Slashdot Mirror
Security Firm Predicts "Murder By Internet-Connected Devices"
Curseyoukhan writes "Infosec vendor IID (Internet Identity) probably hopes that by the time 2014 rolls around no one will remember the prediction it just made. That is the year it says we will see the first murder via internet connected device. The ability to do this has been around for quite some time but the company won't say why it hasn't happened yet. Probably because that would have screwed up their fear marketing. CIO blogger challenges them to a $10K bet over their claim."
By 2014 this bullshit of connecting your toaster to the cloud will be a fad, and not many people will actually care to sign in to see how many farts they tweeted
And how many drone strikes have been carried out over the past 10 years?
Like maybe 2013 might be the year of murder by internet-connected device.
APK quotes people (including myself) without context and should not be trusted. Just thought you should know.
...but it looks like [SA]HatfulOfHollow has finally completed his killer device.... http://www.bash.org/?4281
> With nearly every device, from healthcare to transportation, being controlled or communicated with in some way via the Internet, IID predicts that criminals will leverage this to carry out murders.
Don't worry, my run-away killer AI drone will stop it in time.
Table-ized A.I.
Goatse certainly came close
Table-ized A.I.
I could be wrong, but didn't someone already write a TV show episode where something like this did happen? I think it was NCIS.
To place bets on the predicting of the outcome of a future murder.
Their prediction sounds awfully familiar, I wonder if they might have been watching old Tom Selleck movies while drunk. http://en.wikipedia.org/wiki/Runaway_(1984_film)
for Sword Art Online
And how many drone strikes have been carried out over the past 10 years?
The drones aren't connected to the internet, only military networks. Any peripheral traffic that happens to route anywhere out into the internet is on a secured VPN... and at that, it's only sensitive material, nothing that'll say, start world war three. The same cannot be said for, say, nuclear reactors and related industrial equipment (like centrifuges)... which apparently are. All that out of the way, who really cares what a couple of rich dudes do with their gambling money? But in the larger sense, yes, it will happen eventually as if there's one thing you can bet on long-term is that we'll find more creative ways to kill each other...
All this boils down to is one person betting on "sooner" and the other on "later".
#fuckbeta #iamslashdot #dicemustdie
Murder via internet (and a lot more), committed by someone who is dead. "Daemon" by Daniel Suarez. Interesting read. There is also a sequel, "Freedom".
Heisenberg may have been here.
Most remotely-triggered bombs made by extremists of various kinds are triggered by cellphones - so true in fact that some countries shut down their cell networks preventively. Cellphones use some kind of radio network and proprietary protocol for the last mile, but essentially, beyond that, telephony is entirely IP-based these days. You can even call a cellphone from a PC now with programs like Skype.
So I think essentially all recent bombing attacks can be called "murder by internet-connected devices".
"A door is what a dog is perpetually on the wrong side of" - Ogden Nash
Even worse than that!!!
Fear your pacemaker!!! People with heart problems will now have an increased risk of death!!!
Uh. Well you know what I mean. Fear!!!
Why would my car need a two-way comm channel on the Internet? I can possibly see reporting but accepting input? Why?
See the comments about the pacemaker above.
So what they're really "predicting" is that some engineer at some medical supply company will get REALLY stupid and build in some back-door-thing that will open the company up to all kinds of lawsuits.
Yeah, I can see that happening. Eventually. Once. And when that company is sued out of existence then, hopefully, we'll all learn that not everything needs access to Facebook.
was for sure going to be the year of Desktop Linux. Instead it's going to be the year of internet murders? Don't tell me we have to wait until Enlightenment 0.18 is fully baked?
gosh darn
guess ill just have to type letters at ya
Why would my car need a two-way comm channel on the Internet? I can possibly see reporting but accepting input? Why?
For providing entertainment and map, weather and traffic updates. That shouldn't be able to spill into the controls, but you never know.
Depending on your definition of "via internet device" all someone has to do is beat someone to death with a cell phone, or a laptop, or even run them down with a reasonably modern car. There's a good chance this has already happened.
If the definition is that the act of murder is committed remotely via the internet (a more reasonable definition), then I'm sure some bright spark will arm a civilian drone and do their deed that way. Already been done by the military, obviously, but I don't think that falls under the formal definition of "murder" if it was done during wartime, FWIW to the victim.
Another possibility is an industrial targeted virus (eg stuxnet-like) causing equipment to blow up and causing death to anyone nearby.
Fear your pacemaker!!! People with heart problems will now have an increased risk of death!!!
Uh. Well you know what I mean. Fear!!!
