[Headlines from DRJ]
Let’s talk about hacking and hackers … like the news that Capital One target of massive data breach:
A security breach at Capital One Financial, one of the nation’s largest issuers of credit cards, compromised the personal information of about 106 million people, and in some cases the hacker obtained Social Security and bank account numbers.
It is among the largest security breaches of a major U.S. financial institution on record.
Authorities have already made an arrest of a transgender ex-Amazon employee, 33, in Seattle who had boasted about the hack online:
Thompson allegedly pulled it off between March and July of this year by breaking into the bank’s servers through a misconfiguration in its firewall.
The data was being stored on Amazon’s Web Services cloud but Amazon insists it is not to blame for the hack and that she exploited Capital One’s systems to access it. Capital One admits that it was a fault in its infrastructure, and not Amazon’s, which led to the breach.
After allegedly stealing the data, Thompson left authorities a trail of breadcrumbs, posting online about the hack so much that other hackers warned her she was facing jail.
Her online postings about the hack were reported to Capital One on July 17 in an email from a white hat hacker who had seen the information on a website called GitHub alerted the bank to it in an email.
There are also warnings about a different kind of hacking:
The Department of Homeland Security plans to issue a security alert Tuesday for small planes, warning that modern flight systems are vulnerable to hacking if someone manages to gain physical access to the aircraft.
An alert from the DHS critical infrastructure computer emergency response team recommends that plane owners ensure they restrict unauthorized physical access to their aircraft until the industry develops safeguards to address the issue, which was discovered by a Boston-based cybersecurity company and reported to the federal government.
Most airports have security in place to restrict unauthorized access and there is no evidence that anyone has exploited the vulnerability. But a DHS official told The Associated Press that the agency independently confirmed the security flaw with outside partners and a national research laboratory, and decided it was necessary to issue the warning.
A hacker would need to have access to the plane, which seems harder (but not impossible) given post-9/11 security measures.
Let’s end with a Georgia Tech study about hacking our cars:
In the year 2026, at rush hour, your self-driving car abruptly shuts down right where it blocks traffic. You climb out to see gridlock down every street in view, then a news alert on your watch tells you that hackers have paralyzed all Manhattan traffic by randomly stranding internet-connected cars.
Flashback to July 2019, the dawn of autonomous vehicles and other connected cars, and physicists at the Georgia Institute of Technology and Multiscale Systems, Inc. have applied physics in a new study to simulate what it would take for future hackers to wreak exactly this widespread havoc by randomly stranding these cars. The researchers want to expand the current discussion on automotive cybersecurity, which mainly focuses on hacks that could crash one car or run over one pedestrian, to include potential mass mayhem.
They warn that even with increasingly tighter cyber defenses, the amount of data breached has soared in the past four years, but objects becoming hackable can convert the rising cyber threat into a potential physical menace.
“Unlike most of the data breaches we hear about, hacked cars have physical consequences,” said Peter Yunker, who co-led the study and is an assistant professor in Georgia Tech’s School of Physics.
It may not be that hard for state, terroristic, or mischievous actors to commandeer parts of the internet of things, including cars.
“With cars, one of the worrying things is that currently there is effectively one central computing system, and a lot runs through it. You don’t necessarily have separate systems to run your car and run your satellite radio. If you can get into one, you may be able to get into the other,” said Jesse Silverberg of Multiscale Systems, Inc., who co-led the study with Yunker.
Why do hackers hack? Money/criminal gain, to leak information or disrupt services, attention/fun, ideology or to make a political or personal point. In other words, hackers are going to hack. We live in wonderful times but we need to stay smart.
— DRJ