Its cybersecurity awareness month, and at Havoc Shield we have a very particular approach to cyber awareness. We're not about acronyms, esoteric lingo, or tribal knowledge. We're not about intricate data flow diagrams, persnickety UML notation, or annotated hexadecimal dumps.
We're all about making cybersecurity approachable, in a plain language way, for folks that are not cybersecurity professionals but want to raise their game with regard to cyber safety for themselves and their company.
So, this Cybersecurity Awareness Month, we aim to intrigue those that may be standing on the sidelines, curious about cybersecurity but not sure how to engage. Today, we'll talk about the five most bizarre hacks in history, and perhaps you'll relate to one of them. Perhaps one of them will feel "close to home" for you, or relatable, or intriguing. And, if that becomes a gateway to helping you become more interested in learning about cybersecurity, then we'll call this Cybersecurity Awareness Month a success.
So, without further ado, here are the 5 Most Bizarre Hacks that we thought you might find intriguing.
If you've driven through any metropolitan area or any interstate with tolls, a portion of your drive is on video. That's no longer an uncertainty, it's a fact. Between cameras installed to monitor tolling compliance, cameras designed to monitor traffic flow, and private security cameras and other webcams, part of your journey has been recorded. So what happens with the video recordings?
In some cases, not much. There are plenty of traffic-monitoring cameras that do little more than relay their low-resolution video stream to the internet for observation by those that wish to see the traffic conditions. But, what about cameras designed specifically to recognize the contents of license plates, using optical character recognition? Like cameras designed to know that you ran a red light, and automatically identify your license plate, using that information to look up your address and mail you a ticket?
Well, there is data processing going on there. There's an input (the license plate picture), a database (where the lookup from your license plate number to your home address is occurring), and there is software linking the two. But what if by printing out a new license plate you could prevent being ticketed, and perhaps prevent anyone else from being ticketed either? This license plate hack attempted to answer the question of whether that is possible.
If this hack doesn't intrigue you to learn more about cybersecurity, we don't know what will. Fish tanks are getting pretty high-tech. So high-tech that some advanced ones have embedded technology that is network-connected -- to allow for control and reporting related to temperature and other tank conditions. So what happens if that fish tank happens to be connected to a network containing confidential information. For example, a casino's network. In Las Vegas. With coveted data about high roller guests. Here's the scoop.
You've heard of ransomware. It's the type of attack that takes over your laptop, server, or other device and demands that you make payment to the perpetrator (usually via bitcoin) in order to regain access to your device. Cyber criminals have found that this particular type of attack is an immediate pathway to profit. After all, if your data is inaccessible until you agree to pay ransom, there is a very good chance that you might choose the easy (but expensive) way out.
Will ransomware expand its reach beyond servers and laptops? A group of researchers recently demonstrated that a network-connected coffeemaker is vulnerable to ransomware attacks. To be clear, this was not an attack "in the wild" -- rather, it was research to demonstrate the vulnerability that exists.
It's been a few years since this vulnerability was first demonstrated, and we are very thankful that it is not yet gaining traction as a real-world attack (as far as we know). However, in a proof-of-concept demonstration, this article discusses the implications of the internet connectivity that many new cars have. In brief, the newfound connectivity opens up connected cars to all types of attacks that would never have been a concern just a decade ago.
Here's a historic one. Did you know that one of the very earliest demonstrations of wireless network technology, using technology invented by Guglielmo Marconi (1874-1937) was subject to a man-in-the-middle attack? If the most rudimentary wireless transmission technology was susceptible to inference in 1903 (yes, 1903), then what about current wireless technology? You can bet that wireless technology today -- with it's infinite variety of manufacturers, models, configuration settings -- is a target-rich environment for cyber criminals.
If any of these hacks opened up your eyes to a type of cybersecurity factor that you hadn't previously been aware of, then we've done our job. Cybersecurity Awareness Month is intended to bring more people into the fold by engaging in approachable cybersecurity topics, not by burying folks in a mountain of terminology and industry jargon. Hope you enjoy what's left of Cybersecurity Awareness Month!