Tag Archives: cyber weapon

Supply-chain is becoming huge National security issue

Abstract

The Huawei problem is simple to explain. The company is based in China and subject to the rules and dictates of the Chinese government. The government could require Huawei to install back doors into the 5G routers it sells abroad, allowing the government to eavesdrop on communications or — even worse — take control of the routers during wartime. Since the United States will rely on those routers for all of its communications, we become vulnerable by building our 5G backbone on Huawei equipment.

It’s obvious that we can’t trust computer equipment from a country we don’t trust, but the problem is much more pervasive than that. The computers and smartphones you use are not built in the United States. Their chips aren’t made in the United States. The engineers who design and program them come from over a hundred countries. Thousands of people have the opportunity, acting alone, to slip a back door into the final product.

……….

Technical solutions fall into two basic categories, both currently beyond our reach. One is to improve the technical inspection processes for products whose designers provide source code and hardware design specifications, and for products that arrive without any transparency information at all. In both cases, we want to verify that the end product is secure and free of back doors. Sometimes we can do this for some classes of back doors: We can inspect source code this is how a Linux back door was discovered and removed in 2003 or the hardware design, which becomes a cleverness battle between attacker and defender.

Read more in

https://www.schneier.com/blog/archives/2019/09/supply-chain_se_1.html

Advertisement

Must read: The 7 Most Dangerous Technology Trends.

Abstract

1.  AI Cloning 

With the support of artificial intelligence (AI), all that’s needed to create a clone of someone’s voice is just a snippet of audio. Similarly, AI can take several photos or videos of a person and then create an entirely new—cloned—video that appears to be an original.

2.  Drone Swarms 

The British, Chinese, and United States armed forces are testing how interconnected, cooperative drones could be used in military operations.

3.  Spying Smart Home Devices 

For smart home devices to respond to queries and be as useful as possible, they need to be listening and tracking information about you and your regular habits.

4.  Facial Recognition 

There are some incredibly useful applications for facial recognition, but it can just as easily be used for sinister purposes. China stands accused of using facial recognition technology for surveillance and racial profiling.

5.  Ransomware, AI and Bot-enabled Blackmailing and Hacking 

When high-powered technology falls into the wrong hands, it can be very effective to achieve criminal, immoral, and malicious activities. Ransomware, where malware is used to prevent access to a computer system until a ransom is paid, is on the rise according to the Cybersecurity and Infrastructure Security Agency (CISA).

6.  Smart Dust 

Microelectromechanical systems (MEMS), the size of a grain of salt, have sensors, communication mechanisms, autonomous power supplies, and cameras in them. Also called motes, this smart dust has a plethora of positive uses in healthcare, security, and more, but would be frightening to control if used for evil pursuits.

7.  Fake News Bots 

GROVER is one AI system capable of writing a fake news article from nothing more than a headline. AI systems such as GROVER create articles more believable than those written by humans. OpenAI, a nonprofit company backed by Elon Musk, created “deepfakes for text” that produces news stories and works of fiction so good, the organization initially decided not to release the research publicly to prevent dangerous misuse of the technology.

Reference

https://www.forbes.com/sites/bernardmarr/2019/09/23/the-7-most-dangerous-technology-trends-in-2020-everyone-should-know-about/#166c16177780

CyberSecurity: Hackers can steal your card info at a gas station using card skimmers

What is the Card Skimmer?

Credit card skimming is a type of credit card theft where crooks use a small device to steal credit card information in an otherwise legitimate credit or debit card transaction. When a credit or debit card is swiped through a skimmer, the device captures and stores all the details stored in the card’s magnetic stripe.

You might be wonder how each & everything is weaponized to steal your hard earned money.

Gas station pumps are a different story, however. Most can easily be opened using a universal key which isn’t hard to acquire, allowing the skimming hardware to be installed inside so it’s completely invisible to unsuspecting users

To retrieve the data that’s collected throughout a day, like card numbers and PINs, criminals just need to pull up nearby and download it all over a wireless Bluetooth connection. 

How does hacker use card skimmer?

Read more in https://www.thebalance.com/how-credit-card-skimming-works-960773

Is there any solution to this problem?

The team from the University of California San Diego, who worked with other computer scientists from the University of Illinois, developed an app called Bluetana which not only scans and detects Bluetooth signals, but can actually differentiate those coming from legitimate devices—like sensors, smartphones, or vehicle tracking hardware—from card skimmers that are using the wireless protocol as a way to harvest stolen data. 

So far Bluetana app has identified successfully 42 Gas stations in United States. As of now, details of smartphone app has not been public because of hackers will find a way to bypass app algorithm.

Must read Paper: Measuring the Changing Cost of Cybercrime

Abstract

As everything has gone online – including crime – governments struggle to keep up, and want to know how much should be spent on cybersecurity. Policymakers want accurate statistics of online/electronic crime and abuse. However, many of the existing surveys are carried out by organisations (such as security vendors or police agencies) with a particular view of the world and often a specific agenda.

Economic models also provide useful insights. Globalisation means that for much online crime, the perpetrators and victims are in different jurisdictions, reducing both the motivation and the opportunity for police action. Outside the EU, mutual legal assistance was not intended for routine police and criminal justice cooperation but for rare and serious cross-border crimes. Industry incentives remain mixed: the real winners from spam may be firms like Google, Microsoft, and Facebook as people are driven to webmail services with their better spam protection or switch to instant messaging services.

Read mores in

https://weis2019.econinfosec.org/wp-content/uploads/sites/6/2019/05/WEIS_2019_paper_25.pdf

CyberSecurity: Triton is the world’s most murderous malware & It’s spreading.

Abstract

The hackers had deployed malicious software, or malware, that let them take over the plant’s safety instrumented systems. These physical controllers and their associated software are the last line of defense against life-threatening disasters. They are supposed to kick in if they detect dangerous conditions, returning processes to safe levels or shutting them down altogether by triggering things like shutoff valves and pressure-release mechanisms.

How dangerous it is?

The malware made it possible to take over these industrial systems remotely. Had the intruders disabled or tampered with them, and then used other software to make equipment at the plant malfunction, the consequences could have been catastrophic. Fortunately, a flaw in the code gave the hackers away before they could do any harm.

Read more in

https://www.technologyreview.com/s/613054/cybersecurity-critical-infrastructure-triton-malware/