Slashdot Mirror

← Back to Stories (view on slashdot.org)

Director of National Intelligence Warns of IoT Security Threats (engadget.com)

Posted by msmash on from the shape-of-things-to-come dept.

According to Director of National Intelligence Daniel Coats, IoT devices may be used to shut down US intelligence operations in the future. From a report: At an open hearing today, the Senate Select Committee on Intelligence (SSCI) heard testimony on the worldwide threat assessment of the US intelligence community. Coats' opening statements included a warning of the dangers of poor smart device security as well as the continued inevitability of Russian cyber threats. Coat's testimony lists these concerns first, with Russia topping the list of enemy actors. Coats says that the Kremlin has taken a much more aggressive "cyber posture," which "was evident in Russia's efforts to influence the 2016 US election." Coats' report (PDF) also says that Russian actors have conducted attacks on critical infrastructure networks, even going so far as to pretend to be third parties hiding behind false online personas. "Russia is a full-scope cyber actor that will remain a major threat to US Government, military, diplomatic, commercial, and critical infrastructure," says Coats in the written version of his statement. The document notes that China, Iran and North Korea, as well as terrorists and criminals, are also threats. Coats also spoke at length about "smart" devices, which have increased the number of vectors that hostile actors can attack. The denial-of-service (DDoS) attacks that we already see will only become more prevalent. These botnets use weakly-protected IoT devices to overwhelm websites and other networks. "In the future," Coats says in his report, "state and non-state actors will likely use IoT devices to support intelligence operations or domestic security or to access or attack targeted computer networks."

36 comments

  1. No proofreading by Anonymous Coward · · Score: 0

    "warns pf" ?

    1. Re:No proofreading by viperidaenz · · Score: 1

      Maybe it has something to do with pfSense?

    2. Re:No proofreading by Anonymous Coward · · Score: 0

      pfud?

      "Maybe he meant pffft"
      "No you mean tch"
      "He wouldn't write that out!"

  2. pffff... by Anonymous Coward · · Score: 0

    pfffffff.. I smell bullshit.

  3. Looks like someone needs typing skills improved. : by Anonymous Coward · · Score: 0

    Looks like someone needs typing skills improved. :)

  4. PF Chang's for dinner! by Anonymous Coward · · Score: 0

    pf? As in PF Chang? Now I so hungry

  5. Re: It's the Appernet of Apps! by Anonymous Coward · · Score: 0

    turn down for BUTT!

    #MAGA

  6. What difference doe it make? by Anonymous Coward · · Score: 1

    How much do we spend...and their saying they can't handle a country that has nowhere close the budget? Seems like USA will always be #2, ooooor, they want to justify a bigger bloated budget and Russia is the ever convenient scapegoat because we have to have an enemy to justify these expenses.

    1. Re:What difference doe it make? by AHuxley · · Score: 1

      How is the CIA going to get into an interesting washing machine if the home network is now secure?
      CIA Chief: We’ll Spy on You Through Your Dishwasher (03.15.12)
      https://www.wired.com/2012/03/...
      "particularly to their effect on clandestine tradecraft"

      --
      Domestic spying is now "Benign Information Gathering"
  7. At an open hearing today by turkeydance · · Score: 2

    nothing new was revealed

    1. Re:At an open hearing today by Anonymous Coward · · Score: 0

      I don't know, dude's going to get himself fired is he keeps saying things like "Russia is a full-scope cyber actor that will remain a major threat to US Government, military, diplomatic, commercial, and critical infrastructure." that the Kremlin has taken a much more aggressive "cyber posture," which "was evident in Russia's efforts to influence the 2016 US election."

    2. Re:At an open hearing today by Anonymous Coward · · Score: 0

      Then a lot of heads are rolling. Every head of every major intelligence group said the same at today's briefing:

      "Warner: Do you believe that the Jan 27 IC assessment accurately characterized Russian activities in 2016 election, and conclusion that Russian intel agencies were responsible for hacking, leaking, misinformation?"

      Down the line, everyone says yes.

  8. Get rid of the IdIOT in the WH, then we'll talk by Anonymous Coward · · Score: 0

    We know Russia has a cyber attack advantage because we have such a huge internet infrastructure exposure. We also see Trump kissing Putin's ring directly. That seems to be an obvious place to look for attack vectors against US security more than any default password issues on webcams.

    You don't see any movement by the FCC towards security, you see movement towards selling out to mega corporations. IOT will be a problem until it is regulated.
    Trump will be a problem until he is impeached. That's probably going to happen much sooner also.

    1. Re:Get rid of the IdIOT in the WH, then we'll talk by Anonymous Coward · · Score: 0

      Trump sold out a few months ago. He even attacked Syria, although this seems to be of little consequence (thankfully). It might be over since that Flynn guy was fired/resigned.
      Now Trump is a puppet of the CIA/security establishment/whatever, so as to spare himself being impeached or assassinated.

      There is one way I'm glad he's such a coward : at least he won't attack North Korea (this would be hellish for flash memory and DRAM prices, and hum 500,000 shells and rocket flying here and there, a hundred thousand soldiers pillaging here and there, and such)

      I have even read some noise about Wolfowitz coming back. This is the sort of guys who, unlike what antisemitic people say, are American people who dictate Israel's policy not the other way around.

  9. Don't worry by Anonymous Coward · · Score: 0

    Trump will replace him with another russian mole soon.

  10. Already having issues by Anonymous Coward · · Score: 0

    My wifi controlled butt vibrator keeps turning on while I'm at work. It makes presentations rather awkward. I should probably just leave it at home.

  11. Hmmmm... by Frosty+Piss · · Score: 1

    A little late to the game...

    --
    If you want news from today, you have to come back tomorrow.
  12. Better visualization on configuration websites by mikael · · Score: 1

    Make the security of IoT devices easy to visualize. Have a single picture showing all the open ports and services and not have things like anonymous Samba shares enabled down three directories of a webpage configuration system.

    Even loading bays have better visualizations that most of these systems:

    https://previews.123rf.com/ima...

    --
    Vintage computer adverts: http://www.vintageadbrowser.com/computers-and-software-ads
  13. Stupid smart by AndyKron · · Score: 1

    My X10 is locked down so hard, only my adjacent neighbors could hack into it using any X10 controller, but it's so old I doubt anybody is stupid enough to still use it. Anyway, all it does is control the front porch light. Usually.

  14. An even bigger security threat to US security. . . by PolygamousRanchKid+ · · Score: 1

    . . . is all those PCs that were forcibly upgraded to Windows 10! The threat caused by IoT devices is puny in comparison. PCs easily outgun IoT devices. The damage already done by Windows malware and DDoSes has easily exceeded what IoT devices could ever dream about achieving.

    And what's more, Russian Hackers can use all the Windows 10 built in spyware to hack the next US election!

    I'd advise folks not to talk politics with their computers. Otherwise, Russian Hackers will hack your computer, and not just fix the election . . . they will fix YOU, as well!

    --
    Schroedinger's Brexit: The UK is both in and out of the EU at the same time!
  15. USA #1 by Anonymous Coward · · Score: 0

    USA will continue to be the target for EVERYONE, as the USA is taking any advantage to grab as much as possible without asking.
    "Cyber threats" is a buzz word for journalists, but since the birth of the republic, foreign actors have been trying to influence the US since day one, and vice versa. It will never stop.
    The tools of influence, of course, includes; diplomacy, UN, bribing politicians, terrorism, spying, and lobbying.
    The only legal foreign influence should be diplomacy, lobbying should be reserved for citizens.

  16. Of course it will. by Anonymous Coward · · Score: 0

    How long have DARPA and most 3-letter-agencies explicitly been trying to push for *exactly* all these threats and security problems?

    It takes a lot of money and a lot of influence to *deliberately* ensure the crap we see in bad sci-fi with exploding computers and VR frying brains will actually be implemented. That takes effort.

  17. Pointing fingers by Anonymous Coward · · Score: 1

    China.. Iran... North Korea? Who have they ever hurt? Sure, a bit of posturing, but certain other countries don't just posture, they bomb, breach, kill, subvert... It's funny to see the U.S. point fingers and call others a threat, when the U.S. itself is the biggest aggresive actor on the planet.

  18. He's right. by Gravis+Zero · · Score: 3, Interesting

    The Internet of Shit is both an immediate and persistent threat because not only do these devices exist, more are being connected daily. The problem is that the companies are not getting the negative financial feedback (punishment) that they need to correct their behavior.

