The Internet of Criminal Things—Trust in the Gods but Verify!

By Elizabeth Leake, STEM-Trek

February 20, 2019

“Are we under attack?” asked Professor Elmarie Biermann of the Cyber Security Institute during the recent South African Centre for High Performance Computing’s (CHPC) National Conference in Cape Town. A quick show of hands from ~10 percent of the audience revealed that even a technically well-informed community of practice doesn’t realize that we’re always under attack. 

“We are in the early stages of a cold cyber war that could quickly escalate into a hot cyber war that would ultimately spill into a full-scale kinetic war,” said Biermann.

Cyber warfare refers to the use of digital attacks by one country to disrupt the vital computer systems of another with the intention of causing damage, death and/or destruction. When it comes to power grids, the water supply, defense installations and community services, both offensive and defensive maneuvers are underway in every country; none are exempt.

“We tend to think it’s only the nation-states that engage in warfare, but civilians comprise the network of criminals, hacktivists and insiders,” she said. “All are actors in today’s cyber warfare landscape,” said Biermann.

Photo by Lawrette McFarlane.

They can exploit everything from our high-performance computing systems (HPC) all the way down to our mobile phones and Internet of Things (IoT) devices. “We buy smart devices, bring them home, and don’t change the default settings,” she said. “This is one of the biggest dangers of IoT—especially if the devices or chips are manufactured in countries that lack regulations on privacy or where there are state-sponsored initiatives that intend to cause harm to other countries.”

Hactivists often target government websites, “just because they can,” she said. Defacing a website may not have a big impact, but it’s low-hanging fruit that lets everyone know of their intentions. Some countries are better-prepared to fight cybercrime. China, for example, employs an estimated 50,000-100,000 cyber warriors.

Criminal networks have a huge capacity for disruption. They are run like a business and turn billions of dollars for the syndicate, making use of cyberinfrastructure and skilled IT personnel. Criminal networks invest in research and development intended to undo whatever R&D is put in place to protect government, commercial and private assets. They’re likely to exploit IoT to collect a record of the most vulnerable points of entry. There are well-funded, and well-staffed criminal organizations that conduct hacking and a range of other e-services for hire, or they sell tools that can be used for crime. In one case, an organization was making ATM skimmers that could be purchased for under 50 Rands (less than $4.00 US). “It allows you to sit in your car near the ATM and use your computer to capture PINs, and account information,” she said.

The Shadow brokers, rumored to be a Russian entity, obtained access to a vault of software tools developed by the U.S. National Security Agency (NSA), and made it available for everyone to use. “Visiting the Dark Web is like going to the pawn shop to see if your data is there,” she said. In one case, 300 million euros were generated by a single piece of code, and that money was then used to fund additional illicit operations.

Their financial transactions are conducted via cryptocurrency that is more difficult to track; especially when traversing international borders. While the address of the transaction can be discovered, it’s nearly impossible to track it to an individual. The geographic footprint is often intentionally-misleading in order to throw detectives off.

Ransomware isn’t new, but the targets and methodologies used by those who kidnap data and systems change, depending on the market. Because people tend to reuse passwords, it’s easier for criminals to gain access to their information, for example, which websites are visited, and even their bank balance. If the person visits a pornographic site—and, say that person is a priest or K-12 teacher, for example—it’s relatively easy to conduct “sextortion.” They are sent a message that, when opened, injects malware that hijacks their computer. They then receive some form of ransom note that indicates their data or computer won’t be released until they send a certain amount of funds (possibly the amount they have in the bank) to a cryptocurrency wallet. In such cases, victims are less likely to report the crime since it’s professionally embarrassing, and the amount at stake is unlikely to be a financial burden. With critical mass, a lot of money can be made by criminals this way. Unfortunately, once systems are comprised, the victim can be held hostage again and again in the future. When it happens, it’s always best to alert authorities and have the system cleaned by a professional.

“Many believe that if they see the little lock on the task bar that their transactions are safe, but bad guys also utilize encryption technology, such as SSL, in order to give the illusion of trust so they can be more successful in phishing attacks,” she said.

“Botnets are little pieces of code that install malware on your system,” said Bierman. It may not appear to be a problem from your side, and your system may not perform badly, but it allows the orchestrator to potentially command resources from millions of laptops, or HPC systems, for that matter. “Any system is only as safe as the latest antivirus definition files and operating system updates that are installed,” she said. Safe environments require vigilance and hard work to maintain. In fact, most attacks against HPC resources aren’t intended to capture data; the criminals try to harness unguarded computational power. But if a system is hijacked for use in an international crime, the center that manages the vulnerable system could become embroiled in an investigation and criminal case; they might even face some liability. That is why you would never want to sell computational cycles to a third-party (or nation-state) without a contract that acknowledges exactly how the power, storage and networks under your watch are being employed.

