The Internet of Criminal Things—Trust in the Gods but Verify!

By Elizabeth Leake, STEM-Trek

February 20, 2019

“Are we under attack?” asked Professor Elmarie Biermann of the Cyber Security Institute during the recent South African Centre for High Performance Computing’s (CHPC) National Conference in Cape Town. A quick show of hands from ~10 percent of the audience revealed that even a technically well-informed community of practice doesn’t realize that we’re always under attack. 

“We are in the early stages of a cold cyber war that could quickly escalate into a hot cyber war that would ultimately spill into a full-scale kinetic war,” said Biermann.

Cyber warfare refers to the use of digital attacks by one country to disrupt the vital computer systems of another with the intention of causing damage, death and/or destruction. When it comes to power grids, the water supply, defense installations and community services, both offensive and defensive maneuvers are underway in every country; none are exempt.

“We tend to think it’s only the nation-states that engage in warfare, but civilians comprise the network of criminals, hacktivists and insiders,” she said. “All are actors in today’s cyber warfare landscape,” said Biermann.

Photo by Lawrette McFarlane.

They can exploit everything from our high-performance computing systems (HPC) all the way down to our mobile phones and Internet of Things (IoT) devices. “We buy smart devices, bring them home, and don’t change the default settings,” she said. “This is one of the biggest dangers of IoT—especially if the devices or chips are manufactured in countries that lack regulations on privacy or where there are state-sponsored initiatives that intend to cause harm to other countries.”

Hactivists often target government websites, “just because they can,” she said. Defacing a website may not have a big impact, but it’s low-hanging fruit that lets everyone know of their intentions. Some countries are better-prepared to fight cybercrime. China, for example, employs an estimated 50,000-100,000 cyber warriors.

Criminal networks have a huge capacity for disruption. They are run like a business and turn billions of dollars for the syndicate, making use of cyberinfrastructure and skilled IT personnel. Criminal networks invest in research and development intended to undo whatever R&D is put in place to protect government, commercial and private assets. They’re likely to exploit IoT to collect a record of the most vulnerable points of entry. There are well-funded, and well-staffed criminal organizations that conduct hacking and a range of other e-services for hire, or they sell tools that can be used for crime. In one case, an organization was making ATM skimmers that could be purchased for under 50 Rands (less than $4.00 US). “It allows you to sit in your car near the ATM and use your computer to capture PINs, and account information,” she said.

The Shadow brokers, rumored to be a Russian entity, obtained access to a vault of software tools developed by the U.S. National Security Agency (NSA), and made it available for everyone to use. “Visiting the Dark Web is like going to the pawn shop to see if your data is there,” she said. In one case, 300 million euros were generated by a single piece of code, and that money was then used to fund additional illicit operations.

Their financial transactions are conducted via cryptocurrency that is more difficult to track; especially when traversing international borders. While the address of the transaction can be discovered, it’s nearly impossible to track it to an individual. The geographic footprint is often intentionally-misleading in order to throw detectives off.

Ransomware isn’t new, but the targets and methodologies used by those who kidnap data and systems change, depending on the market. Because people tend to reuse passwords, it’s easier for criminals to gain access to their information, for example, which websites are visited, and even their bank balance. If the person visits a pornographic site—and, say that person is a priest or K-12 teacher, for example—it’s relatively easy to conduct “sextortion.” They are sent a message that, when opened, injects malware that hijacks their computer. They then receive some form of ransom note that indicates their data or computer won’t be released until they send a certain amount of funds (possibly the amount they have in the bank) to a cryptocurrency wallet. In such cases, victims are less likely to report the crime since it’s professionally embarrassing, and the amount at stake is unlikely to be a financial burden. With critical mass, a lot of money can be made by criminals this way. Unfortunately, once systems are comprised, the victim can be held hostage again and again in the future. When it happens, it’s always best to alert authorities and have the system cleaned by a professional.

“Many believe that if they see the little lock on the task bar that their transactions are safe, but bad guys also utilize encryption technology, such as SSL, in order to give the illusion of trust so they can be more successful in phishing attacks,” she said.