I think "death by wifi enabled pacemaker" is most likely. It was covered previously, so now it's just a matter of time and effort for someone actually do it. Well, it's also required that someone with a pacemaker is hated enough by someone else who has access to get the serial number, etc. and then go through with murdering him/her or find someone else with the skills and inclination. That reduces your population of potential perpetrators.
Is it possible this will happen? Yes.
In the next 24 months? Yes.
Will it be found or proved? Probably not.
I think "death by wifi enabled pacemaker" is most likely.
s/death/murder
Hasn't Apple already murdered tons of people people in the Australian desert simply by sticking "Mildura" in the wrong spot? I'm sure of it. Either that or those Maps "victims" were awfully inconvenienced, probably missing their favorite reality TV shows, which is nearly as bad.
Alot of pacemakers have wireless with none or simple security... (why i have no fucking clue why we did that...)
100% undetectable too. Heart problems in a person with a pacemaker is not suspicious at all.
Why would my car need a two-way comm channel on the Internet? I can possibly see reporting but accepting input? Why?
For providing entertainment and map, weather and traffic updates. That shouldn't be able to spill into the controls, but you never know.
Not to mention enabling higher power profiles for the ECM's on a rental basis: selling such value added services directly to consumers has been something of a holy Grail for the car industry. If they could only lock out those pesky chip trimming shops.... The possibility for remote sabotage is one reason such services haven't taken off yet.
You should keep in mind that a lot of those are already possible. Lots of medical equipment runs on windows despite the EULA saying "don't use this for life-saving devices". A few years ago a few researchers demonstrated that it was possible to access a car with wifi, disable the brakes, and engage the accelerator.
The idiot engineers that design these things don't bother implementing 1-way data transfer (e.g. allow car to report engine statistics but don't allow reprogramming remotely), encryption, or any security measures at all. They rely entirely on obscurity to prevent these devices being used maliciously.
Until someone dies, it's not a problem. When someone does die, they have enough lawyers to prevent the family that just lost someone from suing them.
-1 disagree is not a modifier for a reason. -1 troll, flaimbait, redundant, overrated are NOT acceptable substitutes.
For a bet? on murder?
*blinks*
Sounds like a contract to me.
A 'singular oddity' is an event that cannot be explained and only happens when you are alone.
One major vector that would be ripe for abuse would be a combination of "self driving car", + "malicious GPS map update".
Eg, the self driving car would have sensors to determine it is on an actual road, of course. But that doesn't stop the car from autodriving off an unfinished bypass rampway, when its map software says the road is finished.
This wouldn't necessarily be able to target a specific vehicle without a pretty sophisticated man in the middle attack, (how you would do that is questionable in and of itself, perhaps if you put the middleman directly ON the car? Malicious android device, or a raspberry pi? But if you do that, why not just put a pipebomb like normal terrorists would?) But would work with a remote DNS injection attack against an entire vehicle product line, with disasterous effects all over. The attacker just needs to know when vehicles contact the map server, poison the DNS for the server, and then serve the malicious maps to updating vehicles when they connect.
The point murder in a legal sense, something someone could be tried for murder over.
And yes, legal meaning whatever bullshit happens to be in law as what murder is.
IANAL, but drones are being treated as legal, at least for now.
What about telepresence medicine? I can see remote-operated machinery adding a layer of legal misdirection to doctor-assisted suicide attempts.
Just because it is "treated as legal" for now by the same government that is doing the strikes does not make it actually legal.
Someone should be tried for murder in many of these cases.
Unlikely, but I think quite a few deaths (not murders) may be caused because of bugs in the code controlling these machines.
I'm sure they can't wait to put them selves in a position to very publically benefit financially from the first such murder...
sudo ergo sum
I agree, in principle. However, it's reality that counts, and in reality, the murderers will get away with it because of who they are. Just like abusive cops will get away with their abuses. It sucks, but double-standards always do.
Who says no one ever did it? The only thing we can be reasonably sure about is no one was ever caught doing it... and lived to tell the story...
whahahahaha
Virtual nobody posts sensationalistic headline to grow mindshare, news at 11.
Given that more & more surgery is being done remotely over the internet surely Windows Automatic Update has already achieved this!
Build a Man a Fire, and He'll Be Warm for a Day. Set a Man on Fire, and He'll Be Warm for the Rest of His Life.
Covered here too
EULA's are different for different licenses. How do you know the one for the medical equipment says that?
There are already numerous reports of virus infections of hospital systems.
The only remaining question is whether or not an improper drug dispensing activity occurred at the same time time, with the same system.
Firm with vested interest in selling you "stuff" is *very* concerned that "stuff" might happen. Buy now whilst stocks last !
Sky subscribers are morons. They pay to be advertised at !
I predict that someone will come up with the bright idea of hooking up some medical device to Facebook. It will seem like a "good idea at the time" to someone for some reason only god knows. One of the guy's friends will submit a score challenge for a Facebook game, and trip some godforsaken undocumented bug in the API, causing the device to malfunction. All of a sudden, it will become a lot more important to have a high score in <insert game here>.
malicious GPS map update
Wasn't there a news story about some people who got lost and starved to death because of the iPhone maps?
IID predicts for 2013 that criminals will leverage networked healthcare devices to carry out murders. My counter-theory is, that the first murder probably has already occurred; we and the police just didn't notice it. So 2013 may be the year the first murder via Internet device is proven.
During a BKA (German version of the FBI) conference, i made a remark that got me nationwide media attention in 2000: "In the Internet you'll find anything but murder." I wish i could say this with the same conviction today as i did back then (http://www.heise.de/newsticker/meldung/BKA-hat-Muehe-mit-der-Internet-Kriminalitaet-16354.html).
I think those happy days Daniel Suarez envisioned have already arrived.
I would hope that self driving cars would be able to see if they are about to drive off an unfinished bypass whether or not the map says it is finished.
An "Infosec" vendor that no one knows and cares makes big prediction about how future hackers would kill you with compromised Internet devices. You need protection! We offer it! Remember our name so we stay relevant!
I would probably consider this news (that is in no way interesting and informative) if this prediction is made by Symantec, McAfee or Kaspersky. Put some obscure "IID" here and it just smells so slash-PR.
Unless someone logged into their car remotely, and used it drive into someone with the intent to murder someone, I don't think that's what they're talking about. Or maybe you think that killing someone by smashing my smartphone into their head counts too.
Tic-Tac-Toe, Global Thermonuclear War, and relationships all have the same winning move.
In particular "Killer Net" http://www.imdb.com/title/tt0127383/
Everything took longer though as they were all on dial up.
Knives wielding USB gadgets?
http://achewood.com/index.php?date=01122007
Besides cartoon characters who on earth would be dense enough to.... ...
Oh GOD!...Thinkgeek will destroy us all!
My -1 Troll is actually a +1 funny. And my -1 flame is actually a +1 insightfull.
Even worse than that!!!
Fear your pacemaker!!! People with heart problems will now have an increased risk of death!!!
I take it you haven't watched Homeland?
I came up with this idea about 3 years ago, when working with network cameras. Should have patented something right away.
Too late.
In 2012 Pakistan shut down their cell phone networks for a period of time . The reason they did this was to prevent bombings, which often use a cell phone as their trigger.
Almost all cell phones now are connected to the internet, even the very cheap ones.
Thus, the year it says we will see the first murder via an internet connected device likely has already happened.
What they mean to say is the first murder via an internet connected device that uses the internet itself to commit the murder.
But really, some of those cell phones go off when sent a text. It really is barely different for them to go off when receiving an email and more modern phones like the iPhone's texts go over the internet anyway. Even though these people are using much cheaper models, it could easily have already happened.
Big apple, new Yorik, undig it, something's unrotting in Edenmark.
When someone does die, they have enough lawyers to prevent the family that just lost someone from suing them.
They'll get sued, the lawyers are to ensure that the settlement will be inadequate, e.g., the company will remain in business.
They feared that it could be used to suppress protest or support unpopular rule.
While most scenarios they described are technically silly, there is at least no doubt that our cars will be computer controlled and connected to the Internet (and each other) in the not-so-distant future.
In the USA, millions and millions of people have guns that could easily be used to murder anybody. In Western countries in general, almost everybody has kitchen knifes that could easily be used to murder someone. I have a spade and a pitchfork that could be used for murder. Why would I worry that about "Murder by Internet-Connected Devices"?
The same cannot be said for, say, nuclear reactors and related industrial equipment (like centrifuges)... which apparently are.
In which country? Iranian equipment was not internet connected, its enemies had to infect it via USB flash drives. Which countries have worse security at nuclear facilities than Iran?
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
...with the TV remote control, that's when we were 8-9 years old. I'm pretty sure he could kill me these days with some blunt piece of electronics
Yes and? It hasn't happened because...well... there isn't a high demand for murder. Not many people want to engage in it (really, I mean, everyone says it when blowing off steam but, very few would actually do it, even if handed means and opportunity).
Planned murders like you see in movies are, by far, the exception. Not just the exception but the exceptional case of an already rare occurance. In a major city, 100-200 murders a year seems on the mid range to high side from a casual perusal of the numbers.... in populations of a million or more?
I don't doubt that it WILL happen, and I don't doubt that someone WILL get caught doing it. However, thats almost like rule 34.... of course its going to happen.... eventually. Someone is going to murder some people with a home built drone too.... ill put that prediction right out there too. It is going to happen, theres just too many people for it not to happen eventually.
However, its going to be a long time before its easier to kill someone with your internet connection than it is to grab a sharp object and shove it into their chest....or to accelerate lead slugs at them at high velocities... and it will continue to be easier to do these manually than with robots.... so I expect these to remain the extreme rare exception.
So....meh.
"I opened my eyes, and everything went dark again"
What are we talking about here? When my wife beats me to death with her iPad because I've been too busy playing Far Cry 3 for the past 2 weeks to take out the garbage or bathe?
You are welcome on my lawn.
No, proof of concept is out there in the real world, MIT published it several years ago. You can bet it's been done by now. It's in the hackerspace now, already proven.
And i would bet, with the new near field communicatons, using bluetooth protocals, or such, you could call a target from the internet, and easily stop the medical device, or reprogram the device as the article says. Just as real bad guys would do. The doctors that wrote the article were not predicting, And were probably late to the party, but showed a concept that governments, may have been exploiting, Remember about 2000, when two way communicatins was blamed for car stalling on the freeway in LA, causing accidents. Remember how the last week or so you are now hearing of the "improvements" to new cars will include the ability of the car to send and recieve information, and for the car to react to it, and you do not believe in black hats? Or tinfoil?
We can be certain of one thing: The proliferation of this idea increases the probability of it's implementation an order of magnitude.
Happiness in intelligent people is the rarest thing I know.
Ernest Hemingway
The author offered $1000 at 10:1 to the FUDsters that put this nonsense out in the first place.
Yeah, I had to look.
They feared that it could be used to suppress protest or support unpopular rule.
Thankfully the group of people who commit premeditated murder and people with the geeky skills to kill over the Internet rarely overlap.
It's the same with terrorism, people who commit those acts aren't exactly the brightest bulbs in the room, just imagine what a bunch of brilliant, well funded engineers could do.
Think invisible flying death bots.
O, we already got those, never mind then. :)
- "There is nothing quite like an ineffective solution to an nonexistant problem"
http://www.geeksaresexy.net/wp-content/uploads/2008/05/computer_bomb.jpg
And when that company is sued out of existence then, hopefully, we'll all learn that not everything needs access to Facebook.
But what better way to monitor vial signs than through tweets?
"They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety."
I hear about this one GPS that failed to say wait for ferry and showed the road as going though
Now I know why you needed access through my firewall...
You need to actually talk to some physicians, geektard - because you are so out of your depth on those comments it isnt worth trying to correct.
In his fictional book "Daemon" , Daniel Suarez showed lots of ways that Internet connected devices can whack people. Many of them are not that far fetched.
I'm not sure that the implied distinction between a human with an internet connection and a violent impulse, and a lethal device controlled by said human via an internet connection, is a valid one. Violent criminals can and do use the net to stalk their victims, acquire weapons, and research successful strategies to commit their crimes. Humans are still in the loop whether they are pulling the trigger while standing next to the victim, or while they are sitting in their mom's basement. IMHO, changing the location of the human in the loop is, at best, a distinction without merit.
that's right itches,
it's already been accomplished for entertainment purposes
the app was so good, it was only possible to record the show on external video camera
In this case, the driver should not be behind a wheel, it displays a complete lack of judgement. Or it is an urban legend. Sadly, I do not think it is an urban legend...
Tomorrow is another day...
The idea should be patented and passed on to a troll !
I guess I'm not the only one that finally finished watching the recent season of Homeland. Internet controlled pacemaker, anyone?
Remote controlled Predator drones have been used to kill thousands of people since the mid 1990's, does that qualify?
Murder by letter, murder by wired telephone, murder by flower from flower delivery man.
But it isn't considered illegal by enough countries either..
If something is so important that you feel the need to post it on the internet... It probably isn't that important.
In principle we call anyone over 18 in Pakistan "militants" and we call folks whose names show up during investigation of a terrorist sect or known terrorist operative "suspected terrorists," and claim victory when they die in drone strikes. Suspect = criminal, adult = enemy combatant. And both sides love the drone strikes, so Fox and CNN both refuse to call out our administration for this bunglefuck shit. They get all angry when "a 14 year old girl" who may in fact be a fucking sociopathic mass-murder craving killer goes on a "death list" because she's young and female and cute, but they don't say a whisper of a word about the blatant manipulative accounting of our government's continuous incidental and intentional murders of plain civilians.
