Connect with us

Opinion

New regulations are required to prevent hackers exploiting the growing number of woefully-insecure IoT devices

Published

on

woefully-insecure IoT devices

In its latest annual assessment of the cyber security landscape, Finland’s Nokia this week warned about the growing threat posed to both businesses and consumers by poorly-secured connected devices such as smart home gadgets. The firm’s 2019 Threat Intelligence Report revealed that Internet of Things (IoT) botnet activity accounted for 78% of all malware detection events in communication service provider networks this year. That was more than double the rate seen in 2016, when IoT botnet activity was first detected in a meaningful way. Hackers are able to create IoT botnets by taking control of multiple connected devices and then using them to harvest personal banking information from consumers, or to launch distributed denial-of-service (DDoS) attacks on companies’ websites.

While this may be a relatively new phenomenon, researchers have been warning for years about the possible dangers presented by the deluge of connected devices that are being rushed to market by firms that consider security a low priority. In light of Nokia’s latest findings, and a forecast over the summer from Sweden’s Ericsson that predicted there will be 3.5 billion IoT connections by 2023, it is clear things need to change if we are to avoid hackers having easy access to a global army of insecure devices they could easily use to steal personal information and launch DDoS attacks.

As it appears many connected device makers are more concerned with getting their products on sale quickly for as low a price as possible rather than investing the resources required to make sure their inventions are secure, the time has surely come for governments around the world to intervene. With the threat posed by insecure IoT devices growing, the industry needs to be properly regulated to ensure the items it sells meet minimum security standards. While regulators and think tanks in both the US and the EU have looked at the possibility of creating new rules to guarantee a minimum level of security in IoT devices, lawmakers across the globe have so  far managed to do little more than produce largely unenforceable guidelines for makers of connected products.

In October, the US state of California became the first jurisdiction to the pass meaningful laws on IoT security, but this only applies to devices sold locally, so will likely have little real impact on the behaviour of connected product manufacturers. It is however a step in the right direction, and one that lawmakers elsewhere should look to follow as it becomes clearer that IoT product designers will only act on security if forced to do so. A slew of recent examples show that issuing guidance just does not work.

At the end of September, researchers at antivirus frim Avast announced that they had discovered “the most sophisticated botnet they have ever seen”. They revealed that the Torii botnet was targeting insecure IoT devices, and that the malware behind it was way more sophisticated and advanced than that which was responsible for the creation of the Mirai botnet and its derivatives. Once Torii has compromised one device, it is capable of spreading to other connected products on a user’s network, and is also designed to silently mine cryptocurrencies such as Bitcoin. During the same month, researchers at Princeton University cautioned that hackers could use botnets to attack key national infrastructure, including power grids.

Away from the threat of botnets, insecure connected devices also pose a significant risk to both the security and privacy of consumers. In a report published in November, the Mozilla Foundation examined the safety and security of a number of connected devices that are likely to be a hit with shoppers over the holiday season this year. The company warned that a number of the connected devices it tested, particularly drones and smart speakers, could spy on users and their children, or expose their personal information. Highlighting the risk to children, of the 18 products reviewed in the toys and games category, Mozilla found that just five met its “minimum standards”.

This all goes to show that connected device makers are paying little if any attention to the guidance being offered by researchers and governments. Instead, they are continuing to pump out inadequately-secured devices that not only pose a threat to the consumers who buy them, but also to businesses that could be targeted in DDoS attacks, and in some cases even national security. On current evidence, it is clear that these companies simply will not act unless they are compelled to, making it vital that governments across the world move quickly to force their hand. With the number of connected devices expected to rocket over the coming years, particularly with the advent of 5G technology, failure to act now may hand hackers access to millions of devices that could be harnessed to commit all manner of cyber-enabled crimes.

