[kictanet] Fwd: Who to Blame for the Attack on the Internet - The answer is You, me and everyone else is in between

Sun Oct 23 21:22:46 EAT 2016

I agree, we must critically analyse the risk exposure we place ourselves in
as we enthusiastically embrace IOT.

It is a wake up call because for once we realise that our cameras, fridges
and printers can be used as weapons of mass destruction. In as much as this
whole thing sounds like a script from a dooms day sci-fi thriller we must
accept that it is a new reality which must adequately prepare ourselves for.

>From a regulatory point of view, we must lobby to ensure that all IOT
devices have very strict security standards, just like those required of
all other sensitive technological infrastructure.

Kind regards,

Rosemary Koech-Kimwatu.

On 23 Oct 2016 19:13, "Ali Hussein via kictanet" <
kictanet at lists.kictanet.or.ke> wrote:

> Dear listers
>
> Cross-posting intentional
>
> In the last few days the blogosphere and social media in general has been
> abuzz with the DDoS attack that brought down popular sites like Amazon and
> a Twitter.
>
> Have you wondered what role YOU could have played in this attack? Well, it
> turns out we are all not so innocent..Read on..
>
>
> *From:* "FORTUNE Data Sheet" <fortune at email.fortune.com>
> *Date:* 22 October 2016 at 10:18:07 PM EAT
> *To:* <ali at hussein.me.ke>
> *Subject:* *Who to Blame for the Attack on the Internet*
> *Reply-To:* "Fortune" <reply-fec915777065057a-20_HTML-56937916-7213333-13@
> email.fortune.com>
>
>
> [image: twitter share]
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd89a63bd3156595a18fb76a8e422aaad43de21b2717f74c0298abd3271ecf3af79>
> [image: facebook share]
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd86111430ea32dfe4cf2a46a8c835438ac1bf1b2c9a9ff0ee1f73f10bdca2a0859>
> FOLLOW
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8a6aadcbdb98150198f4606ea4883e7630eff2f1504cd37df275c9eb18d440934>
> subscribe
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8e3c7a0604f4495fd5d26a056bbd18bc05009bd4dacbf312f534ffecc1df15108>
> ANON TIP
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd81f6cc120ae2be6d360b40ecec34f97fb4f534a5aecd758432ccfd316044c79db>
> October 22, 2016
>
> Our worst hacking fears came true on Friday as criminals deployed millions
> of everyday objects — internet-connected cameras, printers and so on — to
> launch an attack
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8ae24cd6e62c52fc5fcf166af66a4737d3963e61a8f3514ae52bb499304004b8d>
> on a critical part of the Internet. The attack was a success, crippling the
> websites of major companies like Amazon
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd85042ba44640a09611552bd50e91322658025d61cc7e69b3b6cbb61b6b6712b10>,
> Netflix
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8b6bfa06478bd79a6417b1e473eda9f9f601d9c3cb9146198d710069a46ed7a0d>
> and Twitter for hours at a time.
>
> We now have a handle on what happened: hackers used publicly available
> source code to assemble a bot-net army of internet-enabled devices, and
> then directed those devices to send massive waves of junk requests to a DNS
> provider. The attack meant the provider, New Hampshire based Dyn, could not
> carry out its job of acting as a switchboard for the internet, and
> consumers could no longer reach popular websites.
>
> The compromised devices, which make up the bot-net army, are still out
> there and unpatched, which means other attacks are likely on the way. This
> makes it a good time to ask who’s to blame for this debacle. We can start,
> of course, by fingering the hackers themselves, who appear to have
> unleashed the attack with profit motives
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8d92181cd55f6c6b3f035afeb7b2ad406aa420e6b00b9bd33c3f129b554b4b83c>
> in mind.
>
> But we can also assign much of the blame to the companies whose sloppy
> security standards made the attack possible:
>
> Wondering which IoT device types are part of the Mirai botnet causing
> trouble today? @briankrebs
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8b40a3a8949c758766798afbd944bd8bc0dedb5fadb33905f147a532b7f2824fb>
> has the list: https://t.co/bETefDMa4Y
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8510b05d14ce1ef716063e0b37a5f368825eb1dba403a7cabccb90fa152755daf>
>
> — Eric Skinner (@EricSkinner) October 22, 2016
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8be8a26a11a685b24cbc03242cb39b73d9862196fcd81d0c880aa9be0efd3d272>
>
> //platform.twitter.com/widgets.js
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd866493dc7c47e363e222e27f0a9dae8dcfc668c5e7d81279b8f909398ecfa2793>
>
