SoylentNews is people
SoylentNews
Mass hacking seems to be all the rage currently. A vigilante hacker apparently slipped secure code into vulnerable cameras and other insecure networked objects in the "Internet of Things" so that bad guys can't corral those devices into an army of zombie computers, like what happened with the record-breaking Mirai denial-of-service botnet. The Homeland Security Department issued alerts with instructions for fending off similar "Brickerbot malware," so-named because it bricks IoT devices.
And perhaps most unusual, the FBI recently obtained a single warrant in Alaska to hack the computers of thousands of victims in a bid to free them from the global botnet, Kelihos.
On April 5, Deborah M. Smith, chief magistrate judge of the US District Court in Alaska, greenlighted this first use of a controversial court order. Critics have since likened it to a license for mass hacking.
General warrants were a key reason cited by the Founding Fathers for their rebellion against King George.
(Score: -1, Offtopic) by Anonymous Coward on Thursday April 27 2017, @02:28PM (7 children)
B-b-b-b-but Alaska is Basic Income Paradise!
(Score: 1, Offtopic) by c0lo on Thursday April 27 2017, @02:58PM (2 children)
This is to demonstrate that Basic Income is a plague: with it, the beneficiaries:
a. are able to buy more cheap IoThingies, drain US-es monetray mass and contribute the China's GDP
b. with survival assured, they have no incentive to secure those IoThingies
Ah'say that Basic Income ah'say it has to go [youtube.com] and we'll have a secure IoT. Dixit!
(grin... a large one).
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 0) by Anonymous Coward on Thursday April 27 2017, @03:07PM (1 child)
Build a wall to keep Alaskans out? But wait, Alaska doesn't share a border with Us. Just give Alaska to Commie Canucks, let them deal with it.
(Score: 0) by Anonymous Coward on Thursday April 27 2017, @05:40PM
Indeed. It only has a shared border with Them.
(Score: -1, Offtopic) by Anonymous Coward on Thursday April 27 2017, @03:04PM (3 children)
Wooo, got me $85/month free money!
(Score: -1, Offtopic) by Anonymous Coward on Thursday April 27 2017, @03:09PM
Gonna spend it all on weed!
(Score: 0, Troll) by Ethanol-fueled on Thursday April 27 2017, @04:55PM (1 child)
I'm not a rich man by any means, but going extremely out of one's way to be Jewish is annoying to no end.
These are the kind of assholes who hold up 10-deep supermarket lines bringing fifty coupons, arguing with the clerk that whether or not some of those 10-cent coupons are still valid or apply to their situation, and sitting there in front of the PIN pad while they pore over their lengthy receipts checking to see if the cashier missed anything. They halt the line to make another attendant is get them a new six-pack because they found a dent in one of the cans and paw through their fast-food orders in the queues and demand a discount because the burger joint forgot mustard on their sandwhiches.
The last time I dealt with one of those, it was some old White lady, probably a Jew. Sensing that the cashier and the rest of the line were becoming irritated, I told her to please hurry up and stop being so cheap. She replied that saving all that money allowed her to retire. I then replied that, "good, now that you're retired you can buy yourself some goddamn dignity."
The cashier and the checkout line (many of whom were older adults themselves) laughed heartily while the old lady scoffed and walked out. I then chatted up the cashier while quickly entering my info in the POS terminal, "God, I hate customers. Working in stores gave me a seething hatred for them," as the crowd chuckled, the irony of my myself being a customer not lost on them.
(Score: 0, Insightful) by Anonymous Coward on Thursday April 27 2017, @09:58PM
What's much more annoying is those who are anti-Semitic. Just sayin'.
(Score: 4, Funny) by physicsmajor on Thursday April 27 2017, @03:11PM (9 children)
I, for one, love the precedent where we can now justify hacking to "cure" devices from dangerous and/or insecure code. Surely we're only a few steps now from removing Windows from the world!
Not entirely sarcasm, though seriously this is a dangerous precedent. Could just as easily be wielded to remotely wipe 'commonly used hacker operating systems' via something like a malicious systemd backdoor.
(Score: 0) by Anonymous Coward on Thursday April 27 2017, @03:13PM (2 children)
RMS predicted this day would come. Government will change your root password and refuse to tell you what it is.
(Score: 2) by DannyB on Thursday April 27 2017, @03:30PM
Many people have predicted bad things in one form or another. I still think our government is broken and cannot be fixed. General Warrants are just another symptom.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 0) by Anonymous Coward on Thursday April 27 2017, @03:30PM
Root password? Hopefully nobody tells them about sudo! ;-)
(Score: 3, Insightful) by fyngyrz on Thursday April 27 2017, @03:31PM (3 children)
I read the constitution, particularly the bill of rights, as a document that made many things which would have otherwise make it easier to govern, much harder, along a consistent rationale that favored the privacy, liberty and security of the citizen far over the convenience of the government. One of the things that becomes more difficult, obviously, is the government's efforts to protect the citizens from each other.
I read the fourth, in particular, as requiring some very specific and orderly objectives be accomplished before a warrant may be issued. I see no sign that this was done. In fact I see no possibility this could have been done, given the nature of the operation.
So I'm of a mind that this is just another complete end-run around the constitution by rouge elements (FBI, judiciary) of a government that habitually operates far out of its duly authorized bounds.
I can't say I'm surprised. These particular criminals are habituated as to doing end-runs around the law. The examples are many.
(Score: 1) by fyngyrz on Thursday April 27 2017, @03:40PM
rouges/h/b rogue." Sigh.OS X / macOS is just merciless about correcting typos, and, as in the parent, it has often taken my screwups and makes them into new screwups.
I just turned the whole thing off and at least now will suffer only my own slings, arrows, and pinpricks. Too bad it's not more configurable. I wouldn't mind if it could be set up so that only hitting a distant, non-alpha/punctuation key would trigger replacement, but the indication it was thought to be needed was blatant.
<sarcasm>But Apple knows best.</sarcasm>
(Score: 3, Interesting) by DannyB on Thursday April 27 2017, @04:47PM
The fourth is now a joke. Policing has always been easy in a police state.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 2) by Phoenix666 on Friday April 28 2017, @02:03AM
Well, yes. "Parallel Construction" and "Civil Asset Forfeiture" are two sets of key words to search for for those who think it's alarmist to say what you have. Government employees know in their bones that the backlash is coming. They're trying really hard to normalize these practices now, thinking it will help them keep the lid on things. It won't. Billionaires are building bunkers and prepping like crazy, thinking it will help them stay masters of the universe after things break loose. It won't.
As much as some people hate Trump, it seems to me he was a last-ditch, quasi-nihilist response to a status quo that refuses to share, or to change. Trump is mostly doubling down on the status quo, so it won't be too long before things fall apart.
Washington DC delenda est.
(Score: 2) by kaszz on Thursday April 27 2017, @03:35PM
It's called Intel Backd^H^HManagement Engine!
Forgotten the name of the AMD equivalent.
(Score: 0) by Anonymous Coward on Friday April 28 2017, @04:19AM
"Stand down citizen, we are here for your protection!"
.....
"Keep Summer safe!"
"I don't feeel safe :("
(Score: 1, Offtopic) by c0lo on Thursday April 27 2017, @03:15PM (3 children)
So... they should try first with sergeant warrants, or even private warrants, right?
'Cause if this isn't working, the only solution would be to colonize England and rebel against US government (a pity, though, for all the wasted tea).
('ave a grin tea cuppa)
https://www.youtube.com/watch?v=aoFiw2jMy-0 https://soylentnews.org/~MichaelDavidCrawford
(Score: 4, Insightful) by DannyB on Thursday April 27 2017, @03:39PM (2 children)
General warrants, like every other abuse of power will start out as something acceptable to most people. Something that is for everyone's good. Like RICO. Like militarized police departments. Like the war on some drugs when used by certain classes of people.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 2, Insightful) by Ethanol-fueled on Thursday April 27 2017, @05:00PM (1 child)
1. NSA mass-plants "Russian" malware on anything they can, particularly those who have been flagged as political enemies.
