IID finds murder by Internet, NFC exploits emerge as genuine cybersecurity threats in 2013

Company’s Predictions for 2014 Coming True a Year Early; IID Projects Housefires and Burglaries Caused by Hackers for 2015

TACOMA, Wash. — December 16, 2013 — IID, securing the Internet with shared cyberintelligence, today issued a midterm report on its cybersecurity predictions for 2014, revealing we are on our way to seeing many of these prognostications become a reality.Last year at this time, IID boldly envisioned that by the end of 2014:

· We will witness the first ever public case of murder via hacked Internet-connected device.

There has yet to be a proven case of murder via Internet. However, former Vice President Dick Cheney revealed in October 2013 that he underwent surgery to turn off the wireless function on his pacemaker, to prevent it from being hacked.

Moreover, in June 2013 the Food and Drug Administration demanded that the health care industry address vulnerabilities in Internet-connected medical devices like pacemakers, which could be hacked to send out lethal jolts of electricity, or insulin pumps, which can be reprogrammed to administer overdoses.

Conspiracy theories also swirled around the death of controversial journalist Michael Hastings, especially after one prominent expert opined that Hasting’s fatal June 2013 automobile accident bore the hallmarks of a car cyberattack.

· Almost all of the applications written to interface with Near Field Communication (NFC) technology will be riddled with security holes, and massive losses will ensue.

At the Def Con 2013 Conference, hacker group Wall of Sheep unveiled its NFC Security Awareness Project, which exposed significant vulnerabilities in NFC technology, through which contactless devices use electromagnetic fields to communicate with each other.

Also at Def Con, a pair of Italian teenage hackers demonstrated security holes in NFC-enabled “smart tickets” that allowed them to get unlimited rides on public transportationthroughout the city of Turin, Italy. These tickets, manufactured under the name MIFARE, are used in many transportation systems around the world.

· There will be a strong response to cyberthreats in the form of an intelligence-sharing network through which companies and government institutions can collaborate on attacks. Also, Congress will enact new cybersecurity legislation that provides safe harbor protections, enabling collaborators to share intelligence more freely.

In lieu of Congressional action, President Barack Obama in Feb. 2013 introduced his “Executive Order on Improving Critical Infrastructure Cybersecurity.” The order called for the development of a voluntary framework for cyberthreat intelligence sharing and collaboration.

Meanwhile, Congress continues to propose various legislations that would similarly establish a collaborative framework, including bills sponsored by Senator Jay Rockefeller, and Senators Saxby Chambliss and Dianne Feinstein.

· There will be a large increase of government-sanctioned malware targeting other government institutions around the globe with nation states openly engaging in acts of cyber-espionage and sabotage.

China emerged as a serious cyber espionage threat in 2013, with the revelation that a secret military unit within the country was electronically infiltrating the networks of American governments, businesses and media companies.

Also, in an Oct. 2013 report, a member of South Korea’s national congress claimed thatcyberattacks launched from North Korea have cost the country more than $818.8 million in U.S. dollars.

· There will be at least one successful penetration of a major infrastructure component like a power grid that results in billions of dollars in damage.

· There will be an exploit of a significant military assault system like drones that result in real-world consequences.

Fortunately, neither of these final two predictions has proven accurate.

“Remember, however, that these prognostications were made for the end-of-year 2014, which means we’ve got another year to go,” said Paul Ferguson, vice president of threat intelligence at IID. “Of course, while IID doesn’t normally like being wrong, we would be more than relieved if these potential catastrophes never come to fruition.”

New IID Predictions for 2015

IID isn’t interested in making easily foreseeable, short-term predictions. Consequently, these latest prognostications are intended for two years from now.

IID predicts the following by the end of 2015:

· Everything is Connected, Everything Is Vulnerable — The once optimistic concept of the “Internet of Things,” where virtually everything electronic is conveniently connected to the Internet, will reveal its dark side. Malicious hackers will have the power to provoke chaos inside your home, burning your house down by hacking your oven to flood your house with gas and ignite it, or remotely turning off your security system to allow burglars inside.

· A Bitcoin and Tor Backlash — Online anonymization services will become so fraught with criminal activity, that users will shun them, leading to their collapse. Untraceable digital currency exchanges such as Bitcoin will implode, while Tor and similar anonymization networks will shrink to almost nothing. But before that happens, unproven anonymity software will inflict significant damage on Internet giants like Google and Amazon, preventing them from tracking the behavior of their shoppers, while exposing them to clever fraudsters running shady apps.

· New gTLDs Cause Turmoil — The introduction of new generic top-level domains (i.e. .tattoo, .bank, .apple, .whatever-you-can-think-of) will result in mass confusion and disruptions to existing enterprises. New TLDs will collide with existing private namespace, causing enterprises’ secret information to start appearing on the Internet. Cybercriminals will take advantage of this mass influx of gTLDs, abusing ill-prepared security mechanisms, impersonating them in phishing schemes and potentially even running illegitimate registries.



About IID

IID empowers threat intelligence sharing for enterprises and governments in a trusted environment that reaches beyond limited trust groups. The company aggregates and analyzes widely sourced threat data, and delivers actionable intelligence to facilitate the protection of assets, brands and users. Top financial firms, the largest government agencies, and leading e-commerce companies, social networks and ISPs leverage IID to detect and mitigate threats. For more information about IID, go to www.internetidentity.com.