Friday, March 27, 2015

Hackable Houses and Compromised Cars

The following is a guest post written by Lucy C., a co-op student from Lisgar Collegiate Institute in Ottawa.

The idea of having a smart home or a smart car is extremely tempting. Being able to live in a world that is fine tuned to exactly your needs seems like a sci-fi paradise. Cars that drive and park themselves, pre-programmed with GPS systems and traffic control, so you know exactly how long your drive to work each morning will be. A home that adjusts it temperature controls depending on your body heat and doesn't require a key for entry as it recognizes your presence. A kitchen that can cook you breakfast each morning before you awake and a pillow that wakes you up at the exact right moment in your REM cycle. 

All of these features and products sound great in theory, but in practice they do have a major downfall; your privacy and security will never be more at risk. All these useful devices will be collecting a slew of personal data about every aspect of your life and if any devices were hacked and controlled by an outside source, the ramifications would be unimaginable.

With your every action tracked and recorded, companies will have all the personal data they could ever want on every consumer. Even if the system is not compromised by a hack and the data is never stolen by an outside source, there is still the lurking possibility that the company will sell your data to other enterprises or to the government, who would then know the every movement of every citizen.

This lack of privacy is accompanied by a frightening lack of security. If someone were to gain control of your smart home or smart car, they could wreak havoc on your life. You could be unable to access your home or they could gain entry to your home by simply pressing a button. It would bring a new age to terrorism, imagine the power a group would hold if they had the capability to crash every car in a city in an instant. Or lock whole cities out of all their buildings.

And the scariest part of these new smart homes and cars? So far, they are surprisingly easy to hack. There are already stories of strangers gaining access to baby monitors and being able to speak through them. The Insteon home control system, a remote control system for turning on and off electronics and controlling temperature in your home, used to be based online with only occasionally password protection, so, if you discovered one of the sites, you could turn on and off any electronics in the home and have access to all the personal data that the system had gathered.


These potentially disastrous consequences of smart homes and cars bring about a burning question: are consumers ready to part with their security and privacy just to have all these cool new personalized gadgets? 

Thursday, December 11, 2014

Your Reputation after a Data Breach.

Whether you asked for it, had an active hand in making it, or even acknowledge it, you have a reputation. It can be built up, blown up, and is blended from both fact and fiction. It is a wild beast that is only tamed in the way an adult grizzly plucked from the forest can be tamed. Despite all volatility and fragility you must manage it as best you can, because when your reputation takes a hit the foundations of success begin to shudder.

A company's reputation is the same. After Target's data breach one year ago, their customer satisfaction and service reputation stayed in decline for many months after. S&P cut target's credit rating due to the breach's bigger than expected impact on traffic and sales. Their profits dropped 46% in Q4 of 2013 and their CEO was ousted five months after the breach went public.

There are plenty of tangible costs when a data breach occurs: lost productivity, forensic investigation, technical support, system availability, compliance and regulatory failure. Much of these costs, while significant, are manageable to an extent when the breach is kept under wraps. When word of a breach crosses over to the consumer side, the final tally of damage and cost is unpredictable. 42% of breached companies lost customers and business partners. 46% of a breached company's clients would no longer recommend the organization.

Companies like Sony, Home Depot, P.F. Chang's, Staples, Michaels, K-Mart have all been targets of data theft. Their damaged reputations will recover over time but the repair costs are significant. A Ponemon survey stated the average damage done to a brand ranges from $184 to more than $330 million and, at best, brands lost 12% of their value after a breach.

Every company needs to do more to keep their reputation secure. While some data breaches will be physical blunders, many of them will be malware forcefully or welcomely entering the network. Defence Intelligence helps their clients keep their data and their reputation secure with their advanced malware protection services. Take a look at what we can do to help. Don't be the next victim.

Thursday, December 4, 2014

The most interesting DDoS ever?

Those of you outside of Canada may not have been following this story, but you might want to as this one seems to have it all:

  • Accusations of police ineptitude and overreach
  • Listening devices
  • Claims and counter-claims concerning Anonymous
  • Twitter sparring
  • Social engineering
  • Multiple DDoS attacks
  • Bureaucratic boilerplate statements aplenty

The abbreviated story goes something like this...


An Ottawa teenager is charged with 60 offences related to ‘swatting’ various targets across North America. Hacker claims to have proof that said teen is innocent - identifies another as the culprit.  Hacker contacts family of the accused and the media.  Listening devices apparently discovered at suspects home.  Hacker takes down city, police and court websites to bring attention to the case.  Officials assure the public that no data has been breached, but that hacker managed to get password from service provider via phone.  Hacker continues to post via social media, promising proof.  Father of the accused now says he is a ‘person of interest’ in the case.

We’ve seen hundreds of ddos attacks in the news over the years, and thousands of them in the security community.  They usually aren’t all that noteworthy and barely get a second glance.  The attacks in Ottawa and Canada over the past couple of weeks are rather unique, however.  You can catch up on the saga via: