Cyber Security & the Lack Thereof - Embedded.com

Cyber Security & the Lack Thereof

We are certainly living in interesting times. Over the years I've read a lot of science fiction stories that depicted various flavors of the future, many of which involved the concept of cyber security and nefarious strangers trying to access one's data.

Generally speaking, this sort of thing really didn’t affect most of us until relatively recently in the scheme of things. How things have changed. Now it seems that we hear about data breaches on an almost daily basis, many of which can put their victims at risk of identity theft.

In 2013, for example, we discovered that hackers had managed to steal the credit and debit card information (including names, addresses, and phone numbers) associated with more than 70 million customers. My wife (Gina the Gorgeous) was hit by this one. She received a call from a company in North Carolina asking if we had really ordered a super-large screen TV on her credit card. Of course we hadn’t. The main thing that had alerted them was the fact that the delivery address was to another state. Based on this, Gina ended up swapping out all of her credit and debit cards, which is a frustrating and time-consuming exercise.

Meanwhile, in 2014, I was informed that hackers had managed to access tens of millions of records from my health insurance company. I'm still waiting for the axe to fall from that one (we can only hope that I'm insured against axe-related incidents).

The reason for my rambling on about this here is that, whilst driving to work this morning, I heard a report on the National Public Radio (NPR) that hackers have just posted the data they stole from a company called Ashley Madison.

The report said that the ~10 gigabyte data dump was posted to the Dark Web using an Onion Address which is accessible only via a Tor Browser . Fortunately, I recently read Surviving The Zombie Apocalypse: Safer Computing Tips for Small Business Managers and Everyday People by Max Nomad (no relation), so I can now parse statements containing terms like “Dark Web,” “Onion Address,” and “Tor Browser” without thinking (which is, of course, my usual modus operandi ).

Thus, I was feeling pretty pleased with myself for my technical acumen, but I soon started to feel like I'd been living under a rock, because my knee-jerk first impression was that Ashley Madison was some sort of home furnishing store. You can only imagine my surprise when I bounced over to the AshleyMadison.com website to discover that their reason for being is to promote infidelity by facilitating husbands and wives having affairs. (According to their website, they've been featured on Hannity, Howard Stern, TIME, BusinessWeek, Sports Illustrated, Maxim, and USA Today, which just goes to show how little I know about what's going on in the world.)

Apparently, the data released by the hackers includes the names, addresses, and phone numbers associated with the users of the site. Also, I hear that ~15,000 of these records have .mil or .gov email addresses (just how stupid do you have to be to use this site?). I think it's fair to assume that a lot of people are not enjoying a “stress-free day” at this moment in time.

The real problem is that we still don’t seem to take security seriously. In the case of my health insurance company, for example, we came to discover that they had taken such minimalist precautions as to make one shake one's head in disbelief.

And things are only going to get worse, which means that the designers of today's electronic, computer, and embedded systems have to consider security at every point in the system — from the leaf nodes at the edge of the Internet of Things (IoT) to the mega servers in the cloud — because each system is only as secure as its weakest link.

“But where can we learn about this stuff?” you cry. Well, there are the Black Hat Conventions that put you face to face with people on the cutting edge of network security, and there are the Embedded Systems Conference (ESC) events that boast sessions covering the latest in embedded system security.

Speaking of ESC, I'm very much looking forward to the forthcoming ESC Minneapolis, which will take place November 4-5, 2015, at the Minneapolis Convention Center. Hopefully I'll see you there (I'll be the one in the cool Hawaiian shirt).

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.