How to hack Ukraine’s infrastructure, a car wash, anything

Written by on August 1, 2017 in Opinion with 0 Comments

Cars in junkyard, pressed and packed for recycling.

It turns out that the much publicised hack of Ukraine’s infrastructure was more about human behaviour as ancient IT. In fact, more so.

The head of Microsoft went to work on the problem and started in the President’s office. He found that every computer had the same login and password (let’s guess at ‘President’ and ‘Password1’ shall we?). Much has changed now, but he reports a huge and quite rude and aggressive backlash when he insisted people change their password on a regular basis.

And before we all sit back, and tut, and mutter ‘typical’ under our breath, take a moment to consider your own password management. Could do better? That would be the most likely school report for most of us.

At the other end of the scale, the iconic Black Hat, Defcon event is happening in Las Vegas. Some of the hacks being demonstrated there make you want to go back to bed, and stay there. A car wash that can be persuaded to trap your car inside and attack it with the robotic arm. The wind farm that can be taken out of action with some lock picking tools and a proof of concept worm.

Meanwhile, HBO has been hacked and there may be a script of an unaired Game of Thrones on the loose.

Oddly, the good news is that events such as the one hosted by Black Hat show how sophisticated the threat level is. That, and horror stories in the press raise awareness, and once awareness is raised, human nature begins to think the situation is intolerable and ‘something should be done’. As the pressure mounts on someone, Governments, companies, anyone, to do something, so too does the budget and the will to actually do it.

This, in turn, opens the door and the mind to education, and – as in the Ukrainian case – education would have saved a lot of trouble.

There are, of course, many initiatives to combat these kinds of attacks. Organisations in Asia are collaborating on best practice in cyber defense. The GSMA and others have active fraud groups, and sharing data on attacks and bad guys will surely begin to turn the tables. And, of course, as threat level rises, so too do the salaries for certified and experienced cyber professionals.

And, as we said before, we are now beginning to use tools such as AI (as in the fast look up version) to help close in on the baddies.

And if we cannot actually stop all of them, which we will probably never be able to, at least we can react so fast the damage can be limited.

Meanwhile I am off to YouTube to watch that car wash hacking, crushing thing.

Tags: , , ,

Alex Leslie

About the Author

About the Author:

Alex was Founder and CEO of the Global Billing Association (GBA), a trade body focused on the communications sector. He is a sought after speaker and chairman at leading industry conferences, and is widely published in communications magazines around the world. Until it closed, he was Contributing Editor, OSS/BSS for Connected Planet. He is publisher of DisruptiveViews and previously BillingViews.

.

Subscribe

If you enjoyed this article, subscribe now to receive more just like it.

Subscribe via RSS Feed

Leave a Reply

Your email address will not be published. Required fields are marked *

Top
%d bloggers like this: