Follow Slashdot stories on Twitter

 



Forgot your password?
typodupeerror
×
Security Government

Director of National Intelligence Warns of IoT Security Threats (engadget.com) 36

According to Director of National Intelligence Daniel Coats, IoT devices may be used to shut down US intelligence operations in the future. From a report: At an open hearing today, the Senate Select Committee on Intelligence (SSCI) heard testimony on the worldwide threat assessment of the US intelligence community. Coats' opening statements included a warning of the dangers of poor smart device security as well as the continued inevitability of Russian cyber threats. Coat's testimony lists these concerns first, with Russia topping the list of enemy actors. Coats says that the Kremlin has taken a much more aggressive "cyber posture," which "was evident in Russia's efforts to influence the 2016 US election." Coats' report (PDF) also says that Russian actors have conducted attacks on critical infrastructure networks, even going so far as to pretend to be third parties hiding behind false online personas. "Russia is a full-scope cyber actor that will remain a major threat to US Government, military, diplomatic, commercial, and critical infrastructure," says Coats in the written version of his statement. The document notes that China, Iran and North Korea, as well as terrorists and criminals, are also threats. Coats also spoke at length about "smart" devices, which have increased the number of vectors that hostile actors can attack. The denial-of-service (DDoS) attacks that we already see will only become more prevalent. These botnets use weakly-protected IoT devices to overwhelm websites and other networks. "In the future," Coats says in his report, "state and non-state actors will likely use IoT devices to support intelligence operations or domestic security or to access or attack targeted computer networks."
This discussion has been archived. No new comments can be posted.

Director of National Intelligence Warns of IoT Security Threats

Comments Filter:
  • by Anonymous Coward

    How much do we spend...and their saying they can't handle a country that has nowhere close the budget? Seems like USA will always be #2, ooooor, they want to justify a bigger bloated budget and Russia is the ever convenient scapegoat because we have to have an enemy to justify these expenses.

    • by AHuxley ( 892839 )
      How is the CIA going to get into an interesting washing machine if the home network is now secure?
      CIA Chief: We’ll Spy on You Through Your Dishwasher (03.15.12)
      https://www.wired.com/2012/03/... [wired.com]
      "particularly to their effect on clandestine tradecraft"
  • by turkeydance ( 1266624 ) on Thursday May 11, 2017 @03:57PM (#54402091)
    nothing new was revealed
  • A little late to the game...

  • Make the security of IoT devices easy to visualize. Have a single picture showing all the open ports and services and not have things like anonymous Samba shares enabled down three directories of a webpage configuration system.

    Even loading bays have better visualizations that most of these systems:

    https://previews.123rf.com/ima... [123rf.com]

  • My X10 is locked down so hard, only my adjacent neighbors could hack into it using any X10 controller, but it's so old I doubt anybody is stupid enough to still use it. Anyway, all it does is control the front porch light. Usually.
  • . . . is all those PCs that were forcibly upgraded to Windows 10! The threat caused by IoT devices is puny in comparison. PCs easily outgun IoT devices. The damage already done by Windows malware and DDoSes has easily exceeded what IoT devices could ever dream about achieving.

    And what's more, Russian Hackers can use all the Windows 10 built in spyware to hack the next US election!

    I'd advise folks not to talk politics with their computers. Otherwise, Russian Hackers will hack your computer, and not jus

  • by Anonymous Coward

    China.. Iran... North Korea? Who have they ever hurt? Sure, a bit of posturing, but certain other countries don't just posture, they bomb, breach, kill, subvert... It's funny to see the U.S. point fingers and call others a threat, when the U.S. itself is the biggest aggresive actor on the planet.

  • He's right. (Score:4, Interesting)

    by Gravis Zero ( 934156 ) on Thursday May 11, 2017 @05:34PM (#54402587)

    The Internet of Shit is both an immediate and persistent threat because not only do these devices exist, more are being connected daily. The problem is that the companies are not getting the negative financial feedback (punishment) that they need to correct their behavior.

    I've said it before [slashdot.org] but it's worth repeating.

    IoT vendors will only secure their devices after it starts costing them money or are legally required to do so.

    The best option is to hijack the IoT devices to DDoS their makers because it creates a direct feedback loop. The more insecure devices they sell, the more it will cost them to host their company's website(s). For extra points, only target their parent company. ;)

  • "Director of National Intelligence Warns of IoT Security Threats"

    By "IoT", does he mean the "Internet of Trump"?

  • These botnets use weakly-protected IoT devices to overwhelm websites and other networks. "In the future," Coats says in his report, "state and non-state actors will likely use IoT devices to support intelligence operations or domestic security or to access or attack targeted computer networks."

    Not to worry. There might not be a functioning Internet around for a while.

    Last Friday enough information came out about the Intel AMT authentication bug to let people of ordinary skill construct a worm using it for transport, which could take over the bulk of the Internet-connected Intel-based devices - or at least the subset run by IT shops which use AMT for remote administration. This could easily be weaponized to effectively take out the Internet, quickly, for substantial periods of time, and possibly repeatedly.

    The bad guys have had almost a week to work on it now. If we don't start seeing some fallout by next week, it just means that everybody who's doing it is saving it for a big hit, and/or is very good at stealth (with the stuff they're already spreading).

    But given how many could be playing, I find it hard to believe SOMEBODY won't screw up and do something visible by accident. (Something like the claim that the Morris Worm was an experiment that escaped the lab during development.)

    = = = = =

    (After 48 years it's finally my turn to publish an "Imminent Death of the Interenet Predicted" posting - even if it's at least half tongue-in-cheek. B-) )

  • If they would play video games they would be very aware of cheap DDoS and their love of Internet of Shitty Things. Next up will be saying that all IoST must run on the Federal Approved OS. Win98 or Win Server03.

To be is to program.

Working...