Cybercrime is one of the biggest threats to both individual users and businesses worldwide. As experts globally are trying to protect their networks from intrusions and abuse, sometimes the use of unusual methods is applied for the sake of keeping data safe.
The Nigerian Mobile Network Ban
An example of an attempt to fight against crime is the use of critical measures such as the temporary ban of mobile networks in certain areas. This happened in Nigeria back in 2013 to combat insurgent forces. Terrorism comes in many forms, including hacking attacks, and this extreme measure was specifically implemented to fight the Boko Haram sect. They have been identified to use assorted SIM cards to communicate with each other and attack mobile network providers.
The criminals have been known for using mobile apps and Internet communities to plan, prepare and carry out coordinated terrorist acts. A hacker that claimed to be a sympathizer of the group was able to take over sensitive information of State Security Service personnel. The research shows that while the intentional outage was being active no records of successful terrorist attacks were reported.
Intentionally Weakening Security to Facilitate Surveillance
The concept of allowing law enforcement agencies and spy agencies access to computer networks via backdoors in application code is regarded as a bad idea. Even though many products can be linked to such use, in real life the security consequences can be devastating. The main idea is to give the nation states and their respective agencies the opportunity to limit threats coming from terrorist groups, foreign powers and cyber criminals.
The “intentional” or “weak” security as it is called however can be abused if the backdoors are discovered. An even more dangerous scenario is when the link going back to the security agencies is discovered and the criminals can access private data on citizens or even classified information.
Privacy-Minded Individuals Can Hide Files in USB Dead Drops
When it comes to securely and privately delivering data the Internet is not one of the preferred solutions. Individuals that want to protect their identity from being revealed but deliver sensitive documents can actually use the environment as a means of transport.
The use of “dead drops” is popular not only among hackers and anarchists, but also cybersecurity experts. This practice involves the placement of removable devices in secret locations which are then reported from the giving to the receiving party.
One of the main benefactors of projects related to its use are the journalists and media organizations in their communications with informants. Web-based platforms now exist that allow the two parties to exchange the location of the dead drop in a secure way. Who would think that the dumpster next to you might contain information on the latest NSA hack?
Lip Passwords Are a Viable Protection Method
Computer security experts around the world are trying to find a new easy to use and yet secure method of securing user accounts for both online services and day to day computing. Recently a new idea was proposed which involves the use of lip motion reading.
Every person has a pair of lips and like other biometric factors (fingerprints, eyes and etc.) they can be used to identify individuals with a high degree of accuracy. It’s interesting to note that not the image of the lips is used as the method of detection, but the actual movement of the lips itself.
The technique provides an advantage over other biometric signatures as an identical copy or “clone” cannot be easily made. Hackers have already proved that they are able to bypass fingerprint and eye detection systems. The lip reading scans can be combined with voice recognition and facial recognition technology to create a secure solution that anyone can implement.
Following security policies and strategies can provide effective protection against potential hacker intrusion attempts however this never guarantees that the computer is safe from criminals. All major companies and Internet services operate special bug bounty programs that seek the aid of outside experts and hackers to prevent hacking attacks from happening.
The usual way is by setting up a platform and outlining grants for proven vulnerabilities that are disclosed to the companies. This effectively makes it possible for criminals to get paid for explaining the companies how they can get hacked without exploiting the bugs for personal gain. In return they receive a money reward and recognition.
In the last few years large enterprises and even government agencies have started to employ “ethical” hackers to fight the growing security threats. Instead of hacking these professionals show how the vulnerable spots can be fixed. All of this means that “hackers” can no longer be associated with criminal activity. In reality this has become a lucrative and prestigious career option to consider.
Employ Household Appliances to Protect Homes
Forget what you know about ordinary household appliances. As the Internet of Things (IoT) craze has recently been hailed as a way of improving the lives of consumers worldwide, when it comes to security some strange proposals can be made. And one of them relies on the analysis of data captured by these devices. A fine example is the smart vacuum cleaner. A few months ago it was revealed that the Roomba products take detailed readings of the properties they are used in.
The security experts can take advantage of the generated maps to map out areas where surveillance devices can be installed. The vacuum cleaners of the future can also be equipped with cameras and other related peripherals that can be linked to the owner’s smart home. Such proposals are probably going to be implemented in real-world products in the near future. Roomba has stated that they might partner with other vendors in delivering new features that may be of benefit.
Printer Tracking Dots Forensics Use
Many users already know that printer manufacturers impose forensics by implementing tracking dots. A few years ago the Electronic Frontier Foundation (EFF) published a list of vendors that have made agreements with governments to ensure that the output is forensically traceable. This presents a serious privacy intrusion as it allows law enforcement agencies to track evidence back to the devices that have printed it. At the same time it can be useful if implemented in a cybersecurity policy. Administrators can screen outgoing papers from a secure facility to make sure that confidential information is not compromised.
The dots are probably the most popular form of the act of hiding data called “steganography”. They contain the printer’s serial number and a timestamp in encoded form and the data can only be extracted if the administrators know exactly how the dots are configured and what their order means.
Experts Perfect Sensitive Data Destruction
Security administrators, especially those working in corporations and government institutions, are often instructed by their policies to effectively destroy drives and the data. While it may be the easiest way simply to perform a low-level format, this may not be the most effective solution.
Data recovery specialists can restore data found on submerged drives for example. This is evident from search operations conducted in the Seccombe Lake during a crime investigation (LINK 8). FBI divers were able to recover the hard drive from the laptop computer of the suspect shooters. And even though the component was dumped in the water the information can be retrieved. This is why security administrators often use shredders, cutting tools and hammers to physically destroy the hard drives to small pieces. Other creative solutions may even include the use of highly-toxic acid on them.
Taping Blinking LED Lights Is an Actual Hacking Countermeasure
Computer researchers devised an attack that allows hackers to steal valuable information by inspecting the blinking lights of computers. This is done by training a special camera with software to decode the optical signals. This can be compared to a “visual Morse code” system. A live demonstration shows that hackers can actually steal information by implanting a malware that manipulates the LED lights and signal to a hacker-controlled camera. The team has identified that the small hard drive indicator LED can be configured to send out light signals at a rate of up to 6000 blinks per second. This makes it especially active for long-range reconnaissance.
In other case similar techniques can be utilized to hijack data such as listening for fan speed, hard drive noise and etc. Nowadays some new security policies recommend for servers to be “air-gapped” from the rest of the network. This means that they are physically separated so that no one can hear, see or reach them.
Cybersecurity “Kangaroo” Awareness Games
Last year an international event came to prominence among the security community. The National Security College with Rand Corporation organized a special event called “Cyber Kangaroo” that aimed to grow awareness about contemporary cybersecurity issues. The main topic was IoT (Internet of Things) and the game included participants with different backgrounds.
Two scenarios were demonstrated that aimed to solve practical real-world situations. By brainstorming, conducting games and facilitating discussions about the problems, the experts can effectively contribute to a safer world. It would not be surprising to see major cybersecurity issues being used much more in movie scripts and video games. In the light of the rise of hacker attacks and the ongoing struggle to “catch on” with the criminals, this topic will probably attain a much greater popularity.