Continue Reading

Opinion

Why organised criminal gangs are actively grooming teenagers to become the next generation of cyber hackers

Published

on

next generation of cyber hackers

More than two years have passed since Europol warned in its 2017 Serious and Organised Crime Threat Assessment that traditional organised crime networks had belatedly gone digital. It was noted at the time that these groups were increasingly turning to Crime-as-a-Service (CaaS) offers, which were being sold on the dark web by people with the technical skills required to make this happen. Fast forward 24 months, and it would appear that gang bosses may be becoming tired of having to rely on the CaaS business model whenever they need access to individuals with hacking skills. Last week, senior British police officers warned that organised crime gangs are now actively recruiting their own hackers, and are targeting teenage gamers on the autistic spectrum as part of their efforts to do so. Quoting research that suggests more than 80% of cyber criminals have a background in gaming, the National Police Chiefs’ Council (NPCC) launched a campaign intended to turn teenagers away from cyber crime, and encourage them to use their hacking skills for good. But noble as the initiative appears, it is unlikely to reverse a trend that is making teenage hackers the new elite of the organised criminal underworld.

It is not difficult to see why crime gangs are eager to secure the services of a new generation of young hackers. A slew of recent cases have demonstrated just how much money can be made from their skills, somewhat contacting a 2017 National Crime Agency (NCA) report that claimed young cyber criminals were more interested in the notoriety their activities garnered than any financial reward.

Earlier this month, 24-year-old Zain Qaiser was handed a six-year sentence by a British court after being found guilty of using malware to blackmail visitors to pornography websites. Between 2012 and 2014, the former computer science student is thought to have helped an organised criminal gang from Russia make millions of pounds by infecting adverts on legal adult websites with ransomware that demanded payments of up to $1,000 from victims. Prosecutors said Qaiser was personally paid more than £700,000 ($910,370) for his part in the scam, which he is said to have spent on prostitutes, luxury hotels, gambling and a Rolex watch. The NCA, which is often referred to as the UK’s equivalent of the FBI, described it as the most serious case of cyber crime it has investigated to date.

Just days later, an unemployed university drop-out from the city of Liverpool in the UK was sentenced to more than five years behind bars after being convicted of running the Silk Road 2.0 dark web illicit marketplace. Thomas White, 24, had helped run the original Silk Road until it was closed down by FBI investigators in 2013. Just one month after it was taken offline, White launched Silk Road 2.0, which like its predecessor was used by vendors to offer illicit items including drugs, weapons, cyber crime tools and stolen credit card details. While it is unknown how much money White personally made from creating the site, investigators estimated that it was used to sell illegal items worth $96 million, on which the former accounting student would take a commission of up 5%. White should consider himself lucky he is not in the position of Ross Ulbricht, the creator of the original Silk Road website, who was jailed for life with no chance of parole in 2015.

At the beginning of this year, police in Germany arrested a 19-year-old man in connection with a hacking incident that resulted in the personal details of politicians and celebrities being published on Twitter. In what was described as the largest such leak in the country’s history, documents including letters sent and received by German Chancellor Angela Merkel were dumped online in December of last year. The teenager, identified only as Jan S in line with Germany’s privacy laws, said that while he had been in contact with the hacker who leaked the documents, he played no part in obtaining them. Last August, a 16-year-old boy from Australia who said he dreamed of working for Apple pleaded guilty to hacking into the iPhone maker’s network and downloading 90 gigabytes of internal files. He was later spared jail when he was sentenced last September at the Australian Children’s Court, despite the offences of which he had been accused carrying a jail term of up to three years.

Prior to the invention of the internet, those who found themselves operating in the world of serious and organised crime did so largely as a consequence of their environment and the people around them. Now, hackers with the requisite skillset can carry out cyber crime activities involving huge amounts of money from their parents’ basement, without ever having to personally interact with their associates. While British police efforts to dissuade young people vulnerable to being groomed into becoming the next generation of cyber criminals are laudable, it is likely that many will find the money and notoriety on offer to major hackers more attractive than the prospect of working for the other side.

