29 Aug Parliament hack, Alexa issues and more – Forensic IT News
Forensic IT news – Parliament hack, Alexa issues and more
Things never stand still in our world, with threats to IT security constantly arising. Here are some recent stories that prove – as if you needed more proof – that keeping your IT systems safe and secure is vital, and dealing with data breaches in a timely, calm and professional way delivers all sorts of benefits. Here’s the IT security news.
Parliament’s midsummer email hack
On 23rd June Parliament was hit by an email cyber attack. Thankfully it only compromised the email accounts of around 90 people, all of whom had used weak passwords that didn’t conform to Parliamentary standards. Apparently, the attack was both sustained and determined, with the hackers trying time and time again to access the email network used by both houses of Parliament, including the Prime Minister.
Experts believe the hackers started off with a list of email addresses and attempted to access the accounts using malicious software that checks for commonly used insecure passwords. It was probably carried out by someone just for the fun of it, and there didn’t seem to be any sinister links. But the attack was a wake-up call for Parliament, which obviously needs to take a long, hard look at its IT security.
It’s sad to see hacking take place simply because people either can’t be bothered to set up safe passwords, don’t know they need to or don’t understand the risks. All it would take is multi-factor authentication, confirmed by an app or SMS message before logging in, something that would make hacking so much more difficult than it probably wouldn’t be worth the hackers’ effort to even try.
Workplace A.I. designed to monitor employees
Artificial intelligence still isn’t that intelligent, at least by human standards. But it’s becoming more intelligent by the minute. Now an AI algorithm is helping companies monitor employee behaviour and spot if they’re showing signs of becoming a security risk.
Several companies are offering the service, all providing AI programmes that harness a constant supply of employee metadata including all the files accessed and the activity that happens when a keycard is used. The AI uses the data to create a picture of how individuals usually function and spots anomalies, for example when a person deviates from their normal patterns of behaviour. The AI is also being used to reveal employee actions that could accidentally lead to a security breach, things like opening a phishing email or clicking on a link in an email.
It sounds like a great idea but there are potential data privacy issues, especially with the new GDPR data protection rules coming into force next year. Some people are concerned because they feel it’s an awful lot like employee surveillance, opening a door into a world where workers are scrutinised at every point in their working day. And while it’s obviously effective in some circumstances, when people know they’re being monitored, they can easily change their behaviour and play the system.
Hello Alexa – I’m a stranger
Digital assistants are becoming more and more popular. But does your voice activated assistant talk to strangers? Until recently there was no way to stop your gadget giving up all sorts of security-based details away to a burglar, to your cleaner, to the pizza delivery bloke, in fact to anyone who struck up a conversation with it.
Now there’s a wearable device designed to help gadgets like Alexa, Google Now, Echo and Siri recognise you as their owner. It’s called VAuth and it’s been developed by a team at the University of Michigan, USA. It uses an accelerometer hidden in your specs or worn around your neck, which measures the unique vibrations created by your voice. It then compares the vibrations to the audio command it has received, and if the two don’t match it prevents your digital assistant from replying.
It matters because some Amazon Echo owners in the US received a doll’s house in the mail after a TV programme was overheard by their gadgets, which prompted the software to make an order. VAuth should resolve issues like this as well as making the devices more secure against hackers.
If you require any assistance or would like to discuss requirements, please contact us.