2. FBI mass-hacks all computers with malware, and oh lookie-here what did we find, let's pay them a visit.
3. ???
4. Profit!
Because, son, American laws, and the physical and mental gymnastics used to get around them, are just weird like that. You wouldn't believe the shit people go through to justify their budgets.
(Score: 2) by kaszz on Thursday April 27 2017, @05:24PM
A budget is always looking for expenses to justify next years budget. ;-)
(Score: 2) by kaszz on Thursday April 27 2017, @03:30PM (12 children)
If people actually bothered to secure their devices. This incident would not had happened in the first place. So the advice will go unread in most cases. Once these poor IoT devices are relieved from that evil botnet. They can happily again be infected by some party the powers that are, likes better.
(Score: 3, Insightful) by DannyB on Thursday April 27 2017, @03:45PM (11 children)
People should not have to secure their devices.
I should not have to secure my electrical wiring to be sure it doesn't burn my house down.
I should not have to secure my car from suddenly accelerating out of control.
I should not have to secure my TV.
The manufacturer should be liable for damaged caused by botnets of their IoT devices. Yes, really. For the same reason I expect my toaster not to burn my house down. It will cost the manufacturer real money to pay attention to all of the possible best practices to secure their devices and deliver updates. That cost will be reflected, as it should be, in the retail price. That leads consumers to then consider whether every individual light bulb and toaster really needs an internet connection. Another effect of putting liability upon manufacturers is that it provides direct incentives for them to cooperate (imagine that!) on developing common, secure Linux distributions as a base for their IoT devices. Spread the cost and reap the benefit of open source.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 3, Touché) by kaszz on Thursday April 27 2017, @04:05PM (4 children)
Once you invite regulations, laws and courts. It will be a corporate owned domain that will keep anyone else out using even more regulation.
(Score: 3, Interesting) by Scruffy Beard 2 on Thursday April 27 2017, @04:16PM (1 child)
It is not even regulation. Just about every software house disclaims liability.
And yes, you do have to secure your car (it is called a parking brake).
(Score: 2) by DannyB on Friday April 28 2017, @12:53PM
If the car suddenly accelerates out of control that is a manufacturing defect. See Toyota. That is not something I should have to take care of. Other brands of cars don't suddenly accelerate out of control on their own without being commanded to accelerate.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 3, Interesting) by DannyB on Thursday April 27 2017, @04:42PM (1 child)
I'm not asking for regulations. Just liability to be imposed.
I'm not asking for any kind of certification of IoT security. I'm not asking for any kind of recognized standard to be met. Just that if your IoT device gets hacked, the liability for damages is on the manufacturer.
Nothing more.
I think it would provide all right right incentives. You wouldn't believe how many best practices there are about security for systems that handle credit card information. I would love to see even half PCI compliance requirements applied to IoT devices.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 4, Insightful) by kaszz on Thursday April 27 2017, @05:19PM
I'm not asking for regulations. Just liability to be imposed.
Liability is coded in law which means lawyers etc. And the circus will be on. What you think and wish has no automatic connection to the consequences of your actions.
I'm not asking for any kind of certification of IoT security. I'm not asking for any kind of recognized standard to be met. Just that if your IoT device gets hacked, the liability for damages is on the manufacturer.
Nothing more.
Liabilities are encoded in law and this will instead line the coffers of insurance corporations that can then make use of their oligopoly.
I think it would provide all right right incentives. You wouldn't believe how many best practices there are about security for systems that handle credit card information. I would love to see even half PCI compliance requirements applied to IoT devices.
Incentives will be perverted. And credit cards are routinely cracked because their security sucks.
Better have a specific checklist that must be adhered to before the device may be connected to a public network or any wireless mechanism. That will give manufacturers a clear target and give less space for lawyers and insurance corporations to screw people.
Otoh, BrickerBot perhaps does the job with security compliance quite good ;)
(Score: 2) by tibman on Thursday April 27 2017, @04:18PM (4 children)
If you plugged in your toaster and made it publicly accessible then i can guarantee it will catch fire at some point. Someone will be trying to smelt copper in it or something. InternetOfCrap is the same way. Do you really want anonymous people talking to your security cameras? No. You really don't. You are right though, manufacturers shouldn't be shipping insecure devices and should make security updates available.
SN won't survive on lurkers alone. Write comments.
(Score: 2) by DannyB on Thursday April 27 2017, @04:45PM (2 children)
They wouldn't be shipping known insecure devices, and they would be making updates available if the liability for damages were on them. That's why I think it is a perfect fix.
The credit card industry has all kinds of security compliance requirements. (PCI) Because if their systems get hacked, guess who is liable? Clue: not the card holders.
When trying to solve a problem don't ask who suffers from the problem, ask who profits from the problem.
(Score: 2) by kaszz on Thursday April 27 2017, @05:22PM (1 child)
Liability means lawyers and insurance corporations will line their pockets with your money. If said cameras had their software open sourced. There would be a lot more possibility to take control of the security issues.
(Score: 0) by Anonymous Coward on Friday April 28 2017, @09:03AM
No, they will get a share of the money that normally goes to the IoT company itself. Yes, this may bloat the original price a bit, but I don't see that as a big problem. As mentioned before, people will quickly realize, hm maybe I don't need a toaster that connects to the internet. Companies that are bad at securing their devices will see a much larger share of their customers cash going to lawyers and insurance corporations.
I like the idea for open source, but that still doesn't give the IoT companies an incentive to install the latest patches/fixes, ... Whatever OS and packages they shipped 5 years ago are still fine to ship today, I mean, it's open source and all.
And I know you will probably come back with, "but it's open source so I can upgrade and patch it myself" and that's true. But you'll also have to patch those of your parents, grandparents, ... And YOU will have to put in effort to secure the stuff you bought, are you going to ask for a refund for every hour you spent on it? After that, when your IoT devices still get hacked, it will be very easy to put all the blame on YOU, because you patched it and messed around with it. And that time it will definitely be your money to pay for your lawyers.
(Score: 3, Interesting) by urza9814 on Thursday April 27 2017, @06:20PM
I know a LOT of companies with unattended appliances available to the public. Particularly those Kuerig machines. And while those things DO seem to commit suicide quite regularly, they DON'T usually destroy anything else along the way. And if they did I'm sure you'd win that lawsuit pretty easily.
But our legal system thinks computers are magic and hackers are evil sorcerers or some shit that nobody can possibly defend against, so they give everyone a free pass. Ore more accurately, they give big companies a free pass, and screw the rest of us as always...
(Score: 3, Insightful) by sjames on Thursday April 27 2017, @09:02PM
To be fair, if you don't secure your car, it may accellerate out of your control directly to the chop shop. Or it may coast into a tree.
(Score: 5, Informative) by requerdanos on Thursday April 27 2017, @04:26PM (1 child)
General warrants were a key reason cited by the Founding Fathers for their rebellion against King George.
While certainly a point of contention [britannica.com], and certainly a Very Bad Thing, it's notable that general warrants do not appear in the specified list of grievances [patriotsline.com] against the King that the American colonies' Declaration of Independence [ushistory.org] specified as "the causes which impel them to... separation."
(Score: 2) by Phoenix666 on Friday April 28 2017, @02:16AM
You're correct they didn't list it in the Declaration of Independence, but it inspired the Fourth Amendment; as such, it was pretty high on their list of grievances.
Washington DC delenda est.
(Score: 2, Insightful) by Anonymous Coward on Thursday April 27 2017, @04:34PM
botnets are interfering with some big company or gov service so instead of going after the manufacturers they hack people's shit? fuck the fbi. bullies and traitors.