Connected devices will remain vulnerable to hackers until the companies that make them are forced to provide minimum levels of security
Despite the fact that barely a week seems to pass these days without reports emerging of a newly-discovered Internet of Things (IoT)-related security vulnerability, governments and regulators across the globe have consistently failed to force companies that manufacture connected devices to make their products more resilient to cyber attacks. As a consequence, these firms are still able to bring products to market having paid scant regard as to how easily they might be hacked. And who can blame them?
If IoT device producers are not compelled by law to make sure their devices will not leave users vulnerable to being targeted by cyber criminals, it should come as no surprise when they fail to invest the significant amounts of money that would be required to make their products more secure. While this should seem quite obvious, lawmakers the world over have done little but dither when it comes to legislating over a threat that many analysts agree poses a significant danger to consumers. With some experts suggesting there could be as many as one trillion devices connected to the internet by 2025, the time has come to force connected device makers to get their house in order.
While some governments do pay lip service to the problem, few appear to have grasped the importance of moving quickly to ensure that the growing number of connected devices people are using are safe. In some cases, this is not just about protecting consumers’ personal information and their banking details. If hackers are able to gain access to connected cars or online medical devices, lives could be at risk. For their part, lawmakers in the US have this week been considering how to make the IoT more secure. Representatives from device makers told the Senate Commerce Committee Security Subcommittee that they should be permitted to continue with a system that allows them to work with the National Institute of Standards and Technology on voluntary baseline security standards rather than face government legalisation that would compel them to make their devices safer for users. But as Democrats sitting on the committee pointed out, it is clear to see that this approach is failing to produce results anything like quickly enough.
In the UK, the British government has announced plans that could force companies that make IoT devices to place labels on their products that would tell consumers how secure they are. British lawmakers have also said they will consult on forcing connected device manufacturers to build a minimum level of security into their products. Back in February, the European Telecommunications Standards Institute attempted to establish a security baseline for IoT consumer products, which it said would provide a basis for future connected device certification programmes. The organisation laid out 13 recommendations that it said would make such products safer, but owing to the fact that these are not legally enforceable, they amount to little more than a template for best practice.
It is now passed the point where it had to be asked how difficult this can be. Lawmakers have been aware of the growing threat that insecure connected devices pose for the best part of half a decade, but have proved themselves to be wholly unwilling or unable to force companies that manufacture these products to make security a priority. Meanwhile, hackers continue to have a field day exploiting the millions of poorly-secured IoT products that are flooding into consumers’ possession. Last month, online security firm Palo Alto Networks revealed that a recently-discovered variant of the Mirai malware was attacking a wider range of IoT devices, allowing hackers to create a botnet that could be used to launch distributed denial-of-service (DDoS) attacks. Elsewhere in April, Security researcher Paul Marrapese said that hundreds of thousands of IoT devices including baby monitors and smart doorbells have serious vulnerabilities that allow hackers to hijack them and spy on their owners. Marrapese claimed affected products were using peer-to-peer (P2P) features that allow users to connect to their devices the moment they come online.
In many cases, he myriad IoT vulnerabilities that are currently being discovered with such alarming regularity would not occur in the first place if device makers had been forced to ensure their products were robust enough to withstand the unwanted attention of hackers. Unfortunately, as things stand at present, none of this is likely to change for the better any time soon. Until governments across the world are bold enough to accept that allowing technology firms to self-regulate when it comes to security simply does not work, the willingness of these companies to cut corners where their customers’ online safety is concerned will continue to be all that cyber criminals need to successfully exploit the exponential growth of the IoT.
Why you should worry about more than your device’s search history when viewing porn online
Many adult website users assume they can cover their tracks by turning to their web browser’s incognito mode whenever they want to view explicit pictures or videos online. While it is true that using this type of technology will keep visits to sites that host such material out of a user’s internet search history, pornography enthusiasts should be aware that their adult viewing activity will still be very far from secret.
