HACK-IN-A-BOX

Idealog - - OPEN SEASON -

1)Best at hid­ing in plain sight: This June, Rus­sian hack­ers used Brit­tany Spear’s of­fi­cial In­sta­gram to com­mu­ni­cate by plant­ing coded mes­sages within com­ments on her posts. Ran­dom phrases like “#2hot make loved to her, uupss HHot #X” were ac­tu­ally ways to re­lay to other hack­ers where to drop stolen in­for­ma­tion in a mal­ware scheme.

2)Worst com­pany ef­forts: In Septem­ber 2016, Ya­hoo dis­cov­ered that at least 500 mil­lion user ac­counts had been breached. To make mat­ters worse the com­pany later dis­closed the hack had hap­pened in 2014 but had only just been found. To make mat­ters even worse again mid-De­cem­ber Ya­hoo dropped another bomb that they had lost the data of one bil­lion users in 2013 (Could you be among them? Head to www. haveibeen­pwned.com to check).

3)Most cre­ative: Just be­cause you’re high up in a sky­scraper, doesn’t mean you’re im­mune from WiFi hack­ing. Re­searchers in Sin­ga­pore man­aged to steal con­fi­den­tial doc­u­ments by us­ing a mo­bilee-nabled drone that sought out open WiFi print­ers.

4)Most wor­ry­ing: Stuxnet was a ma­li­cious com­puter worm that was able to spy on in­dus­trial sys­tems and even cause things like fast-spin­ning cen­trifuges to tear them­selves apart, un­be­knownst to the hu­man op­er­a­tors at the plant. Al­though the cre­ators of Stuxnet haven’t been of­fi­cially iden­ti­fied, the size and so­phis­ti­ca­tion of the worm has led ex­perts to be­lieve that it could have been cre­ated only with the spon­sor­ship of a na­tion­state. Stuxnet was later thought to be used by the US and Is­rael to de­stroy cen­trifuges in an Ira­nian nu­clear en­rich­ment fa­cil­ity.

5)Sim­i­larly wor­ry­ing: In 2016 a new type of mal­ware tar­geted the city of Kiev. The mal­ware aimed at the power gird and led to ma­jor out­ages in the Ukrainian cap­i­tal. Sim­i­lar to Stuxnet, this type of mal­ware aims to cause ac­tual phys­i­cal dis­rup­tion, rather than just dig­i­tal. An up­dated ver­sion had the abil­ity to ‘speak’ to the con­trols and could switch the flow of power on and off. That means Crash Over­ride could per­form black­out at­tacks more quickly, with far less prepa­ra­tion, and with far fewer hu­mans man­ag­ing it. It’s thought the mal­ware gained ac­cess through a Phish­ing email.

6)Toys ‘r’ us: Early this year CloudPets, a con­nected toy that records per­sonal mes­sages and stores them on iCloud was the tar­get for a hack. The de­tails, which in­cluded email ad­dresses and pass­words, were leaked along with ac­cess to pro­file pic­tures and more than two mil­lion voice record­ings of chil­dren and adults who had used the stuffed toys. The record­ings were traded on an on­line site and CloudPets’ orig­i­nal data­base was wiped. CloudPets failed to alert cus­tomers of the breach un­til it be­came pub­lic. And with more con­nected de­vices com­ing on the mar­ket, se­cu­rity ex­perts are pre­dict­ing more breaches like this.

7)Just plain stupid: Don­ald Trump's se­nior aide Kellyanne Con­way sug­gested Barack Obama could have mon­i­tored the Pres­i­dent through a mi­crowave. She claimed surveil­lance could be con­ducted with "mi­crowaves that turn into cam­eras," and added: “We know this is a fact of mod­ern life.”

Newspapers in English

Newspapers from New Zealand

© PressReader. All rights reserved.