In its latest annual assessment of the cyber security landscape, Finland’s Nokia this week warned about the growing threat posed to both businesses and consumers by poorly-secured connected devices such as smart home gadgets. The firm’s 2019 Threat Intelligence Report revealed that Internet of Things (IoT) botnet activity accounted for 78% of all malware detection events in communication service provider networks this year. That was more than double the rate seen in 2016, when IoT botnet activity was first detected in a meaningful way. Hackers are able to create IoT botnets by taking control of multiple connected devices and then using them to harvest personal banking information from consumers, or to launch distributed denial-of-service (DDoS) attacks on companies’ websites.
While this may be a relatively new phenomenon, researchers have been warning for years about the possible dangers presented by the deluge of connected devices that are being rushed to market by firms that consider security a low priority. In light of Nokia’s latest findings, and a forecast over the summer from Sweden’s Ericsson that predicted there will be 3.5 billion IoT connections by 2023, it is clear things need to change if we are to avoid hackers having easy access to a global army of insecure devices they could easily use to steal personal information and launch DDoS attacks.
As it appears many connected device makers are more concerned with getting their products on sale quickly for as low a price as possible rather than investing the resources required to make sure their inventions are secure, the time has surely come for governments around the world to intervene. With the threat posed by insecure IoT devices growing, the industry needs to be properly regulated to ensure the items it sells meet minimum security standards. While regulators and think tanks in both the US and the EU have looked at the possibility of creating new rules to guarantee a minimum level of security in IoT devices, lawmakers across the globe have so far managed to do little more than produce largely unenforceable guidelines for makers of connected products.
In October, the US state of California became the first jurisdiction to the pass meaningful laws on IoT security, but this only applies to devices sold locally, so will likely have little real impact on the behaviour of connected product manufacturers. It is however a step in the right direction, and one that lawmakers elsewhere should look to follow as it becomes clearer that IoT product designers will only act on security if forced to do so. A slew of recent examples show that issuing guidance just does not work.
At the end of September, researchers at antivirus frim Avast announced that they had discovered “the most sophisticated botnet they have ever seen”. They revealed that the Torii botnet was targeting insecure IoT devices, and that the malware behind it was way more sophisticated and advanced than that which was responsible for the creation of the Mirai botnet and its derivatives. Once Torii has compromised one device, it is capable of spreading to other connected products on a user’s network, and is also designed to silently mine cryptocurrencies such as Bitcoin. During the same month, researchers at Princeton University cautioned that hackers could use botnets to attack key national infrastructure, including power grids.
Away from the threat of botnets, insecure connected devices also pose a significant risk to both the security and privacy of consumers. In a report published in November, the Mozilla Foundation examined the safety and security of a number of connected devices that are likely to be a hit with shoppers over the holiday season this year. The company warned that a number of the connected devices it tested, particularly drones and smart speakers, could spy on users and their children, or expose their personal information. Highlighting the risk to children, of the 18 products reviewed in the toys and games category, Mozilla found that just five met its “minimum standards”.
This all goes to show that connected device makers are paying little if any attention to the guidance being offered by researchers and governments. Instead, they are continuing to pump out inadequately-secured devices that not only pose a threat to the consumers who buy them, but also to businesses that could be targeted in DDoS attacks, and in some cases even national security. On current evidence, it is clear that these companies simply will not act unless they are compelled to, making it vital that governments across the world move quickly to force their hand. With the number of connected devices expected to rocket over the coming years, particularly with the advent of 5G technology, failure to act now may hand hackers access to millions of devices that could be harnessed to commit all manner of cyber-enabled crimes.
Why you should worry about more than your device’s search history when viewing porn online
Many adult website users assume they can cover their tracks by turning to their web browser’s incognito mode whenever they want to view explicit pictures or videos online. While it is true that using this type of technology will keep visits to sites that host such material out of a user’s internet search history, pornography enthusiasts should be aware that their adult viewing activity will still be very far from secret.
The majority of porn fans will be smart enough to realise that their online viewing habits will be visible to their internet service provider even when a web browser’s incognito mode is being used, but it will be likely that few spend too much time worrying about this. Others might feel quite comfortable signing up for premium services from their adult entertainment purveyor of choice, and have no qualms about providing their email address and credit card details while doing so.
However, several recent and historic data breach incidents suggest that pornography fans would be well advised to put as much time and effort into worrying about how much information is recorded about their adult entertainment consumption in data centres across the globe as they do into threating about the personal search history on their devices.
Just last week, it was reported that researchers at cyber security firm TurgenSec had discovered that a database left unsecured by UK telecoms and entertainment giant Virgin Media contained information linking some of its customers to porn sites. Responding to Virgin’s initial claim that the database only contained “limited contact information”, TurgenSec issued a statement on its website explaining that the exposed information in fact linked customers to “[r]equests to block or unblock various pornographic, gore related and gambling websites, corresponding to full names and addresses”. Virgin said the information on the database had been accessed on at least one occasion by an unknown user, raising the prospect that the details on it could be used by hackers to target Virgin customers in sextortion scams.
Although such breaches are rare among major internet service providers and telecom firms, partly on account of how tightly regulated they are, information held by adult websites themselves can be much more vulnerable. Perhaps the most notorious breach of an adult website’s database came in 2015 when a hacking group obtained information relating to the users of Ashley Madison, an online dating site that facilitates affairs between married people and those in long-tern relationships.
While not a pornography website per se, people whose personal information was linked to the service found that the impact on their lives was devastating. Having threatened to do so for weeks, the cyber criminals behind the breach leaked the names of 32 million users of the site in August 2015, resulting in people losing their jobs, their relationships, and in some cases even taking their own lives. Soon after the exposure of the Ashley Madison database, sextortion fraudsters launched campaigns to exploit the fears of those who might have appeared on it.
Over the intervening years, numerous porn sites across the world have leaked their users’ details, potentially putting them at of these types of scams. In July 2019, researchers at Cornell University published a paper that revealed 93% of the adult websites they studied were leaking data to third-party entities, such as online advertisers or web analytics providers. “Everyone is at risk when such data is accessible without users’ consent, and thus can potentially be leveraged against them by malicious agents acting on moralistic claims of normative gender or sexuality,” the researchers wrote.
In January of this year, online security firm vpnMentor revealed that porn cam network PussyCash had exposed the details of thousands of “models”, leaking over 875,000 files that included photographs of amateur porn performers in which their faces could be seen alongside personal information including names, dates of birth and passport information. Back in 2016, the names of nearly 800,000 registered users of pornography website Brazzers were exposed in a data breach, with information relating to visitors’ sexual preferences and favourite adult performers posted by hackers online.
As well as exposing porn site users to embarrassment and potential blackmail, these types of data breaches have scuppered efforts to make the internet safer for children in some countries. UK proposals to force porn viewers to sign up to an age verification system before accessing their preferred adult content were dropped last year partly on account of privacy and security concerns. The upshot of all this is that anybody who is partial to watching pornography online should probably worry just as much about how much information about their viewing habits is being stored on databases around the world as they do about the information in their internet browser.
Scammers the world over are exploiting public fears over the coronavirus outbreak
Scammers across the globe are looking to profit from public fears over the coronavirus outbreak, with reports the world over highlighting how fraudsters are seeking to exploit the panic created by the spread of the disease.
On Wednesday, Kyodo News reported that authorities in China have seized more than 31 million counterfeit or substandard face masks as members of the public clamour for such products amid a countrywide shortage.
China’s Ministry of Public Safety said police in the country have dealt with 688 cases involving the manufacture and sale of fake and substandard protective materials, arresting over 1,560 people while doing so.
China’s state-backed Xinhua news agency quotes the ministry as saying that as of Monday, law enforcement officers across the country had dealt with some 22,000 criminal cases related to the coronavirus outbreak.
