As regular readers of this here blog of mine will already know, I’m rather into modern art. But when art somehow merges with the anything IT-related, I’m the world’s biggest fan. Well, such a merging is taking place right now in Moscow in its Museum of Modern Art with the exhibition Daemons in the Machine, so supporting it was a no brainer. Artists, consulted by scientists, aimed their creativity at the modern-day topics of artificial intelligence (which, IMHO, is hardly any intelligence at all – just smart algorithms), blockchain, neural networks and robotics. The result is a curious mix of futurology, ethics and – of course – art.
I haven’t been myself as I’m only just back from my latest trip, but I hope to find time for a visit before my next one.
And now, we move from high-art digital demons to everyday, run-of-the-mill – but very worrying – digital demons…
In the UK at the start of October there was a mass failure of ‘smart’ app-controlled home alarm/key systems. Hundreds of people couldn’t open/close up their homes; some were locked inside and unable to get out! (So, you have a ‘smart’ home, but it prevents you from getting to work. Imagine that excuse to your boss!) Others couldn’t enter their homes – out in the cold or rain, and wanting to make dinner already! And all because of system failures. So, maybe think twice before purchasing that ‘smart’ iron or frying pan? Imagine if they had similar system failures?
// Btw – cybercriminals haven’t yet worked out how to hack and thus disable such home alarm systems, but it’s only a matter of time. They’ve worked out how to disable car lock systems, after all. As if we needed another reason to push for fully secure operating systems and ‘cyber-immunization’ of the IoT; but I digress…
Btw, the topic of cybercrime also sits well with modern IT-art. There’s the digital ‘masterpieces’ getting stolen, there are fakes of original works, network entry sensors, bit markers… And when you remember that an original – photograph! – can have a seven-figure euro price tag – well, you can see the cybercriminals’ motivations.
Seven-figure euro price tag? Yes you read that right folks. But it wasn’t just any photo. It was a photograph of a potato. And it sold for a million euro! Now, that is one beautiful spud there, but 1,000,000 EURO? Yep! The potato was shot by Irish artist Kevin Abosch – a great guy, btw. Some years ago we met and I even have a pic of myself that he took. Btw, here’s the potato:
You’ve seen everything now ).
But that is a tale from Ireland. Now though we need to head back over the Irish Sea to the UK…
A report from the country’s Department of Health has estimated that the WannaCry hack of the National Health Service’s computers cost the nationalized healthcare institution a full £92 million (~$120 million!), 19,000 cancelled appointments and 200,000 locked NHS computers. One of the main reasons for the unprecedented massive scale of the damage was the use of outdated operating systems and a lack of protection. Not that the UK is unique in this regard. All around the world the medical sector suffers from an irresponsible attitude to cybersecurity. You can tell simply from how often it gets hacked. And hospitals keep lots of patients’ personal information, including financial data. And of course it’s a critical sector in the first place, as we all know.
But what makes you really wanna cry when you consider the WannaCry ransomware attack is how it was a non-targeted one; that is – it wasn’t aimed at specific targets: it was a mass attack in which those who turned out to be vulnerable (e.g., the NHS and its patients) became the victims who suffered. Just imagine the catastrophe that could be caused by a professional pinpointed attack on medical institutions. No, actually – don’t imagine that: you’ll have nightmares for weeks.
Now, here I go again… but – this brings into focus the critical need of immunization of digital medical equipment – from pharmacological manufacturing sites to surgical instruments; and here I go yet again – the need for secure operating systems so as to prevent technological nightmares practically completely.
Meanwhile, on the other side of the pond – talk of the devil – we’ve seen another ‘highly targeted’ (!) Ryuk ransomware attack on critical infrastructure. The first attack was picked up on this summer, after it collected the princely sum of ~640 thousand dollars in bitcoin. It looks like the infamous Lazarus group could be behind the attacks. This latest one was aimed at a North Carolina water utility company, which supplies tap water to some 150,000 folks. The attack didn’t directly affect the water supply, but, according to the company itself, it caused ‘catastrophic damage’. Hmmm. Dare I repeat it?… here I go yet again! Immunization of critical infrastructure is… [fill in the blank] ).
PS: We told here how text messages aren’t so great for two-factor authentication. Briefly: an SMS can be viewed by a third-party on your device; the SIM can be removed and put in another smartphone to accept texts with passwords; and passwords can be intercepted by a Trojan on the smartphone or a vulnerability. But all is not lost: there are alternatives that are more secure. Read all about them on the blog. And don’t forget about a password manager!