The Internet of Criminal Things—Trust in the Gods but Verify!

By Elizabeth Leake, STEM-Trek

February 20, 2019

“Are we under attack?” asked Professor Elmarie Biermann of the Cyber Security Institute during the recent South African Centre for High Performance Computing’s (CHPC) National Conference in Cape Town. A quick show of hands from ~10 percent of the audience revealed that even a technically well-informed community of practice doesn’t realize that we’re always under attack. 

“We are in the early stages of a cold cyber war that could quickly escalate into a hot cyber war that would ultimately spill into a full-scale kinetic war,” said Biermann.

Cyber warfare refers to the use of digital attacks by one country to disrupt the vital computer systems of another with the intention of causing damage, death and/or destruction. When it comes to power grids, the water supply, defense installations and community services, both offensive and defensive maneuvers are underway in every country; none are exempt.

“We tend to think it’s only the nation-states that engage in warfare, but civilians comprise the network of criminals, hacktivists and insiders,” she said. “All are actors in today’s cyber warfare landscape,” said Biermann.

Photo by Lawrette McFarlane.

They can exploit everything from our high-performance computing systems (HPC) all the way down to our mobile phones and Internet of Things (IoT) devices. “We buy smart devices, bring them home, and don’t change the default settings,” she said. “This is one of the biggest dangers of IoT—especially if the devices or chips are manufactured in countries that lack regulations on privacy or where there are state-sponsored initiatives that intend to cause harm to other countries.”

Hactivists often target government websites, “just because they can,” she said. Defacing a website may not have a big impact, but it’s low-hanging fruit that lets everyone know of their intentions. Some countries are better-prepared to fight cybercrime. China, for example, employs an estimated 50,000-100,000 cyber warriors.

Criminal networks have a huge capacity for disruption. They are run like a business and turn billions of dollars for the syndicate, making use of cyberinfrastructure and skilled IT personnel. Criminal networks invest in research and development intended to undo whatever R&D is put in place to protect government, commercial and private assets. They’re likely to exploit IoT to collect a record of the most vulnerable points of entry. There are well-funded, and well-staffed criminal organizations that conduct hacking and a range of other e-services for hire, or they sell tools that can be used for crime. In one case, an organization was making ATM skimmers that could be purchased for under 50 Rands (less than $4.00 US). “It allows you to sit in your car near the ATM and use your computer to capture PINs, and account information,” she said.

The Shadow brokers, rumored to be a Russian entity, obtained access to a vault of software tools developed by the U.S. National Security Agency (NSA), and made it available for everyone to use. “Visiting the Dark Web is like going to the pawn shop to see if your data is there,” she said. In one case, 300 million euros were generated by a single piece of code, and that money was then used to fund additional illicit operations.

Their financial transactions are conducted via cryptocurrency that is more difficult to track; especially when traversing international borders. While the address of the transaction can be discovered, it’s nearly impossible to track it to an individual. The geographic footprint is often intentionally-misleading in order to throw detectives off.

Ransomware isn’t new, but the targets and methodologies used by those who kidnap data and systems change, depending on the market. Because people tend to reuse passwords, it’s easier for criminals to gain access to their information, for example, which websites are visited, and even their bank balance. If the person visits a pornographic site—and, say that person is a priest or K-12 teacher, for example—it’s relatively easy to conduct “sextortion.” They are sent a message that, when opened, injects malware that hijacks their computer. They then receive some form of ransom note that indicates their data or computer won’t be released until they send a certain amount of funds (possibly the amount they have in the bank) to a cryptocurrency wallet. In such cases, victims are less likely to report the crime since it’s professionally embarrassing, and the amount at stake is unlikely to be a financial burden. With critical mass, a lot of money can be made by criminals this way. Unfortunately, once systems are comprised, the victim can be held hostage again and again in the future. When it happens, it’s always best to alert authorities and have the system cleaned by a professional.

“Many believe that if they see the little lock on the task bar that their transactions are safe, but bad guys also utilize encryption technology, such as SSL, in order to give the illusion of trust so they can be more successful in phishing attacks,” she said.

“Botnets are little pieces of code that install malware on your system,” said Bierman. It may not appear to be a problem from your side, and your system may not perform badly, but it allows the orchestrator to potentially command resources from millions of laptops, or HPC systems, for that matter. “Any system is only as safe as the latest antivirus definition files and operating system updates that are installed,” she said. Safe environments require vigilance and hard work to maintain. In fact, most attacks against HPC resources aren’t intended to capture data; the criminals try to harness unguarded computational power. But if a system is hijacked for use in an international crime, the center that manages the vulnerable system could become embroiled in an investigation and criminal case; they might even face some liability. That is why you would never want to sell computational cycles to a third-party (or nation-state) without a contract that acknowledges exactly how the power, storage and networks under your watch are being employed.

“Power is in the hands of those who control information,” she said. “What would you do if the services and software you rely on for business and social activities are based in a country that is currently under attack?” She cited the case of Russian interference in the U.S. elections, and how Facebook and Google were accused of furthering the agendas of paying customers who had criminal intent.

Fake news is intended to manipulate feelings and is a form of cyberattack. With broad public adoption of the tools and services used to perpetuate fake news, it’s easier to influence election outcomes.

“Many think that Google is impartial, but in reality, it’s ad-driven,” she said, and added, “Google renders the results that it wants you to buy.” Artificial Intelligence (AI) is being weaponized to conceal and accelerate cyberattacks in order to escalate the damage they can cause,” said Biermann. She provided a list of tools that can help keep social environments safe: Duckduckgo, Opera, Yandex, SocialMention, SocialBearing, Md5, and Shodan.

What can we do to protect ourselves?

Biermann suggests installing a VPN on personal devices which adds another layer of encryption. Install virus protection on your phones. Fewer than one percent protect their mobile phones, but Internet penetration in many sub-Saharan African regions was originally initiated and continues to be largely via mobile device. “And don’t use the free stuff; there is always a cost,” she added. Moving forward, decide to become proactive, vs. reactive.

Biermann and her colleagues also presented at the Understanding Risk in Shared Cyberecosystems (URISC) workshop led by Meshack Ndala (CHPC) during the CHPC National Conference that drew 571 participants from dozens of countries. URISC was named after a STEM-Trek cybersecurity workshop that was co-located with SC17.

The CHPC19 National Conference venue and dates will be announced soon. Watch the STEM-Trek and CHPC sites for more information.

About the Author

HPCwire Contributing Editor Elizabeth Leake is a consultant, correspondent and advocate who serves the global high performance computing (HPC) and data science industries. In 2012, she founded STEM-Trek, a global, grassroots nonprofit organization that supports workforce development opportunities for science, technology, engineering and mathematics (STEM) scholars from underserved regions and underrepresented groups.

As a program director, Leake has mentored hundreds of early-career professionals who are breaking cultural barriers in an effort to accelerate scientific and engineering discoveries. Her multinational programs have specific themes that resonate with global stakeholders, such as food security data science, blockchain for social good, cybersecurity/risk mitigation, and more. As a conference blogger and communicator, her work drew recognition when STEM-Trek received the 2016 and 2017 HPCwire Editors’ Choice Awards for Workforce Diversity Leadership.

Subscribe to HPCwire's Weekly Update!

Be the most informed person in the room! Stay ahead of the tech trends with industry updates delivered to you every week!

Under The Wire: Nearly HPC News (June 13, 2024)

June 13, 2024

As managing editor of the major global HPC news source, the term "news fire hose" is often mentioned. The analogy is quite correct. In any given week, there are many interesting stories, and only a few ever become headli Read more…

Quantum Tech Sector Hiring Stays Soft

June 13, 2024

New job announcements in the quantum tech sector declined again last month, according to an Quantum Economic Development Consortium (QED-C) report issued last week. “Globally, the number of new, public postings for Qu Read more…

Labs Keep Supercomputers Alive for Ten Years as Vendors Pull Support Early

June 12, 2024

Laboratories are running supercomputers for much longer, beyond the typical lifespan, as vendors prematurely deprecate the hardware and stop providing support. A typical supercomputer lifecycle is about five to six years Read more…

MLPerf Training 4.0 – Nvidia Still King; Power and LLM Fine Tuning Added

June 12, 2024

There are really two stories packaged in the most recent MLPerf  Training 4.0 results, released today. The first, of course, is the results. Nvidia (currently king of accelerated computing) wins again, sweeping all nine Read more…

Highlights from GlobusWorld 2024: The Conference for Reimagining Research IT

June 11, 2024

The Globus user conference, now in its 22nd year, brought together over 180 researchers, system administrators, developers, and IT leaders from 55 top research computing centers, national labs, federal agencies, and univ Read more…

Nvidia Shipped 3.76 Million Data-center GPUs in 2023, According to Study

June 10, 2024

Nvidia had an explosive 2023 in data-center GPU shipments, which totaled roughly 3.76 million units, according to a study conducted by semiconductor analyst firm TechInsights. Nvidia's GPU shipments in 2023 grew by more Read more…

Under The Wire: Nearly HPC News (June 13, 2024)

June 13, 2024

As managing editor of the major global HPC news source, the term "news fire hose" is often mentioned. The analogy is quite correct. In any given week, there are Read more…

Labs Keep Supercomputers Alive for Ten Years as Vendors Pull Support Early

June 12, 2024

Laboratories are running supercomputers for much longer, beyond the typical lifespan, as vendors prematurely deprecate the hardware and stop providing support. Read more…

MLPerf Training 4.0 – Nvidia Still King; Power and LLM Fine Tuning Added

June 12, 2024

There are really two stories packaged in the most recent MLPerf  Training 4.0 results, released today. The first, of course, is the results. Nvidia (currently Read more…

Highlights from GlobusWorld 2024: The Conference for Reimagining Research IT

June 11, 2024

The Globus user conference, now in its 22nd year, brought together over 180 researchers, system administrators, developers, and IT leaders from 55 top research Read more…

Nvidia Shipped 3.76 Million Data-center GPUs in 2023, According to Study

June 10, 2024

Nvidia had an explosive 2023 in data-center GPU shipments, which totaled roughly 3.76 million units, according to a study conducted by semiconductor analyst fir Read more…

ASC24 Expert Perspective: Dongarra, Hoefler, Yong Lin

June 7, 2024

One of the great things about being at an ASC (Asia Supercomputer Community) cluster competition is getting the chance to interview various industry experts and Read more…

HPC and Climate: Coastal Hurricanes Around the World Are Intensifying Faster

June 6, 2024

Hurricanes are among the world's most destructive natural hazards. Their environment shapes their ability to deliver damage; conditions like warm ocean waters, Read more…

ASC24: The Battle, The Apps, and The Competitors

June 5, 2024

The ASC24 (Asia Supercomputer Community) Student Cluster Competition was one for the ages. More than 350 university teams worked for months in the preliminary competition to earn one of the 25 final competition slots. The winning teams... Read more…

Atos Outlines Plans to Get Acquired, and a Path Forward

May 21, 2024

Atos – via its subsidiary Eviden – is the second major supercomputer maker outside of HPE, while others have largely dropped out. The lack of integrators and Atos' financial turmoil have the HPC market worried. If Atos goes under, HPE will be the only major option for building large-scale systems. Read more…

Comparing NVIDIA A100 and NVIDIA L40S: Which GPU is Ideal for AI and Graphics-Intensive Workloads?

October 30, 2023

With long lead times for the NVIDIA H100 and A100 GPUs, many organizations are looking at the new NVIDIA L40S GPU, which it’s a new GPU optimized for AI and g Read more…

Nvidia H100: Are 550,000 GPUs Enough for This Year?

