Connect with us

Opinion

New regulations are required to prevent hackers exploiting the growing number of woefully-insecure IoT devices

Published

on

woefully-insecure IoT devices

In its latest annual assessment of the cyber security landscape, Finland’s Nokia this week warned about the growing threat posed to both businesses and consumers by poorly-secured connected devices such as smart home gadgets. The firm’s 2019 Threat Intelligence Report revealed that Internet of Things (IoT) botnet activity accounted for 78% of all malware detection events in communication service provider networks this year. That was more than double the rate seen in 2016, when IoT botnet activity was first detected in a meaningful way. Hackers are able to create IoT botnets by taking control of multiple connected devices and then using them to harvest personal banking information from consumers, or to launch distributed denial-of-service (DDoS) attacks on companies’ websites.

While this may be a relatively new phenomenon, researchers have been warning for years about the possible dangers presented by the deluge of connected devices that are being rushed to market by firms that consider security a low priority. In light of Nokia’s latest findings, and a forecast over the summer from Sweden’s Ericsson that predicted there will be 3.5 billion IoT connections by 2023, it is clear things need to change if we are to avoid hackers having easy access to a global army of insecure devices they could easily use to steal personal information and launch DDoS attacks.

As it appears many connected device makers are more concerned with getting their products on sale quickly for as low a price as possible rather than investing the resources required to make sure their inventions are secure, the time has surely come for governments around the world to intervene. With the threat posed by insecure IoT devices growing, the industry needs to be properly regulated to ensure the items it sells meet minimum security standards. While regulators and think tanks in both the US and the EU have looked at the possibility of creating new rules to guarantee a minimum level of security in IoT devices, lawmakers across the globe have so  far managed to do little more than produce largely unenforceable guidelines for makers of connected products.

In October, the US state of California became the first jurisdiction to the pass meaningful laws on IoT security, but this only applies to devices sold locally, so will likely have little real impact on the behaviour of connected product manufacturers. It is however a step in the right direction, and one that lawmakers elsewhere should look to follow as it becomes clearer that IoT product designers will only act on security if forced to do so. A slew of recent examples show that issuing guidance just does not work.

At the end of September, researchers at antivirus frim Avast announced that they had discovered “the most sophisticated botnet they have ever seen”. They revealed that the Torii botnet was targeting insecure IoT devices, and that the malware behind it was way more sophisticated and advanced than that which was responsible for the creation of the Mirai botnet and its derivatives. Once Torii has compromised one device, it is capable of spreading to other connected products on a user’s network, and is also designed to silently mine cryptocurrencies such as Bitcoin. During the same month, researchers at Princeton University cautioned that hackers could use botnets to attack key national infrastructure, including power grids.

Away from the threat of botnets, insecure connected devices also pose a significant risk to both the security and privacy of consumers. In a report published in November, the Mozilla Foundation examined the safety and security of a number of connected devices that are likely to be a hit with shoppers over the holiday season this year. The company warned that a number of the connected devices it tested, particularly drones and smart speakers, could spy on users and their children, or expose their personal information. Highlighting the risk to children, of the 18 products reviewed in the toys and games category, Mozilla found that just five met its “minimum standards”.

This all goes to show that connected device makers are paying little if any attention to the guidance being offered by researchers and governments. Instead, they are continuing to pump out inadequately-secured devices that not only pose a threat to the consumers who buy them, but also to businesses that could be targeted in DDoS attacks, and in some cases even national security. On current evidence, it is clear that these companies simply will not act unless they are compelled to, making it vital that governments across the world move quickly to force their hand. With the number of connected devices expected to rocket over the coming years, particularly with the advent of 5G technology, failure to act now may hand hackers access to millions of devices that could be harnessed to commit all manner of cyber-enabled crimes.

Continue Reading

Opinion

New technology designed to identify food fraud will count for little if tighter penalties are not introduced

Published

on

new technology designed to identify food fraud

Earlier this week, regulators in Ireland announced they were preparing to deploy new DNA testing technology designed to help inspectors identify food fraud. The Food Safety Authority of Ireland (FSAI) announced on Monday that the technology will be able to scan the DNA contents of food items, allowing scientists to establish the biological sources of ingredients present in food and drink products. Once in use, the scanning tool will allow inspectors to ascertain if food products genuinely contain the ingredients listed on their packaging, or whether the manufacturer of the goods in question has attempted to pass off cheaper ingredients in a bid to boost profits. Ultimately, it is hoped that the new system will help the FSAI identify and prosecute companies and individuals who seek to make money by misleading consumers about what is really in their food.

Apart from the 2013 European horse meat scandal, during which a number of EU food manufacturers were caught selling cheap horse meat as beef, food fraud rarely makes major headlines. Despite this, it has for some years now been an activity that has become increasingly attractive to organised criminal gangs. The reason why is not difficult to understand. As well as being hugely profitable if carried out on a grand enough scale, food fraud carries significantly softer punishments for those who are caught doing it than more traditional forms of organised crime such as drug trafficking, people smuggling or even wildlife crime. The penalties available to judges in many countries around the world when sentencing offenders who have been convicted of food fraud charges are widely considered to be woefully insufficient, be they custodial punishments or fines. As a consequence, when assessing the risk-reward ratio associated with committing food fraud, many organised criminal gangs see it as an attractive option.

