Back in May, I pulled my new copy of Entertainment Weekly out of the mailbox and flipped through it quickly, as I usually do before sitting down to read the whole thing. An article about an unusual premier of a new TV show called Mr. Robot caught my eye. The cyberthriller’s pilot episode was set to make its debut online and through alternative viewing services like Xfinity On Demand, iTunes, Amazon Instant Video, XBOX, and Google Play almost a month earlier than its USA Network television debut on June 24.
The next Monday morning, I shared the news about the show with my colleagues, and we all vowed to watch the new drama about a cybersecurity expert who joins an underground hacker group, as soon as we could. We hoped it would be a more realistic version of the security issues we face today than CSI: Cyber or any number of Hollywood movies. We even contemplated having a weekly viewing party with Avast Virus Lab researchers and getting their comments live, a la Mystery Science Theater 3000, if the show was good.
A twist in the plot
The very next day after the initial discussion, one of my colleagues, and regular blog writer, Stefanie Smith, received an email from a Mr. Robot production staff member asking if we would be interested in having an Avast antivirus product make an appearance on one of the upcoming episodes. At the time, a few weeks before the pilot episode even aired, this was a difficult call – but our decision to be a part of the show, even for a brief moment, proved to be the right one.
Mr. Robot has consistently been named one of 2015’s best TV shows, and it received Golden Globe nominations for Best Series, Best Actor for Rami Malek, and Best Supporting Actor for Christian Slater.
We didn’t watch it together with the Virus Lab guys, but every week after the show, we got their expert opinions about the hacks depicted on Mr. Robot. Here’s some of our favorite moments from season one:
Cybersecurity is not limited to your office or home. Nowadays, many of us use the same devices for work and personal business, so when traveling we need to be extra diligent to protect our devices and the data we have on them. If you use common sense and a bit of Avast technology, all your devices – laptops, smartphones, and tablets, can remain secure wherever you are.
Here are a few things you can do before you go and while you’re on-the-road:
1. Install antivirus protection. Your first and best line of defense on your PC or Android device is antivirus protection. Install it and make sure it is up-to-date.
2. Keep your operating system and software up-to-date. Hackers take advantage of software with security holes that have not been plugged, so take time regularly to make sure that your software and apps have patches and updates applied.
3. Lock down your device. Make it a habit to lock your PC and phone with a PIN, password, or even a fingerprint. Avast Mobile Security even allows you to password-protect your apps. Before you travel, make sure your critical apps, like access to your bank, are protected.
Here’s your wrap up of security and privacy related news from the first half of July.
Every week we invite a security expert to talk us through the hacks on Mr. Robot, USA Network’s summertime hit TV show. We want to know if they are real or a Hollywood version of cybercrime? Read our weekly reviews of the hacks:
- Pilot episode 1: Are the hacks on Mr. Robot real?
- Episode 1.1: Mr. Robot Review: Ones and Zer0s
- Episode 1.2: Mr. Robot Review: d3bug.mkv
- Episode 1.3: Mr. Robot Review: da3m0ns.mp4
- Episode 1.4: Mr. Robot Review: 3xpl0its.wmv
It’s too bad that hacking is not just for TV and movies. Even trusted websites can fall victim to cybercrooks. Online shopping just got a little more risky when the largest e-commerce platform was hacked in order to spy on customers and steal credit card data.
Driving under the influence of alcohol or texting while driving is still a bigger risk to your safety on the road, but the hacking experiments conducted on technology-heavy cars might be an indicator of break-downs to come.
Two security engineers proved that a car is not just a transportation device to get from point A to point B, but a vulnerable combination of individual software systems that can be hacked.
Back in 2013, Charlie Miller and Chris Valasek hacked a 2010 Ford Escape and a Toyota Prius. The two researchers demonstrated the ability to send commands from their laptop that did things like jerk the steering wheel, give false readings on the speedometer and odometer, sound the horn continuously, and slam on the brakes while going down the road.
They have done it again, this time with a 2014 Jeep Grand Cherokee.
AVAST is a proud champion of National Cyber Security Awareness Month (NCSAM) and supporter of the European Cyber Security Month (ECSM) recognized this October. The month begins with the awareness that no individual, company, or government is solely responsible for securing the internet – it is Our Shared Responsibility.
Individual computer users are the first line of defense in guarding against online risks. For this reason, online security requires our collective participation, requiring awareness and vigilance from every citizen, community, and country.
How can I do my part?
The Stop.Think.Connect.™ campaign is designed to help people practice safer online habits. Here are some basic steps everyone from kids to business owners should know to minimize the chances of becoming a victim of cybercrime:
- Set strong passwords, change them regularly, and don’t share them with anyone.
