Monday, September 12, 2016

Astronomical cybersecurity

Today, one year ago...

Planets, satellites, comets, stars, galaxies and dark and interstellar materials, among other issues. It’s hard to get bored when you are interested in Astronomy, because we could be talking about millions and millions of subjects of study. In a similar way, it’s hard to get bored in cybersecurity, where figures can often be astronomical, and where there is a whole universe full of malwares, ransomwares, social engineering attacks, denial of services, espionage campaigns and advanced persistent threats. If someone gets bored here it's because he or she wants to. Today, as one year ago.
Precisely because one year ago we heard about the “astronomical” attack that was being prepared against 430 million emails, with the aim of installing the banking malware Dridex in the greatest possible number of British devices. The operation, discovered by Fujitsu, put immediately on guard (even more) the intelligence services in the country. The Government Communications Headquarts had no choice but to alert the multiple agencies involved, including banks, government institutions and large corporations.

Also astronomical is the permanent harassment that US intelligence services suffer from Russian criminals (or at least that’s what they say). In this particular meteor shower that is shaking the CIA, the FBI and the NSA, among others, the month of September -last year- brought us the news about the bank details exposure from employees at the Pentagon. The operation affected no less than 4,000 civilians and military members that were working for the US Joint Chiefs of Staff.

If there is something destined to shine in the cybersecurity firmament it is the university supernovas. However, a year ago, an investigation by Security Scorecard put the Massachusetts Institute of Technology in a very bad place in a ranking regarding cybersecurity policies: the penultimate of… 485 educational institutions.

Like the planets, millions and millions of messages and conversations are set daily. And like the planets, the vast majority of them have no intelligent life. But usually, some of them become a topic of particular interest. Exactly 365 ago, the Sydney Morning Herald published that Vodafone admitted they had been spying on journalist Natalie O’Brien, who five years earlier had reported serious vulnerabilities in devices by this company. Needless to say it was an illegal espionage.  

Y para cuerpos celestes infinitos, imaginemos la cantidad y variedad de movimientos, así como registros biosanitarios, auditivos y gráficos que puede almacenar un smartwatch. Casi infinito, ¿verdad? Pues eso no es nada. Hace un año supimos que gracias a un "reloj inteligente" se puede saber qué teclea en un teclado físico la mano de la muñeca que porta dicho reloj. Información que en las manos inadecuadas puede ser letal.

And speaking of infinite celestial bodies, let’s imagine the amount and variety of movements and biomedical records that a smartwatch can store. Almost infinite, right? Well, that is nothing. A year ago, we found out that thanks to a “smart watch” we can guess what a hand is typing on a keyboard. Information in the wrong hands can be lethal. 

So, just by reading the news and keeping updated on what happens in cybersecurity, you have lots of reasons to not get bored. And if reminding you what happened over a year ago encourages you to remain vigilant, we all win. Every time you become aware, the entire network benefits. Local awareness with universal results.


Post a Comment