Since 2011, a coalition of law enforcement agencies including Interpol and Europol have been conducting a global annual crackdown on food fraud, resulting in thousands of tons of dangerous food items being seized and the arrest of scores of suspected fraudsters. Last year’s Operation Opson investigation, which involved authorities from a record 67 countries, saw more than 3,620 tonnes of substandard food being taken out of international supply chains, and the dismantling of nearly 50 organised crime networks said to have been involved in the illegal trade in counterfeit food and drink.

In Belgium, a company behind a meat processing plant had its licence withdrawn after it was found to have knowingly sold rotten meat to supermarkets across the country. Elsewhere, police in Spain arrested four people after seizing eight tonnes of counterfeit baby milk destined for sale in China at an illicit factory in Barcelona. The operation also resulted in Russian officials dismantling 48 illicit alcohol factories, seizing more than 1.6 million litres of illegally-produced beverages in the process.

Only last week, an investigation conducted with Europol in collaboration with police in Italy broke up an organised criminal syndicate that was said to have been involved in the counterfeiting of high-quality wine. Another recent Europol food fraud operation, the results of which were revealed last October, saw scores of people detained in relation to a scam involving the illegal sale of Bluefin tuna in Spain. People who consumed the tuna reportedly fell ill after the gang behind the plot illegally smuggled illicit fish into the country and kept in unhygienic conditions.

Along with DNA testing, a number of companies and research institutions are working on systems based on the blockchain technology that underpins cryptocurrencies such as Bitcoin to track food through supply chains as a means by which to identify fraud. This works by embedding information about a food product’s passage through its supply chain in codes on its packaging, allowing suppliers to have confidence in how the ingredients used to make it were sourced. In time, it is hoped that this information can be made available to consumers, allowing shoppers to not only check that the product they are buying is what it purports to be, but also whether or not it has been made with ingredients that may have been genetically modified or treated with antibiotics.

While it is certainly encouraging that these types of new technologies might help identify instances of food fraud in major supply chains, the fact that penalties for producing and distributing counterfeit and substandard food remain so comparatively light when compared to other forms of organised crime makes it likely they will make little difference alone. If global food and drink regulators are to have any chance of truly fulfilling the potential of DNA testing, blockchain tracking and other forms of new technology designed to identify food fraud, they must be given the teeth to impose meaningful punishments on those who are caught putting consumers’ health at risk by abusing the system.

Continue Reading

Opinion

Shamima Begum could not have made a less compelling case as to why she should be allowed to return to Britain

Published

on

Shamima Begum

Disenchanted jihadi brides currently languishing in Syrian refugee camps desperate to return to their countries of origin owe a huge debt of gratitude to British teenager Shamima Begum, who ran away from home in London four years ago to join Daesh. Over the course of the past week, the 19-year-old has put in a series of extraordinary media performances from the al-Hawl refugee camp in north-eastern Syria, during which she has begged the British government to allow her to return “home”. In doing so, she has provided a textbook example to anybody who might find themselves in a similar predicament of how not to go about facilitating a safe return to the country from which they came in search of a quiet life away from the daily demands of being a terrorist’s wife.

Leaving the question of whether or not Begum should be allowed to return to the UK to one side for a moment, it has to be asked who was advising her before she embarked on her mission to win over hearts and minds back in Britain through a near week-long media campaign that has included interviews with the Times, Sky News, the BBC and ITV. During the course of these interviews, she has made a number of statements that will have done little to endear her to the British public, or make her return any more likely.

Speaking with the BBC, Begum said the 2017 Manchester Arena terrorist attack, during which 22 people lost their lives, was “justified” in retaliation for airstrikes in Syria. She also said she would have been quite content for her late son, who she claims died of malnutrition, to become a Daesh fighter had he lived, but would much rather her new-born baby boy be brought up in Britain. Perhaps somewhat ill-advisedly under the circumstances, she named her new son, whom she gave birth to last week at the refugee camp from where she launched her bid to be returned to Britain, after an Islamic warlord who was famed for slaughtering Jews and other infidels. At the request of her Dutch jihadist husband, Begum named her boy Jarrah, which translates from Arabic as “one who wounds” or “able fighter”.

Throughout all of her UK media outings over the course of the past week, Begum has appeared without a scintilla of remorse, instead smirking her way through interviews with an air of entitled arrogance. She has spoken dispassionately about the relaxed manner in which she responded to first seeing a severed head in a bin, and has voiced tacit support for the murder, rape and enslavement of Yazidi women by Daesh militants.

Back in Britain, Begum’s lawyer has embarked on an equally perplexing campaign to make the jihadi bride’s case before the country’s media. Tasnime Akunjee, who has in the past been linked with a UK advocacy group that described Daesh executioner Mohammed Emwazi as a “beautiful young man”, has compared the teenager’s current situation as akin to that of a First World War British soldier. Akunjee has also sought to blame everybody but Begum for the fact that she was able to travel to Syria while aged 15 without the intervention of authorities, despite the fact that she did so entirely of her own free will.

Begum and her lawyer could not have made a less compelling case as to why she should be allowed back into Britain. This has been reflected in a Sky News poll that revealed 78% of the British public do not believe she should be permitted to return to the UK, and a petition that calls for all Daesh members to be stopped from entering Britain that has attracted nearly 500,000 signatures and counting, the majority of which have been added since Begum’s case came to light.

US President Donald Trump this week pressured European governments to take back and prosecute the 800 or so foreign fighters from the region who are thought to have been captured in Syria and Iraq. Unfortunately though, it remains unclear as to whether prosecutors in countries such as France, Germany and the UK will be able to gather enough evidence to put these people on trial. What is clear, however, is that the European public has little appetite for Daesh jihadis such as Begum being allowed to return to the countries they turned their backs on. When Islamist extremists tell us so clearly who they really are even while trying to convince us to welcome them back into our communities, as has been the case with Begum, we would have to be quite insane to even consider allowing them to return even for one moment, regardless of what the law in its current form says.

Continue Reading

Opinion

Daesh could emerge in a deadlier form after the fall of its so-called caliphate

Published

on

Daesh could emerge in a deadlier form

Nearly five years after Daesh appeared to be at the peak of its powers, controlling huge swathes of Syria and Iraq under its so-called Islamic caliphate, the jihadi group is finally facing defeat in the region. US-backed Syrian Democratic Forces (SDF) spokespeople have said it is now only a matter of days until the last few hundred hardened Daesh fighters holed up in the Syrian village of Baghouz close to the country’s border with Iraq are “annihilated”. As the clock runs down for these Islamists, the days of gruesome Hollywood-style execution videos and dreams of a final battle against “Crusader” armies in the Syrian town of Dabiq must seem a very long time ago indeed.

While the cleansing of Daesh fighters from the region is obviously good news for the people of both Iraq and Syria who were forced to live under the group’s brutal rule, and will likely be used by US President Donald Trump as an example of how effective his approach to its physical presence in the Middle East has been, the fall of the caliphate will do little to diminish the threat the terrorist organisation poses, nor slow the spread of the ideology that underpins its existence.

Despite the fact that its income has dropped radically as the territory it controls has shrunk, the UN estimates that Daesh is sitting on a war chest of some $300 million that it can use to fund attacks on Western targets once it has regrouped from its losses. Some of this money is said to have been smuggled out of the group’s caliphate to be invested in legitimate businesses. The UN also notes that as a result of its loss of land, Daesh now has fewer liabilities, and will consequently be able to use more of its money to fund operations.

As well as retaining considerable financial muscle, the group also continues to pose a significant threat online. One of the most remarkable aspects of the rise of Daesh’s caliphate was the skill with which the group was able to use technology to spread its propaganda and attract recruits. Speaking with CNBC last November, EU Security Commissioner Julian King said the group remains a major online threat, and is continuing to produce and distribute terrorist content across the internet. This is significant, King said, because Daesh-inspired terrorist attacks that have taken place across Europe and elsewhere over recent years have been carried out predominantly by home-grown extremists, many of whom would have been at least partly radicalised online.

It is also important to remember that as the terror group’s caliphate has crumbled, foreign fighters who left their countries of origin to join its ranks have returned home, many taking with them skills learned on the battlefield, and in some cases and even greater hatred of the West than they harboured before they pledged their allegiance to the organisation. While there has been much debate about the fate of high-profile Daesh foreign fighters who have been captured by Syrian and Kurdish security forces, such as Alexanda Kotey and El Shafee Elsheikh, the reality is that nobody knows how many of the group’s militants have sneaked back into their home nations.

In some cases, concerns have been raised that countries such as Britain might not be able to successfully prosecute jihadi fighters who do travel home under current laws. This has raised worries that in a limited number of instances extremists who have committed the most heinous and brutal of crimes, and who may consider mounting terrorist attacks in the future, could end up freely walking the streets.

Elsewhere, the group has been building its presence in a number of countries that are experiencing their own security issues, and forging alliances with other jihadi organisations that share its worldview. In Nigeria, Boko Haram pledged allegiance to Daesh in 2015, leading to the breakaway of a splinter group named Islamic State West Africa Province the following year. Similarly, senior members of jihadi Philippines group Abu Sayyaf have repeatedly sworn oaths of allegiance to Daesh, which the latter group officially recognised in 2016. Meanwhile, militants from Daesh who have fled the group’s caliphate are said to have been regrouping in countries such as Afghanistan and Yemen, prompting fears that the organisation could use these countries as bases from which to launch fresh atrocities.

While the imminent end to Daesh’s presence in Iraq and Syria should of course be celebrated, it must not be allowed to lull the group’s enemies into a false sense of security. Daesh, like jihadi terrorism more generally, shows no sign of declining any time soon, making it a very real possibility that the extremist organisation could remerge in the not too distant future in an even more deadly form.

Continue Reading

Newsletter

Sign up for our mailing list to receive updates and information on events

Social Widget

Latest articles

Press review

Follow us on Twitter

Trending

Shares