Addressing a press conference in Beijing this week, Vice Minister Du Hangwei revealed that a total of 4,260 suspects have been detained in relation to these alleged offences.
On Sunday, the UK’s People newspaper revealed that phishing scammers are sending elderly and vulnerable British citizens emails that purport to be from the country’s National Health Service in which they demand a payment of £169.99 ($216) for access to “rapid and effective treatment” for the disease.
Elsewhere, Business Insider reports that Facebook has announced that it will take down bogus adverts that guarantee a cure, create a sense of urgency or otherwise attempt to profit from the virus.
In a statement, the company said: “In the weeks after the World Health Organisation (WHO) declared a public health emergency, Facebook is working to support their work in multiple ways, including taking steps to stop ads for products that refer to the coronavirus and create a sense of urgency, like implying a limited supply, or guaranteeing a cure or prevention.
“For example, ads with claims like face masks are 100% guaranteed to prevent the spread of the virus will not be allowed.”
In a similar move, USA Today reports that online retail giant Amazon has warned third-party face mask sellers about marking up prices to take advantage of fears over the coronavirus outbreak.
While vendors on Amazon are generally allowed to change the price of their products within reason, the company’s policy states: “If we see pricing practices on a marketplace offer that harms customer trust, Amazon can remove… the offer, suspend the ship option, or, in serious or repeated cases, suspending or terminating selling privileges.”
In January, NutraIngredients-USA revealed that the US Natural Products Association (NPA) had asked federal authorities to monitor dietary supplement companies that claim their products can be used to treat the coronavirus.
NPA President and CEO Daniel Fabricant commented: “We have been in touch with some of the ecommerce organisations.
“We are urging them to take a look at how marketers that sell on their sites are tagging products.”
Earlier in February, the US Federal Tarde Commission warned that fraudsters are seeking to take advantage of fears surrounding the disease by setting up websites to sell bogus products targeting potential scam victims through misleading social media posts and phishing emails.
The commission warmed that such social media posts or phishing messages often appear to promote awareness of the disease and may include prevention tips.
They might also ask readers to donate to victims of the virus, or offer advice on unproven treatments, and will often include malware in the form of attachments or links to websites controlled by hackers designed to harvest victims’ personal and financial information.
Offering similar advice this month, UK anti-fraud organisation Cifas cautioned the British public to be on the lookout for scams designed to prey on fear and anxiety over the spreading of the virus.
In a statement, Cifas CEO Mike Haley said: “Fraudsters are always looking for new ways to prey on people’s fear and anxieties, and so it’s very likely that these scams will only increase as coronavirus spreads.
“My advice is to not let fraudsters scare or pressure you into making any hasty decisions. Take your time and do your research, and remember to never hand over personal or financial details – don’t let criminals benefit from this serious situation.”
Separately, the WHO, which is leading global efforts to control the outbreak, has warned that cyber criminals are using its name in a bid to steal money and personal information from victims online.
The UN agency said it would never ask people to log in to any website to view safety information related to the coronavirus, and would never email unsolicited attachments.
The WHO also noted it would never prompt people to visit a website other than its own, and would never charge money to apply for a job, register for a conference, or reserve a hotel.
“WHO is aware of suspicious email messages attempting to take advantage of the 2019 novel coronavirus emergency,” the organisation said.
“Using this method, criminals can install malware or steal sensitive information.”
How America’s methamphetamine crackdown enriched Mexican drug cartels and made the country’s problem with the drug worse
Up until 2006, the overwhelming majority of methamphetamine consumed in the US was manufactured in domestic labs scattered across the country. Then, at what came to be considered the peak of the country’s meth use epidemic, new legislation was introduced that made it much more difficult for producers of the drug to get hold of the ingredients required to make it. The 2005 Combat Methamphetamine Epidemic Act included much stricter controls on the sale of ephedrine, pseudoephedrine and phenylpropanolamine, and resulted in a sharp fall in the amount of meth produced in the US.