    I've said it before but it's worth repeating.

    IoT vendors will only secure their devices after it starts costing them money or are legally required to do so.

    The best option is to hijack the IoT devices to DDoS their makers because it creates a direct feedback loop. The more insecure devices they sell, the more it will cost them to host their company's website(s). For extra points, only target their parent company. ;)

    --
    Anons need not reply. Questions end with a question mark.
    1. Re:He's right. by thegarbz · · Score: 1

      The S in IoT stands for security.

  19. IoT? by JustAnotherOldGuy · · Score: 1

    "Director of National Intelligence Warns of IoT Security Threats"

    By "IoT", does he mean the "Internet of Trump"?

    --
    Just cruising through this digital world at 33 1/3 rpm...
    1. Re:IoT? by fustakrakich · · Score: 1

      Probably something more closely related to this

      --
      “He’s not deformed, he’s just drunk!”
    2. Re:IoT? by Anonymous Coward · · Score: 0

      No, "Internet of Thongs". I can't fathom why, but some people want their thongs on the internet.

  20. Re: An even bigger security threat to US security. by Anonymous Coward · · Score: 0

    In soviet Russia.....

    Anyone?

  21. Don't worry, Imminent Death of Interenet Predicted by Ungrounded+Lightning · · Score: 2

    These botnets use weakly-protected IoT devices to overwhelm websites and other networks. "In the future," Coats says in his report, "state and non-state actors will likely use IoT devices to support intelligence operations or domestic security or to access or attack targeted computer networks."

    Not to worry. There might not be a functioning Internet around for a while.

    Last Friday enough information came out about the Intel AMT authentication bug to let people of ordinary skill construct a worm using it for transport, which could take over the bulk of the Internet-connected Intel-based devices - or at least the subset run by IT shops which use AMT for remote administration. This could easily be weaponized to effectively take out the Internet, quickly, for substantial periods of time, and possibly repeatedly.

    The bad guys have had almost a week to work on it now. If we don't start seeing some fallout by next week, it just means that everybody who's doing it is saving it for a big hit, and/or is very good at stealth (with the stuff they're already spreading).

    But given how many could be playing, I find it hard to believe SOMEBODY won't screw up and do something visible by accident. (Something like the claim that the Morris Worm was an experiment that escaped the lab during development.)

    = = = = =

    (After 48 years it's finally my turn to publish an "Imminent Death of the Interenet Predicted" posting - even if it's at least half tongue-in-cheek. B-) )

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  22. Re: Imminent Death of Internet Predicted by Ungrounded+Lightning · · Score: 1

    (After 48 years it's finally my turn to publish an "Imminent Death of the Interenet [sic] Predicted" posting - even if it's at least half tongue-in-cheek. B-) )

    Complete with a typo, of course. B-) We MUST be traditional about these things.

    --
    Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
  23. Now they figure this out? by Darkness+Of+Course · · Score: 1

    If they would play video games they would be very aware of cheap DDoS and their love of Internet of Shitty Things. Next up will be saying that all IoST must run on the Federal Approved OS. Win98 or Win Server03.

  24. Can we drop this election "hacking" narrative? by Anonymous Coward · · Score: 0

    First of all, there isn't a large government on this planet that does not try to influence the outcome of US elections. France and England did far worse than Putin will ever do during the early 1800s, especially when it came to trying to manage and manipulate US tariffs on imports. So, let's just drop this notion that it is somehow out of the ordinary that Russia is interested in the outcome of US elections.

    Second, nobody hacked the election. Period. End of story. The election process was sound, and there is zero credible evidence that a single voting machine was hacked or that a single vote tally was changed. So, again, NOBODY HACKED THE ELECTION.

  25. shit t in my mouth by Anonymous Coward · · Score: 0

    yummy

  26. Clearly a New Safe System Calls for a new Acronym by bdwoolman · · Score: 1

    Introducing The...

    Secure Home Internet Of Things

    We like to call it

    SHIoT

    *NOTE* Marketing Meeting in the cafeteria at 7:00 AM to discuss the new SHIoT campaign. All hands on dick!

    Sincerely,
    Cedrick Rashbottom
    Director of Sales

    --
    "No fear. No envy. No meanness." Liam Clancy