Support my political activism on Patreon.
Photoshop someone burning a Koran.
Upload to YouTube.
The End.
Have gnu, will travel.
I'm sure someone has been pummelled to death with an old 90s desktop while the ethernet cable was still connected. :D
Consider the following:
A vehicle with forward facing sensor cameras will "percieve" that the road "suddenly ends" when cresting a very steep hill, because the top of the hill obstructs the camera's view of the road surface, and the road sharply descends after the crest. (Think, colorado, or just mountains in general.) Also, sharp turn in road behind visual obstacle. (Tall building, rock cliff wall, concrete abuttment, etc.)
To prevent the car from stopping dead on the highway, the vehicle has to make an educated guess about if it should proceed or not.
Does the map say the road goes through?
Does the miltiaxis accellerometer say the vehicle is embarking a steep incline?
Are there special "helper" metadata fields available from the map to Improve autodrive functions? (Like, say in TomTom maps, where there is data about speed limits, toll charges, et al.)
The vehicle has to decide if it is going to stop and rouse the drunken/sleeping driver when it approaches the crest of the steep incline, or rounds the very sharp turn of the bypass's cloverleaf off-ramp. (Or on-ramp)
Users will be 'upset' if the car whines too frequently. As such, stopping in the road and whining is a good way to get bad customer reviews. This means the car will do absolutely everything it can to determine if it should simply just go or not.
The malicious cyber-terrorist (gawd I hate that term btw..) would have done his/her research before going to the expense and legal jeapoardy of doing the DNS poison + false map server exploit. His maps will be jammed full of metadata to assure the vehicle's logic that it should "just go", and that being unable to see roadway after the cutoff of the deadly trap on ramp is "expected", and "normal". The car will dutifully follow its heuristic program, and drive off the edge, fully confident that its data is reliable and safe.
Even if the vehicle balks, if it is going at highway speeds, stopping in time to avert disaster is not garanteed, especially if inclement conditions (like ice) are present.
Sometime last night though, I had an idea for how to perform a specific user attack, via a locally present middleman.
A malware infected android smartphone.
The smartphone enables its hotspot capability, or bluetooth capability, and then serves as the connection over which the vehicle attempts a map update. The malware already likely has access to the local phonebook store (so many legit titles demand that for some reason!), and can use that information to identify a specific target, for a specific map delivery.
Unlike a carbomb, this does not require physical access to the vehicle by the attacker, but only requires the victim to carry the phone inside the vehicle themselves, as many people already do. The smartphone has a much larger attack surface than does the vehicle's navigation system, and so is easier to compromise remotely.
(However, if you wanted to target, say, a senator, you should use a bogus iOS app instead. ;) )
http://inhomelandsecurity.com/teen_hacker_in_poland_plays_tr/
http://paranoidnews.org/2011/11/hackers-take-control-of-a-water-pump-in-illinois-and-disrupt-public-water-system/
And there's one more I can't seem to google, where a British train was derailed, and one or more death may have occured, because some 16 yr old "hacker" had gotten into the rail company's switching system (WHICH WAS ON THE 'NET!!!!!), and changed switch setting at the wrong time. This would have been in the last 8 years or so.....
mark
....fuckwit! (Most moderators today here are corporate fascist state worshipping script kiddies)
....that those military networks aren't Internet-connected? You are a moron!
My guess is that it has something to do with medical devices in hospitals. Reprogram a daVinci robot to go all Ginsu?
--- At my sig, unleash hell.
We leeched warez off a dumpsite in a Russian nuclear facility back in the early 2000's. Dunno if any of the critical systems were physically connected to the same network, though - I'd hope not.
So what they're really "predicting" is that some engineer at some medical supply company will get REALLY stupid and build in some back-door-thing that will open the company up to all kinds of lawsuits.
Yeah, I can see that happening. Eventually. Once. And when that company is sued out of existence then, hopefully, we'll all learn that not everything needs access to Facebook.
"backdoor" -> "remote code execution bug". Discuss.
Coffee-driven development.
You really have to stop confusing The Onion with Fox News.
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
The description is vague enough that using an internet-connected IP camera to know when to set off the WiFi-connected car bomb would certainly qualify. If someone in Colombia or Mexico hasn't done that yet I'd be extremely surprised.
"Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
I would call that a Darwin Award Winner...
Don't forget those fridges that are connected to the web. They can over heat them and have it explode.