The New Cyber-Revolt

I’m feeling better enough to not shamble, but still cough a lot and have gunk in my lungs. Does this mean I’m on the mend? Dunno.

We are in the middle of our most recent cybernetic revolt. I say most recent because for this to qualify, it would mean prior zombie botnet attacks would also have to qualify, though those aren’t merely cybernetic devices turned purely against their former masters, rather devices that were repurposed through intentional security penetration (id est, hacking) probably indirectly, though some kind of virus or trojan that inserts itself through an innocuous vector (we’re way beyond kiddieporn4you.exe). Once the malware’s payload is executed, the new zombie dials up its new master to say it’s awaiting orders.

Whether or not an All Your Base Are Belong To Us attack counts as a cybernetic revolt depends on what qualifies a cybernetic revolt. Not initiated by human intent? Automatons attacking their former masters? Directed by a centralized artificial intelligence? For me, the answer to all of these things is not necessarily.

Today, we’re in the dawn of the era of the Internet of Things or IoT. We’re giving computers, even the internet, access to devices that can affect our environment. For now, it’s just tea kettles and thermostats and refrigerators and electrical outlets.

So far, our cautionary stories have been of the haunted house of the future variety where a house is ambiguously fully-automated, to the point that it can bake pies from scratch, and fold laundry then it starts showing human emotional qualities leading ultimately to murder. It electrocutes dead the daughters rapey boyfriend. It vacuums up the annoying yappy dog. Mom discovers these weren’t accidents but before she can say anything the AI locks her in the shower and cooks her with scalding water. Then it drops the garage door on the son making a run for it. In short, Robot House yet another venue for the standard American slasher flick.

What the IoT era signifies is we have started developing along all three technological branches towards our killer-AI house. (Artificial intelligence, and devices that can be controlled remotely, as above. The third element is a software agent that allows the end user to easily and intuitively navigate the household’s controls (including preset general conditions, automated pie-making and so on). At this point, it’s just development before our robot house will have the capability of murder.

For now, things are…mostly harmless. Thermostats hooked up online might be twaddled to make the house uncomfortable but not to start fires. Refrigerators can be turned down to let food spoil, but that mostly makes a stinky mess. On the other hand, some cars with remote-access capabilities have been disabled while on the freeway by white-hat hackers, and we’ve discovered wireless-controlled syringe drivers and fluid pumps which could be easily hacked. Loaded with something extremely critical (say, morphine or insulin), we would have the makings of our first hack-assassination. (Assassination-hack?) To date, no such hacks have occurred, but that’s only a matter of time.

Thankfully, hacking to engage in mischief is not a new thing, and we’ve developed some pretty robust countermeasures. During the last thirty years, we’ve become savvy about all sorts of vulnerabilities, from the information-leak of common web-browsers and unsecured websites to the penetrable glitches in firewalls that separate public-access sites from private ones. These days, the internet savvy know to distrust unsecured sites, to know that corporations and nations will take undue advantage of private information (such as browsing history) and that you can have all your data held for ransom by some guy in Uzbekistan, only he’s asking you to purchase $500 worth of bitcoin to be dropped in a Peruvian account with no guarantee your data will be decrypted again. On one hand, our own governments are trying to spy on us. On the other, we have plenty of options to make sure they work dearly to see our nude selfies.

Sadly, despite all this awareness, computer security concerns have been lost on the IoT development community. All these new devices would connect to the internet with out-of-date security or with no security at all. Some stowed personal data in plaintext so that anyone who accessed the device could learn all about its owner. This didn’t change when a Samsung refrigerator was found to spill its owner’s Google account and password to an easy hack. This didn’t change when thousands of YESCO billboards set up around Atlanta stopped posting an AT&T advert instead for goatse/hello.jpg (Don’t ask. Really.) These incidents were singular enough to not be regarded as a robot uprising or cybernetic revolt.

Today’s situation is different. Now that it’s been discovered that these devices can serve not just their intended functions, but also as botnet zombies. Hackers (and not necessarily clever hackers) have an internet army at their disposal.

As it is, there are several historical DDOS attacks going on right now. That’s when a whole bunch of computers data-bomb a single site in order to prevent any legitimate traffic. Where before, a world record holding 360ish-gigabyte-per-second data-attack was considered astounding. Our new free-for-anyone botnet army is participating in multiple attacks around the world getting into the 600- to 700-gigabytes-per-second range. One particular attack, turned more than 145,000 cameras into a botnet of zombies, all sending a collective over-one-terabyte-per-second to shut down communications to and from a French webhosting service provider. It is the largest DDOS attack in history.

This is an early Cyber-revolt. Thankfully it’s small (for now).

When the robot army comes, we’re not going to care much if it’s being commanded by an AI, or some big corporate interest, or some haxxorz doing it for the lulz. All we’re going to care about is that robots are trying to kill us.

The good news is, we’re making these stupid mistakes that underestimate the resourcefulness of hackers while the the robots are small. The end result is the temporary loss of part of the internet. Maybe now these vulnerabilities will be recognized as serious. Maybe, now, we’ll recognize that data security is critical for even the most minor of connections. Maybe we can manage our IoT security vulnerabilities long before a trojan infects a hundred military drones which then blast their former masters to kingdom come.

Before there’s blood.

Wikipedia now redirects Cybernetic Revolt to AI Takeover, which I find a bit presumptuous. A cybernetic revolt may happen through some viral mechanism is rapidly distributed through connected robots and repurposes them. And it may not happen due to an AI going sentient, so much as an attempt at sabotage causing runaway consequences beyond the intent of the saboteur.

In another case, a white hat was able to hack into a simulated plane and get into unauthorized controls, such as dropping the oxygen masks. Still, the event hasn’t been replicated on a real plane (possibly because he wasn’t given the opportunity, and possibly because security on planes may have been upgraded). This caused a moral panic by which legislators wanted to pass more anti-hacking laws (really, more throw-known-hack-savvy-people-in-jail laws). Right now, hacking has the same mystique to it that witchcraft had three hundred years ago.

Some years ago, I wrote an essay (part of a tech-support ad) on safe web-browsing hygiene, including a suggestion to block scripts (e.g. Java or Flash) except from sites that you trust (e.g. large known companies). Since then, CNET has been hacked with some of its downloadable offerings replaced with malware, and Forbes, who attempts to detect and forbid adblockers has allowed sponsors that transmit malware through their scripty ads. So at this point even sites by companies one might think were trustworthy are vectors for malware.

So…back up your important data often, and get used to the notion that losing a day, or even a week of work may be an occasional risk of living on the internet.

Edits: I double posted some paragraphs. Removed. I blame my text editing software. I know it hates me.

…also, style. I fixed some confusing bits and added some numbers for perspective.


2 thoughts on “The New Cyber-Revolt

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s