October 18th, 2010
By: Sharon Weinberger
Worried about e-mails that appear to be from your bank but could well be part of a phishing scam? That may soon be the least of your problems. With concerns about cyberattacks on the rise, computer security experts are looking ahead to what they think might be the next wave of attacks.
What they find is that everything from your car to your computer webcam is vulnerable to attack. Here are five new types of attacks:
1) Social Network Attacks: Malware that steals your e-mail contacts, passwords and other personal information is old news. But a new technical paper by a group of Israeli researchers says the cybersecurity community is ignoring a new, more insidious type of attack: one that preys on your entire social network, working to slowly pilfer information about your behavior and life.
Dubbed “stealing reality,” these types of attacks, the researchers argue, are more insidious because the “victim of a ‘behavioral pattern’ theft cannot easily change her behavior and life patterns.”
“Most likely those attacks are currently happening,” lead author Yaniv Altshuler, a research scientist at Ben Gurion University, told AOL News.
Altshuler says the market for this sort of information already exists. “And If there is a buyer, there is a seller,” he added.
2) Attacks on Cars: Today’s automobiles often come equipped with the equivalent of advanced computer systems, which means that like your home computer, they could be vulnerable to attack. In a new paper, researchers at the University of Washington and the University of California, San Diego, say they have demonstrated “the ability to adversarially control a wide range of automotive functions and completely ignore driver input — including disabling the brakes, selectively braking individual wheels on demand, stopping the engine, and so on.”
Everything from your car’s wireless tire-pressure sensors to its stolen-vehicle tracking and recovery system provides opportunities for hackers to gain control of your vehicle without you even knowing.
3) Medical Devices: Today, wireless pacemakers can send your doctor or hospital real-time data on your heart, showing just how far medical devices have come with the help of modern electronics. But with that new technology comes a new threat: the possibility of someone hacking into your medical device or injecting malicious code that disrupts the lifesaving device. Prosthetic limbs, wireless pacemakers and other implantable medical devices might all be at risk.
“This is very real — the bad guys would buy the pieces and just work on them a little bit,” Greg Hoglund, who heads HBGary, a computer security company, told an audience earlier this year at a Northern California Hospital Cyberterrorism Seminar. “It’s amazing someone hasn’t pulled this off yet.”
4) Hacking Your Webcam: Watch out for the light on your computer that shows the webcam is on, even after you think you’ve turned it off. It could be a Trojan computer program operating the camera, taking pictures or even video, and sending it over the Internet without your knowledge. For those who leave their laptops on and open, that’s the equivalent of having Big Brother in your bedroom or office without you knowing.
There are already cases of this happening, for example, in Germany. “A man has been arrested for spying on more than 150 girls in their bedrooms by hacking into their computers and using their webcams to watch them, provoking warnings that others will be doing the same thing,” DPA, the German press agency, reported earlier this year.
5) Smart Phone Attacks: Most consumers worried about cyberattacks associate the threat with their home PCs or laptops. So they often think nothing of downloading applications to their smart phones, which often contain just as much personal information as their home computers.
“Nobody’s making money at the moment with mobile security,” said Mikko Hypponen, the chief research officer of Finland’s F-Secure, according to the San Francisco Chronicle. “But all the players assume that sooner or later we will see a major outbreak or some other major event that will change the situation forever.”
October 7, 2009
The next world war could take place in cyberspace, the UN telecommunications agency chief warned Tuesday as experts called for action to stamp out cyber attacks.
“The next world war could happen in cyberspace and that would be a catastrophe. We have to make sure that all countries understand that in that war, there is no such thing as a superpower,” Hamadoun Toure said.
“Loss of vital networks would quickly cripple any nation, and none is immune to cyberattack,” added the secretary-general of the International Telecommunications Union during the ITU’s Telecom World 2009 fair in Geneva.
Toure said countries have become “critically dependent” on technology for commerce, finance, health care, emergency services and food distribution.
“The best way to win a war is to avoid it in the first place,” he stressed.
As the Internet becomes more linked with daily lives, cyberattacks and crimes have also increased in frequency, experts said.
Such attacks include the use of “phishing” tools to get hold of passwords to commit fraud, or attempts by hackers to bring down secure networks.
Individual countries have started to respond by bolstering their defences.
US Secretary for Homeland Security Janet Napolitano said Thursday that she has received the green light to hire up to 1,000 cybersecurity experts to ramp up the United States’ defenses against cyber threats.
South Korea has also announced plans to train 3,000 “cyber sheriffs” by next year to protect businesses after a spate of attacks on state and private websites.
Warning of the magnitude of cybercrimes and attacks, Carlos Solari, Alcatel-Lucent’s vice-president on central quality, security and reliability, told a forum here that breaches in e-commerce are now already running to “hundreds of billions.”
But one of the most prominent victims in recent years has been the small Baltic state of Estonia, which has staked some of its post Cold War development on new technology.
In 2007 a spate of cyber attacks forced the closure of government websites and disrupted leading businesses.
Estonian Minister for Economic Affairs and Communications Juhan Parts said in Geneva that “adequate international cooperation” was essential.
“Because if something happens on cyberspace… it’s a border crossing issue. We have to have horizontal cooperation globally,” he added.
To this end, several countries have joined forces in the International Multilateral Partnership against Cyber Threats (IMPACT), set up this year to “proactively track and defend against cyberthreats.”
Some 37 ITU member states have signed up, while another 15 nations are holding advanced discussions, said the ITU.
Experts say that a major problem is that the current software and web infrastructure has the same weaknesses as those produced two decades ago.
“The real problem is that we’re putting on the market software that is as vulnerable as it was 20 years ago,” said Cristine Hoepers, general manager at Brazilian National Computer Emergency Response Team.
“If you see the vulnerabilities that are being exploited today, they are still the same,” she underlined.
She suggested that professionals needed to be trained to “design something more resilient.”
“Universities are not teaching students to think about that. We need to change the workforce, we need to go to the universities…, we need to start educating our professionals,” she said.
Pointing out the infrastructure weakness, Carlos Moreira, who founded and runs the Swiss information security firm Wisekey, said legislation is needed to bring cybersecurity up to international standards.