Rampaging Ransomware

How long until we see ransomware infecting smart devices asks a Romanian security researcher?

A few years ago Ransomware was a joke, malware would install a screen that would demand a ransom be paid to ‘unlock’ the computer. It was easy to get around and almost trivial to remove.

Then came Cryptolocker, a nasty piece of malware that would gleefully encrypt a victim’s hard drives, rendering them inaccessible unless a sizeable ransom was paid.

Ransomware suddenly became serious.

Cryptolocker eventually was unpicked with a cracking tool released and the ring’s alleged founder, Evgeniy Bogachev, now on the run from US authorities with a three million dollar reward for his arrest.

A better class of ransomware

Now the gangs running the ransomware scams are even more sophisticated and well resourced with Andrei Taflan of Romanian security company BitDefender describing how Bitcoin values are often tracking ransomware activity.

“When we see Bitcoin values surging we watch for increased ransomware activity. Someone is buying Bitcoins to unlock their data,” Taflan told me last week in an underground bar appropriately called The Rabbit Hole.

Taflan’s colleague Bogdan Botezatu describes how the ransomware problem is getting worse, not better, with Cryptowall patching the weaknesses that led to Bogachev’s downfall.

One of the fascinating aspects of Cryptowall is that it’s polymorpic – it changes shape to elude traditional signature based anti-virus programs. The malware also creates unique Bitcoin wallets to make tracking transaction harder.

Paying the ransom

Many businesses being infected by Cryptowall and having data locked away by an industrial grade encryption program makes it a no brainer to pay the demands. It’s a profitable business.

Faced this rather impressive piece of work, Botezatu raises a chilling prospect about ransomware in the Internet of Things; how long, he asks, will it take ransomware to target more sensitive devices we use, including cars and medical implants?

Botezatu’s concern illustrate why security with the Internet of Things is absolutely essential if industry and the public are to have any confidence in connected devices.

Locking down the firmware of the internet of things

As the smart devices become common in our homes, cars and workplaces suppliers will have to do more to secure their software.

There’s a fundamental problem with smart devices warns Kim Zetter and Andy Greenberg in Wired magazine.

In Why Firmware Is So Vulnerable to Hacking, and What Can Be Done About It, Zetter and Green look at the problem with the embedded software that is shipped with every computerised device from Personal Computers to smart sensors.

The problem with firmware is that it’s difficult to check it’s not been changed, awkward to upgrade and complex to find, the Wired piece mentions how even the batteries in Apple laptops have vulnerable software embedded into their chips.

As the smart devices become common in our homes, cars and workplaces suppliers will have to do more to secure their software.

Why being a unicorn could be a bad thing

Most businesses don’t need big VC type investors to help them grow

Andrew Wilkinson doesn’t want to be a unicorn. In Why I want to be In-N-Out Burger, not McDonalds, Wilkinson describes how he’d rather his business is a sleek racehorse rather than a beautiful, mythical creature.

One of the misunderstandings in the current startup mania is the motivation of founders and proprietors; many haven’t gone into business with the aim of flipping the company to a rich sugar daddy for a billion dollars.

In his great presentation “Fuck You, Pay Me” – essential viewing for anyone starting a business – San Francisco designer Mike Montiero describes “We wanted to pick and choose the clients we were gonna work with and we wanted to be responsible for what we’re putting out in the world.”

For businesses like Montiero’s and Wilkinson, having a venture capital investor looking over their shoulder would be as bad as working for a corporation; ceding control of your work is exactly the reason they started their businesses in the first place.

While the Silicon Valley venture capital model is valid for high growth businesses that need capital to scale quickly, most ventures don’t need those sort of large cash injections early in their development – for many, a million dollar cheque from a VC could prove to be a disaster.

There’s myriad reasons why someone starts a venture and all of them pre-date the current startup mania, it’s why every business is different in its own way.

Closing the video store

The rise and fall of the video rental industry is a cautionary tale of how yesterday’s hot new industry can become a dinosaur within a couple of decades.

The last video store in my neighbourhood is closing down. A few years ago there were six in the suburb.

Last year the US Blockbuster chain closed down its disk rental business and now the same thing is happening in Australia as people move from playing DVDs to streaming or downloading from the internet.

In a generation the video rental industry went from nothing to boom to nothing again; a classic case of a transition effect.

The rise and fall of the video rental industry is a cautionary tale of how yesterday’s hot new industry can become a dinosaur within a couple of decades.

Reducing big data risks by collecting less

Just because you can collect data doesn’t mean you should

“To my knowledge we have had no data breaches,” stated Tim Morris at the Tech Leaders conference in the Blue Mountains west of Sydney on Sunday.

Morris, the Australian Federal Police force’s Assistant Commissioner for High Tech Crime Operations, was explaining the controversial data retention bill currently before the nation’s Parliament which will require telecommunications companies to keep customers’  connection details – considered to be ‘metadata’ – for two years.

