Hacking is serious business

The internet has become an indispensible part of our lives. It's not just about sending an email. We surf it for banking transactions, online shopping, booking accommodation, entertainment, sharing our holiday pictures on social media sites like Facebook, etc. While the problems of hacking have been brought to the spotlight in our country over high profile cases like the Bangladesh Bank incident, and ATM and credit card frauds, we would be greatly mistaken to think that it is only the domain of computers that is prone to hacking. Wikileaks has just dumped a big load of confidential documentation in early March in what it states is the first installment of the "largest intelligence publication in history". Little wonder the US intelligence establishment wants Assange's head on a platter, figuratively speaking, of course. If what has been described is even partly true, the Central Intelligence Agency (CIA) has taken advantage of new techniques now available that allow vulnerabilities in the system design of "smart" devices.

We learn from released documentation that the CIA now has tools at its disposal that allow it to snoop into people's homes via "smart" TVs. Design vulnerabilities in certain Samsung products apparently allow programmers and developers to catch conversations even when the phones are switched off (a claim denounced by Samsung which states its products are secure). As smart TVs proliferate with ever new features, computers (like laptops) hooked on to these devices via Bluetooth or other connectivity standards are also vulnerable. A recent article published in The Financial Times where anti-virus guru John McAffee, who founded the popular Mcaffee anti-virus software and is now the CEO of MGT Capital Investments, stated the following: "This is the most troubling Wikileaks ever. We've learned the CIA has all the tools to spy on American citizens." While Samsung insists it takes security seriously, it warned customers back in 2015 that "if your spoken words include personal or other sensitive information, that information will be among the data captured and transmitted to a third party through your use of voice recognition."

It is not just a question of an intelligence agency using vulnerabilities inherent in the internet or other "smart" devices, cyber criminals too have picked up on these systemic flaws to exploit for profit. We learn from security experts and companies that these "holes" in the security of devices allow systems to be compromised and indeed controlled, whether they are cars, robots to lifestyle and household appliances including increasingly sophisticated cameras and even refrigerators. One incident that made the news in January was when hackers penetrated the security system of a 4-star hotel in Austria and effectively left locked guests and personnel inside in the hotel. The hackers' demanded and got paid in Bitcoin, which is largely untraceable. The ransom was paid because management didn't want any bad press. Many hotels in the aftermath of this attack have opted to forget about hi-tech systems and are going back to the good old lock system.

There are loads of examples that actually defy imagination. One of the better known attacks was the one on Airbnb, an online service that is used by millions of people to book rooms in households in cities worldwide in what is called denial-of-service, which effectively took the internet site off-line. As we get "connected" to the internet, and devices from phones to the refrigerator to the car become internet-enabled, the real cyber threat mushrooms exponentially. What has law enforcement agencies worried is how little the general public and to a lesser extent the business establishment understand how serious the threat is. The lack of perception about the very real cyber threat permeates to device designers too, i.e. manufacturers. The problem today is that any consumer device whether it is a computer CPU, a monitor or a cell phone is not designed and manufactured by one company; rather the end product is put together from parts sourced from a variety of third parties in different countries.

Hence, the challenge is to get major producers of devices onboard to invest resources of their own to counter this very tangible threat. The general public too remains mostly in the dark. The more advanced economically a country is, the greater the threat. There are increasing calls to make manufacturers liable for insecurities or vulnerabilities in their devices. Indeed, Vizio, a manufacturer of smart TVs had to dish out USD 2.2million in February in a settlement with the US Federal Trade Commission. It is a start, but without bringing China on board, such efforts will be a spit in the ocean.

While most of the headlines concentrate on advanced nations of the West and East, it does not mean countries like Bangladesh are less susceptible to this online threat. The Bangladesh Bank was the first big scam to hit the headlines. Law enforcement agencies have had their share of success in nabbing some gangs involved in credit card and ATM forgery. However, without educating the public and developing comprehensive policies and security systems (not just for the financial sector that is increasingly online), our efforts to fend off scams are simply not going to be enough. And what about safeguarding our State and company secrets? While the military hopefully have their systems locked down, how aware are we about putting up server passwords with proper encryption that has been vetted by companies with a solid track record in cyber security in the public sector? Effecting information leaks through cyber attacks by foreign and local interest groups is a palpable threat. We are not talking simply about policy documents, but other sensitive data too. For instance, tender plans for major acquisitions in whatever sector could be worth a lot of money for companies interested in biddingas we go increasingly "paperless". Is enough being done to stop cybercriminals from hacking into land deeds, banking records, utility billing, etc. as we go "digital" with our records? How "secure" are the servers in the corporate world? Everything from human resource records to financial information could literally be up for grabs given our general lack of understanding of the threat. These are current threats and we must wake up to them. A failure to do so is not really an option in the digital world.

The writer is Assistant Editor, The Daily Star.