“Botnets are little pieces of code that install malware on your system,” said Bierman. It may not appear to be a problem from your side, and your system may not perform badly, but it allows the orchestrator to potentially command resources from millions of laptops, or HPC systems, for that matter. “Any system is only as safe as the latest antivirus definition files and operating system updates that are installed,” she said. Safe environments require vigilance and hard work to maintain. In fact, most attacks against HPC resources aren’t intended to capture data; the criminals try to harness unguarded computational power. But if a system is hijacked for use in an international crime, the center that manages the vulnerable system could become embroiled in an investigation and criminal case; they might even face some liability. That is why you would never want to sell computational cycles to a third-party (or nation-state) without a contract that acknowledges exactly how the power, storage and networks under your watch are being employed.

“Power is in the hands of those who control information,” she said. “What would you do if the services and software you rely on for business and social activities are based in a country that is currently under attack?” She cited the case of Russian interference in the U.S. elections, and how Facebook and Google were accused of furthering the agendas of paying customers who had criminal intent.

Fake news is intended to manipulate feelings and is a form of cyberattack. With broad public adoption of the tools and services used to perpetuate fake news, it’s easier to influence election outcomes.

“Many think that Google is impartial, but in reality, it’s ad-driven,” she said, and added, “Google renders the results that it wants you to buy.” Artificial Intelligence (AI) is being weaponized to conceal and accelerate cyberattacks in order to escalate the damage they can cause,” said Biermann. She provided a list of tools that can help keep social environments safe: Duckduckgo, Opera, Yandex, SocialMention, SocialBearing, Md5, and Shodan.

What can we do to protect ourselves?

Biermann suggests installing a VPN on personal devices which adds another layer of encryption. Install virus protection on your phones. Fewer than one percent protect their mobile phones, but Internet penetration in many sub-Saharan African regions was originally initiated and continues to be largely via mobile device. “And don’t use the free stuff; there is always a cost,” she added. Moving forward, decide to become proactive, vs. reactive.

Biermann and her colleagues also presented at the Understanding Risk in Shared Cyberecosystems (URISC) workshop led by Meshack Ndala (CHPC) during the CHPC National Conference that drew 571 participants from dozens of countries. URISC was named after a STEM-Trek cybersecurity workshop that was co-located with SC17.

The CHPC19 National Conference venue and dates will be announced soon. Watch the STEM-Trek and CHPC sites for more information.

About the Author

HPCwire Contributing Editor Elizabeth Leake is a consultant, correspondent and advocate who serves the global high performance computing (HPC) and data science industries. In 2012, she founded STEM-Trek, a global, grassroots nonprofit organization that supports workforce development opportunities for science, technology, engineering and mathematics (STEM) scholars from underserved regions and underrepresented groups.

As a program director, Leake has mentored hundreds of early-career professionals who are breaking cultural barriers in an effort to accelerate scientific and engineering discoveries. Her multinational programs have specific themes that resonate with global stakeholders, such as food security data science, blockchain for social good, cybersecurity/risk mitigation, and more. As a conference blogger and communicator, her work drew recognition when STEM-Trek received the 2016 and 2017 HPCwire Editors’ Choice Awards for Workforce Diversity Leadership.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

TACC’s Upgraded Ranch Data Storage System Debuts New Features, Exabyte Potential

May 22, 2019

There's a joke attributed to comedian Steven Wright that goes, "You can't have everything. Where would you put it?" Users of advanced computing can likely relate to this. The exponential growth of data poses a steep c Read more…

By Jorge Salazar, TACC

Cray – and the Cray Brand – to Be Positioned at Tip of HPE’s HPC Spear

May 22, 2019

More so than with most acquisitions of this kind, HPE’s purchase of Cray for $1.3 billion, announced last week, seems to have elements of that overused, often abused term: transparency. Another surprise: HPE apparently Read more…

By Doug Black and Tiffany Trader

BlueField SmartNIC Backs Transformation to Bare Metal Kubernetes

May 21, 2019

Hardware vendors are betting the transition to 5G wireless networks supporting myriad connected consumer and industrial devices also will accelerate the shift to heavy-duty bare-metal servers as a way to provision cloud- Read more…

By George Leopold

HPE Extreme Performance Solutions

HPE and Intel® Omni-Path Architecture: How to Power a Cloud

Learn how HPE and Intel® Omni-Path Architecture provide critical infrastructure for leading Nordic HPC provider’s HPCFLOW cloud service.