The bill is fiercely opposed by Australia’s tech community, including this writer, as it’s an expensive   and unnecessary invasion of privacy that will do little to protect the community but expose ordinary citizens to a wide range of risks.

One of those risks is that of the data stores being hacked, a threat that Morris downplayed with some qualifications.

As we’re seeing in the Snowden revelations, there are few organisations that are secure against determined criminals and the Australian Federal Police are no exception.

For all organisations, not just government agencies, the question about data should be ‘do we need this?’

In a time of ‘Big Data’ where it’s possible to collect and store massive amounts of information, it’s tempting to become a data hoarder which exposes managers to various risks, not the least that of it being stolen my hackers. It may well be that reducing those risks simply means collecting less data.

Certainly in Australia, the data retention act will only create more headaches and risks while doing little to help public safety agencies to do their job. Just because you can collect data doesn’t mean you should.

The IoT’s shaky security

Analysis of the Samsung smart TVs data shows the Internet of Things has a long way to go.

Samsung’s spying TV sets attracted headlines that worried many people but until yesterday no-one had looked at exactly what data was being sent by the devices to Samsung.

Pen Test Partners looked at the data flowing too and from Samsung smart TVs and found that yes, the devices are listening and transmitted data back to their – and other company’s – servers.

That is pretty well what is expected, the real concern though is the quality of what’s being transmitted with Pen Test describing it as a mishmash of code with not even a gesture towards security, “what we see here is not SSL encrypted data. It’s not even HTTP data, it’s a mix of XML and some custom binary data packet.”

One of the concerns about the Internet of Things has been the quality and security of the data being transmitted, the Samsung TV shows both are lacking.

For the IoT to deliver the benefits it promises, connections need to be secure and data reliable. Right now it appears the vendors of consumer products aren’t delivering the basics necessary to make the technologies dependable.

Technology’s crisis of trust

Last night for the monthly ABC Nightlife tech spot we looked at Samsung’s spying TVs and some of the other aspects of security with connected devices.

During the listeners’ calls it became very clear many are worried and scared by technology’s rapid progress. This is a challenge for the leaders of both the tech industry and governments.

Trust in the tech industry isn’t being helped by the revelation Lenovo computers have been loaded with Adware that, among other things, interferes with secure website connections.

Lenovo’s actions raise a serious concern for business as many of those home units may have been connected to office networks under corporate Bring Your Own Device policies and the spoofing of security certificates could cause no end of problems and risks for IT managers.

Another concern Lenovo’s actions raise is about the Internet of Things; if various devices on a network are messing with data integrity, confidence in the information being generated is eroded.

For the tech industry, it’s essential to regain the community’s trust. Equally however it’s essential for business and political leaders to have an honest conversation with voters and workers on how the structure of the workforce is changing.

Adapting to a new economy

A San Francisco taxi company reinvents itself for the app economy.

Taxis have gotten their ass kicked” says Hansu Kim, owner of San Francisco’s oldest taxi company.

Kim’s company, DeSoto, is changing the name it has held since the 1930s to Flywheel in an agreement with the taxi hailing app of the same name. The San Francisco Chronical describes how DeSoto and the city’s other taxi companies are finding times tough now Uber and other services have moved into what was a safe, regulated business.

DeSoto’s move is a sign of the times as older business models evolve; moving to an app based hailing service improves the experience for everybody in the cab industry and radically changes the economics of getting a ride across town.

The main reason for Uber’s success is being able to identify both drivers and passengers which improved confidence in the system. In turn, this changes riders expectations and taxi’s fare structures.

For companies competing with Flywheel the question will be do they participate in this service or do they create their own app. For the industry in general it makes sense to share the infrastructure but for uses it may well be in their interest to have competing apps with different levels of service.

As the levels of car ownership continue to fall, how taxi hailing and car hire apps evolve will drive the development of our cities through this century. DeSoto and Flywheel’s experiment is the start of many as older businesses adapt to a changing economy.

Software ate the demonstration centre

A tour of Telstra’s consumer insights centre shows us the software driven business of the future

Yesterday Australian incumbent telco Telstra took the media on a tour of its showpiece  Customer Insights Centre in downtown Sydney.

The company is justifiably proud of the facility that includes  a 300 person auditorium, broadcast quality TV studio, a restaurant, workshop and collaboration spaces.

Welcoming visitors is the centre’s Insight Ring, a nine metre circle-shaped platform that surrounds guests with digital insights mined from Telstra’s information services. Leading off the reception area are a range of displays showcasing the company’s products and capabilities including wearable technologies, 3D printing and Ged The Robot.

Marking the centre as a modern facility the display spaces where Telstra and its partners can show off technologies to industry bodies and prospective clients.

Ged, the Telstra robot
Ged, the Telstra robot

The previous space two floors higher in the building was beginning to show its age after seven years and the fixed displays of technology in the older facility dated the centre, something that’s a disadvantage in an industry changing as quickly as telecommunications.

In the new centre, the demonstration facility is largely screen based so displays can quickly be adapted to show off the technologies aimed at whichever industry they are pitching.

