Director of National Intelligence Warns of IoT Security Threats (engadget.com) 36
According to Director of National Intelligence Daniel Coats, IoT devices may be used to shut down US intelligence operations in the future. From a report: At an open hearing today, the Senate Select Committee on Intelligence (SSCI) heard testimony on the worldwide threat assessment of the US intelligence community. Coats' opening statements included a warning of the dangers of poor smart device security as well as the continued inevitability of Russian cyber threats. Coat's testimony lists these concerns first, with Russia topping the list of enemy actors. Coats says that the Kremlin has taken a much more aggressive "cyber posture," which "was evident in Russia's efforts to influence the 2016 US election." Coats' report (PDF) also says that Russian actors have conducted attacks on critical infrastructure networks, even going so far as to pretend to be third parties hiding behind false online personas. "Russia is a full-scope cyber actor that will remain a major threat to US Government, military, diplomatic, commercial, and critical infrastructure," says Coats in the written version of his statement. The document notes that China, Iran and North Korea, as well as terrorists and criminals, are also threats. Coats also spoke at length about "smart" devices, which have increased the number of vectors that hostile actors can attack. The denial-of-service (DDoS) attacks that we already see will only become more prevalent. These botnets use weakly-protected IoT devices to overwhelm websites and other networks. "In the future," Coats says in his report, "state and non-state actors will likely use IoT devices to support intelligence operations or domestic security or to access or attack targeted computer networks."
Re: (Score:2)
Maybe it has something to do with pfSense?
What difference doe it make? (Score:1)
How much do we spend...and their saying they can't handle a country that has nowhere close the budget? Seems like USA will always be #2, ooooor, they want to justify a bigger bloated budget and Russia is the ever convenient scapegoat because we have to have an enemy to justify these expenses.
Re: (Score:2)
CIA Chief: We’ll Spy on You Through Your Dishwasher (03.15.12)
https://www.wired.com/2012/03/... [wired.com]
"particularly to their effect on clandestine tradecraft"
At an open hearing today (Score:3)
Hmmmm... (Score:2)
A little late to the game...
Better visualization on configuration websites (Score:2)
Make the security of IoT devices easy to visualize. Have a single picture showing all the open ports and services and not have things like anonymous Samba shares enabled down three directories of a webpage configuration system.
Even loading bays have better visualizations that most of these systems:
https://previews.123rf.com/ima... [123rf.com]
Stupid smart (Score:2)
An even bigger security threat to US security. . . (Score:2)
. . . is all those PCs that were forcibly upgraded to Windows 10! The threat caused by IoT devices is puny in comparison. PCs easily outgun IoT devices. The damage already done by Windows malware and DDoSes has easily exceeded what IoT devices could ever dream about achieving.
And what's more, Russian Hackers can use all the Windows 10 built in spyware to hack the next US election!
I'd advise folks not to talk politics with their computers. Otherwise, Russian Hackers will hack your computer, and not jus
Pointing fingers (Score:1)
China.. Iran... North Korea? Who have they ever hurt? Sure, a bit of posturing, but certain other countries don't just posture, they bomb, breach, kill, subvert... It's funny to see the U.S. point fingers and call others a threat, when the U.S. itself is the biggest aggresive actor on the planet.
He's right. (Score:4, Interesting)
The Internet of Shit is both an immediate and persistent threat because not only do these devices exist, more are being connected daily. The problem is that the companies are not getting the negative financial feedback (punishment) that they need to correct their behavior.
I've said it before [slashdot.org] but it's worth repeating.
IoT vendors will only secure their devices after it starts costing them money or are legally required to do so.
The best option is to hijack the IoT devices to DDoS their makers because it creates a direct feedback loop. The more insecure devices they sell, the more it will cost them to host their company's website(s). For extra points, only target their parent company. ;)
Re: (Score:2)
The S in IoT stands for security.
IoT? (Score:2)
"Director of National Intelligence Warns of IoT Security Threats"
By "IoT", does he mean the "Internet of Trump"?
Re: (Score:1)
Probably something more closely related to this [slashdot.org]
Clearly a New Safe System Calls for a new Acronym (Score:2)
Introducing The...
Secure Home Internet Of Things
We like to call it
SHIoT
*NOTE* Marketing Meeting in the cafeteria at 7:00 AM to discuss the new SHIoT campaign. All hands on dick!
Sincerely,
Cedrick Rashbottom
Director of Sales
Don't worry, Imminent Death of Interenet Predicted (Score:3)
These botnets use weakly-protected IoT devices to overwhelm websites and other networks. "In the future," Coats says in his report, "state and non-state actors will likely use IoT devices to support intelligence operations or domestic security or to access or attack targeted computer networks."
Not to worry. There might not be a functioning Internet around for a while.
Last Friday enough information came out about the Intel AMT authentication bug to let people of ordinary skill construct a worm using it for transport, which could take over the bulk of the Internet-connected Intel-based devices - or at least the subset run by IT shops which use AMT for remote administration. This could easily be weaponized to effectively take out the Internet, quickly, for substantial periods of time, and possibly repeatedly.
The bad guys have had almost a week to work on it now. If we don't start seeing some fallout by next week, it just means that everybody who's doing it is saving it for a big hit, and/or is very good at stealth (with the stuff they're already spreading).
But given how many could be playing, I find it hard to believe SOMEBODY won't screw up and do something visible by accident. (Something like the claim that the Morris Worm was an experiment that escaped the lab during development.)
= = = = =
(After 48 years it's finally my turn to publish an "Imminent Death of the Interenet Predicted" posting - even if it's at least half tongue-in-cheek. B-) )
Re: Imminent Death of Internet Predicted (Score:2)
(After 48 years it's finally my turn to publish an "Imminent Death of the Interenet [sic] Predicted" posting - even if it's at least half tongue-in-cheek. B-) )
Complete with a typo, of course. B-) We MUST be traditional about these things.
Now they figure this out? (Score:1)