Connect with us

Opinion

New regulations are required to prevent hackers exploiting the growing number of woefully-insecure IoT devices

Published

on

woefully-insecure IoT devices

In its latest annual assessment of the cyber security landscape, Finland’s Nokia this week warned about the growing threat posed to both businesses and consumers by poorly-secured connected devices such as smart home gadgets. The firm’s 2019 Threat Intelligence Report revealed that Internet of Things (IoT) botnet activity accounted for 78% of all malware detection events in communication service provider networks this year. That was more than double the rate seen in 2016, when IoT botnet activity was first detected in a meaningful way. Hackers are able to create IoT botnets by taking control of multiple connected devices and then using them to harvest personal banking information from consumers, or to launch distributed denial-of-service (DDoS) attacks on companies’ websites.

While this may be a relatively new phenomenon, researchers have been warning for years about the possible dangers presented by the deluge of connected devices that are being rushed to market by firms that consider security a low priority. In light of Nokia’s latest findings, and a forecast over the summer from Sweden’s Ericsson that predicted there will be 3.5 billion IoT connections by 2023, it is clear things need to change if we are to avoid hackers having easy access to a global army of insecure devices they could easily use to steal personal information and launch DDoS attacks.

As it appears many connected device makers are more concerned with getting their products on sale quickly for as low a price as possible rather than investing the resources required to make sure their inventions are secure, the time has surely come for governments around the world to intervene. With the threat posed by insecure IoT devices growing, the industry needs to be properly regulated to ensure the items it sells meet minimum security standards. While regulators and think tanks in both the US and the EU have looked at the possibility of creating new rules to guarantee a minimum level of security in IoT devices, lawmakers across the globe have so  far managed to do little more than produce largely unenforceable guidelines for makers of connected products.

In October, the US state of California became the first jurisdiction to the pass meaningful laws on IoT security, but this only applies to devices sold locally, so will likely have little real impact on the behaviour of connected product manufacturers. It is however a step in the right direction, and one that lawmakers elsewhere should look to follow as it becomes clearer that IoT product designers will only act on security if forced to do so. A slew of recent examples show that issuing guidance just does not work.

At the end of September, researchers at antivirus frim Avast announced that they had discovered “the most sophisticated botnet they have ever seen”. They revealed that the Torii botnet was targeting insecure IoT devices, and that the malware behind it was way more sophisticated and advanced than that which was responsible for the creation of the Mirai botnet and its derivatives. Once Torii has compromised one device, it is capable of spreading to other connected products on a user’s network, and is also designed to silently mine cryptocurrencies such as Bitcoin. During the same month, researchers at Princeton University cautioned that hackers could use botnets to attack key national infrastructure, including power grids.

Away from the threat of botnets, insecure connected devices also pose a significant risk to both the security and privacy of consumers. In a report published in November, the Mozilla Foundation examined the safety and security of a number of connected devices that are likely to be a hit with shoppers over the holiday season this year. The company warned that a number of the connected devices it tested, particularly drones and smart speakers, could spy on users and their children, or expose their personal information. Highlighting the risk to children, of the 18 products reviewed in the toys and games category, Mozilla found that just five met its “minimum standards”.

This all goes to show that connected device makers are paying little if any attention to the guidance being offered by researchers and governments. Instead, they are continuing to pump out inadequately-secured devices that not only pose a threat to the consumers who buy them, but also to businesses that could be targeted in DDoS attacks, and in some cases even national security. On current evidence, it is clear that these companies simply will not act unless they are compelled to, making it vital that governments across the world move quickly to force their hand. With the number of connected devices expected to rocket over the coming years, particularly with the advent of 5G technology, failure to act now may hand hackers access to millions of devices that could be harnessed to commit all manner of cyber-enabled crimes.