- Keep your operating system, browser, and other critical software optimized by installing updates. (AVAST has Free protection for PCs, Macs, and Android devices.)
- Maintain an open dialogue with your friends, family, and colleagues about Internet safety.
- Use privacy settings and limit the amount of personal information you post online.
- Be cautious about offers online – if it sounds too good to be true, it probably is.
During this month, we’ll talk more about cybersecurity with AVAST experts and share tips that you can adopt and share. For all the latest news, fun and contest information, please visit our blog often and follow us on Facebook, Twitter and Google+.
As we have recently mentioned on our blog, October is National Cyber Security Awareness Month. And I’m sure we will post more to raise awareness of the risks you personally face, the risks to the institutions you do business with, and to the government itself.
Today, though, I want you to start to broaden your outlook on this issue. While you are getting acquainted with new threats like nation-state funded attacks, cyber-terrorism, and hactivism, I’d also ask you to look at some of the things our legislatures have been proposing in the name of cybersecurity. This includes early efforts to protect critical industry sectors our energy grid or banking systems against cyberattack, and requirements that we move beyond passwords when we access Web sites where we perform transactions or access personal data. As all these initiatives come with costs, none have universal support. But some cybersecurity proposals have generated more controversy than others, including: like the SOPA and PIPA bills that coddled the media industry by conflating digital piracy with cybersecurity and whose proposed remedies would have create a regime of censorship, or the federal development and control of a so-called “Internet Kill Switch“.
There will continue to be a lot going on here legislatively, and anything that changes the government’s role in the Internet will affect you as well. So let’s make also do our job as responsible, informed citizens. Let’s make October National Cybersecurity Policy Awareness Month. Let’s get educated, and involved.
New reports tying the Stuxnet worm to the US government has many people asking questions. What exactly is a cyberattack? Does conducting a cyberattack have the same implications as a physical military attack? Is the US waging an undeclared war on Iran in the same way that a bombing of its nuclear facilities would have done? Is this the new face of warfare and defense?
And now there’s the recent discovery of the Flame virus. We seem to be entering an era where military and diplomatic goals are increasingly embracing the Internet and cyber tools as a vehicle with which to achieve.
One of the big challenges in understanding all this is the lack of agreed upon definitions and principles. We may refer to this attack as cyber-sabotage, while Iran may refer to it as cyber-war or even cyber-terrorism. The Flame virus would be best categorized as cyber-espionage. Without terminology that is clear and agreed upon, the classification of this action is left to be determined by the rhetoric of politicians driven by their own political goals.
There are far more disconcerting implications and considerations if the US is to conduct state-sponsored initiatives in cyberspace.
- Collateral damage: these viruses could ‘get loose’ and inflict unintended damage. We saw this with Stuxnet in 2010, as it hit more than its intended Iranian targets because of a “programming error” (by the way: it was a “programming error” that caused all the damage arising from the Morris Worm as well, for those who remember that little event in computer history)
- Re-purposing and reuse: With cyber-attacks, the targeted opponents will have access to the code that was used. This is like handing the enemy the schematics for every weapon you use against them. With the code, an opponent can replicate the malware and modify it to their own needs. The only additional ‘raw material’ being programmer talent.
- Deniability: Military personnel are clearly identifiable, and armaments all have traceable points of origin. Not so with cyberattacks. We’ve already seen this in the US, where we think past attacks came from China or North Korea, but we can’t be sure. As the US starts to employ such tools, we increase our own ability to deny our actions; war becomes a clandestine affair, which is often at odds with our democratic principles.
Paradoxically, the proponents of building up US cybersecurity defenses will suffer a setback with the US now admitting its role in Stuxnet. These proponents – many of whom are in the military or defense contractor business – had taken up Stuxnet as their cause celebre and chief argument for extending the reach of DHS, NSA, and other federal authorities into our businesses and personal lives. But the government and the cybersecurity industry can’t go clamoring for more funding to defend against a boogeyman of their own creation.
In a few days, the world will ring in the New Year with renewed hope for a bright future. Predictions are being made about what 2012 will bring, and unfortunately instead of focusing on the positive, many of them are bleak. One that stands out is the prediction that the world will cease to exist on December 21, 2012 (according to the Mayan Long Calendar.) Thankfully, that one has been debunked – but we’ll see…
Here at AVAST, we are confident that we’ll have another great year protecting millions of happy internet surfers from all the nasties out there, but here are some educated predictions about what CyberThreats 2012 has in store for us, and how you can stay protected. Read more…