August 17, 2023

The GPU Squeeze continues to place a premium on Nvidia H100 GPUs. In a recent Financial Times article, Nvidia reports that it expects to ship 550,000 of its lat Read more…

Everyone Except Nvidia Forms Ultra Accelerator Link (UALink) Consortium

May 30, 2024

Consider the GPU. An island of SIMD greatness that makes light work of matrix math. Originally designed to rapidly paint dots on a computer monitor, it was then Read more…

Choosing the Right GPU for LLM Inference and Training

December 11, 2023

Accelerating the training and inference processes of deep learning models is crucial for unleashing their true potential and NVIDIA GPUs have emerged as a game- Read more…

Nvidia’s New Blackwell GPU Can Train AI Models with Trillions of Parameters

March 18, 2024

Nvidia's latest and fastest GPU, codenamed Blackwell, is here and will underpin the company's AI plans this year. The chip offers performance improvements from Read more…

Synopsys Eats Ansys: Does HPC Get Indigestion?

February 8, 2024

Recently, it was announced that Synopsys is buying HPC tool developer Ansys. Started in Pittsburgh, Pa., in 1970 as Swanson Analysis Systems, Inc. (SASI) by John Swanson (and eventually renamed), Ansys serves the CAE (Computer Aided Engineering)/multiphysics engineering simulation market. Read more…

Some Reasons Why Aurora Didn’t Take First Place in the Top500 List

May 15, 2024

The makers of the Aurora supercomputer, which is housed at the Argonne National Laboratory, gave some reasons why the system didn't make the top spot on the Top Read more…

Leading Solution Providers

Contributors

AMD MI3000A

How AMD May Get Across the CUDA Moat

October 5, 2023

When discussing GenAI, the term "GPU" almost always enters the conversation and the topic often moves toward performance and access. Interestingly, the word "GPU" is assumed to mean "Nvidia" products. (As an aside, the popular Nvidia hardware used in GenAI are not technically... Read more…

The NASA Black Hole Plunge

May 7, 2024

We have all thought about it. No one has done it, but now, thanks to HPC, we see what it looks like. Hold on to your feet because NASA has released videos of wh Read more…

GenAI Having Major Impact on Data Culture, Survey Says

February 21, 2024

While 2023 was the year of GenAI, the adoption rates for GenAI did not match expectations. Most organizations are continuing to invest in GenAI but are yet to Read more…

Google Announces Sixth-generation AI Chip, a TPU Called Trillium

May 17, 2024

On Tuesday May 14th, Google announced its sixth-generation TPU (tensor processing unit) called Trillium.  The chip, essentially a TPU v6, is the company's l Read more…

Intel’s Next-gen Falcon Shores Coming Out in Late 2025 

April 30, 2024

It's a long wait for customers hanging on for Intel's next-generation GPU, Falcon Shores, which will be released in late 2025.  "Then we have a rich, a very Read more…

Q&A with Nvidia’s Chief of DGX Systems on the DGX-GB200 Rack-scale System

March 27, 2024

Pictures of Nvidia's new flagship mega-server, the DGX GB200, on the GTC show floor got favorable reactions on social media for the sheer amount of computing po Read more…

Shutterstock 1285747942

AMD’s Horsepower-packed MI300X GPU Beats Nvidia’s Upcoming H200

December 7, 2023

AMD and Nvidia are locked in an AI performance battle – much like the gaming GPU performance clash the companies have waged for decades. AMD has claimed it Read more…

Intel Plans Falcon Shores 2 GPU Supercomputing Chip for 2026  

August 8, 2023

Intel is planning to onboard a new version of the Falcon Shores chip in 2026, which is code-named Falcon Shores 2. The new product was announced by CEO Pat Gel Read more…

  • arrow
  • Click Here for More Headlines
  • arrow
HPCwire