The majority of porn fans will be smart enough to realise that their online viewing habits will be visible to their internet service provider even when a web browser’s incognito mode is being used, but it will be likely that few spend too much time worrying about this. Others might feel quite comfortable signing up for premium services from their adult entertainment purveyor of choice, and have no qualms about providing their email address and credit card details while doing so.
However, several recent and historic data breach incidents suggest that pornography fans would be well advised to put as much time and effort into worrying about how much information is recorded about their adult entertainment consumption in data centres across the globe as they do into threating about the personal search history on their devices.
Just last week, it was reported that researchers at cyber security firm TurgenSec had discovered that a database left unsecured by UK telecoms and entertainment giant Virgin Media contained information linking some of its customers to porn sites. Responding to Virgin’s initial claim that the database only contained “limited contact information”, TurgenSec issued a statement on its website explaining that the exposed information in fact linked customers to “[r]equests to block or unblock various pornographic, gore related and gambling websites, corresponding to full names and addresses”. Virgin said the information on the database had been accessed on at least one occasion by an unknown user, raising the prospect that the details on it could be used by hackers to target Virgin customers in sextortion scams.
Although such breaches are rare among major internet service providers and telecom firms, partly on account of how tightly regulated they are, information held by adult websites themselves can be much more vulnerable. Perhaps the most notorious breach of an adult website’s database came in 2015 when a hacking group obtained information relating to the users of Ashley Madison, an online dating site that facilitates affairs between married people and those in long-tern relationships.
While not a pornography website per se, people whose personal information was linked to the service found that the impact on their lives was devastating. Having threatened to do so for weeks, the cyber criminals behind the breach leaked the names of 32 million users of the site in August 2015, resulting in people losing their jobs, their relationships, and in some cases even taking their own lives. Soon after the exposure of the Ashley Madison database, sextortion fraudsters launched campaigns to exploit the fears of those who might have appeared on it.
Over the intervening years, numerous porn sites across the world have leaked their users’ details, potentially putting them at of these types of scams. In July 2019, researchers at Cornell University published a paper that revealed 93% of the adult websites they studied were leaking data to third-party entities, such as online advertisers or web analytics providers. “Everyone is at risk when such data is accessible without users’ consent, and thus can potentially be leveraged against them by malicious agents acting on moralistic claims of normative gender or sexuality,” the researchers wrote.
In January of this year, online security firm vpnMentor revealed that porn cam network PussyCash had exposed the details of thousands of “models”, leaking over 875,000 files that included photographs of amateur porn performers in which their faces could be seen alongside personal information including names, dates of birth and passport information. Back in 2016, the names of nearly 800,000 registered users of pornography website Brazzers were exposed in a data breach, with information relating to visitors’ sexual preferences and favourite adult performers posted by hackers online.
As well as exposing porn site users to embarrassment and potential blackmail, these types of data breaches have scuppered efforts to make the internet safer for children in some countries. UK proposals to force porn viewers to sign up to an age verification system before accessing their preferred adult content were dropped last year partly on account of privacy and security concerns. The upshot of all this is that anybody who is partial to watching pornography online should probably worry just as much about how much information about their viewing habits is being stored on databases around the world as they do about the information in their internet browser.
Scammers the world over are exploiting public fears over the coronavirus outbreak
Scammers across the globe are looking to profit from public fears over the coronavirus outbreak, with reports the world over highlighting how fraudsters are seeking to exploit the panic created by the spread of the disease.
On Wednesday, Kyodo News reported that authorities in China have seized more than 31 million counterfeit or substandard face masks as members of the public clamour for such products amid a countrywide shortage.
China’s Ministry of Public Safety said police in the country have dealt with 688 cases involving the manufacture and sale of fake and substandard protective materials, arresting over 1,560 people while doing so.
China’s state-backed Xinhua news agency quotes the ministry as saying that as of Monday, law enforcement officers across the country had dealt with some 22,000 criminal cases related to the coronavirus outbreak.
