It is pretty much acknowledged that just about any electronic device that has a computer chip in it, and are easy pickings for hacking into for cash. That being said, everything that can be broken into electronically, from hospital records to traffic lights, are being breached on a daily basis. The result is a massive amount of illegal hacking into the cash flow of many companies by savvy computer users.
It is no longer a lone disgruntled techie from a large company pointing out the lack of security of the company they used to work for. Mundane devices can be cracked and cause havoc in any city in America. This points to a troublesome and potentially dangerous situation.
Traffic lights, for example, are a part of most cities’ unregarded working infrastructure. Their controls can be taken over with a few simple computer tools and the right information. A team from the University of Michigan and J. Alex Halderman, a computer science and engineering assistant professor at the school, discovered three important vulnerabilities with the traffic light network. The flaws consisted of a debugging port easy to break into, wireless connections that had no encryption, with default usernames and passwords.
The location of the research study was not listed. The problems are not with the devices or choice of design, but the lack of security when implementing the devices into the system of traffic control. The light control system has not had any violations of their security at this time. However, the ease with which the team broke into the system is a cause for concern.
The University of Michigan team was able to hack into the wireless network with a laptop and a radio. By finding the broadcast frequency, accessing the network was a simple process, due to unchanged default passwords and default usernames. Researchers managed to control the flow of traffic, alter the sequence of the lights, and cause the malfunction management units (MMUs) to default to flashing red lights at all positions.
A simple two-pronged solution is possible. Changing the passwords and usernames, and switching to an encrypted network are major factors in transforming an everyday device into a secure operating implement. The importance of recognizing these flaws and changing the system may lead to a less vulnerable system of traffic networks. Especially since auto manufacturers and transportation specialists are testing new methods of communication for vehicles and the infrastructure involved as a way to reduce congestion, traffic flow and minimize accidents. Hacking into an infrastructure network that can be so easily breached is an easy temptation for an influx of cash flow by a savvy cyber thief.
The flow of traffic also involves packages. Many of them delivered by various vendors such as United Parcel Service (UPS). UPS recently disclosed a computer virus was found at one percent of the 4,470 locations they franchised. That is a total of 51 stores in 24 states, and affected approximately 1,000 transactions conducted between January and August of this year. The information revealed by the virus included customer names, email addresses, postal addresses, and credit card numbers.
According to UPS the situation was rectified as early as August 11. UPS is continuing their investigation by implementing increased security measures to protect other stores. Stores in the following states were affected: Washington, Virginia, Tennessee, North Dakota, South Dakota, Texas, Ohio, North Carolina, Oklahoma, Nevada, New York, New Jersey, Louisiana, Georgia, Florida, Idaho, Maryland, Illinois, Nebraska, Colorado, California, Arizona, Pennsylvania, and Connecticut.
Another type of breach by hackers affected customers of two large supermarket chains, SuperValu and Albertson’s. Their credit and debit card payment networks were recently broken into and the common information kept on the magnetic strip of these cards was taken. This type of information usually consists of the card number, the person’s name, expiration date of the card, and the three-digit security code on the card.
Another recent incident concerns the Community Health Systems, Inc. breach, in which the company announced the stolen data of 4.5 million patients in its network of 206 hospitals throughout the U.S. This type of incursion puts these people at risk for the possibility of identify fraud. Invading medical records appears to be a major industry among cyber criminals.
Before this hacking attack on Community Health Systems, Inc., 204 such incursions in the medical industry have been reported in 2014. The major reason for invading the medical industry is to illegally bill insurance companies or Medicare, obtain prescription drugs to sell on the street, or receive consultations free of charge. Another major reason for getting into hospital records is the ease of stealing the information. Most patient records are stored on the same networks as other hospital business. Once inside the network, cyber thieves are free to access medical information without any further hacks.
The health care industry has been lax in securing data kept on its patients. Federal health care laws do not require doctors or hospitals to apply encryption to their files. This allows for easy entry into the system, plus, the health care industry has been slow to update the software they use, leaving them open to a steady stream of invasions resulting in massive breaches where patient information is regularly stolen. These types of hacking incursions will continue, perhaps becoming cash flow cows, as cyber thieves begin bribing companies for huge sums of money.
By Andy Towle