The Internet of Criminal Things—Trust in the Gods but Verify!

By Elizabeth Leake, STEM-Trek

February 20, 2019

“Are we under attack?” asked Professor Elmarie Biermann of the Cyber Security Institute during the recent South African Centre for High Performance Computing’s (CHPC) National Conference in Cape Town. A quick show of hands from ~10 percent of the audience revealed that even a technically well-informed community of practice doesn’t realize that we’re always under attack. 

“We are in the early stages of a cold cyber war that could quickly escalate into a hot cyber war that would ultimately spill into a full-scale kinetic war,” said Biermann.

Cyber warfare refers to the use of digital attacks by one country to disrupt the vital computer systems of another with the intention of causing damage, death and/or destruction. When it comes to power grids, the water supply, defense installations and community services, both offensive and defensive maneuvers are underway in every country; none are exempt.

“We tend to think it’s only the nation-states that engage in warfare, but civilians comprise the network of criminals, hacktivists and insiders,” she said. “All are actors in today’s cyber warfare landscape,” said Biermann.

Photo by Lawrette McFarlane.

They can exploit everything from our high-performance computing systems (HPC) all the way down to our mobile phones and Internet of Things (IoT) devices. “We buy smart devices, bring them home, and don’t change the default settings,” she said. “This is one of the biggest dangers of IoT—especially if the devices or chips are manufactured in countries that lack regulations on privacy or where there are state-sponsored initiatives that intend to cause harm to other countries.”

Hactivists often target government websites, “just because they can,” she said. Defacing a website may not have a big impact, but it’s low-hanging fruit that lets everyone know of their intentions. Some countries are better-prepared to fight cybercrime. China, for example, employs an estimated 50,000-100,000 cyber warriors.

Criminal networks have a huge capacity for disruption. They are run like a business and turn billions of dollars for the syndicate, making use of cyberinfrastructure and skilled IT personnel. Criminal networks invest in research and development intended to undo whatever R&D is put in place to protect government, commercial and private assets. They’re likely to exploit IoT to collect a record of the most vulnerable points of entry. There are well-funded, and well-staffed criminal organizations that conduct hacking and a range of other e-services for hire, or they sell tools that can be used for crime. In one case, an organization was making ATM skimmers that could be purchased for under 50 Rands (less than $4.00 US). “It allows you to sit in your car near the ATM and use your computer to capture PINs, and account information,” she said.

The Shadow brokers, rumored to be a Russian entity, obtained access to a vault of software tools developed by the U.S. National Security Agency (NSA), and made it available for everyone to use. “Visiting the Dark Web is like going to the pawn shop to see if your data is there,” she said. In one case, 300 million euros were generated by a single piece of code, and that money was then used to fund additional illicit operations.

Their financial transactions are conducted via cryptocurrency that is more difficult to track; especially when traversing international borders. While the address of the transaction can be discovered, it’s nearly impossible to track it to an individual. The geographic footprint is often intentionally-misleading in order to throw detectives off.

Ransomware isn’t new, but the targets and methodologies used by those who kidnap data and systems change, depending on the market. Because people tend to reuse passwords, it’s easier for criminals to gain access to their information, for example, which websites are visited, and even their bank balance. If the person visits a pornographic site—and, say that person is a priest or K-12 teacher, for example—it’s relatively easy to conduct “sextortion.” They are sent a message that, when opened, injects malware that hijacks their computer. They then receive some form of ransom note that indicates their data or computer won’t be released until they send a certain amount of funds (possibly the amount they have in the bank) to a cryptocurrency wallet. In such cases, victims are less likely to report the crime since it’s professionally embarrassing, and the amount at stake is unlikely to be a financial burden. With critical mass, a lot of money can be made by criminals this way. Unfortunately, once systems are comprised, the victim can be held hostage again and again in the future. When it happens, it’s always best to alert authorities and have the system cleaned by a professional.

“Many believe that if they see the little lock on the task bar that their transactions are safe, but bad guys also utilize encryption technology, such as SSL, in order to give the illusion of trust so they can be more successful in phishing attacks,” she said.