Addressing a press conference in Beijing this week, Vice Minister Du Hangwei revealed that a total of 4,260 suspects have been detained in relation to these alleged offences.
On Sunday, the UK’s People newspaper revealed that phishing scammers are sending elderly and vulnerable British citizens emails that purport to be from the country’s National Health Service in which they demand a payment of £169.99 ($216) for access to “rapid and effective treatment” for the disease.
Elsewhere, Business Insider reports that Facebook has announced that it will take down bogus adverts that guarantee a cure, create a sense of urgency or otherwise attempt to profit from the virus.
In a statement, the company said: “In the weeks after the World Health Organisation (WHO) declared a public health emergency, Facebook is working to support their work in multiple ways, including taking steps to stop ads for products that refer to the coronavirus and create a sense of urgency, like implying a limited supply, or guaranteeing a cure or prevention.
“For example, ads with claims like face masks are 100% guaranteed to prevent the spread of the virus will not be allowed.”
In a similar move, USA Today reports that online retail giant Amazon has warned third-party face mask sellers about marking up prices to take advantage of fears over the coronavirus outbreak.
While vendors on Amazon are generally allowed to change the price of their products within reason, the company’s policy states: “If we see pricing practices on a marketplace offer that harms customer trust, Amazon can remove… the offer, suspend the ship option, or, in serious or repeated cases, suspending or terminating selling privileges.”
In January, NutraIngredients-USA revealed that the US Natural Products Association (NPA) had asked federal authorities to monitor dietary supplement companies that claim their products can be used to treat the coronavirus.
NPA President and CEO Daniel Fabricant commented: “We have been in touch with some of the ecommerce organisations.
“We are urging them to take a look at how marketers that sell on their sites are tagging products.”
Earlier in February, the US Federal Tarde Commission warned that fraudsters are seeking to take advantage of fears surrounding the disease by setting up websites to sell bogus products targeting potential scam victims through misleading social media posts and phishing emails.
The commission warmed that such social media posts or phishing messages often appear to promote awareness of the disease and may include prevention tips.
They might also ask readers to donate to victims of the virus, or offer advice on unproven treatments, and will often include malware in the form of attachments or links to websites controlled by hackers designed to harvest victims’ personal and financial information.
Offering similar advice this month, UK anti-fraud organisation Cifas cautioned the British public to be on the lookout for scams designed to prey on fear and anxiety over the spreading of the virus.
In a statement, Cifas CEO Mike Haley said: “Fraudsters are always looking for new ways to prey on people’s fear and anxieties, and so it’s very likely that these scams will only increase as coronavirus spreads.
“My advice is to not let fraudsters scare or pressure you into making any hasty decisions. Take your time and do your research, and remember to never hand over personal or financial details – don’t let criminals benefit from this serious situation.”
Separately, the WHO, which is leading global efforts to control the outbreak, has warned that cyber criminals are using its name in a bid to steal money and personal information from victims online.
The UN agency said it would never ask people to log in to any website to view safety information related to the coronavirus, and would never email unsolicited attachments.
The WHO also noted it would never prompt people to visit a website other than its own, and would never charge money to apply for a job, register for a conference, or reserve a hotel.
“WHO is aware of suspicious email messages attempting to take advantage of the 2019 novel coronavirus emergency,” the organisation said.
“Using this method, criminals can install malware or steal sensitive information.”
How America’s methamphetamine crackdown enriched Mexican drug cartels and made the country’s problem with the drug worse
Up until 2006, the overwhelming majority of methamphetamine consumed in the US was manufactured in domestic labs scattered across the country. Then, at what came to be considered the peak of the country’s meth use epidemic, new legislation was introduced that made it much more difficult for producers of the drug to get hold of the ingredients required to make it. The 2005 Combat Methamphetamine Epidemic Act included much stricter controls on the sale of ephedrine, pseudoephedrine and phenylpropanolamine, and resulted in a sharp fall in the amount of meth produced in the US.