Continue Reading

Opinion

Video games and gaming platforms are facilitating serious and organised crime

Published

on

Back in the 80s and 90s, few could have imagined how the gaming industry would evolve. From what many observers assumed to be a causal pastime if not a fad, gaming has become the biggest form of entertainment on the planet, with some 2.5 billion people across the world expected to spend $152.1 billion on the activity this year, according to data from Newzoo. In cash terms, that would represent an increase of 9.6% compared to 2018. With the growth of mobile games and the rise of streaming services such as Google’s Stadia and Microsoft’s upcoming Project xCloud, it would take a brave investor to bet against the industry experiencing further expansion, particularly with the increasing global popularity of esports.

Such rapid growth and success seldom come without some degree of criticism. For the gaming industry, this has come in the shape of concern about the health issues associated with spending long periods of time in front of a screen. As well as worries over physical health, concern has also been raised about how gaming could impact people’s mental wellbeing, with the World Health Organisation recognising video game addiction as an official illness in May of this year. While many questions need to be answered about the potential health risks associated with gaming, be they physical or psychological, the potential for gaming platforms to be exploited by criminals is an issue that receives far less attention, despite the fact that anecdotal evidence suggests this is becoming more of a problem.

Last month, UK thinktank the Royal United Services Institute (RUSI) published a paper in which it explored how organised criminal gangs are using items purchased or acquired in popular gaming titles to launder their ill-gotten gains. Many games these days allow players to either purchase or accumulate virtual currency and other items that will either aid their progress or make their character more powerful. Some of these can be acquired through the purchase of loot boxes, which many game publishers use to monetise their free titles. Loot boxes have been criticised by some campaigners as a from of gambling, as players who buy them often do not know what they contain. Whether purchased or acquired, these items have value in the real world, and as such can be traded for either cash or cryptocurrency.

At the end of October, US video game developer Valve announced that it had been forced to update its popular Counter Strike: Global Offensive (CS:GO) title as criminals had been using it to launder dirty money. The company said it would now prevent players from trading items while in the game after noticing that “worldwide fraud networks [had] recently shifted to using CS:GO keys to liquidate their gains”.

Back in January, the Independent reported that organised criminals had been using Epic Games’ Fortnite to launder money through its in-game V-bucks currency. Working with cyber security firm Sixgill, the Independent discovered that criminals were buying up V-bucks in bulk before selling them on in large quantities on the dark web, and in smaller number on social media platforms such as Twitter and Instagram.

The popularity of Fortnite has also been exploited by cyber criminals, who have in the past sought to take advantage of players’ keenness to acquire free V-bucks. In June of last year, the UK’s Action Fraud agency warned that cyber scammers were fleecing Fortnite players of cash by tricking them into handing over their Fortnite account details. The hackers placed adverts on social media offering free V-bucks. After clicking through from these, victims were asked to hand over their account details, which the hackers used to log in to their accounts and steal money. Cyber criminals would also offer V-bucks in exchange for victims’ phone numbers, which they would then use to call premium rate lines from which they would profit.

Away from these types of scams and the growing problem of match fixing in esports, perhaps the most worrying ways in which games and gaming platforms are being exploited by criminals relate to grooming. The fact that gamers often communicate with one another anonymously online, and that so many gamers are relatively young, makes games and gaming platforms attractive hunting grounds for sexual predators.

In July of this year, British child protection charity the NSPCC revealed that young people on Amazon’s game-streaming video platform Twitch were among the most likely social media users to report experiencing grooming activity online. Earlier this year, a 41-year-old man was arrested in Florida on suspicion of using Fortnite to initiate sexual activity with children. Anthony Gene Thomas and an accomplice were alleged to have used Fortnite’s voice chat feature to meet minors.

As gaming continues to grow, it is not only likely that these problems will persist, but that criminals will find new ways to exploit the ecosystem of an industry that now dwarfs film, television and music. But just as there is little incentive for games developers to take any real action on gaming addiction, addressing money laundering, fraud and grooming across their products is a low priority.

In much the same way that internet and social media firms have been slow to act on crime facilitated by their platforms, games developers will likely do little to address these issues unless forced to do so through political pressure or legislation. As it makes little difference to their profits if these activities take place across their products or not, investing money in addressing them is probably the last thing on games developers’ minds.

