More on this book
Community
Kindle Notes & Highlights
Whether motivated by politics or profits or mayhem, the cost of cyberattacks has now eclipsed $400 billion a year,
There are three main types of cyberattacks today: attacks on a network’s confidentiality, availability, and integrity.
names, phone numbers, email addresses, and physical addresses—from about 70 million customers.
The second type of cyberattack hits a network’s availability—attacks typically known as denial-of-service (DoS) or distributed denial-of-service (DDoS) attacks.
How did the Syrian Electronic Army do it? They used a simple computer technique called phishing. To phish, a hacker typically sends an email that comes from what looks like a legitimate source.
North Korea is a hellhole of a country, with a per capita GDP of less than $2,000—lower than Yemen, Tajikistan, and Chad and about one-sixteenth the size of South Korea’s GDP.
Notably, all of North Korea’s Internet connectivity is supplied by a single Chinese company, China Unicom.
As the Internet grows, it is expanding not simply to new users but to entirely new devices, well beyond standard computers, tablets, and smartphones.
The digitization of nearly everything is poised to be one of the most consequential economic developments of the next ten years.
Chambers predicts that the Internet of Things will grow to be a $19 trillion global market. For context, the GDP of the entire world is currently just a little more than $100 trillion.
The growth of the Internet of Things is motivated by four main drivers. The first is the number of Internet-connected cars on the road, expected to grow from 23 million in 2015 to 152 million in 2020.
The second driver is the advent of wearable technology, which doubled in use between 2013 and 2014. The third driver is the addition of smart controls in our homes, from thermostats ...
This highlight has been truncated due to consecutive passage length restrictions.
revenues generated from smart home services are expected to reach a global market val...
This highlight has been truncated due to consecutive passage length restrictions.
“Security has often been an afterthought in the design of those systems,” says Chris Bronk, a computer and information systems professor at the University of Houston. The
In the Target hack, the tens of millions of credit card records were accessed because of a hack on Fazio Mechanical, a small company in Sharpsburg, Pennsylvania, that does heating, air-conditioning, and refrigeration jobs.
Because all of these were connected, the hackers were able to install card-logging malware en masse on the point-of-sale consoles. Target is a company with a market capitalization of more than $50 billion and 347,000 employees,
As he was explaining this to me, I was imagining what could happen if a system controlling home care robots were hacked. Could it be a way to hurt people? In July 2015, hackers managed to remotely infiltrate and shut down a Jeep Cherokee while it was speeding along the highway. What if, 20 years from now when some variant of the Google car has taken over the highways,
It’s hard to imagine your refrigerator being hacked, but the reality is that it has already happened.
Proofpoint’s findings reveal that cyber criminals have begun to commandeer home routers, smart appliances and other components of the Internet of Things and transform them into ‘thingbots’ to carry out the same type of malicious activity.”
another use for these kinds of “thingbots” could be to mine cryptocurrencies.
a fridge doesn’t have a traditional user from which you could steal anything at all, but they do have computing power, and they are online,” says Hypponen. “I am forecasting that we will see toaster botnets—infected toasters,
but we will see them getting infected for their computing power to mine cryptocurrencies of the future. That’s going to happen.”
When I was growing up in West Virginia, it was considered smart to cancel home delivery of your newspaper when leaving for vacation so that burglars would not see a stack of papers in
With connected homes, today’s smart burglar is able to hack inside a smart home network and monitor when people are home. They can gather precise data about the comings and goings of everybody living in the home.
lookout for threats to the government’s and the military’s infrastructure.
Gosler has earned numerous awards: the CIA’s National Intelligence Medal of Achievement, the DONOVAN Award, the Intelligence Medal of Merit, the CIA Director’s Award, and the Clandestine Service Medallion. He has also earned the Legion of Merit for exceptional meritorious performance, one of only two US military decorations awarded as a neck order. The other is the Medal of Honor—the highest award given by the US government.
Gosler shares his fears of the potential for cyberattacks. While the rest of us enjoy technology (e-commerce, online banking, Uber), Gosler looks for the vulnerabilities:
He cites the example of GPS and navigation. People in the navy once knew how to navigate by looking at the stars to determine where they are and what course to set. “Nobody knows how to do that now,” says Gosler. Our navy is bound to GPS to navigate the world, and so is just about everyone who owns a smartphone.
