7 May 2017

White Hat Worms and Cyber Wars: The IoT is Vulnerable and Growing


As tensions between the US and North Korea continue to rise, many fear that a lack of diplomacy between the two nations could lead to nuclear conflict.

While plenty of experts would argue that both countries have too much to lose by involving themselves in military conflicts with one another, plenty more are concerned nonetheless.

Mark Gollom, writing for CBC, thinks that while both leaders are likely desperate to avoid pre-emptive strikes, “there remains the threat, albeit small, of a miscalculation — that amplified rhetoric, a military mistake, or the misinterpretation of an action by any of the main actors in the region could snowball into something much larger.”


“The real question now [is:] is somebody going to make a stupid mistake? Because some kind of minor escalation could get out of hand,” said senior defense analyst at the RAND Corporation, Bruce Bennet, in an article with CNN.

Secretary of Homeland Security John Kelly agrees that nuclear conflict is unlikely — however, he is more concerned about a different type of attack.

“In the case of North Korea, you know, a kinetic threat against the United States right now I don’t think is likely,” Kelly told Chuck Todd of NBC News, “but [they are] certainly a cyber-threat.”

Cyber War Looming… Loading…

The first publicly known, intentional act of cyber warfare occurred in 2010 with the identification of the Stuxnet virus, which specifically targeted, infected and sabotaged the budding Iranian nuclear program. Stuxnet’s successor, Flame, was found to be able to access and transmit itself via a device’s Bluetooth beacons–a completely unique ability to a virus at the time.

However, five years later, with the rise of a poorly secured internet of things (IoT), wireless viral proliferation potential between internet-connected devices has risen an extreme amount. The door is open now more than ever for cyber attacks.


Eugene Kaspersky, the founder of the world renowned Kaspersky Lab security company, has been vocal about his fear of a potential “fire sale” attack against populated areas for awhile now. Made popular in the 2007 film Die Hard 4, the fire sale scenario refers to “a potential remote attack on critical infrastructure, including power stations and transport systems.”

While the movie depicted a fictitious terrorist attack on the US, one former cyber security expert with the US Marine Corps, David Kennedy, would claim that we’re “already involved in a cyber war” with Russia, one that began escalating with the allegations of election tampering in 2016. This says nothing of individual attacks, such as the 2015 hack of the US Office of Personnel Management, likely by Chinese state-sponsored actors.

While things haven’t escalated to fire sale status by any means, experts worry that it will take a “cyber Pearl Harbor” before the US commits to bolstering its cyber security.

The Vulnerable, Growing IoT

With approximately 5.5 million new devices connected every day in 2016, the looming 4G to 5G broadband transition in 2017, and continued exponential growth in the industry that fuels the IoT, Big Data, the Internet of Things is on track to grow beyond 50 billion devices and $470 Billion by 2020. Unfortunately, as more and more Internet-connected devices hit the market, it becomes evermore apparent that the IoT’s security infrastructure is supremely lacking.

Scientific American published an article by Larry Greenemeier in late 2016 titled “IoT Growing Faster Than the Ability to Defend It.” Greenemeier uses the October Dyn DDoS attack as a major supporting part of his argument:

“Last week’s distributed denial of service (DDoS) attacks—in which tens of millions of hacked devices were exploited to jam and take down internet computer servers—is an ominous sign for the Internet of Things. A DDoS is a cyber attack in which large numbers of devices are programmed to request access to the same Web site at the same time, creating data traffic bottlenecks that cut off access to the site. In this case the still-unknown attackers used malware known as ‘Mirai’ to hack into devices whose passwords they could guess, because the owners either could not or did not change the devices’ default passwords.”

While Mirai only prompted a botnet-fueled DDoS attack, a rise in automated drone deliveries as well as hackable cars and trucks on the road give cause for greater concern — the type that Robert Able writing for SC Media might call a Skynet-situation.

Potential Solutions

One of the more popular cyber-security myths that people attribute to hackers is that they are adept beyond measure, and gifted in the language of computers and mathematics. In short: they’re geniuses, right?

The thing about the Mirai virus and the Dyn DDoS attack; however, is that it was likely the work of script kiddies, low-level hackers that troll the internet with simple tricks, as opposed to any type of genius-level, politically motivated hackers. Furthermore, the only reason that Mirai was indeed so successful is due to a mixture of consumer ignorance and manufacturer negligence.

Mirai was really only able to hack devices that were manufactured with poor security settings in the first place, ones that don’t prompt users to change the default passwords–and even ones that literally don’t allow the user to change the default password. Not only are professionals looking to manufacturers to shore up IoT security, according to a new study of over among 2,000 US adults conducted by Radware/Harris Poll, some 69% of consumers hold device manufacturers responsible for making sure devices in consumers’ homes can’t be manipulated by hackers.

While the majority of consumers are looking to manufacturers for a solution, one white hat hacker is taking matters into his/her own hands with a countermeasure called “Hajime” — only this countermeasure is actually another worm that’s infected tens of thousands of devices.

It’s essentially the same type of worm as Mirai, so it infects the same vulnerable ports and then just sits there, preventing Mirai from also infecting the device. In a file Hajime drops into your system, you can read a message left by the developer: “Just a white hat, securing some systems,” the message reads. “Stay sharp!”

Further Vigilance Required

Unfortunately, while Hajime seems like a good start to securing the IoT, the vigilante nature of this “patch” means that the virus’s controller could use it for malicious purposes later on. The fact that Hajime is preventing the Mirai botnet from propagating doesn’t necessarily supersede the fact that Hajime is technically a botnet as well.

At the flick of a switch, its controller could launch just as devastating a DDoS attack as the one in 2016. Such uncertainty is often the case when dealing with vigilante justice, making this solution less than ideal.

There has yet to emerge a true solution for the “wildly insecure and often unpatchable“ Internet of Things. That would require some measure of manufacturer proactivity, government regulation, or perhaps a mixture of the two. Nobody is certain. What is certain is that some vigilante, a digital Dark Knight of sorts, seems to be doing more to secure the IoT than its creators or its protectors — and that is a problem.

No comments: