It would be heartening to think that cybersecurity has advanced since the 1990s, but some things never change. Vulnerabilities that some of us first saw in 1996 are still with us.
If you don’t believe me, just take a look at the news. Last month, Virginia-based cybersecurity firm GRIMM announced that they had found a vulnerability that affects many Netgear home WiFi routers. The cause? Outdated firmware that allows remote users to access the administrative systems in these routers.
If you think this exploit sounds like a 1990s-standard input overflow flaw, well done. That’s exactly what it is. As Nichols put it in his very detailed blog post: “1996 called, they want their vulnerability back.”
The Vatican and the Catholic Diocese of Hong Kong have been the targets of alleged Chinese state-backed hackers, it has emerged, just weeks before talks intended to improve relations between the two sides.
According to the U.S.-based cyber attack monitoring group Recorded Future, RedDelta, allegedly backed by the Chinese state, began attacking the Vatican in May ahead of upcoming talks in September to renew a landmark 2018 deal that helped thaw diplomatic relations.
Recorded Future said that the Hong Kong Study Mission to China — a key link between the Vatican and China — and the Pontifical Institute for Foreign Missions also were targeted.
WASHINGTON (Reuters) — Chinese government-linked hackers targeted biotech company Moderna Inc, a U.S.-based coronavirus vaccine research developer, this year in a bid to steal data, according to a U.S. security official tracking Chinese hacking.
China on Friday rejected the accusation that hackers linked to it had targeted Moderna.
Last week, the U.S. Justice Department made public an indictment of two Chinese nationals accused of spying on the United States, including three unnamed U.S.-based targets involved in medical research to fight the novel coronavirus.
Cybersecurity experts have long warned that quantum computers, whenever it is that they become useful, will render useless most conventional forms of encryption. This new satellite experiment, which is described in research published in the journal Nature, suggests that it may be possible to send secure messages yet.
“A remarkable feature of the entanglement-based quantum cryptography as we demonstrated here is that such security is ensured even if the satellite is controlled by an adversary,” University of Science and Technology physicist Jian-Wei Pan told Space.com.
Israel says the attack was thwarted, but a cybersecurity firm says it was successful. Some officials fear that classified data stolen by North Korea could be shared with Iran.
The terrorist or psychopath of the future, however, will have not just the Internet or drones—called “slaughterbots” in this video from the Future of Life Institute—but also synthetic biology, nanotechnology, and advanced AI systems at their disposal. These tools make wreaking havoc across international borders trivial, which raises the question: Will emerging technologies make the state system obsolete? It’s hard to see why not. What justifies the existence of the state, English philosopher Thomas Hobbes argued, is a “social contract.” People give up certain freedoms in exchange for state-provided security, whereby the state acts as a neutral “referee” that can intervene when people get into disputes, punish people who steal and murder, and enforce contracts signed by parties with competing interests.
The trouble is that if anyone anywhere can attack anyone anywhere else, then states will become—and are becoming—unable to satisfy their primary duty as referee.
In The Future of Violence, Benjamin Wittes and Gabriella Blum discuss a disturbing hypothetical scenario. A lone actor in Nigeria, “home to a great deal of spamming and online fraud activity,” tricks women and teenage girls into downloading malware that enables him to monitor and record their activity, for the purposes of blackmail. The real story involved a California man who the FBI eventually caught and sent to prison for six years, but if he had been elsewhere in the world he might have gotten away with it. Many countries, as Wittes and Blum note, “have neither the will nor the means to monitor cybercrime, prosecute offenders, or extradite suspects to the United States.”
Technology is, in other words, enabling criminals to target anyone anywhere and, due to democratization, increasingly at scale. Emerging bio-, nano-, and cyber-technologies are becoming more and more accessible. The political scientist Daniel Deudney has a word for what can result: “omniviolence.” The ratio of killers to killed, or “K/K ratio,” is falling. For example, computer scientist Stuart Russell has vividly described how a small group of malicious agents might engage in omniviolence: “A very, very small quadcopter, one inch in diameter can carry a one-or two-gram shaped charge,” he says. “You can order them from a drone manufacturer in China. You can program the code to say: ‘Here are thousands of photographs of the kinds of things I want to target.’ A one-gram shaped charge can punch a hole in nine millimeters of steel, so presumably you can also punch a hole in someone’s head. You can fit about three million of those in a semi-tractor-trailer. You can drive up I-95 with three trucks and have 10 million weapons attacking New York City. They don’t have to be very effective, only 5 or 10% of them have to find the target.” Manufacturers will be producing millions of these drones, available for purchase just as with guns now, Russell points out, “except millions of guns don’t matter unless you have a million soldiers. You need only three guys to write the program and launch.” In this scenario, the K/K ratio could be perhaps 3/1,000,000, assuming a 10-percent accuracy and only a single one-gram shaped charge per drone.
Will emerging technologies make the state system obsolete? It’s hard to see why not.
A security expert revealed this week that an exploit commonly used against Windows users who own Microsoft Office can sneak into MacOS systems as well.
A former NSA security specialist who addressed the Black Hat security conference this week summarized his research into the new use for a very old exploit.
Patrick Wardle explained that the exploit capitalizes on the use of macros in Microsoft Office. Hackers have long used the approach to trick users into granting permission to activate the macros, which in turn surreptitiously launch malicious code.
Meet the hackers who, this weekend, will try to commandeer an actual orbiter as part of a Defcon contest hosted by the Air Force and the Defense Digital Service.