Thanks to the introduction of laws such as these and numerous crackdowns on US methamphetamine manufacturers launched by the Drug Enforcement Administration (DEA), domestic production of the substance was almost eradicated during the latter part of the mid-2000s, save for small time producers using the highly dangerous so-called “shake-and-bake”. But rather than ending the country’s problem with the drug, these developments opened a huge opportunity for Mexican trafficking cartels, which have over the intervening years more than plugged the gap left in the market.
While the Combat Methamphetamine Epidemic Act did result in a fall in the number of meth users and hospital admissions related to use of the drug in the immediate aftermath of its introduction, the emergence of Mexican labs turning out huge quantities of what has come to be referred to as “super meth” soon began to reverse any gains. Having fallen to a low of 314,000 in 2008, the number of American’s using methamphetamine in 2018, the most recent year for which data is available, rose to 1.9 million, according to the 2018 National Survey on Drug Use and Health. This was equivalent to a rise from 0.1% of the US population to 0.7%. Experts agree that the drug’s extraordinary comeback is being driven almost exclusively by Mexican cartels skilful exploitation of US efforts to end domestic production of methamphetamine.
Unlike what was being produced in domestic labs, the meth coining into the US from Mexico is typically close to 100% pure and can cost as little as $5 a hit. The price of the drug has plummeted over recent years thanks to the sheer volumes the cartels are bringing into America, making it even more attractive to addicts looking to get as a long a high as possible for their money. In July of last year, federal drug data seen by NPR revealed that seizures of meth by US law enforcement agencies rose 142% between 2017 and 2018.
In November of last year, acting US Customs & Border Protection Commissioner Mark Morgan warned that super labs in Mexico were flooding America with ever cheaper and purer forms of meth. During a White House press briefing, Morgan said: “The illicit narcotics the transnational criminal organisations are flooding the US with are making their way to every town, city, and state in this country. It isn’t just a border issue. Make no mistake: If your city, town, or state has a meth problem, it came from the southwest border.”
Away from National Survey on Drug Use and Health data, other indicators suggest super meth is beginning to take its toll on users. At the end of January, the US Centres for Disease Control and Prevention revealed that between 2012 and 2018, the rate of drug overdose deaths involving psychostimulants such as methamphetamine increased nearly five-fold. Separately, a study published by Millennium Health in the JAMA Network journal this January revealed that use of methamphetamine is rocketing across the US, with the number of urine samples testing positive for the drug rising from about 1.4% in 2013 to around 8.4% last year. The findings of the study suggested that “methamphetamine-related overdose deaths [especially] may continue to increase”.
As part of its efforts to stem the flow of methamphetamine flooding into the country, the DEA last week launched Operation Crystal Shield, which will see the agency target major methamphetamine trafficking hubs in locations such as Atlanta, Dallas, El Paso, Houston, Los Angeles, New Orleans, Phoenix and the St Louis Division. The DEA said in a statement that these locations accounted for 75% of all methamphetamine seizures made in the US last year.
But with the Mexican cartels coming up with evermore ingenious methods of sneaking their products into the country, including bringing methamphetamine into the US in liquid form, the DEA will have its work cut out. While well intentioned, the mid-2000s crackdown on America’s methamphetamine crisis not only appears to have opened up an extremely lucrative new line of business for Mexican trafficking gangs, but may very well also have made the country’s already disastrous relationship with the drug much worse.
- Crooked vendors exploiting flaw in eBay’s feedback system to con buyers into purchasing bogus and dangerous items
- Major ‘lover boy’ prostitution gang broken up by coalition of European law enforcement agencies
- Taking cocaine will not cure people struck down with the coronavirus, French government warns public
- US politicians call for state action against Pornhub over allegations it hosted rape and child abuse videos
- Californian border officers catch Mexican man with enough fentanyl to kill 1.2 million people