“Botnets are little pieces of code that install malware on your system,” said Bierman. It may not appear to be a problem from your side, and your system may not perform badly, but it allows the orchestrator to potentially command resources from millions of laptops, or HPC systems, for that matter. “Any system is only as safe as the latest antivirus definition files and operating system updates that are installed,” she said. Safe environments require vigilance and hard work to maintain. In fact, most attacks against HPC resources aren’t intended to capture data; the criminals try to harness unguarded computational power. But if a system is hijacked for use in an international crime, the center that manages the vulnerable system could become embroiled in an investigation and criminal case; they might even face some liability. That is why you would never want to sell computational cycles to a third-party (or nation-state) without a contract that acknowledges exactly how the power, storage and networks under your watch are being employed.

“Power is in the hands of those who control information,” she said. “What would you do if the services and software you rely on for business and social activities are based in a country that is currently under attack?” She cited the case of Russian interference in the U.S. elections, and how Facebook and Google were accused of furthering the agendas of paying customers who had criminal intent.

Fake news is intended to manipulate feelings and is a form of cyberattack. With broad public adoption of the tools and services used to perpetuate fake news, it’s easier to influence election outcomes.

“Many think that Google is impartial, but in reality, it’s ad-driven,” she said, and added, “Google renders the results that it wants you to buy.” Artificial Intelligence (AI) is being weaponized to conceal and accelerate cyberattacks in order to escalate the damage they can cause,” said Biermann. She provided a list of tools that can help keep social environments safe: Duckduckgo, Opera, Yandex, SocialMention, SocialBearing, Md5, and Shodan.

What can we do to protect ourselves?

Biermann suggests installing a VPN on personal devices which adds another layer of encryption. Install virus protection on your phones. Fewer than one percent protect their mobile phones, but Internet penetration in many sub-Saharan African regions was originally initiated and continues to be largely via mobile device. “And don’t use the free stuff; there is always a cost,” she added. Moving forward, decide to become proactive, vs. reactive.

Biermann and her colleagues also presented at the Understanding Risk in Shared Cyberecosystems (URISC) workshop led by Meshack Ndala (CHPC) during the CHPC National Conference that drew 571 participants from dozens of countries. URISC was named after a STEM-Trek cybersecurity workshop that was co-located with SC17.

The CHPC19 National Conference venue and dates will be announced soon. Watch the STEM-Trek and CHPC sites for more information.

About the Author

HPCwire Contributing Editor Elizabeth Leake is a consultant, correspondent and advocate who serves the global high performance computing (HPC) and data science industries. In 2012, she founded STEM-Trek, a global, grassroots nonprofit organization that supports workforce development opportunities for science, technology, engineering and mathematics (STEM) scholars from underserved regions and underrepresented groups.

As a program director, Leake has mentored hundreds of early-career professionals who are breaking cultural barriers in an effort to accelerate scientific and engineering discoveries. Her multinational programs have specific themes that resonate with global stakeholders, such as food security data science, blockchain for social good, cybersecurity/risk mitigation, and more. As a conference blogger and communicator, her work drew recognition when STEM-Trek received the 2016 and 2017 HPCwire Editors’ Choice Awards for Workforce Diversity Leadership.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

Nvidia Aims Clara Healthcare at Drug Discovery, Imaging via DGX

April 12, 2021

Nvidia Corp. continues to expand its Clara healthcare platform with the addition of computational drug discovery and medical imaging tools based on its DGX A100 platform, related InfiniBand networking and its AGX develop Read more…

Nvidia Serves Up Its First Arm Datacenter CPU ‘Grace’ During Kitchen Keynote

April 12, 2021

Today at Nvidia’s annual spring GPU technology conference, held virtually once more due to the ongoing pandemic, the company announced its first ever Arm-based CPU, called Grace in honor of the famous American programmer Grace Hopper. Read more…

Nvidia Debuts BlueField-3 – Its Next DPU with Big Plans for an Expanded Role

April 12, 2021

Nvidia today announced its next generation data processing unit (DPU) – BlueField-3 – adding more substance to its evolving concept of the DPU as a full-fledged partner to CPUs and GPUs in delivering advanced computi Read more…

Nvidia’s Newly DPU-Enabled SuperPOD Is a Multi-Tenant, Cloud-Native Supercomputer

