Tag Archives: hacks

Halloween’s Most Horrible Hacks

ID-100197712

Courtesy of hyena reality

Halloween happens in just a few days. And on that frightful night some pretty horrifying little creatures will be knocking at your door. Terror and fright on Halloween is all fun and games. But real terror has become part of our lives in the digital age. We have come to fear identity theft, data breaches and other digital age terrors. Everyday someone has a bank account emptied. There are monsters in cyber space. Online digital demons commit evil acts and do horrible things using technology and the Internet. We all need to be aware of the evil that lurks in cyber space. But evil has no limit as hackers are always trying to out do one another. There is a threat in cyber space that could kill thousands and even cripple civilization. Here are some really terrifying Halloween hacks.

1) Aircraft hacking is real. What happened to Malaysian Airlines Flight 370? It disappeared without a trace. Was it hacked? No one knows. It simply disappeared.  IOActive’s Ruben Santamarta said it was possible to hack satellite communications equipment on passenger jets. This is done by hacking into the Wi-Fi and in-flight entertainment systems such as those found on Southwest Airlines. This attack was proven possible but only in a laboratory. Santamarta said a potential attacker could hack the plane’s avionics disrupting or altering satellite communications. The result would be a modification or disruption of the aircraft’s navigation and safety systems. Aviation experts disagree, calling such an attack impossible. But is it? PlaneSploit is an Android app that has demonstrated the ability to take over an aircraft. Created by security researcher and commercial pilot Hugo Teso, the app allows users to control a plane from the ground using an Android phone, a radio transmitter and flight management software. The app is not exactly highly technical but you need some hacking knowledge. PlaneSploit was demonstrated during the Hack In The Box conference in Amsterdam. Teso demonstrated how he could change the flight path of a plane to a crowd. You can use this system to modify approximately everything related to the navigation of the plane,” said Teso, adding, “that includes a lot of nasty things.”

2) Murder by hack! If someone has an implanted medical device an evil person could tamper with it and potentially kill them. Medical devices have the capability of being hacked. In 2012, the late New Zealand hacker Barnaby Jack discovered a way to hack an implanted insulin pump causing it to inject 45 days’ worth of insulin in one shot. He also figured out how to shut down a heart pacemaker. Needless to say either of these hacks would cause almost instant death.

An investigation by the US Department of Homeland Security is focusing on “two dozen cases of suspected cyber security flaws in medical devices and hospital equipment.” These flaws could cause serious injury or death in the recipient. Unnamed sources familiar with the investigation by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) report the devices under investigation include infusion pumps from Hospira Inc. and implantable heart devices from Medtronic Inc and St Jude Medical Inc.

Modern implanted medical devices were never designed to be “hacker proof”. This makes them easy targets for the evil hackers we know are out there. 

3) Disrupt civilization. How would you survive without electricity, water or telephones? What would life be like if you could not buy groceries or gas? What if the traffic lights suddenly stopped working? What if a nuclear power plant became unstable due to a hacker taking over the controls? All these are very, very real possibilities and would most likely create panic even anarchy. Civilization would come to a halt.

University of Michigan security researchers using  a standard laptop hacked nearly 100 wireless networked traffic lights and were able to change the state of the lights on command. A hacker could paralyze a city with this technology.

Research released by Automatak in 2013 revealed 25 vulnerabilities in power plants across North America. The flaws found at electrical substations, water utilities, and power stations left them open to attack. If a hacker so desired they could exploit these vulnerabilities to crash or hijack the servers at these facilities resulting in the loss of utilities for millions of people.  Hackers have also attacked the banking and financial network causing outages at ATMs and retail point of sale systems locations.

4) Are the babies safe?  The connected home is here. Everything in your home can be connected to the Internet and controlled through your mobile device or web browser. And this means that a hacker can hack into your home turn off alarms and open doors for burglars or worse. They could tamper with the thermostat, lighting, sprinklers or other home controls systems. A hacker could penetrate, even take over devices. In April of this year an Ohio couple were awakened by the voice of an unknown man shouting “wake up baby!” through their wireless baby monitor. A hacker had penetrated their home network and was harassing a sleeping child. Cameras throughout the home allowed the hacker to see the child in her bed.  Hackers have taken control of laptops with webcams and microphones and spied on families. Hackers have taken pictures of women nude, including Miss Teen USA, and blackmailed them. Its called sextortion. Smart televisions with cameras and Internet connections have also been hacked and used to spy on people. Devices in the modern connected home present significant security risks. Keep that in mind as we enter the frightening age of the Internet of Things.

5) Empty the prisons. Did you ever see that movie where a small town was overrun and terrorized by escaped convicts? Is this possible? The answer is yes! Modern prisons are now computer controlled. At a recent DEFCON conference in 2011 researcher John Strauchs demonstrated that it is indeed possible to open every cell door in a prison at once. He hacked into an industrial programmable logic controller. The same hack used to attack an Iranian nuclear facility. What would happen if a hacker could do this to prisons or local jails all over the country on the same day?

6) Your car is a death trap! The newest cars are Internet connected with WiFi and Bluetooth technology. New cars no longer use keys. They can be unlocked and operated  using a wireless key fob. You can get GPS directions and Internet radio and movies. But a hacker could decide to disable your brakes while you’re doing 70 mph on the interstate! Maybe a criminal just wants your car and decides to hack the door locks and just drive away…with you in it! Imagine the horror of discovering your steering is locked while driving with your family in the car. These things can happen with the new technology in cars today. Read all about it here in the AACR report “Hack My Ride”

What we are talking about is not an imaginary scenario. Technological terror is real and the next hack could seriously impact the entire nation. Cyber terrorism is the new frontier for terrorists and they are seeking a target. The intend to do damage far worst than the 9/11 attacks. Imagine if every person in the United States woke up to find that our electronic financial infrastructure was crippled and the banks were shut down? It could happen. Ask  the FBI who have an entire division that is dedicated to stopping a cyber terror attack. But most experts agree, it will happen.

Happy Halloween!

 

African-Americans and Data Breaches

national cyberWhy should black people worry about data breaches? Because the loss of data to cyber criminals is an exploding problem and awareness is the only way to protect yourself.

Data is everywhere. Wherever you have used your credit or debit card is a source of data. This is where information about you, your bank, credit records, buying habits and what cards you hold is stored and all with your name on it. If this information gets out “in the wild” people are now in your business and you know how black people feel about that and our money.

Lets look closer at where your information can be found. Here is a list of businesses that may hold information about you and your money. Add to this list any place you have used your credit or debit card.

  • Hotels and resorts
  • Restaurants
  • Ticket sellers
  • Entertainment companies
  • Sports teams
  • Fitness clubs
  • Salons and spas
  • Insurance companies
  • Mortgage companies
  • Utilities
  • Mobile phone providers
  • Internet providers
  • Money managers
  • Banks and credit unions
  • Credit card issuers
  • Hospitals
  • Pharmacies
  • Doctors and Dentist Offices
  • Auto repair shops
  • Hair and beauty salons
  • Daycare providers
  • Retail stores
  • Grocery stores
  • Gas stations

How serious are data breaches? According to USA Today 43% of businesses have suffered data breaches in the past year. Lets be real about that statistic; many of the large businesses will report a data breach especially when the breach involves millions of credit or debit cards. But smaller business may not report a data breach if they even realize they have had one. That’s why you should be concerned.

Not only are data breaches more frequent but they are increasing in size. The latest big data breaches at the big retailers have lost more than 300 million records. You are probably one of millions of black people who have shopped at Target, Kmart and Home Depot. Your data has been stolen.

If you want to see how serious this data problem has become here are a few frightening numbers from KrebsOnSecurity.com.

You would think with the ever increasing size and frequency of breaches businesses would be ready to act. But less than 30% of companies have a data breach response plan or team in place. That number is down from 39% of businesses that didn’t have them in the previous year. So the simple fact is that black people need to be concerned. We have to be knowledgeable and ready to act in the event of a data breach to protect our information.

But data breaches do not just strike retail businesses. Hospitals are big targets for hackers. According to Health IT & CIO Review since March there have been at least ten hospital data breaches. Los Angeles County Medical Facilities  alone lost nearly 170,000 patient medical records.

Director of Threat Intelligence at Phish Labs Don Jackson monitored underground hacking exchanges and found that cyber criminals can make 10 times as much money hacking hospital records than stealing your credit card data.  Hackers steal names, birth dates, and insurance policy numbers then use the data to create fake IDs to buy things like home medical equipment which can later be re-sold. The data is also used to file phony insurance claims. 

Now the question is what happens to all that stolen data. The new gold mine of the criminal world is data. AACR Rule #5, The currency and commodity of the digital age is called information. According to the RAND Corporation National Security Research Division  the stolen data black market has become more profitable than the drug trade. You read that correctly.

What black people should understand is that stolen data is far more than credit card numbers and personal information. Hackers can make money with pictures from your Facebook page and other social media outlets. Hackers see sites like LinkedIn and eHarmony as a treasure trove of passwords that can be used to update their “rainbow tables.” Rainbow Tables are huge databases hackers use to hack harder-to-crack encrypted passwords. Would you believe that hacked Twitter accounts are considered more profitable than stolen credit cards?

The bottom line is that black people are just as vulnerable as other Americans to hacks and data breaches. The difference is that collectively we may not be as savvy to what and how this information is used to steal from us or how to protect ourselves. Its strange because black people use mobile and online banking more than other groups. We need to step up our game.