Continue Reading

Opinion

Banning begging would help human trafficking victims as well as the genuinely destitute

Published

on

banning begging will help human trafficking gang victims

A considerable number of experts on homelessness and poverty now agree that there are far better ways of helping vulnerable individuals who find themselves on the street than giving them money. Accepting the fact that any cash handed over in such circumstances will in all likelihood be spent on alcohol or drugs, professionals who work with the homeless and people who beg in city and town centres often advise that donating to charities that support vulnerable individuals is a far more productive way in which to help. Many people choose to ignore this advice, and generously hand over their hard-earned money to beggars with the very best of intentions, in many cases oblivious to the fact that their kindness could very well be doing more harm than good. Aside from supporting substance abuse and alcoholism among the destitute, those who do choose to give money directly to beggars could also be contributing to the profits of organised crime networks, and prolonging the suffering of modern slaves who are forced onto the streets to pose as being homeless in order to elicit sympathy from passers-by.

The large sums of money that can be made by beggars in many western nations has led to a rise in the phenomenon of forced begging, which involves organised criminal gangs compelling victims of human trafficking to assume the guise of homeless people and ask members of the public for cash handouts. In many cases, those who find themselves forced to work as bogus beggars are persuaded to leave a life of poverty in their home countries with the promise of well-paid work in wealthier locations. In a tactic used widely by traffickers who exploit people for the purposes of prostitution and other forms of forced labour, victims then find they have been lied to when they arrive in the country in which they had been promised work.

They are typically made to live in appalling conditions, are vulnerable to both physical and sexual abuse, and compelled to hand over all the money they make while begging to their traffickers. In Western Europe, those who end up working as forced beggars are typically drawn from poorer countries in the east of the continent. In the US, those forced into organised begging often have an unstable immigration status, or are American citizens who have physical or learning disabilities, according to US anti-slavery charity Polaris.

In October of last year, police in Spain dismantled a trafficking network that shipped disabled Romanians to the city of Santiago de Compostela and forced them to beg and act as human statutes in the street. The gang’s victims were convinced to leave their home country on the promise of receiving legitimate catering work, but once they arrived in Spain, were housed in appalling conditions and forced to beg on their knees regardless of the weather. If victims fell ill due to the horrifying circumstances in which they found themselves, members of the gang would beat them violently if they were unable to work.

The UK has become a major focus for organised begging gangs, partly on account of regular news reports claiming that beggars in major cities such as London can make many hundreds of pounds a day. Last month, a judge in Northern Ireland pledged to come down hard on any organised beggars who appeared before him in court, noting how gangs had been flying cells of bogus beggars into the province every six weeks. Jailing a woman from Bucharest for two months for stealing a bottle of vodka, Judge Barney McElholm made the pledge at Londonderry Magistrates Court, arguing that people such as the defendant were doing a great disservice to those who are genuinely homeless.

Members of a large Romanian organised begging gang were reported to have left Norway in April 2017 after a documentary screened by state broadcaster NRK exposed its members’ activities. Female members of the network were seen to spend their days begging on the streets of the southwestern city of Bergen, before working as prostitutes and stealing credit cards at night. Much of the proceeds of the gang’s illicit activities would then be sent back to Romania, news of which prompted Prime Minister Erna Solberg to urge Norwegians to consider whether it was a good idea to give money to people claiming to be homeless.

Norway has attracted criticism over recent years for daring to consider whether it might be desirable to ban begging, with those opposed to the idea labelling the wealthy country as “mean” for even making such as suggestion. But with more people coming round to the idea that handing over money to genuinely homeless people might be counterproductive, and evidence suggesting that many beggars on the street might not be what they seem, outlawing the practice of asking members of the pubic for money in the street might be the only way of protecting the vulnerable.