April 12, 2021

At GTC 2021, Nvidia has announced an upgraded iteration of its DGX SuperPods, calling the new offering “the first cloud-native, multi-tenant supercomputer.” The newly announced SuperPods come just two years after the Read more…

Tune in to Watch Nvidia’s GTC21 Keynote with Jensen Huang – Recording Now Available

April 12, 2021

Join HPCwire right here on Monday, April 12, at 8:30 am PT to see the Nvidia GTC21 keynote from Nvidia’s CEO, Jensen Huang, livestreamed in its entirety. Hosted by HPCwire, you can click to join the Huang keynote on our livestream to hear Nvidia’s expected news and... Read more…

AWS Solution Channel

Volkswagen Passenger Cars Uses NICE DCV for High-Performance 3D Remote Visualization

 

Volkswagen Passenger Cars has been one of the world’s largest car manufacturers for over 70 years. The company delivers more than 6 million automobiles to global customers every year, from 50 production locations on five continents. Read more…

The US Places Seven Additional Chinese Supercomputing Entities on Blacklist

April 8, 2021

As tensions between the U.S. and China continue to simmer, the U.S. government today added seven Chinese supercomputing entities to an economic blacklist. The U.S. Entity List bars U.S. firms from supplying key technolog Read more…

Nvidia Serves Up Its First Arm Datacenter CPU ‘Grace’ During Kitchen Keynote

April 12, 2021

Today at Nvidia’s annual spring GPU technology conference, held virtually once more due to the ongoing pandemic, the company announced its first ever Arm-based CPU, called Grace in honor of the famous American programmer Grace Hopper. Read more…

Nvidia Debuts BlueField-3 – Its Next DPU with Big Plans for an Expanded Role

April 12, 2021

Nvidia today announced its next generation data processing unit (DPU) – BlueField-3 – adding more substance to its evolving concept of the DPU as a full-fle Read more…

Nvidia’s Newly DPU-Enabled SuperPOD Is a Multi-Tenant, Cloud-Native Supercomputer

April 12, 2021

At GTC 2021, Nvidia has announced an upgraded iteration of its DGX SuperPods, calling the new offering “the first cloud-native, multi-tenant supercomputer.” Read more…

Tune in to Watch Nvidia’s GTC21 Keynote with Jensen Huang – Recording Now Available

April 12, 2021

Join HPCwire right here on Monday, April 12, at 8:30 am PT to see the Nvidia GTC21 keynote from Nvidia’s CEO, Jensen Huang, livestreamed in its entirety. Hosted by HPCwire, you can click to join the Huang keynote on our livestream to hear Nvidia’s expected news and... Read more…

The US Places Seven Additional Chinese Supercomputing Entities on Blacklist

April 8, 2021

As tensions between the U.S. and China continue to simmer, the U.S. government today added seven Chinese supercomputing entities to an economic blacklist. The U Read more…

Habana’s AI Silicon Comes to San Diego Supercomputer Center

April 8, 2021

Habana Labs, an Intel-owned AI company, has partnered with server maker Supermicro to provide high-performance, high-efficiency AI computing in the form of new Read more…

Intel Partners Debut Latest Servers Based on the New Intel Gen 3 ‘Ice Lake’ Xeons

April 7, 2021

Fresh from Intel’s launch of the company’s latest third-generation Xeon Scalable “Ice Lake” processors on April 6 (Tuesday), Intel server partners Cisco, Dell EMC, HPE and Lenovo simultaneously unveiled their first server models built around the latest chips. And though arch-rival AMD may... Read more…

Intel Launches 10nm ‘Ice Lake’ Datacenter CPU with Up to 40 Cores

April 6, 2021

The wait is over. Today Intel officially launched its 10nm datacenter CPU, the third-generation Intel Xeon Scalable processor, codenamed Ice Lake. With up to 40 Read more…

Julia Update: Adoption Keeps Climbing; Is It a Python Challenger?