 

Continue Reading

Opinion

The evolving threat posed by sextortion scammers

Published

on

threat posed by sextortion scammers

Despite the launch of numerous campaigns to raise awareness of the crime, sextortion scams are on the rise. Back in June, a report from the FBI revealed that complaints relating to extortion increased by 242% to 51,146 in the US last year, with total losses of $83 million, and that the majority of these were part of sextortion campaigns. In the UK, Britain’s National Crime Agency (NCA) warned in 2018 that cases of sextortion reported to police across the country  had risen more than three-fold between 2015 and 2017, noting that it is difficult to arrive at an accurate estimate of how widespread the crime truly is on account of the fact that many victims are too embarrassed to report their experiences to the police.

Sextortion scams typically involve cyber criminals coercing a victim into performing sex acts in front of a webcam and then blackmailing them with the resultant video footage. Scammers will oftentimes threaten to post compromising images and film on public websites or social media platforms, or email it to friends and relatives of the people they target. In many cases, sextortion scams are perpetrated by organised criminal networks that run indusial-scale operations in countries such as the Philippines, where perpetrators can exploit relatively lax local laws and stay largely beyond the reach of law enforcement agencies in the countries in which they target victims. Traditionally, scammers target victims on social media and other online platforms using false identities on the premise they are looking for sex. More recently however, new forms of sextortion scams have been emerging.

These days, it has become commonplace for sextortion scammers to send out phishing emails without having obtained compromising images or film of potential victims beforehand. In these messages, scammers claim to have infected potential victims’ connected devices with malware that has allowed them to take control of their webcam. The scammers go on to claim they have subsequently captured footage of potential victims viewing adult content online, and that unless a ransom is paid in cryptocurrency, this will be distributed to their family and friends. According to cyber security firm Sophos, these types of massage should typically not be taken seriously unless they include evidence that the scammers do indeed possess the compromising material to which they refer. In August, phishing defence firm Cofense published a database of over 200 million compromised email accounts being targeted by a large sextortion scam in which cyber criminals used a “spray and pray” botnet to target potential victims.

In a more targeted variation of this scam, fraudsters use passwords belonging to potential victims compromised in previous data breaches to create the illusion they have more on the people they seek to extort than they do. One example email published by security expert Brian Krebs last year read: “I do know, [PASSWORD REDACTED], is your password. You do not know me and you are probably thinking why you are getting this e mail, correct? Well, actually, I placed a malware on the adult videos (pornography) website and do you know what, you visited this web site to experience fun (you know what I mean).”

But while the scammers behind these types of messages almost certainly do not have the compromising material they claim to possess, the scenario they describe looks likely to become all too real for some adult movie enthusiasts. Earlier this month, US enterprise security company Proofpoint revealed in its latest quarterly report that its researchers had discovered malware that genuinely does allow hackers to capture video from a victim’s webcam. The software, dubbed “PsiXBot”, works on devices running Microsoft’s Windows operating systems, and can be downloaded onto a victim’s computer without their knowledge via dodgy websites or music and video downloads. Once installed, the malware waits for a victim to use a pornography-related search term before activating their webcam and microphone before sending whatever is captured back to its controller.

Law enforcement agencies advise that victims of sextortion scammers never hand over a ransom, even when there is evidence that fraudsters really are in possession of compromising material. Once one payment is made, police say, fraudsters will almost invariably keep coming back for more, and will be highly unlikely to delete any material they do hold. Both the FBI and the NCA have published  advice on what victims should do if they fall victim to a sextortion scam, but in most cases it proves all but impossible to track down perpetrators when cases are reported. While it is of course advisable to make sure that your virus protection software is up to date, with the emergence of malicious software such as PsiXBot, the only real way to stay safe from sextortion scammers is to never do anything in front of a webcam that you would not feel comfortable doing in front of your mother.