For decades, HPE has been at the forefront of high-performance computing, and we’ve powered some of the fastest and most robust supercomputers in the world. Read more…

IBM Accelerated Insights

Smarter EDA: Leveraging New Technologies for Product Verification

There is perhaps no sector more competitive than the modern electronics industry. Macro-trends, including artificial intelligence, 5G, and the internet of things (IoT), continue to propel dramatic growth. Read more…

HPE to Acquire Cray for $1.3B

May 17, 2019

Venerable supercomputer pioneer Cray Inc. will be acquired by Hewlett Packard Enterprise for $1.3 billion under a definitive agreement announced this morning. The news follows HPE’s acquisition nearly three years ago o Read more…

By Doug Black & Tiffany Trader

Cray – and the Cray Brand – to Be Positioned at Tip of HPE’s HPC Spear

May 22, 2019

More so than with most acquisitions of this kind, HPE’s purchase of Cray for $1.3 billion, announced last week, seems to have elements of that overused, often Read more…

By Doug Black and Tiffany Trader

HPE to Acquire Cray for $1.3B

May 17, 2019

Venerable supercomputer pioneer Cray Inc. will be acquired by Hewlett Packard Enterprise for $1.3 billion under a definitive agreement announced this morning. T Read more…

By Doug Black & Tiffany Trader

Deep Learning Competitors Stalk Nvidia

May 14, 2019

There is no shortage of processing architectures emerging to accelerate deep learning workloads, with two more options emerging this week to challenge GPU leader Nvidia. First, Intel researchers claimed a new deep learning record for image classification on the ResNet-50 convolutional neural network. Separately, Israeli AI chip startup Hailo.ai... Read more…

By George Leopold

CCC Offers Draft 20-Year AI Roadmap; Seeks Comments

May 14, 2019

Artificial Intelligence in all its guises has captured much of the conversation in HPC and general computing today. The White House, DARPA, IARPA, and Departmen Read more…

By John Russell

Cascade Lake Shows Up to 84 Percent Gen-on-Gen Advantage on STAC Benchmarking

May 13, 2019

The Securities Technology Analysis Center (STAC) issued a report Friday comparing the performance of Intel's Cascade Lake processors with previous-gen Skylake u Read more…

By Tiffany Trader

Nvidia Claims 6000x Speed-Up for Stock Trading Backtest Benchmark

May 13, 2019

A stock trading backtesting algorithm used by hedge funds to simulate trading variants has received a massive, GPU-based performance boost, according to Nvidia, Read more…

By Doug Black

ASC19: NTHU Returns to Glory

May 11, 2019

As many of you Student Cluster Competition fanatics know by now, Taiwan’s National Tsing Hua University (NTHU) won the gold medal at the recently concluded AS Read more…

By Dan Olds

Intel 7nm GPU on Roadmap for 2021, OneAPI Coming This Year

May 8, 2019

At Intel's investor meeting today in Santa Clara, Calif., the company filled in details of its roadmap and product launch plans and sought to allay concerns about delays of its 10nm chips. In laying out its 10nm and 7nm timelines, Intel revealed that its first 7nm product would be... Read more…

By Tiffany Trader

Cray, AMD to Extend DOE’s Exascale Frontier

May 7, 2019

Cray and AMD are coming back to Oak Ridge National Laboratory to partner on the world’s largest and most expensive supercomputer. The Department of Energy’s Read more…

By Tiffany Trader

Graphene Surprises Again, This Time for Quantum Computing

May 8, 2019

Graphene is fascinating stuff with promise for use in a seeming endless number of applications. This month researchers from the University of Vienna and Institu Read more…

By John Russell

Why Nvidia Bought Mellanox: ‘Future Datacenters Will Be…Like High Performance Computers’

March 14, 2019

“Future datacenters of all kinds will be built like high performance computers,” said Nvidia CEO Jensen Huang during a phone briefing on Monday after Nvidia revealed scooping up the high performance networking company Mellanox for $6.9 billion. Read more…

