Cybercrime has many faces. Let’s see how it can impact our lives, money, and security in the foreseeable future.
The Phantom Threat
Back in 2015, a strange photo collage has been roaming throughout the Russian web. It depicted a hacking attack aimed at an oil refinery located somewhere in Tatarstan (a Russia’s region).
The nameless “author” of this attack planned a “prank”. His intention was to cause a slight disarray in the server system that controlled the refinery, trolling the server engineers.
However, this escapade caused some chaos: pressure in the pipes was lowered. The refinery couldn’t resume working for a few hours. Even the local news covered this force majeure.
Skip forward to 2021. The sunlit Texas. Here, in the Lone Star State, the Colonial Pipeline begins — a gargantuan gasoline-carrying vein made of 5,000 miles of pipes.
Attackers, nameless and faceless as usual, sabotaged its work with a ransomware. As a result, the entire US energy industry was halted for a brief moment.
This caused a real panic. Planes couldn’t take off — there was no fuel. People flooded the shops in certain areas buying out the groceries.
All this happened thanks to a tiny bunch of vulnerabilities that perpetrators were patient enough to locate. And exploit.
Luckily, that attack was stifled. But no one can guarantee that the future attacks won’t cause a pandemonium on a national level, Mr. Robot style. Unless some countermeasures are taken.
Biometrics: Friend or Foe?
Speaking of vulnerabilities. Poorly protected pieces of code aren’t the only way to produce a pretty devastating attack.
We have security cracks and crevices all around us: in our homes, offices, smoothie shops. A simple phone can be riddled with backdoors, attracting e-criminals like a magnet.
You probably use face unlock. And you probably think that it’s an ‘ultimate” protection barrier: it’s pretty hard to steal someone’s face, right? Well, it’s not that hard anymore.
Previously, to hack this feature, a criminal would’ve had to steal your phone. Then nick a high-definition portrait of you — Instagram is the best place to find one.
Finally, the fraudster would print a colored photo, hoping the phone will recognize your 2D facsimile, removing the lock.
Well, things change. As the Antispoofing Wiki (https://antispoofing.org/) reports, A camera can be tricked remotely. To achieve that a hacker needs to secretly install a piece of malware that will alter the camera input that your phone receives.
Then a truly macabre technique comes into play. With an app like Face2Face, a perpetrator can literally wear your face like a mask. Only digitally.
Even if the security system is challenge-based — meaning it may ask you to smile or blink to know it’s really you — a perp can easily bypass it.
He will blink if asked. He will politely nod or happily smile. And the face-altering app will take care of the rest. Making it appear as if the actual you were doing these grimaces.
This technique is called digital face manipulation. It encompasses a broad spectrum of threats.
So, the next time you see a public figure confessing that he/she belongs to an alien reptile species, don’t rush to grab an emergency tin foil hat. Probably, it’s just a face manipulation.
Rise of the Machines
We can’t really feel safe in our living rooms either. Blame it on the Internet of Things (IoT for short).
As stats show, there are 10 billion active IoT gadgets in the world. This gizmo army is expected to grow rapidly, “recruiting” up to 30 billion gadgets by 2025, according to Statista.
Doorbells and locks. Clever thermostats and light bulbs. Voice assistants and light switches… They all form a constellation of smart gizmos ready to serve you at a fingersnap.
But this constellation can quickly turn into a complex spy web. As research shows, IoT devices are actually poorly protected from attacks.
The problem: hardware/software limitations in the IoT industry exist to make these devices affordable.
Extra security measures would result in gigabytes of extra code and tons of sensors, chips, and other whistles and bells. It’s just business, nothing personal.
Hence, the so-called spoofing attacks aimed at IoT are quite alarming. For example, such an attack can make your roombot eavesdrop on you. If you think that it sounds comical, hold your witty remarks.
In 2019, the US counterintelligence warned that China can use its gadgets to spy on people, including the American citizens.
A similar report from Wikileaks, dated back to 2018, mentions that the same tactic is employed by… the CIA.
That’s right: your smart TV could be listening to your existential crisis tirades caused by domestic chores right now. Right this minute.
On a more serious note, IoT spoofing attacks can lead to a tragedy. You’ve probably heard of the Owlet company and their baby heart monitors.
It 2016, it was revealed that these heart monitors were extremely hackable. Perpetrators could potentially tamper with the heart rate data of a little person.
This interference could easily result in child deaths if an attacker decided to hide the abnormal heart rate signals, replacing them with the normal ones.
Picture: This guy can be spying on you. (And the cat too)
Stopping the Spoof Troop
From a hijacked roombot to a national chaos — the hacking and spoofing attacks can cause it all.
Especially now, when regular people — who know nothing about the art of coding — can produce believable deepfakes, synthesize voices and benefit from the wonder of social engineering.
Luckily, there’s a hope that the Era of Simulacra won’t take over. (Staying in the only place where it belongs — Instagram).
Antispoofing and liveness detection are the key elements in preventing all this cybernetic mayhem.
With the little help from these two friends, we can feel safe. Perpetrators won’t be able to mimic your voice and call your family, bank or boss to borrow money “on your behalf”.
Public figures won’t be slandered with another pornographic étude. Planes and cars won’t be hijacked midway. And our sensitive info — like your favorite yogurt topping — won’t be stolen.
Antispoofing can shield us from all this. Wanna know how? Stay tuned to learn more about cyber threats and how we can tackle them.