Continue Reading

Opinion

Tech giants have lost the chance to self-regulate after repeatedly failing to tackle harmful content

Published

on

social media giants have lost the chance to self-regulate

Nobody can say they were not warned. After years of big tech firms being told they must take concrete steps to prevent their platforms being used for the distribution and hosting of harmful content such as child abuse material and extremist propaganda, it appears governments around the globe have finally lost patience with their abject failure to do so. The livestreaming on Facebook of last month’s Christchurch terrorist atrocity in New Zealand seems to have been the straw that finally broke the camel’s back. In the aftermath of the deadly attack, during which gunman Brenton Tarrant used the social network to broadcast real-time footage of himself killing 50 Muslims at two mosques in the city, lawmakers in a number of countries have moved to make good on their threats of regulating online spaces.

For their part, owners of social media companies appear to have recently sensed the writing is on the wall, with a number seemingly accepting that greater regulation of their platforms has now become all but inevitable. In a move that some have framed as being more about deflecting blame for his company’s inability to police harmful content than anything else, Facebook boss Mark Zuckerberg last month used an opinion piece for the Washington Post to tell readers that governments and regulators have a “more active role” to play in holding tech firms to account when it comes to removing potentially harmful material. Echoing Zuckerberg’s thoughts just days later in an interview with Bloomberg, Twitter CEO Jack Dorsey called for improved government oversight of social media networks, telling reporter Jon Erlichman: “It’s the job of regulators to ensure protection of the individual and a level playing field.” Back in January, Salesforce CEO Marc Benioff told CNBC that the threat posed by Facebook, Google and Twitter should be treated as a public health issue, arguing they should be regulated in much the same way as tobacco and sugar.

And so it has come to pass. Less than a month after events in Christchurch, the UK government this week published plans to set up a new online regulator that could have the power to issue substantial fines to social media firms that fail to remove harmful content in a timely manner. The new watchdog may also be able to hold social media executives personally accountable for any such incidents, and would be charged with ensuring that these companies fulfil their duty of care to users. Launching the Online Harms White Paper on Monday, British Home Secretary Sajid Javid said: “[W]e cannot allow the leaders of some of the tech companies to simply look the other way and deny their share of responsibility even as content on their platforms incites criminality abuse and even murder.” The UK government will now consult on the contents of the White Paper until 1 July.

Lawmakers in Australia have moved even more swiftly, last week rushing through new legalisation that could see managers of social media firms jailed if their platforms are used for the livestreaming of real-life violent content. Under the new rules, social media managers could face three years behind bars and a large fine. It is looking increasingly likely that authorities in New Zeeland might introduce similar legalisation, with the country’s Privacy Commissioner John Edwards this week tweeting: “[Platforms such as Facebook] allow the livestreaming of suicides, rapes, and murders, continue to host and publish the mosque attack video, allow advertisers to target ‘Jew haters’ and other hateful market segments, and refuse to accept any responsibility for any content or harm.” Even in the US, where First Amendment rights to freedom of speech make it more difficult to regulate the dissemination of some online content, representatives from Facebook and Google this week appeared before a congressional hearing on white nationalism and hate speech on social media platforms.

While some commentators have welcomed the fact that the so-called “online Wild West” may finally be coming to an end, there are serious concerns that the type of legislation currently being considered in the UK could have grave implications when it comes to freedom of speech, not least on account of the fact that it appears future governments might be able to change the definition of what can and cannot be published online. Worries have also been raised that increased regulation could be bad for competition, with only the wealthiest of social media companies having deep enough pockets to cover the cost of operating within the confines of complicated new rules.

So, having profited massively from a decades-long period during which they were able to repeatedly dodge calls for responsible self-regulation, it has now become expedient for tech giants such as Facebook, Twitter and Google to capitulate to these demands, ushering in a new era that could see both competition and free speech stifled on account of their past greed and failure to act responsibly.

 

Continue Reading

Newsletter

Sign up for our mailing list to receive updates and information on events

Social Widget

Latest articles

Press review

Follow us on Twitter

Trending

Shares