> We need laws that allow civil and/or criminal penalties for companies that
> sell systems this insecure https://t.co/Gj4S5Hj0xV
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8e220a1a259bbec7f41da1aa079fc112b411d410da32a20ca1b84b5a98756e9fa>
>
> — Christopher Mims (@mims) October 22, 2016
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd82b5f0a9985d53b548e0f94dbafc8f4f5cb20a1b378d5f36d69fbb519da1778c3>
>
> //platform.twitter.com/widgets.js
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd866493dc7c47e363e222e27f0a9dae8dcfc668c5e7d81279b8f909398ecfa2793>
>
> A list of alleged culprits
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8c27958954642dc875648b88e49e7f2b6eba9dfe705c8e0e91122c2af4e59efb7>,
> compiled by security researcher Brian Krebs, include familiar names like
> Panasonic, Samsung and Xerox
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd89b9c2ea8fb6dfa9c953537cb2ba5793314c1fd9c9931596afda266b84b66574c>
> printers. The names also include lesser known makers of routers and
> cameras, which reportedly made up the bulk of the bot-net army.
>
> It’s a good bet these companies are scrambling to update their product
> lines in a way that requires users to change the passwords (widespread use
> of default passwords are the main reason the devices got hacked in the
> first place). But it’s not fair to lay the entire blame squarely on the
> companies. Part of the responsibility should also lie with lawmakers and
> regulators, who have failed to create a safety system to account for the Internet-of-Things
> era
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8fa41254767352c180d4e2b79d111f07ae739deffc33eaa5e845a252e6a53ef80>
> we are now living in.
>
> Finally, it’s time for consumers to acknowledge they have a role in the
> attack too. By failing to secure the internet-connected devices, they are
> endangering not just themselves but the rest of the Internet as well. No
> one think it’s acceptable for consumers to be clueless when they operate
> products like automobiles or propane tanks — so why is it okay for them to
> be careless with routers and security cameras?
>
> On another note, there’s other security news this week, including a couple
> cool fin-tech features by Robert, which can read about below. Thanks as
> always for reading. And, for heaven’s sake, lock down your devices.
>
> Jeff Roberts
>
> @jeffjohnroberts
>
> jeff.roberts at fortune.com
>
> *Welcome to the Cyber Saturday edition of Data Sheet, *Fortune’*s* *daily
> tech newsletter. *Fortune* reporter Robert Hackett here. You may reach me
> via Twitter
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd816fc246a0753a1689ad4a092c67c98ddbdd5af6c16c66801f615285420b379a2>,
> Cryptocat
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd850b38c007e565f3a845bc7eadce31b6f919ecd2403d45cddfd8d86eb385e43c1>,
> Jabber
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8b5882fd27b213153972fd3b7eda143569a2d9b7fee2ed6fdf706e5f1cad1092d>
> (see OTR fingerprint on my about.me
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd889235418310da4cb397ae441f60644f24f65c9999c5dd0d5fdd53ba76dcc7f36>),
> PGP encrypted email (see public key on my Keybase.io
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8a107f886a95135a1ca5dddb8eb6e6508a69be3f5ef0f478acfe0024e5586bd97>),
> Wickr
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8a73c56e73f96e3640c0be90b9a0cfd39acccda0fd376e13dc0612da02fabd7f1>,
> Signal
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8611d65f6926f7e9d6538ef8d680d45e8fc54f34bcae359675f3f45bf558ff268>,
> or however you (securely) prefer. * *Feedback welcome.*
>
> <http://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/8484/fort/newsletter_fortunedatasheet&sz=300x250&t=pos%3D1%26tile%3D1%26day=sat&c=17511756937916>
> .
> THREATS
>
> *Meet Coinbase 2.0. *In 2012, Coinbase was one of the early cool kids of
> the bitcoin scene. Four years later, the company is barely mentioning
> bitcoin as it carries out a full pivot into a digital brokerage service for
> a wide range of money. (Fortune
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd83e9621187a3d691c6f4c41aabf2d4faf0d5dc5152edf8b6da43454601c951242>
> )
>
> *Facial recognition stops a Facebook burglar*: Social media
> companies announced they have broken ties with a controversial company that
> scans their streams to identify faces for police departments. But it turns
> out Facebook has itself used the company to stop an intruder in CEO Mark
> Zuckerberg's office. (The Verge
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd872d08c4febcfa90bb7f070383e530dad152d68503da80a24b8157083f49e31f6>
> )
>