“Power is in the hands of those who control information,” she said. “What would you do if the services and software you rely on for business and social activities are based in a country that is currently under attack?” She cited the case of Russian interference in the U.S. elections, and how Facebook and Google were accused of furthering the agendas of paying customers who had criminal intent.

Fake news is intended to manipulate feelings and is a form of cyberattack. With broad public adoption of the tools and services used to perpetuate fake news, it’s easier to influence election outcomes.

“Many think that Google is impartial, but in reality, it’s ad-driven,” she said, and added, “Google renders the results that it wants you to buy.” Artificial Intelligence (AI) is being weaponized to conceal and accelerate cyberattacks in order to escalate the damage they can cause,” said Biermann. She provided a list of tools that can help keep social environments safe: Duckduckgo, Opera, Yandex, SocialMention, SocialBearing, Md5, and Shodan.

What can we do to protect ourselves?

Biermann suggests installing a VPN on personal devices which adds another layer of encryption. Install virus protection on your phones. Fewer than one percent protect their mobile phones, but Internet penetration in many sub-Saharan African regions was originally initiated and continues to be largely via mobile device. “And don’t use the free stuff; there is always a cost,” she added. Moving forward, decide to become proactive, vs. reactive.

Biermann and her colleagues also presented at the Understanding Risk in Shared Cyberecosystems (URISC) workshop led by Meshack Ndala (CHPC) during the CHPC National Conference that drew 571 participants from dozens of countries. URISC was named after a STEM-Trek cybersecurity workshop that was co-located with SC17.

The CHPC19 National Conference venue and dates will be announced soon. Watch the STEM-Trek and CHPC sites for more information.

About the Author

HPCwire Contributing Editor Elizabeth Leake is a consultant, correspondent and advocate who serves the global high performance computing (HPC) and data science industries. In 2012, she founded STEM-Trek, a global, grassroots nonprofit organization that supports workforce development opportunities for science, technology, engineering and mathematics (STEM) scholars from underserved regions and underrepresented groups.

As a program director, Leake has mentored hundreds of early-career professionals who are breaking cultural barriers in an effort to accelerate scientific and engineering discoveries. Her multinational programs have specific themes that resonate with global stakeholders, such as food security data science, blockchain for social good, cybersecurity/risk mitigation, and more. As a conference blogger and communicator, her work drew recognition when STEM-Trek received the 2016 and 2017 HPCwire Editors’ Choice Awards for Workforce Diversity Leadership.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industy updates delivered to you every week!

Supercomputer Analysis Shows the Atmospheric Reach of the Tonga Eruption

January 21, 2022

On Saturday, an enormous eruption on the volcanic islands of Hunga Tonga and Hunga Haʻapai shook the Pacific Ocean. The explosion, which could be heard six thousand miles away in Alaska, caused tsunamis across the entir Read more…

NSB Issues US State of Science and Engineering 2022 Report

January 20, 2022

This week the National Science Board released its biannual U.S. State of Science and Engineering 2022 report, as required by the NSF Act. Broadly, the report presents a near-term view of S&E based mostly on 2019 data. To a large extent, this year’s edition echoes trends from the last few reports. The U.S. is still a world leader in R&D spending and S&E education... Read more…

Researchers Achieve 99 Percent Quantum Accuracy with Silicon-Embedded Qubits 

January 20, 2022

Researchers in Australia and the U.S. have made exciting headway in the quantum computing arms race. A multi-institutional team including the University of New South Wales and Sandia National Laboratory announced that th Read more…

Trio of Supercomputers Powers Estimate of Carbon in Earth’s Outer Core

January 20, 2022

Carbon is one of the essential building blocks of life on Earth, and it—along with hydrogen, nitrogen and oxygen—is one of the key elements researchers look for when they search for habitable planets and work to unde Read more…

Multiverse Targets ‘Quantum Computing for the Masses’

January 19, 2022

The race to deliver quantum computing solutions that shield users from the underlying complexity of quantum computing is heating up quickly. One example is Multiverse Computing, a European company, which today launched the second financial services product in its Singularity product group. The new offering, Fair Price, “delivers a higher accuracy in fair price calculations for financial... Read more…

AWS Solution Channel

shutterstock 718231072

Accelerating drug discovery with Amazon EC2 Spot Instances

This post was contributed by Cristian Măgherușan-Stanciu, Sr. Specialist Solution Architect, EC2 Spot, with contributions from Cristian Kniep, Sr. Developer Advocate for HPC and AWS Batch at AWS, Carlos Manzanedo Rueda, Principal Solutions Architect, EC2 Spot at AWS, Ludvig Nordstrom, Principal Solutions Architect at AWS, Vytautas Gapsys, project group leader at the Max Planck Institute for Biophysical Chemistry, and Carsten Kutzner, staff scientist at the Max Planck Institute for Biophysical Chemistry. Read more…

