In this episode of the podcast (#101): will the Internet of Things enable a glorious future of intelligent and subservient “things”? Or will it birth “ink jet nation:” a dystopia of closed and expensive technology silos that use patents, software licensing and lawsuits constrain the use, reuse and repair of connected things? We talk to author and activist Cory Doctorow following his keynote at last week’s Security of Things Forum. Also: the city of Atlanta has made headlines after a ransomware outbreak crippled city services. But the city may have more to worry about: wireless phishing attacks targeting government employees and elected officials. We speak with Dror Liwer of the firm Coronet about what they found.
Ink Jet Nation?
Surely at the check out line at the office supply store, you’ve wondered why it is that a slim cartridge of ink the size of a credit card sets you back close to $30. Printer ink, on a per ounce basis, is among the most expensive stuff you can buy. Depending on the brand, it can be more expensive than Champagne, caviar or Chanel No. 5 perfume. And we know that manufacturers like HP and Dell aren’t harvesting the stuff from the bellies of Sturgeon.
Why so expensive? Well, because printer manufacturers have been very successful in creating product ecosystems that make it nigh impossible to use ink jet cartridges made – or even serviced by anyone else but them. That has included unsuccessful attempts to sue companies that refill spent inkjet cartridges, accusing them of patent violations. Still, despite losses in court, the defacto ink monopolies of HP, Dell, Lexmark and others have allowed those companies to name their price, and demand that their customers pay it.
Printer ink is one thing. But what if companies that made cars, home appliances and medical devices were to pursue the same strategy? What if your Kitchen Aide toaster would only work on Kitchen Aide brand bread? What if your GE dishwasher only started when loaded with GE-approved plates, dishes and cutlery?
The Internet of Things may be tilting us in that direction, says author and activist Cory Doctorow. Speaking ahead of his keynote presentation at The Security of Things Forum last week, Doctorow said that the penetration of software into our daily lives and physical environments creates the pre-conditions for a future in which computers are no longer powerful tools that enable us to do lots of things, but software constrained stuff that insists on us doing things in ways that the device maker intended. In the first part of this week’s podcast, we sit down with Cory to talk about what he calls the coming “war on general purpose computing.”
Threats in the City
The City of Atlanta made news back in April when it was revealed that the city had expended some $2.5 million dollars to try to recover from a ransomware outbreak involving the SamSam ransomware program – far more than the $50,000 ransom that was initially demanded.
But hopes for a recovery may have been premature. In early June it was revealed that the extent of damage from the outbreak and the cost of recovery were greater than first reported. One third of the city’s 424 necessary programs were knocked offline in the attack – 30 percent of them mission critical. The City Attorney’s office lost all but six of its 77 computers and 10 years’ worth of documents, while the police lost their dash cam recordings, the web site Engadget reported.
The cost of the cleanup may well top $11 million or more, according to recent statements by city officials on the progress of the clean up. How did this happen to one of the nation’s largest municipal governments? While we don’t know of the origins of the outbreak, reports indicate that the ransomware outbreak didn’t come out of nowhere. Red flags had been raised about compromised systems on the city’s network for months before the March SamSam infection. And that may not be all. Our next guest, Dror Liwer of the firm Coronet said that his company detected a long-running wireless spear phishing campaign centered on the city government, with rogue hotspots imitating official government networks and used to attack government employees and elected officials alike in recent months.
In the second segment of our podcast, we sat down with Dror to talk about Coronet’s research and a larger survey the company did of the cyber security of large metropolitan areas. Liwer tells us that public sector organizations – like their private sector counterparts – are often unaware of wireless threats like rogue wifi hotspots. The acute demand for Internet access at all times everywhere, he says, makes it easy for malicious actors to convince workers and public officials to drop their guard in their drive to get connected.