Continue Reading

Opinion

Misery, not hedonism, appears to be driving increased drug use among Gen Xers and Boomers

Published

on

Over the past few years, numerous surveys have revealed that Millennials and members of Generation Z are less keen on the consumption of illegal drugs and alcohol than their immediate forebears. In fact, the US Centers for Disease Control and Prevention’s most recent Youth Risk Behaviour Survey showed that alcohol, drug and cigarette consumption have been falling consistently among American teens for at least the past decade. The study also showed that young people in the US are having less sex. Until recently, similar trends were being observed in the UK, where alcohol and drug consumption among young people have also been following a general downward trend for several years now.

Yet despite this, the number of drug-related deaths in both countries is on the rise. Back in August, data from the UK’s Office for National Statistics (ONS) revealed that drug poisoning deaths rose by 16% in 2018. Last August, the CDC said that drug overdoses were estimated to have killed just over 72,280 people in the US in 2017, which represented an increase of some 10% on the previous year. All of this suggests that members of Generation X and Boomers are accounting for a growing proportion of both nations’ problem drug use and drug-related overdose deaths; a trend that appears to be being borne out both statistically and anecdotally.

Back in 2017, the UK’s ONS revealed that people aged between 40 to 49 had the highest rate of drug misuse deaths across England and Wales for the first time ever in 2016. This led to people of that age group being dubbed the “Trainspotting generation” after the Irvine Welsh novel that was popular during their youth. According to ONS researchers, the emerging trend of older people suffering a higher a number of drug overdose deaths was down to the fact that many addicts in the 40 to 49 age group were beginning to lose lengthy battles with substance abuse habits that might have been begun decades ago due to poor physical and mental health.

In a more recent assessment released this August, the ONS said that “people born in the 1960s and 1970s… [were] dying from suicide or drug poisoning in greater numbers than any other generation”. The ONS said that while the reasons for rising drug and suicide deaths in this age group were complex, a high number of those who lost their lives lived in some of the most deprived parts of England.

While it might be easy to conflate drug problems among Boomers and Generation Xers with the hedonistic times in which they came of age, other studies have also suggested that this might be too simplistic a view. In a paper published in April, researchers at Vanderbilt University in the US state of Tennessee noted that high levels of depression, suicidal ideation, drug use and alcohol abuse identified among middle-aged white Boomers was beginning to impact the youngest members of Generation X. Lauren Gaydosh, Assistant Professor of Medicine, Health and Society and Public Policy Studies at Vanderbilt, forecast that midlife mortality may begin to increase across a range of demographic groups, adding: “Public health efforts to reduce these indicators of despair should not be targeted toward just rural whites, for example, because we’re finding that these patterns are generalised across the population.”

Earlier this month, new figures published by the UK’s National Health Service (NHS) revealed that the number of English pensioners aged over 90 being admitted to hospital after suffering from psychological and behavioural disorders following cocaine use had risen ten-fold over the past decade. This came almost a year after similar data revealed that the number of over-45s in the UK seeking medical attention after suffering serious mental health problems as a result of drug use had risen by 85% over the previous decade. Speaking with the Guardian at the time, Ian Hamilton, Associate Professor of Addiction at the University of York, said: “[Older people] are more likely to have had longer drug-using careers, so they will need longer in specialist drug treatment. However, unfortunately treatment services are being directed to offer abstinence-based services rather than maintaining this group on substitute drugs like methadone.”

Both ONS studies and the Vanderbilt paper suggest that rising problem drug use and overdose deaths among older people in both the UK and the US have little to do with them being children of the second summer of love or having grown up believing heroin chic was the epitome of cool. Instead, evidence indicates that the growing number of people experiencing problems with drugs in later life appear to be among the most vulnerable in society, suggesting that labelling them with nicknames such as the “Trainspotting generation” might at the very least be treating the problems they face with undue flippancy.

While it may be the case that some Boomer or Gen X drug users might have been living with a habit for decades, it would seem that many are pushed to use illicit substances as a result of the undesirable life situations in which they have found themselves, and not as part of ill-advised efforts to relive the hedonism of their youth.

Continue Reading

Newsletter

Sign up for our mailing list to receive updates and information on events

Social Widget

Latest articles

Press review

Follow us on Twitter

Trending

Shares