By Tiffany Trader

ClusterVision in Bankruptcy, Fate Uncertain

February 13, 2019

ClusterVision, European HPC specialists that have built and installed over 20 Top500-ranked systems in their nearly 17-year history, appear to be in the midst o Read more…

By Tiffany Trader

It’s Official: Aurora on Track to Be First US Exascale Computer in 2021

March 18, 2019

The U.S. Department of Energy along with Intel and Cray confirmed today that an Intel/Cray supercomputer, "Aurora," capable of sustained performance of one exaf Read more…

By Tiffany Trader

Intel Reportedly in $6B Bid for Mellanox

January 30, 2019

The latest rumors and reports around an acquisition of Mellanox focus on Intel, which has reportedly offered a $6 billion bid for the high performance interconn Read more…

By Doug Black

Looking for Light Reading? NSF-backed ‘Comic Books’ Tackle Quantum Computing

January 28, 2019

Still baffled by quantum computing? How about turning to comic books (graphic novels for the well-read among you) for some clarity and a little humor on QC. The Read more…

By John Russell

The Case Against ‘The Case Against Quantum Computing’

January 9, 2019

It’s not easy to be a physicist. Richard Feynman (basically the Jimi Hendrix of physicists) once said: “The first principle is that you must not fool yourse Read more…

By Ben Criger

Leading Solution Providers

SC 18 Virtual Booth Video Tour

Advania @ SC18 AMD @ SC18
ASRock Rack @ SC18
DDN Storage @ SC18
HPE @ SC18
IBM @ SC18
Lenovo @ SC18 Mellanox Technologies @ SC18
NVIDIA @ SC18
One Stop Systems @ SC18
Oracle @ SC18 Panasas @ SC18
Supermicro @ SC18 SUSE @ SC18 TYAN @ SC18
Verne Global @ SC18

Deep Learning Competitors Stalk Nvidia

May 14, 2019

There is no shortage of processing architectures emerging to accelerate deep learning workloads, with two more options emerging this week to challenge GPU leader Nvidia. First, Intel researchers claimed a new deep learning record for image classification on the ResNet-50 convolutional neural network. Separately, Israeli AI chip startup Hailo.ai... Read more…

By George Leopold

Deep500: ETH Researchers Introduce New Deep Learning Benchmark for HPC

February 5, 2019

ETH researchers have developed a new deep learning benchmarking environment – Deep500 – they say is “the first distributed and reproducible benchmarking s Read more…

By John Russell

IBM Bets $2B Seeking 1000X AI Hardware Performance Boost

February 7, 2019

For now, AI systems are mostly machine learning-based and “narrow” – powerful as they are by today's standards, they're limited to performing a few, narro Read more…

By Doug Black

Arm Unveils Neoverse N1 Platform with up to 128-Cores

February 20, 2019

Following on its Neoverse roadmap announcement last October, Arm today revealed its next-gen Neoverse microarchitecture with compute and throughput-optimized si Read more…

By Tiffany Trader

Intel Launches Cascade Lake Xeons with Up to 56 Cores

April 2, 2019

At Intel's Data-Centric Innovation Day in San Francisco (April 2), the company unveiled its second-generation Xeon Scalable (Cascade Lake) family and debuted it Read more…

By Tiffany Trader

Announcing four new HPC capabilities in Google Cloud Platform

April 15, 2019

When you’re running compute-bound or memory-bound applications for high performance computing or large, data-dependent machine learning training workloads on Read more…

By Wyatt Gorman, HPC Specialist, Google Cloud; Brad Calder, VP of Engineering, Google Cloud; Bart Sano, VP of Platforms, Google Cloud

In Wake of Nvidia-Mellanox: Xilinx to Acquire Solarflare

April 25, 2019

With echoes of Nvidia’s recent acquisition of Mellanox, FPGA maker Xilinx has announced a definitive agreement to acquire Solarflare Communications, provider Read more…

By Doug Black

Nvidia Claims 6000x Speed-Up for Stock Trading Backtest Benchmark

May 13, 2019

A stock trading backtesting algorithm used by hedge funds to simulate trading variants has received a massive, GPU-based performance boost, according to Nvidia, Read more…

By Doug Black

  • arrow
  • Click Here for More Headlines
  • arrow
Do NOT follow this link or you will be banned from the site!
Share This