Students at SC21: Out in Front, Alongside and Behind the Scenes

January 19, 2022

The Supercomputing Conference (SC) is one of the biggest international conferences dedicated to high-performance computing, networking, storage and analysis. SC21 was a true ‘hybrid’ conference, with a total of 380 o Read more…

Supercomputer Analysis Shows the Atmospheric Reach of the Tonga Eruption

January 21, 2022

On Saturday, an enormous eruption on the volcanic islands of Hunga Tonga and Hunga Haʻapai shook the Pacific Ocean. The explosion, which could be heard six tho Read more…

NSB Issues US State of Science and Engineering 2022 Report

January 20, 2022

This week the National Science Board released its biannual U.S. State of Science and Engineering 2022 report, as required by the NSF Act. Broadly, the report presents a near-term view of S&E based mostly on 2019 data. To a large extent, this year’s edition echoes trends from the last few reports. The U.S. is still a world leader in R&D spending and S&E education... Read more…

Multiverse Targets ‘Quantum Computing for the Masses’

January 19, 2022

The race to deliver quantum computing solutions that shield users from the underlying complexity of quantum computing is heating up quickly. One example is Multiverse Computing, a European company, which today launched the second financial services product in its Singularity product group. The new offering, Fair Price, “delivers a higher accuracy in fair price calculations for financial... Read more…

Students at SC21: Out in Front, Alongside and Behind the Scenes

January 19, 2022

The Supercomputing Conference (SC) is one of the biggest international conferences dedicated to high-performance computing, networking, storage and analysis. SC Read more…

Q-Ctrl – Tackling Quantum Hardware’s Noise Problems with Software

January 13, 2022

Implementing effective error mitigation and correction is a critical next step in advancing quantum computing. While a lot of attention has been given to effort Read more…

Nvidia Defends Arm Acquisition Deal: a ‘Once-in-a-Generation Opportunity’

January 13, 2022

GPU-maker Nvidia is continuing to try to keep its proposed acquisition of British chip IP vendor Arm Ltd. alive, despite continuing concerns from several governments around the world. In its latest action, Nvidia filed a 29-page response to the U.K. government to point out a list of potential benefits of the proposed $40 billion deal. Read more…

Nvidia Buys HPC Cluster Management Company Bright Computing

January 10, 2022

Graphics chip powerhouse Nvidia today announced that it has acquired HPC cluster management company Bright Computing for an undisclosed sum. Unlike Nvidia’s bid to purchase semiconductor IP company Arm, which has been stymied by regulatory challenges, the Bright deal is a straightforward acquisition that aims to expand... Read more…

SC21 Panel on Programming Models – Tackling Data Movement, DSLs, More

January 6, 2022

How will programming future systems differ from current practice? This is an ever-present question in computing. Yet it has, perhaps, never been more pressing g Read more…

IonQ Is First Quantum Startup to Go Public; Will It be First to Deliver Profits?

November 3, 2021

On October 1 of this year, IonQ became the first pure-play quantum computing start-up to go public. At this writing, the stock (NYSE: IONQ) was around $15 and its market capitalization was roughly $2.89 billion. Co-founder and chief scientist Chris Monroe says it was fun to have a few of the company’s roughly 100 employees travel to New York to ring the opening bell of the New York Stock... Read more…

US Closes in on Exascale: Frontier Installation Is Underway

September 29, 2021

At the Advanced Scientific Computing Advisory Committee (ASCAC) meeting, held by Zoom this week (Sept. 29-30), it was revealed that the Frontier supercomputer is currently being installed at Oak Ridge National Laboratory in Oak Ridge, Tenn. The staff at the Oak Ridge Leadership... Read more…

AMD Launches Milan-X CPU with 3D V-Cache and Multichip Instinct MI200 GPU

November 8, 2021

At a virtual event this morning, AMD CEO Lisa Su unveiled the company’s latest and much-anticipated server products: the new Milan-X CPU, which leverages AMD’s new 3D V-Cache technology; and its new Instinct MI200 GPU, which provides up to 220 compute units across two Infinity Fabric-connected dies, delivering an astounding 47.9 peak double-precision teraflops. “We're in a high-performance computing megacycle, driven by the growing need to deploy additional compute performance... Read more…

