Lifeboat Foundation: Safeguarding Humanity
Toggle light / dark theme

Blog

Category: cybercrime/malcode

That’s not a lot to you. If your watch is off by 13.7 microseconds, you’ll make it to your important meeting just fine. But it wasn’t so nice for the first-responders in Arizona, Pennsylvania, Connecticut, and Louisiana, whose GPS devices wouldn’t lock with satellites. Nor for the FAA ground transceivers that got fault reports. Nor the Spanish digital TV networks that had receiver issues. Nor the BBC digital radio listeners, whose British broadcast got disrupted. It caused about 12 hours of problems—none too huge, all annoying. But it was a solid case study for what can happen when GPS messes up.

The 24 satellites that keep GPS services running in the US aren’t especially secure; they’re vulnerable to screw-ups, or attacks of the cyber or corporeal kind. And as more countries get closer to having their own fully functional GPS networks, the threat to our own increases. Plus, GPS satellites don’t just enable location and navigation services: They also give ultra-accurate timing measurements to utility grid operators, stock exchanges, data centers, and cell networks. To mess them up is to mess those up. So private companies and the military are coming to terms with the consequences of a malfunction—and they’re working on backups.

The 2016 event was an accidental glitch with an easily identifiable cause—an oops. Harder to deal with are the gotchas. Jamming and spoofing, on a small scale, are both pretty cheap and easy. You can find YouTube videos of mischievous boys jamming drones, and when Pokemon GO users wanted to stay in their parents’ basements, they sent their own phones fake signals saying they were at the Paris mall. Which means countries, and organized hacking groups, definitely can mess with things on a larger scale. Someone can jam a GPS signal, blocking, say, a ship from receiving information from satellites. Or they can spoof a signal, sending a broadcast that looks like a legit hello from a GPS satellite but is actually a haha from the hacker next-door.

Read more

Meow-Ludo Disco Gamma Meow-Meow couldn’t just toss away his New South Wales transit pass even after he found out that it got deactivated while he was on a trip to the USee, Meow-Meow (yes, that is his legal name) cut the chip out of the travel card, encased it in biocompatible plastic and had it implanted under the skin on his left hand. The biohacker now plans to file a lawsuit against New South Wales’ transport authorities, not just to fight the decision, but also to help create laws around body-hacking tech. In addition to the transit pass chip, Meow-Meow has two other implanted elect…

Read more

The Chinese “Micius” satellite has successfully set up the world’s most secure video conference, using quantum cryptography to connect scientists in Europe and China for an unhackable, intercontinental chat.

The feat marks another milestone for the satellite, officially called Quantum Experiments at Space Scale (QESS), which only last year was making headlines for transmitting an “unbreakable” quantum code to the Earth’s surface.

Read more

Cybersecurity risks are on the rise. While the high-profile breaches at Target and Yahoo! captured our attention, they have also distracted us from the prevalence of cybersecurity risks in everyday life. The number of cyber-security breaches has more than doubled over the past few years. In the third quarter of 2016, over 18 million new forms of malware were discovered. That is nearly a quarter of a million new types of malware every single day.

Unfortunately, some of the most vulnerable companies are those that are least equipped to address these concerns. Industry experts estimate that 45% of all cyber-attacks are launched against small businesses. Almost half of all small businesses have been attacked, although most of them don’t know it. Nearly 70% of small businesses are forced into bankruptcy within six months of a particularly severe cyber-attack.

Despite the risks, small businesses are under greater pressure to cut costs. They can’t always afford top-tier protection.

Read more

A look at Lt. Gen. Paul Nakasone’s public statements about artificial intelligence, offense, and defense.

The Army general likely to be tapped to head U.S. Cyber Command and the NSA has some big plans for deploying cyber forces and using artificial intelligence in information attacks.

Lt. Gen. Paul Nakasone, who currently leads U.S. Army Cyber Command, is expected to nominated in the next few months to replace Adm. Michael Rogers, as first reported by The Cipher Brief (and confirmed by the Washington Post and a Pentagon source of our own). But caution is in order: the rumor mill says several other contenders are in the running, including Army Lt. Gen. William Mayville. Neither Cyber Command nor the Pentagon would comment about the potential nomination.

Read more

Security experts say more of these hands-on demonstrations are needed to get an industry traditionally focused on physical protection to think more creatively about growing cyber threats. The extent to which their advice is heeded will determine how prepared nuclear facilities are for the next attack.

“Unless we start to think more creatively, more inclusively, and have cross-functional thinking going into this, we’re going to stay with a very old-fashioned [security] model which I think is potentially vulnerable,” said Roger Howsley, executive director of the World Institute for Nuclear Security (WINS).

The stakes are high for this multibillion-dollar sector: a cyberattack combined with a physical one could, in theory, lead to the release of radiation or the theft of fissile material. However remote the possibility, the nuclear industry doesn’t have the luxury of banking on probabilities. And even a minor attack on a plant’s IT systems could further erode public confidence in nuclear power. It is this cruelly small room for error that motivates some in the industry to imagine what, until fairly recently, was unimaginable.

Read more

A method of securely communicating between multiple quantum devices has been developed by a UCL-led team of scientists, bringing forward the reality of a large-scale, un- hackable quantum network.

To date, communicating via has only been possible between two devices of known provenance that have been built securely.

With the EU and UK committing €1 billion and £270 million respectively into funding quantum technology research, a race is on to develop the first truly secure, large-scale between cities that works for any quantum device.

Read more

Freshly discovered malware called Triton can compromise safety systems that control many kinds of industrial processes.

For years, security experts have been warning that hackers can disable systems that control critical infrastructure we all rely on, such as dams and power plants. Now researchers at Mandiant, which is part of the security firm FireEye, have revealed that a new form of malware, dubbed Triton, closed down the operations of a business in the Middle East belonging to Schneider Electric, a French company. The researchers say that they haven’t attributed the hack to a particular attacker, but they do say it bore hallmarks of threats from a nation-state.

Triton appears to have targeted a so-called safety instrumented system, or SIS, which monitors the operation of a physical process using sensors and acoustics. By taking control of it, hackers can destroy or damage the process the SIS is monitoring by tricking it into thinking everything’s normal, when in fact the process is operating at unsafe levels.

Read more