Hacking medical devices:
pacemakerThough no reported incidents have taken place (yet), there is concern that wireless medical devices could prove vulnerable to hacking. The US Government Accountability Office recently released a report warning of this while Barnaby Jack – a hacker and director of embedded device security at IOActive Inc. – demonstrated the vulnerability of a pacemaker by breaching the security of the wireless device from his laptop and reprogramming it to deliver an 830-volt shock. Because many devices are programmed to allow doctors easy access in case reprogramming is necessary in an emergency, the design of many of these devices is not geared toward security.

3. Driverless zipcars:
googlecarIn three states – Nevada, Florida, and California – it is now legal for Google to operate its driverless cars. A human in the vehicle is still required, but not at the controls. Google also plans to marry this idea to the zipcar, fleets of automobiles shared by a group of users on an as-needed basis and sharing in costs. These fully automated zipcars will change the way people travel but also the entire urban/suburban landscape. And once it gets going, ethical questions surrounding access, oversight, legality and safety are naturally likely to emerge.

4. 3-D Printing:
AR-153D printing has astounded many scientists and researchers thanks to the sheer number of possibilities it has created for manufacturing. At the same time, there is concern that some usages might be unethical, illegal, and just plain dangerous. Take for example, recent effort by groups such as Distributed Defense, a group intent on using 3D printers to create “Wiki-weapons”, or the possibility that DNA assembling and bioprinting could yield infectious or dangerous agents.

5. Adaptation to Climate Change:
climatewarsThe effects of climate change are likely to be felt differently by different people’s around the world. Geography plays a role in susceptibility, but a nation’s respective level of development is also intrinsic to how its citizens are likely to adapt. What’s more, we need to address how we intend to manage and manipulate wild species and nature in order to preserve biodiversity.This warrants an ethical discussion, not to mention suggestions of how we will address it when it comes.

6. Counterfeit Pharmaceuticals:
Syringe___Spritze___by_F4U_DraconiXIn developing nations, where life saving drugs are most needed, low-quality and counterfeit pharmaceuticals are extremely common. Detecting such drugs requires the use of expensive equipment which is often unavailable, and expanding trade in pharmaceuticals is giving rise to the need to establish legal measures to combat foreign markets being flooded with cheap or ineffective knock-offs.

7. Autonomous Systems:
X-47BWar machines and other robotic systems are evolving to the point that they can do away with human controllers or oversight. In the coming decades, machines that can perform surgery, carry out airstrikes, diffuse bombs and even conduct research and development are likely to be created, giving rise to a myriad of ethical, safety and existential issues. Debate needs to be fostered on how this will effect us and what steps should be taken to ensure that the outcome is foreseeable and controllable.

8. Human-animal hybrids:
human animal hybrid
Is interspecies research the next frontier in understanding humanity and curing disease, or a slippery slope, rife with ethical dilemmas, toward creating new species? So far, scientists have kept experimentation with human-animal hybrids on the cellular level and have recieved support for their research goals. But to some, even modest experiments involving animal embryos and human stem cells are ethical violation. An examination of the long-term goals and potential consequences is arguably needed.

9. Wireless technology:
vortex-radio-waves-348x196Mobile devices, PDAs and wireless connectivity are having a profound effect in developed nations, with the rate of data usage doubling on an annual basis. As a result, telecommunications and government agencies are under intense pressure to regulate the radio frequency spectrum. The very way government and society does business, communicates, and conducts its most critical missions is changing rapidly. As such, a policy conversation is needed about how to make the most effective use of the precious radio spectrum, and to close the digital access divide for underdeveloped populations.

10. Data collection/privacy:
privacy1With all the data that is being transmitted on a daily basis, the issue of privacy is a major concern that is growing all the time. Considering the amount of personal information a person gives simply to participate in a social network, establish an email account, or install software to their computer, it is no surprise that hacking and identity theft are also major conerns. And now that data storage, microprocessors and cloud computing have become inexpensive and so widespread, a discussion on what kinds of information gathering and how quickly a person should be willing to surrender details about their life needs to be had.

11. Human enhancements:
transhumanismA tremendous amount of progress has been made in recent decades when it comes to prosthetic, neurological, pharmaceutical and therapeutic devices and methods. Naturally, there is warranted concern that progress in these fields will reach past addressing disabilities and restorative measures and venture into the realm of pure enhancement. With the line between biological and artificial being blurred, many are concerned that we may very well be entering into an era where the two are indistinguishable, and where cybernetic, biotechnological and other enhancements lead to a new form of competition where people must alter their bodies in order to maintain their jobs or avoid behind left behind.

Feel scared yet? Well you shouldn’t. The issue here is about remaining informed about possible threats, likely scenarios, and how we as people can address and deal with them now and later. If there’s one thing we should always keep in mind, it is that the future is always in the process of formation. What we do at any given time controls the shape of it and together we are always deciding what kind of world we want to live in. Things only change because all of us, either through action or inaction, allow them to. And if we want things to go a certain way, we need to be prepared to learn all we can about the causes, consequences, and likely outcomes of every scenario.

To view the whole report, follow the link below. And to vote on which issue you think is the most important, click here.

Source: reilly.nd.edu