Thanks to the introduction of laws such as these and numerous crackdowns on US methamphetamine manufacturers launched by the Drug Enforcement Administration (DEA), domestic production of the substance was almost eradicated during the latter part of the mid-2000s, save for small time producers using the highly dangerous so-called “shake-and-bake”. But rather than ending the country’s problem with the drug, these developments opened a huge opportunity for Mexican trafficking cartels, which have over the intervening years more than plugged the gap left in the market.
While the Combat Methamphetamine Epidemic Act did result in a fall in the number of meth users and hospital admissions related to use of the drug in the immediate aftermath of its introduction, the emergence of Mexican labs turning out huge quantities of what has come to be referred to as “super meth” soon began to reverse any gains. Having fallen to a low of 314,000 in 2008, the number of American’s using methamphetamine in 2018, the most recent year for which data is available, rose to 1.9 million, according to the 2018 National Survey on Drug Use and Health. This was equivalent to a rise from 0.1% of the US population to 0.7%. Experts agree that the drug’s extraordinary comeback is being driven almost exclusively by Mexican cartels skilful exploitation of US efforts to end domestic production of methamphetamine.
Unlike what was being produced in domestic labs, the meth coining into the US from Mexico is typically close to 100% pure and can cost as little as $5 a hit. The price of the drug has plummeted over recent years thanks to the sheer volumes the cartels are bringing into America, making it even more attractive to addicts looking to get as a long a high as possible for their money. In July of last year, federal drug data seen by NPR revealed that seizures of meth by US law enforcement agencies rose 142% between 2017 and 2018.
In November of last year, acting US Customs & Border Protection Commissioner Mark Morgan warned that super labs in Mexico were flooding America with ever cheaper and purer forms of meth. During a White House press briefing, Morgan said: “The illicit narcotics the transnational criminal organisations are flooding the US with are making their way to every town, city, and state in this country. It isn’t just a border issue. Make no mistake: If your city, town, or state has a meth problem, it came from the southwest border.”
Away from National Survey on Drug Use and Health data, other indicators suggest super meth is beginning to take its toll on users. At the end of January, the US Centres for Disease Control and Prevention revealed that between 2012 and 2018, the rate of drug overdose deaths involving psychostimulants such as methamphetamine increased nearly five-fold. Separately, a study published by Millennium Health in the JAMA Network journal this January revealed that use of methamphetamine is rocketing across the US, with the number of urine samples testing positive for the drug rising from about 1.4% in 2013 to around 8.4% last year. The findings of the study suggested that “methamphetamine-related overdose deaths [especially] may continue to increase”.
As part of its efforts to stem the flow of methamphetamine flooding into the country, the DEA last week launched Operation Crystal Shield, which will see the agency target major methamphetamine trafficking hubs in locations such as Atlanta, Dallas, El Paso, Houston, Los Angeles, New Orleans, Phoenix and the St Louis Division. The DEA said in a statement that these locations accounted for 75% of all methamphetamine seizures made in the US last year.
But with the Mexican cartels coming up with evermore ingenious methods of sneaking their products into the country, including bringing methamphetamine into the US in liquid form, the DEA will have its work cut out. While well intentioned, the mid-2000s crackdown on America’s methamphetamine crisis not only appears to have opened up an extremely lucrative new line of business for Mexican trafficking gangs, but may very well also have made the country’s already disastrous relationship with the drug much worse.
- Oligarques russes et pétrole vénézuélien
- Crooked vendors exploiting flaw in eBay’s feedback system to con buyers into purchasing bogus and dangerous items
- Major ‘lover boy’ prostitution gang broken up by coalition of European law enforcement agencies
- Taking cocaine will not cure people struck down with the coronavirus, French government warns public
- US politicians call for state action against Pornhub over allegations it hosted rape and child abuse videos