National Security Threats of the Internet of Things

googlecar

The Department of Justice has formed a threat analysis team to study potential security challenges posed by all our internet-connected things.

I can tell you their results without spending a single taxpayer cent.

They’ll find threats. Terrible, horrifying, existential threats.

The threats will cause human suffering the likes of which the world has never seen before. Researchers will have computer models that calculate the certainty of an IoT holocaust. An interplanetary IoT apocalypse. They’ll tell tales that’ll straighten your pubes.

When it’s your job in life to study how dangerous a thing is, the conclusion is always that it’s SEVERELY DANGEROUS. Anything less looks negligent. It doesn’t matter whether that thing is vaccines, 3-ounce shampoo bottles, or antibacterial hand soaps – declare that they’ll lead to the death of us all. That’s how you create job security.

The government will totally be on board with the strategy. Fear-mongering is how political leaders maintain fealty (see also: Trump). A terrified population is a docile population.

When people are scared, they need something done that will make them feel safer. The government will go above and beyond in meeting that need with an elaborate choreography of security theater.

They’ll form a 3-letter agency. They’ll design mandatory duck-and-cover drills. Offer tax credits for basement bomb shelters. Test the air raid sirens once a week.

Also, there will be MASS SURVEILLANCE. The solution always includes MASS SURVEILLANCE.

When we were worried about homosexuals, the FBI tracked the clientele of gay bars. When we worried about meth labs, the DoJ started tracking Sudafed. When we worried about terrorists, we gave the government free reign to read all our emails.

When it comes to internet-connected things, we’ll begin by monitoring the passengers and routes of self-driving cars. Was there any question about whether this would happen in the first place? Head of DoJ National Security Division John Carlin has pointed out that the July truck attack in France is an example of how automated driving systems could present a security threat if remotely hijacked.

Once Mr. Carlin realizes that the attack truck was not, in fact, a self-driving car, but a 2012 Renault Midlum with a disturbed driver, we’ll stop worrying about self-driving cars. Instead, we’ll focus on dealing with disturbed drivers.

JUST KIDDING. We’ll pass legislation to track ALL the cars. Roadworthy vehicles will require transponders. Surveillance radars will monitor their movements. If a car displays suspicious driving activity, we’ll deploy a fleet of battle tanks to circle the wagons.

Then we’ll move on to other connected objects. Toilets! Pacemakers! Sex toys! Toasters! Could any of these things be hacked and turned into a weapon of mass destruction? I don’t know, but the government will wiretap all the things to find out!

Or we could just, you know, refrain from connecting all our things. But that wouldn’t be a good use of tax dollars at all.

advisorysystem2

We are all Going to Die of Gangrene

This is a video that shows the evolutionary process of E. Coli in a petri dish containing varying concentrations of antibiotic:

Scary how quickly this organism can evolve, huh? I have some bad news:

Disease-causing bacteria and other microbes are increasingly evolving to resist our drugs; by 2050, these impervious infections could potentially kill ten million people a year.

The estimated death rate comes from an economist*, not a doctor. Like most economic estimates, it makes a few assumptions:

  • Scientific and pharmaceutical progress stagnate.
  • Developing countries do nothing to improve water and sanitation.
  • We all have AIDS.

The immune deficiency syndrome is necessary for this model to work. See, healthy humans deal with bacteria just fine. Our white blood cells detect and eliminate all sorts of pathogens. It’s only in the case of severe infections that antibiotics are needed to give our immune system some reinforcement.

That doesn’t mean that drug-resistant bacteria aren’t a problem. My brother works in a hospital and frequently encounters strains of super bacteria that are resistant to almost all the antibiotics they have. The fact that he hasn’t died of bacteremia just goes to show how effective a healthy white-blood-cell count can be.

The patients who struggle with drug-resistant bacteria already have compromised immune systems, and can’t fight off pathogens without help. If we want to deal with the problem of drug-resistant bacteria, we should work on treating the diseases that put patients in a condition to be vulnerable to bacteria.

*This guy gets paid by the UK Prime Minister to study the dangers of a post-antibiotic apocalypse. Terrifying predictions are how he maintains job security.

Swift Makes Money Transfers a Little Too Convenient

Swift’s product offering is a little ridiculous. This is a global messaging system for financial transactions, and its customers are initiating multimillion-dollar payments through Internet Explorer.

screen-shot-2016-09-07-at-11-09-31-am

I get that Swift wants to make onboarding easy, but should the system really be plug & play? Compounding the problem is the availability of third-party apps: Add-ons to the client software that can automate tasks, but also drastically increase the attack surface.

screen-shot-2016-09-07-at-11-05-43-am

Continue here

Banks Can’t Stop Getting Hacked

Swift is a global messaging network for financial transactions. It was founded in 1973 when a consortium of banks decided to establish common standards and a shared communication system. Today, people at R3 might call this a “blockchain”.

Recently, banks in emerging countries have been hit with dozens of Swift hacks. Or, rather, Swift is doing fine, but hackers are sending fraudulent payment requests from compromised bank computers. The recipients of the messages are larger banks at which the hacked banks hold accounts.

Take the Bangladesh central bank for example. Bangladesh Bank has an account at the New York Federal Reserve. Back in February, a computer at Bangladesh Bank was used to send unauthorized Swift payment messages to the New York Fed, resulting in an $81 million loss. For weeks, the Bangladesh central bank blamed the New York Fed for accepting its fraudulent payment requests.

Dude. The New York Fed processes over a trillion dollars worth of payment requests a day. Almost all of these are automatically executed; that’s the only way it can scale.

Swift is threatening to drop some of the banks in emerging countries if they don’t get their opsec act together. Without access to Swift’s messaging system, bank employees would have to pick up the phone and issue payment instructions verbally. That may not be a bad thing. If Bangladesh Bank called up the New York Fed and said, “Hey, please move 81 million dollars from my account to a Philippine casino,” the NY Fed employee might say, “You want…what??

Except… that’s what banks used to do! The very first case of bank cyber-theft happened in 1988, when two people called up the First National Bank of Chicago, impersonated Merrill Lynch officials, and requested $70 million worth of wire transfers to Vienna. Humans are fallible, and we thought computers might be better.

It took decades for the big US banks to get to the level of threat management they have today. Emerging-market banks have a lot of catching up to do.

Oops

I accidentally deleted the server database and had to restore from backup. Sorry if the site spammed you about it 🙁

Also, some of the content that used to be here may not be here anymore. Apologies to those who posted feedback and stuff; please remember that I value all your comments dearly, even the mean ones.