The fast moving technology world
The software driven demonstration centre

 

Andy Bateman, Director of Segment Marketing at Telstra, who lead the tour was proud to show off the current display that had been set up to showcase the company’s banking products.

telstra_client_demonstration_consumer_insights_centre

Bateman described how the facility can be quickly altered to suit the needs of specific demonstrations, this was a degree of flexibility missing in the PayPal innovation center in San Jose, which is more comprehensive in its displays but requires a major fit out to change anything.

Venture capital investor Marc Andreessen stated that software will eat the world, Telstra’s Customer Insights Centre illustrates this starkly.

However software doesn’t always have the upper hand, just opposite the Telstra centre is the Sydney City Apple Store. In some ways, the two facilities opposite each other illustrate one of the big technological and market battles of this decade.

View of the Apple Store from the Telstra Centre
View of the Apple Store from the Telstra Centre

For most businesses, software will define the future way of working but for the smart hardware vendors will still be making good money.

Your TV is watching you. ABC Nightlife February 2015

For the February 2015 Nightlife we look at spying TVs, the internet of rubbish bins and robot hotels

Paul Wallbank joins Tony Delroy on ABC Nightlife nationally from 10pm Australian Eastern time on Thursday, February 19 to discuss how technology affects your business and life.

If you missed the show, the program is available for download from the ABC site.

For the February 2015 program Tony and Paul look at robot driven hotels, the internet of rubbish bins and how your TV could be listening to you.

Last year a lawyer read the terms and conditions of his new Samsung TV and discovered that the company recommended people don’t discuss sensitive information around it. This has lead to widespread, and justified, concerns that all our smart devices – not just TVs but smartphones and connected homes – could be listening to us. What happens to this data and can we trust the people collecting it?

The internet of rubbish bins

It’s not only your TV or smartphone that could be watching you, in Western Australia Broome Shire Council is looking at tracking rubbish bins to make sure only council issued ones are emptied.

Shire of Broome waste coordinator Jeremy Hall told WA Today  the council’s garbage truck drivers had noticed more bins than usual were getting emptied and a system needed to be put in place to identify “legitimate” bins.

While Australian councils are struggling with rubbish bins a hotel in Japan is looking to replace its staff with robots and room keys with face recognition software. The Hen-na Hotel is due to open later this year in Nagasaki Prefecture, the Japan Times reports.

Join us

Tune in on your local ABC radio station from 10pm Australian Eastern Summer time or listen online at www.abc.net.au/nightlife.

We’d love to hear your views so join the conversation with your on-air questions, ideas or comments; phone in on 1300 800 222 within Australia or +61 2 8333 1000 from outside Australia.

You can SMS Nightlife’s talkback on 19922702, or through twitter to @paulwallbank using the #abcnightlife hashtag or visit the Nightlife Facebook page.

Carbanak raises the information security stakes

The Carbanak financial heist shows how high the stakes in information security have become

“The most sophisticated attack the world has seen to date” is how Kaspersky Lab’s North American managing director Chris Doggett describes the massive Carbanak electronic bank fraud that could have cost victims up to a billion dollars.

Using a range of techniques, the Carbanak gang cracked their targets’ networks, right down to monitoring financial firm officers through their computers, and stole money through through the banks’ own ATM networks.

 

“That’s where the money is.” Was 1930s bank robber Willie Sutton’s response to being asked why he robbed banks and that is what’s driving the Carbanak gang.

For every Willie Sutton or Carbanak gang there’s a million opportunistic street muggers and script kiddies looking for stealing a few dollars from weak targets though and this is what the average small business or individual needs to be careful about.

Last week Kaspersky reported that nearly a quarter of all phishing attacks targeted financial data. The amounts being stolen are minuscule compared to Carbank’s ill gotten gains but far less work is required to crack a home or small business account.

For any large organisation that hasn’t learned from the Sony or Target hacks, the Carbank heist should be warning that information security is now a responsibility of executives and boards. All of us though have to take care with our data and systems.

The Internet’s Pax Americana

The US dominates the Internet but will it do so forever?

Tech journalist Kara Swisher has a twenty-five minute interview with President Obama on his relationship with the technology industry and Silicon Valley, it’s an interesting snapshot on how the United States sees its role as custodian of the internet.

In talking about European agencies’ efforts to reign in the power of companies like Google the President is dismissive; “we have owned the Internet. Our companies have created it, expanded it, perfected it, in ways they can’t compete. And oftentimes what is portrayed as high-minded positions on issues sometimes is designed to carve out their commercial interests.”

Obama is absolutely correct to say the Internet currently belongs to the United States, it was the US that developed the technologies and built the initial infrastructure for the global network in a similar way it did for the GPS system.

The internet probably won’t remain the US’s sole domain as China, Indian, Russia and other powers find control of the global communication network resting with the US isn’t in their interests and develop work arounds or rival technologies.

Just as Spain and then the English once dominated the world’s shipping and communications, it may well be the US’s dominance of the Internet is not permanent.