Here’s your wrap up of security and privacy related news from the first half of July.
Every week we invite a security expert to talk us through the hacks on Mr. Robot, USA Network’s summertime hit TV show. We want to know if they are real or a Hollywood version of cybercrime? Read our weekly reviews of the hacks:
- Pilot episode 1: Are the hacks on Mr. Robot real?
- Episode 1.1: Mr. Robot Review: Ones and Zer0s
- Episode 1.2: Mr. Robot Review: d3bug.mkv
- Episode 1.3: Mr. Robot Review: da3m0ns.mp4
- Episode 1.4: Mr. Robot Review: 3xpl0its.wmv
It’s too bad that hacking is not just for TV and movies. Even trusted websites can fall victim to cybercrooks. Online shopping just got a little more risky when the largest e-commerce platform was hacked in order to spy on customers and steal credit card data.
Driving under the influence of alcohol or texting while driving is still a bigger risk to your safety on the road, but the hacking experiments conducted on technology-heavy cars might be an indicator of break-downs to come.
Two security engineers proved that a car is not just a transportation device to get from point A to point B, but a vulnerable combination of individual software systems that can be hacked.
Back in 2013, Charlie Miller and Chris Valasek hacked a 2010 Ford Escape and a Toyota Prius. The two researchers demonstrated the ability to send commands from their laptop that did things like jerk the steering wheel, give false readings on the speedometer and odometer, sound the horn continuously, and slam on the brakes while going down the road.
They have done it again, this time with a 2014 Jeep Grand Cherokee.
AVAST is a proud champion of National Cyber Security Awareness Month (NCSAM) and supporter of the European Cyber Security Month (ECSM) recognized this October. The month begins with the awareness that no individual, company, or government is solely responsible for securing the internet – it is Our Shared Responsibility.
Individual computer users are the first line of defense in guarding against online risks. For this reason, online security requires our collective participation, requiring awareness and vigilance from every citizen, community, and country.
How can I do my part?
The Stop.Think.Connect.™ campaign is designed to help people practice safer online habits. Here are some basic steps everyone from kids to business owners should know to minimize the chances of becoming a victim of cybercrime:
- Set strong passwords, change them regularly, and don’t share them with anyone.
- Keep your operating system, browser, and other critical software optimized by installing updates. (AVAST has Free protection for PCs, Macs, and Android devices.)
- Maintain an open dialogue with your friends, family, and colleagues about Internet safety.
- Use privacy settings and limit the amount of personal information you post online.
- Be cautious about offers online – if it sounds too good to be true, it probably is.
During this month, we’ll talk more about cybersecurity with AVAST experts and share tips that you can adopt and share. For all the latest news, fun and contest information, please visit our blog often and follow us on Facebook, Twitter and Google+.
As we have recently mentioned on our blog, October is National Cyber Security Awareness Month. And I’m sure we will post more to raise awareness of the risks you personally face, the risks to the institutions you do business with, and to the government itself.
Today, though, I want you to start to broaden your outlook on this issue. While you are getting acquainted with new threats like nation-state funded attacks, cyber-terrorism, and hactivism, I’d also ask you to look at some of the things our legislatures have been proposing in the name of cybersecurity. This includes early efforts to protect critical industry sectors our energy grid or banking systems against cyberattack, and requirements that we move beyond passwords when we access Web sites where we perform transactions or access personal data. As all these initiatives come with costs, none have universal support. But some cybersecurity proposals have generated more controversy than others, including: like the SOPA and PIPA bills that coddled the media industry by conflating digital piracy with cybersecurity and whose proposed remedies would have create a regime of censorship, or the federal development and control of a so-called “Internet Kill Switch“.
There will continue to be a lot going on here legislatively, and anything that changes the government’s role in the Internet will affect you as well. So let’s make also do our job as responsible, informed citizens. Let’s make October National Cybersecurity Policy Awareness Month. Let’s get educated, and involved.
New reports tying the Stuxnet worm to the US government has many people asking questions. What exactly is a cyberattack? Does conducting a cyberattack have the same implications as a physical military attack? Is the US waging an undeclared war on Iran in the same way that a bombing of its nuclear facilities would have done? Is this the new face of warfare and defense?
And now there’s the recent discovery of the Flame virus. We seem to be entering an era where military and diplomatic goals are increasingly embracing the Internet and cyber tools as a vehicle with which to achieve.
One of the big challenges in understanding all this is the lack of agreed upon definitions and principles. We may refer to this attack as cyber-sabotage, while Iran may refer to it as cyber-war or even cyber-terrorism. The Flame virus would be best categorized as cyber-espionage. Without terminology that is clear and agreed upon, the classification of this action is left to be determined by the rhetoric of politicians driven by their own political goals.
There are far more disconcerting implications and considerations if the US is to conduct state-sponsored initiatives in cyberspace.
- Collateral damage: these viruses could ‘get loose’ and inflict unintended damage. We saw this with Stuxnet in 2010, as it hit more than its intended Iranian targets because of a “programming error” (by the way: it was a “programming error” that caused all the damage arising from the Morris Worm as well, for those who remember that little event in computer history)
- Re-purposing and reuse: With cyber-attacks, the targeted opponents will have access to the code that was used. This is like handing the enemy the schematics for every weapon you use against them. With the code, an opponent can replicate the malware and modify it to their own needs. The only additional ‘raw material’ being programmer talent.
- Deniability: Military personnel are clearly identifiable, and armaments all have traceable points of origin. Not so with cyberattacks. We’ve already seen this in the US, where we think past attacks came from China or North Korea, but we can’t be sure. As the US starts to employ such tools, we increase our own ability to deny our actions; war becomes a clandestine affair, which is often at odds with our democratic principles.
Paradoxically, the proponents of building up US cybersecurity defenses will suffer a setback with the US now admitting its role in Stuxnet. These proponents – many of whom are in the military or defense contractor business – had taken up Stuxnet as their cause celebre and chief argument for extending the reach of DHS, NSA, and other federal authorities into our businesses and personal lives. But the government and the cybersecurity industry can’t go clamoring for more funding to defend against a boogeyman of their own creation.
In a few days, the world will ring in the New Year with renewed hope for a bright future. Predictions are being made about what 2012 will bring, and unfortunately instead of focusing on the positive, many of them are bleak. One that stands out is the prediction that the world will cease to exist on December 21, 2012 (according to the Mayan Long Calendar.) Thankfully, that one has been debunked – but we’ll see…
Here at AVAST, we are confident that we’ll have another great year protecting millions of happy internet surfers from all the nasties out there, but here are some educated predictions about what CyberThreats 2012 has in store for us, and how you can stay protected. Read more…