Europol: First Online Murder to Happen in 2014
I saw the strangest story on MSN the other day, “First online murder to occur by end of 2014, Europol warns“.
I was perplexed. I scratched my head as I wondered what in the world are they talking about. Go ahead, and read the article. It’s rather chilling! It’s like the stuff of science-fiction becoming reality!
If this surprises you, I have to ask have you heard of Stuxnet? It was a computer worm that was used to infiltrate Iran’s nuclear plants. NOVA had a special on it, “The Rise of the Hackers“, that was absolutely spellbinding. If you haven’t seen it, I highly recommend it.
Yeah because Cheney is 1 person you can totally trust.
Only on a hunting trip Linda. Im sorry, I couldn’t help myself with that one. I know it was aweful, but a little funny? Lol 🙂
It’s hard to wrap my brain around the great technology that saves a life, & someone’s desire for finding ways to make it do the opposite as fast as they can. Why? Greed?
Greed and just plain wickedness. Some people get off taking another’s life. Power maybe?
I don’t know about by the end of 2014, but yeah, this isn’t far off the mark if you ask me. I’ve had SO many experiences with computerized systems being abysmally unsecured that I won’t be shocked in the least when this happens. That’s assuming that it hasn’t somewhere already and just wasn’t caught (although more likely computer manslaughter than computer murder– so far murder would most likely fall under the purview of governments rather than individuals).
As one example, our work computer system cost us something like $20,000, and when it malfunctioned one time and we had to call support to get them to fix it and the only thing they could do was do a full system restore, they couldn’t figure out what the password was to the hidden system that did the restore for the computer with that serial number, so after about 30 minutes of waiting while they tried everything they could think of (when the store was about to open with the system non-functional) I went in and bypassed it by pressing a whole 3 keys on the keyboard– and that would have worked no matter what the password they’d set was. They hadn’t bothered to actually disable the method that allows you to bypass the password after setting it up, and this is an image that’s on EVERY SYSTEM THEY SELL TO EVERY CUSTOMER. 3 keys will literally give you full, unfettered access to every system they’ve ever produced. Unbelievable! Even my “toy” virtual machines weren’t set up that way!
They also had a bug in their online ordering system that allowed a malformed request from a customer placing an order to bypass having to actually pay anything for their order– and this bug worked in a way that hid that fact from the managers or owner of the store using the computer system and doing the reports and paperwork at the end of the night– from the end user’s perspective, it looked exactly as if an employee had simply pocketed the money right out of the till. I caught it, figured out where it was coming from (in our case it was always one particular customer on nearly every order), we reported it, and they never fixed it because THEIR system that the orders had to go through was set up to only log the single most recent transaction– but for ALL of their clients, not just our company, so they would literally have to catch a customer placing that order and then take the system offline exactly at that moment to trace it. We lost about $200 on that glitch before our owner took the drastic step of just cancelling his online order/website from them, but now we’re a delivery company in 2014 who has no website and no way to order anything from us online, which is obviously a small kind of business suicide.
And those two stories are only the tip of the iceberg! Businesses will need to change radically and soon if we hope to ever avert a disaster. I don’t think it’ll happen personally, I think we’re all just going to have to learn to adapt to living amid criminal disaster after criminal disaster.
When ur talking about in your case it was one particular customer, do you mean that one person was aware of the glitch n was taking advantage on purpose? And if so, they had prior knowledge of that problem? Or the glitch just always occurred with that one customer for a reason unknown to the customer? Because that makes sense for who is criminally responsible, the customer or the computer system providers. Either way, it’s going to be hard to protect against. You will have to pay the criminals to release ur own systems to u if ur not prepared. Like when small business owners paid the mob not to rob them. Same concept?
I forgot to check back on this. The one customer didn’t seem to be aware of it the first time it happened– I delivered it to them and the label said it was free, so I figured we had messed up and were fixing the order, but the customer had money in hand to pay for the order and seemed confused that I wasn’t collecting for their order. But then they kept doing that same order over and over again after that, interspersed with other orders that came through normally, so I think they must have figured it out somehow.
Thankfully I had noticed after that order when I got back to the store that on my driver’s tag– an itemized receipt basically– it showed that there was tax on the order even though the subtotal and total were zero. That discrepancy stood out to me so I looked at other orders that were legitimately free (gift certificates, fixing mess ups, donations) and sure enough– there was no tax listed on those. That’s when I put it together why the customer was confused the first time and brought it up to the owner who then told everyone to keep an eye on orders from that customer and go in and manually edit them before sending them out.
I don’t have any idea whether any other customers were exploiting that same bug or not, but I never saw any (or maybe one other order once). We tried and tried and tried to get it fixed to no avail, because the POS system vendor seemingly had no interest in fixing the system to actually LOG more than one transaction, so they claimed they couldn’t track it down unless we called them while that customer was ordering– except that it was a bug with their online ordering system, not our computers, so we had no way of knowing when they would order or not. It was the most idiotic thing I’d ever encountered (well, not really, but it ranks right up there). Eventually our owner just told them to cancel the online ordering contract, which they tried like heck not to do, so he told them fine, cancel it or not, but he wasn’t going to pay them for it anymore. So once that happened, they finally cancelled it. It was ridiculous. I’d love to name names because this company sure deserves it, but I don’t want the hassle.
I can’t help but wonder where that missing money actually winds up too. This customer ordered to pay by cash so in our case it was just lost on the books or in the deposit (or the employees’ tips), but if the bug worked on credit card orders too, then that could be a pretty serious accounting problem because you’d either have money showing up that shouldn’t, or money missing that should be there, and no way to account for it or know what happened. Multiply that by the millions of customers whose orders could be affected on probably tens of thousands of systems and that’s a TON of missing money.
I guess one solution is for providers to be more accountable for their systems and consequences of breaches. I wonder what an economist (or the law) would think? As it is I don’t think there is much recourse. Three keys! That’s laughable. The business is lucky to have you Keith.
“Internet of Things” devices are going to be an issue, but I don’t think they’ll be a major issue for several years since they’ll remain uncommon. There are also already many existing ways to attack someone’s network. IoT devices tend to have security issues since they’re often formed by very small startups without any engineers knowledgeable about security. The startups are concerned about scaling, and I believe this will be fixed in the longer term. I’m much more worried about hospitals and utilities.
Right now, computer security experts consider it easy to remotely access hospital machines. Medical systems tend to be more technologically outdated than government / business systems. Security issues tend to not be patched since there’s no incentive and it’s difficult to distribute the fix to the medical systems. Computer security experts in the medical field get paid the least out of any type of computer security expert.
Utilities have similar issues, and also have an extremely hard time attracting the best engineers. The only thing they have going for them is that most malicious people attack for profit, not destruction.