Intel Reorgs HPC Group, Creates Two ‘Super Compute’ Groups

October 15, 2021

Following on changes made in June that moved Intel’s HPC unit out of the Data Platform Group and into the newly created Accelerated Computing Systems and Graphics (AXG) business unit, led by Raja Koduri, Intel is making further updates to the HPC group and announcing... Read more…

Nvidia Buys HPC Cluster Management Company Bright Computing

January 10, 2022

Graphics chip powerhouse Nvidia today announced that it has acquired HPC cluster management company Bright Computing for an undisclosed sum. Unlike Nvidia’s bid to purchase semiconductor IP company Arm, which has been stymied by regulatory challenges, the Bright deal is a straightforward acquisition that aims to expand... Read more…

D-Wave Embraces Gate-Based Quantum Computing; Charts Path Forward

October 21, 2021

Earlier this month D-Wave Systems, the quantum computing pioneer that has long championed quantum annealing-based quantum computing (and sometimes taken heat fo Read more…

Killer Instinct: AMD’s Multi-Chip MI200 GPU Readies for a Major Global Debut

October 21, 2021

AMD’s next-generation supercomputer GPU is on its way – and by all appearances, it’s about to make a name for itself. The AMD Radeon Instinct MI200 GPU (a successor to the MI100) will, over the next year, begin to power three massive systems on three continents: the United States’ exascale Frontier system; the European Union’s pre-exascale LUMI system; and Australia’s petascale Setonix system. Read more…

Three Chinese Exascale Systems Detailed at SC21: Two Operational and One Delayed

November 24, 2021

Details about two previously rumored Chinese exascale systems came to light during last week’s SC21 proceedings. Asked about these systems during the Top500 media briefing on Monday, Nov. 15, list author and co-founder Jack Dongarra indicated he was aware of some very impressive results, but withheld comment when asked directly if he had... Read more…

Leading Solution Providers

Contributors

Lessons from LLVM: An SC21 Fireside Chat with Chris Lattner

December 27, 2021

Today, the LLVM compiler infrastructure world is essentially inescapable in HPC. But back in the 2000 timeframe, LLVM (low level virtual machine) was just getting its start as a new way of thinking about how to overcome shortcomings in the Java Virtual Machine. At the time, Chris Lattner was a graduate student of... Read more…

2021 Gordon Bell Prize Goes to Exascale-Powered Quantum Supremacy Challenge

November 18, 2021

Today at the hybrid virtual/in-person SC21 conference, the organizers announced the winners of the 2021 ACM Gordon Bell Prize: a team of Chinese researchers leveraging the new exascale Sunway system to simulate quantum circuits. The Gordon Bell Prize, which comes with an award of $10,000 courtesy of HPC pioneer Gordon Bell, is awarded annually... Read more…

Julia Update: Adoption Keeps Climbing; Is It a Python Challenger?

January 13, 2021

The rapid adoption of Julia, the open source, high level programing language with roots at MIT, shows no sign of slowing according to data from Julialang.org. I Read more…

Three Universities Team for NSF-Funded ‘ACES’ Reconfigurable Supercomputer Prototype

September 23, 2021

As Moore’s law slows, HPC developers are increasingly looking for speed gains in specialized code and specialized hardware – but this specialization, in turn, can make testing and deploying code trickier than ever. Now, researchers from Texas A&M University, the University of Illinois at Urbana... Read more…

Top500: No Exascale, Fugaku Still Reigns, Polaris Debuts at #12

November 15, 2021

No exascale for you* -- at least, not within the High-Performance Linpack (HPL) territory of the latest Top500 list, issued today from the 33rd annual Supercomputing Conference (SC21), held in-person in St. Louis, Mo., and virtually, from Nov. 14–19. "We were hoping to have the first exascale system on this list but that didn’t happen," said Top500 co-author... Read more…

TACC Unveils Lonestar6 Supercomputer

November 1, 2021

The Texas Advanced Computing Center (TACC) is unveiling its latest supercomputer: Lonestar6, a three peak petaflops Dell system aimed at supporting researchers Read more…

Nvidia Defends Arm Acquisition Deal: a ‘Once-in-a-Generation Opportunity’

January 13, 2022

GPU-maker Nvidia is continuing to try to keep its proposed acquisition of British chip IP vendor Arm Ltd. alive, despite continuing concerns from several governments around the world. In its latest action, Nvidia filed a 29-page response to the U.K. government to point out a list of potential benefits of the proposed $40 billion deal. Read more…

10nm, 7nm, 5nm…. Should the Chip Nanometer Metric Be Replaced?

June 1, 2020

The biggest cool factor in server chips is the nanometer. AMD beating Intel to a CPU built on a 7nm process node* – with 5nm and 3nm on the way – has been i Read more…

  • arrow
  • Click Here for More Headlines
  • arrow
HPCwire