January 13, 2021

The rapid adoption of Julia, the open source, high level programing language with roots at MIT, shows no sign of slowing according to data from Julialang.org. I Read more…

Intel Launches 10nm ‘Ice Lake’ Datacenter CPU with Up to 40 Cores

April 6, 2021

The wait is over. Today Intel officially launched its 10nm datacenter CPU, the third-generation Intel Xeon Scalable processor, codenamed Ice Lake. With up to 40 Read more…

CERN Is Betting Big on Exascale

April 1, 2021

The European Organization for Nuclear Research (CERN) involves 23 countries, 15,000 researchers, billions of dollars a year, and the biggest machine in the worl Read more…

Programming the Soon-to-Be World’s Fastest Supercomputer, Frontier

January 5, 2021

What’s it like designing an app for the world’s fastest supercomputer, set to come online in the United States in 2021? The University of Delaware’s Sunita Chandrasekaran is leading an elite international team in just that task. Chandrasekaran, assistant professor of computer and information sciences, recently was named... Read more…

HPE Launches Storage Line Loaded with IBM’s Spectrum Scale File System

April 6, 2021

HPE today launched a new family of storage solutions bundled with IBM’s Spectrum Scale Erasure Code Edition parallel file system (description below) and featu Read more…

10nm, 7nm, 5nm…. Should the Chip Nanometer Metric Be Replaced?

June 1, 2020

The biggest cool factor in server chips is the nanometer. AMD beating Intel to a CPU built on a 7nm process node* – with 5nm and 3nm on the way – has been i Read more…

Saudi Aramco Unveils Dammam 7, Its New Top Ten Supercomputer

January 21, 2021

By revenue, oil and gas giant Saudi Aramco is one of the largest companies in the world, and it has historically employed commensurate amounts of supercomputing Read more…

Quantum Computer Start-up IonQ Plans IPO via SPAC

March 8, 2021

IonQ, a Maryland-based quantum computing start-up working with ion trap technology, plans to go public via a Special Purpose Acquisition Company (SPAC) merger a Read more…

Leading Solution Providers

Contributors

Can Deep Learning Replace Numerical Weather Prediction?

March 3, 2021

Numerical weather prediction (NWP) is a mainstay of supercomputing. Some of the first applications of the first supercomputers dealt with climate modeling, and Read more…

Livermore’s El Capitan Supercomputer to Debut HPE ‘Rabbit’ Near Node Local Storage

February 18, 2021

A near node local storage innovation called Rabbit factored heavily into Lawrence Livermore National Laboratory’s decision to select Cray’s proposal for its CORAL-2 machine, the lab’s first exascale-class supercomputer, El Capitan. Details of this new storage technology were revealed... Read more…

New Deep Learning Algorithm Solves Rubik’s Cube

July 25, 2018

Solving (and attempting to solve) Rubik’s Cube has delighted millions of puzzle lovers since 1974 when the cube was invented by Hungarian sculptor and archite Read more…

African Supercomputing Center Inaugurates ‘Toubkal,’ Most Powerful Supercomputer on the Continent

February 25, 2021

Historically, Africa hasn’t exactly been synonymous with supercomputing. There are only a handful of supercomputers on the continent, with few ranking on the Read more…

The History of Supercomputing vs. COVID-19

March 9, 2021

The COVID-19 pandemic poses a greater challenge to the high-performance computing community than any before. HPCwire's coverage of the supercomputing response t Read more…

HPE Names Justin Hotard New HPC Chief as Pete Ungaro Departs

March 2, 2021

HPE CEO Antonio Neri announced today (March 2, 2021) the appointment of Justin Hotard as general manager of HPC, mission critical solutions and labs, effective Read more…

AMD Launches Epyc ‘Milan’ with 19 SKUs for HPC, Enterprise and Hyperscale

March 15, 2021

At a virtual launch event held today (Monday), AMD revealed its third-generation Epyc “Milan” CPU lineup: a set of 19 SKUs -- including the flagship 64-core, 280-watt 7763 part --  aimed at HPC, enterprise and cloud workloads. Notably, the third-gen Epyc Milan chips achieve 19 percent... Read more…

Microsoft, HPE Bringing AI, Edge, Cloud to Earth Orbit in Preparation for Mars Missions

February 12, 2021

The International Space Station will soon get a delivery of powerful AI, edge and cloud computing tools from HPE and Microsoft Azure to expand technology experi Read more…

  • arrow
  • Click Here for More Headlines
  • arrow
HPCwire