How do hackers get in?

Published 1:14 am Wednesday, January 16, 2019

By JDavid Derosier

 

Governments and most major companies have installed extensive cybersecurity defenses. However, their weakest links are the contractors and independent devices that have links into their computer networks.

These smaller contractors often do not invest in cyber security at the same levels and many of the independent devices have little or no security.

As a result, hackers who want to get the big fish will most often go after the little fish first to gain access to the big fish. The big fish are referred to as “hard targets” and the little fish as “soft targets”.

Most people think of hacking as someone breaking into computers to steal information. In fact, hacking is not just aimed at computers (or phones).

The big players go after communications networks and often leave “malware” behind for surveillance of everything on the network. Smaller players may just wreak havoc as they go about their work. What’s new in the game are the various ways in which hackers can gain access.

Internet of Things (IoT)

The Internet of Things refers to things connected to the Internet that are neither computers nor communications devices in and of themselves, rather they communicate over the Internet (Wi-Fi) for control purposes. The IoT can include household appliances all the way up to widgets in our petro-chemical plants. For example, security cameras, refrigerators, and even Alexa devices.

Aquarium

An example was given at the Wall Street Journal’s CEO Council annual conference in December. According to Nicole Eagan, CEO of Darktrace, a cyber security company, a casino was hacked through a thermometer in an aquarium in the lobby. The thermometer was connected to the casino’s network to control the water temperature.

Alexa

I was talking just last week with a friend that lives in Orangefield. He was commenting on getting an Echo device from Amazon for Christmas. The Echo device can play music, turn the lights on, or order stuff from Amazon, apparently under the direction of Alexa, who is always waiting for someone to call her name with a request.

When you say the word “Alexa”, she recognizes the word and starts recording your voice. When you have finished speaking, she sends this recording over the Internet to Amazon. Alexa needs the internet to work; Alexa needs the internet to send your recorded words back to Amazon. Alexa provides a listening device right in your own home, one that is programmed to record what it hears and sends it on to a third party.

What do you think Amazon can do with your words? Almost anything they want! And this was not placed in your home by the CIA, you purchased it yourself. Just another piece of the IoT.

Houston Rodeo

Just last week, the Houston Chronicle reported on how computer robot software (“bots”) impersonated customers and tried to order concert tickets for the Houston Rodeo. Their ticket company shut down the offending server and quarantined about 838,000 bots.

In the meantime, up to 2,000 actual customers may have been kicked off the website while in the middle of buying tickets. Those that got kicked off probably couldn’t get back on in time to get tickets before the two concerts that were targeted got sold out. I’ll bet there are some unhappy Rodeo fans out there right now.

WOW! A thermometer, Alexa, even software robots causing a denial of service at the ticket office.

Think about the vulnerabilities you may be introducing into your digital environment. Some might be able to come back and haunt you in the future.

David Derosier consults with small business on planning and marketing issues, and provides web design and hosting services through OhainWEB.com, an accredited business with the Better Business Bureau that is rated A+ by BBB. He can be reached at JDAVID@Strategy-Planning.info