April 11, 2014
Hackers Hide In Takeout Menus And Soda Machines
Despicable and inconveniencing though they are, the ingenuity and commitment of hackers is sometimes admirable. The latest report is of business being targeted in unexpected areas, when hackers think of obscure places to hide which may be connected to more important parts of an organization’s electronic system.
For example, a company may have a watertight (or almost watertight) security system for all their databases and the electronic workings of their company, but the catering company who takes care of their vending machines and its supplies may not. Now that those caterers are connected to the company, so that they know when the machines are out of stock for example, a backdoor entry point into the system is inadvertently offered to hackers.
Another similar occurrence was a big oil company being attacked when hackers infected the online menu of a Chinese restaurant, which they knew to be popular with employees of the oil company, with malware. When the employees visited the site, they unwittingly downloaded a code that gave invaders a way into the huge system of organization.
A recent payment card breach at Target was the result of gaining entry through the heating system. It is nice for the heating to be controlled and monitored remotely, but it is also an Achilles’ Heel. Security researchers also found that the circuit breakers at one of the Sochi Olympic arenas could be breached via the heating and cooling supplier.
The New York Times says that “a survey of more than 3,500 global I.T. and cybersecurity practitioners conducted by a security research firm, the Ponemon Institute, last year found that roughly a quarter — 23 percent — of breaches were attributable to third-party negligence.” A further significant number of invasions cannot have a source attributed to them.
This news comes in the week that we are being told, somewhere close to the headlines, that we should all change all of our online passwords immediately. It relates to OpenSSL – one of the systems responsible for the little padlock in your web browser. Its purpose is to scramble data as it passes from server to another, so that only those who are supposed to can make sense of it.
Now, a flaw has been revealed to have existed for more than two years, which allows unwanted access to the ‘secret keys.’ Security experts, according to the BBC, “said that if attackers made copies of these keys they could steal the names and passwords of people using the services, as well as take copies of their data and set up spoof sites that would appear legitimate because they used the stolen credentials.”
All of this begs the question, I suppose, of whether some of the systems we use are really necessary. It’s nice that we don’t have to go without a Milky Way chocolate bar for twenty four hours because the catering company can pounce as soon as the system reads ‘empty,’ but them not losing out on money is the main motivation, not our chocolate craving. In the end, we could all lose out on a lot more.
Image Credit: Thinkstock