Tag Archives: hacking

Is the “Internet of Things” making us more vulnerable to hacking?

The Internet of Things (IoT) is a general concept that refers to objects that have identifiable or machine-readable information, which can be managed by computers. The long-term goal is for every device and person to be equipped with identifiers that are all linked together.

The idea seems fascinating and innovative, but it raises a lot of issues, particularly issues related to security. For instance, last month we learned that the largest hacking scheme of Target’s financial system was done through a HVAC system. As things we use for everyday living begin to have online capabilities, our lives and the Internet of Things become increasingly interconnected. As we see now with the increased commercial use of things like NEST technology’s thermostat, we can control every system in our home without even leaving our seats. That sort of convenience helps its users but leaves the door wide open for those who have ill intentions.  IoT gives others the ability to hack in and control certain aspects of our lives, by unlocking our door, turning our lights on, or disabling security systems. They even have the ability to hack into our appliances. The biggest concern of all this is that your personal data can be compiled from IoT devices. IoT’s data includes information about its user’s location, how many people are in the home, when one arrives or leaves their home.

The IoT is an economically expanding system. With over 20 billion devices set to be “internized” by 2020, it creates a breeding ground for data collectors. Even software that allows users to counter security threats is still susceptible to hacking.

All we can hope for is that with the increase of “IoT”, there is an increase in security detail.  But even then nothing is guaranteed.  What do you think about “IoT”, and the concerns it raises? Would you want every device you own to be connected? How would we go about making sure our privacy, data, etc. are protected?

Open source, opportunity, and women in software

Linux Journal recently ran a thoughtful essay by Susan Sons about females in open source and hacking communities.

Sons starts by talking about how she first engaged with the Linux community. It was the 1990’s, and Sons was around age 12. She applauds that community for including anyone who was interested and skillful — even a 12 year old girl living on a farm.

Sons goes on to talk about how her way of learning technology is very different than the way girls are typically introduced to tech nowadays, like in high school STEM courses. She seems to feel like she was introduced to technology in a healthy way. But she thinks that, unfortunately, most girls are not given the opportunity to learn about computers the way she did.

Twelve-year-old girls today don’t generally get to have the experiences that I did. Parents are warned to keep kids off the computer lest they get lured away by child molesters or worse—become fat! That goes doubly for girls, who then grow up to be liberal arts majors. Then, in their late teens or early twenties, someone who feels the gender skew in technology communities is a problem drags them to a LUG meeting or an IRC channel. Shockingly, this doesn’t turn the young women into hackers.

Her main point seems to be that, as she learned technology (on a computer at home, communicating over IRC), it did not matter whether she was male or female, and it didn’t matter how old she was. But the way we introduce most girls to technology now is much less healthy. We expect them to live up to certain gender roles — wearing make-up, dressing stylishly, projecting femininity — and emphasize those things instead of encouraging them to hack and create. Then, when girls who have never had the opportunity to learn about computers get to high school, we act like there must be something wrong with them and act like they need special help (like special classes for women in STEM).

Sons also explains how these differences in learning technology result in differences in the ways women and men are treated later as adults in technology and computer occupations. Sons also seems to think that the situation has become a lot worse over the last 20 years.

I’ve never had a problem with old-school hackers. These guys treat me like one of them, rather than “the woman in the group”, and many are old enough to remember when they worked on teams that were about one third women, and no one thought that strange. Of course, the key word here is “old” (sorry guys). Most of the programmers I like are closer to my father’s age than mine.

The new breed of open-source programmer isn’t like the old. They’ve changed the rules in ways that have put a spotlight on my sex for the first time in my 18 years in this community.

Maybe Sons’ underlying message is this: We treat girls and women unfairly when it comes to computers and technology. But the main problem is not individual cases of prejudice. It is an educational system and a technology culture that puts women at a disadvantage from an early age — primarily by having very different expectations for women and men. Is that right? If so, then it is clearly very unfair.

Sons has an interesting perspective, and I wonder if it matches what you have seen in the tech world — in school, in online communities, in the workplace.

Unit 61398

Was listening to NPR this morning and found this little gem.

A military unit from the PLA (People’s Liberation Army) known as Unit 61398 or “Comment Crew” has been hacking into U.S and other foreign firms to gather intellectual property, infrastructural data and other information that could be useful to the Chinese Government.

This hacking unit has been effectively gathering such information since as early as 2006 and has been using the intellectual property int order for China to be able to keep with the same corporations that the information is being taken from.

A group called Mandiant were the ones who traced the data back to Shanghai China and into a building which houses the military unit.

Another issue comes from the data retrieved about electrical grids and gas lines. Such data could be used to a very harmful degree.

I know that we discussed in class that intellectual property could not be stolen and that this would be considered to be found information by the “Comment Crew”, but I could see how this could in fact be considered stolen and creates a huge advantage to competing companies abroad.

Could these companies IPs be considered stolen? What about the trade secrets that were probably found as well? Would this have been viewed differently if a U.S based company was hacking competitors in order to gain an upper hand?

Aaron Swartz suicide

Ars Technica has the best short summary of the controversial life and death of Aaron Swartz that I’ve seen. It is definitely worth reading, if you have not been following this story.

The article points out what all commentators have been saying — that Swartz was a brilliant programmer, hacker, and technological innovator (and that he was only 26 at the time of his death). The Ars article is especially good because it presents a fairly clear (but maybe over-simplified) picture of how the events of the last couple years may have led to Swartz’s unfortunate death.

Swartz was an outspoken activist for free and open access to information — especially government documents and scientific publications. In 2010, Swartz (allegedly) used the MIT computer network to download millions of academic articles from JSTOR. I am not sure what his exact motives were. The Ars article suggests that it was a kind of activism or protest. What seems clear is that Swartz did not do it for personal profit. Also, as far as I can tell, he never distributed the documents to anyone. Anyway, JSTOR did not press charges but the US federal government went after him pretty hard. Apparently, he was potentially facing more than 50 years in prison.

At this point, it does not look like people are sure about Swartz’s motive for suicide. People have been speculating, though, that it was because of despair over a long prison sentence.

Swartz’s life was complex, but a simple summary still seems accurate. He had strong moral views. He worked for those views, and, in the process, ran afoul of the law. Legal issues threatened to ruin his life. So he took his own life.

Who is at fault here? Is it the fault of Swartz himself — for going too far in pursuit of his ideals? Is it the fault of the government, for prosecuting Swartz too hard (as Lawrence Lessig contends it did)? Is it the fault of society somehow? A combination? No one’s fault, just a said turn of events?