But Gosler says that GPS is hackable. The damage could be benign—getting lost driving to a meeting—or it could be catastrophic. Imagine, for instance, if someone were able to hijack GPS systems and then direct military units on patrol toward enemy positions.
Ultimately, Gosler believes that the prevention of the worst kind of cyberattacks, like those against power plants or air traffic control systems, falls into the domain of government.
With the weaponization of code evolving to include infrastructure connected
Gosler calls for us to recruit, train, and mobilize a new force of cyberwarriors.
We need ten thousand to thirty thousand,” Gosler says. The government’s relative lack of top cybersecurity personnel is exacerbated by the choices that people with serious cyberskills have as they enter the workforce.
For a computer scientist with cyberspecialization, government has to compete with higher-paying private sector jobs. Cybersecurity professionals in the United States already have an average annual salary of $116,000, nearly triple the average median income. Protecting corporate networks is better paying than protecting the GPS system.
Plus, there is so much economic entanglement in the world today that if there’s a massive failure of US banking, that just doesn’t affect the United States. Or if there was a massive impact in European or Japanese banking, the global ripple effect of all that is pretty significant.”
Gosler’s is not a lone voice. James R. Clapper, director of national intelligence, warned Congress in February 2015 that cyberattacks pose a greater long-term threat to national security than terrorism. Gosler wants the United States, with the government in the lead role and the private sector supporting it, to take on a massive effort to provide cyberdefense that protects the United States but also much of the rest of the world.
from working in windowless rooms with access to the most sensitive information. And his tone is the same as most of those who have worked at the highest ranks of government. As a rule of thumb, the higher-ranking the person in government, the more apocalyptic his or her language about cyber.
My Silicon Valley friends are more technologically optimistic than the military, CIA, and diplomatic officials, but that’s because they have not sat in the White House Situation Room and been witness to some of what has been averted. They know about the hacks against Sony, Saudi Aramco, and Target, and they know they have to beef up their own cyberdefenses, but most of them don’t know what we have missed.
RUSSIA INVADING WITH BOTS AND BOOTS
As protests stormed through the Ukrainian capital of Kiev at the beginning of 2014, the United States and European nations were watching closely to see if Russian troops were mobilizing at the Ukrainian border, primed for intervention or invasion. But long before
Ukrainian computer networks years earlier had been infected by the cyberespionage package Ouroboros, named for the Greek mythological serpent pictured eating its own tail. The malware was “designed to covertly install a backdoor on a compromised system, hide the presence of its components, provide a communication mechanism with its [command and control] servers, and enable an effective data exfiltration mechanism.”
Tracking this kind of activity requires looking for malware callbacks, which are basically the communications sent from infected or compromised computers back to the command-and-control server of the attacker.
FireEye, a global network security company that analyzes millions of these communications annually, tracked the evolution of malware callbacks and found a correlation between the overall number of callbacks from Ukraine to Russia and “the intensification of the crisis between the two nations.”
Even after the pro-Russian leader of Ukraine resigned and fled the country, the cyberattacks continued. Shortly before the Ukrainian presidential election in May 2014, the Ukrainian Security Service (SBU) announced that it had arrested a group of pro-Russian hackers who tried to disrupt the election results. According to SBU head Valentyn Nalyvaichenko, the hackers had compromised the main servers
As SBU was foiling the attack on the night of the election, Russia’s state-owned Channel One reported that far right–sector candidate Dmitro Yarosh, who had received less than 1 percent of the vote, was leading the election with 37 percent of the vote, showing a screenshot of the Central Election Commission website. The screenshot was from the hacked site, and SBU noted that
Pro-Russian hacktivist group CyberBerkut ultimately took credit for the hack, and Channel One did its job misinforming and manipulating the public.
In 2007, Estonia relocated a controversial Soviet war memorial, the Bronze Soldier, from the center of the capital city of Tallinn to a military cemetery. To many Estonians, the monument, which honored Red Army liberators, was a symbol of Soviet occupation following World War II. To Estonia’s Russian community, the monument symbolized the Soviet victory over Nazi Germany. The move by Estonian authorities riled the Russian Federation
Estonia’s foreign minister, Urmas Paet, accused the Kremlin of direct involvement. Eventually a Kremlin-backed patriotic youth group, Nashi (“Ours”), took responsibility for the series of DoS attacks:
“We did not do anything illegal. We just visited the various Internet sites, over and over, and they stopped working.”
Just before Russian tanks rolled into Georgia in August 2008, botnets were already on the offensive, inundating Georgian government