> *Ripple rocks it.* Meanwhile, another fin-tech darling is riding
> high. Ripple announced a successful trial with 12 big banks that could
> lower settlement costs for cross-border currency transactions by 60
> percent. (Fortune
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8b926c40f3baacb9509a95234fae1d2f70cf4fa9c19bc24dc340cd54d0c8fd1d1>
> )
>
> *How Russia doxxed the DNC*: Everyone not named Donald Trump is by now
> acknowledging that the hack of Democratic party emails was carried out by
> Russia. But just what did this entail? An Esquire feature reveals how the
> work was a years-long, meticulously planned operation. (Esquire
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8dadfb4f35711468176f11820de50ff6be26dd753a0e64af554a8a6fd6a3055bd>
> )
>
> *I forgive you, Yahoo.* How do customers react when you suffer the
> largest cyber-security breach in history? Apparently, they shrug. Yahoo
> said user numbers are about the same since the breach. Alas, it looks like
> the company's merger-mate won't be so forgiving — Verizon is making noises
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8e4ce3f73f27ada49e7c1450b2e03e196d2a71f92f1b8ab350ea46b1755e41456>
> about bailing. (Fortune
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd834cd00f045ab4d96adac353fddd504810baa905548183cba4974550041879262>
> )
>
>
> *Share today's Data Sheet with a friend: *http://fortune.com/newsletter/
> datasheet/
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd84b1f87e4e839e7aab2e21caa83d4fa97e79f41444df0383204cf11a1cc0ee37a>
>
> *Looking for previous Data Sheets? Click here
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8324b9b0652d59711abbd7b378938881457bb23ab299da7f6cb46a3e7471c8909>.*
> .
> ACCESS GRANTED
>
> *Mmmm, blockchain. Robert has a fascinating look at how Wal-Mart and IBM
> are using fin-tech tools to track pork safety in China:  *
>
> Walmart plans to use technology developed by the Hyperledger Project, an
> open source software project that builds blockchain tools and is based out
> of the Linux Foundation...
>
> The blockchain in question, a private database co-developed by IBM, is
> designed to provide the retailer with a way to indelibly record a list of
> transactions indicating how meat has flowed through a commercial network,
> from producers to processors to distributors to grocers—and finally, to
> consumers. *Read more on Fortune.com
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8214e52c722f93a27eeab0e7ef33b17942ab3fbfc4d5465af9955d7968ab07503>*
> .
> FORTUNE RECON
>
> 97% of Java Apps Harbor a Known Security Hole
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8e1819d20aff867b635a2761cfc2ae0bbcbfacc2cd929d3b5ad83d2df674cb9ec>
> by Robert Hackett
>
> Microsoft Cloud Warrant Cases Move Closer to Supreme Court
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd834cada4c548652662c55f9f90aef84f03fe10a2e5e32ee8dd737fa18bf627ee5>by
> Jeff John Roberts
>
> This Badge Blocks Your Face in Social Media Photos
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8d6392e04b370ce749473b6e72fb49e3bade58f5edc22db32eab5c73b967922e9>
> by Maddie Farber
>
> Half of US Adults' Faces Are Being Scanned by Law Enforcement
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd82a95103426d7e9e538ca57f33f09309e9078db3d043dc508bbc5dfbd96e9d4e3>
> by Jeff John Roberts
>
> NSA Contractor Accused of Stealing Data Will Face Espionage Charges
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8c896e751142b7100ba647179dff103fc7c3f9f21678ae8c890020389f122f021>
> Fortune/Reuters
> .
>
> <http://pubads.g.doubleclick.net/gampad/jump?co=1&iu=/8484/fort/newsletter_fortunedatasheet&sz=300x250&t=pos%3D2%26tile%3D2%26day=sat&c=17511756937916>
> .
> ONE MORE THING
>
> If you want to hack a high profile target, spear-phishing is still the
> best bet. But just how do you carry it out? In the case of General Colin
> Powell and DNC Chair John Podesta, it was a plain old "Gmail" message.
> Here's an up close look at what *not* to click. (*Motherboard*)
> .
> EMAIL Robert Hackett <robert.hackett at fortune.com>
> subscribe
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8e3c7a0604f4495fd5d26a056bbd18bc05009bd4dacbf312f534ffecc1df15108>
> share: [image: TW]
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd89a63bd3156595a18fb76a8e422aaad43de21b2717f74c0298abd3271ecf3af79> [image:
> FB]
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd86111430ea32dfe4cf2a46a8c835438ac1bf1b2c9a9ff0ee1f73f10bdca2a0859> [image:
> IN]
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd857a7b351acebcc6112bfd18e0e71e9e52278ab52bc8517e046793d085568cbe3>
> .
> This message has been sent to you because you are currently subscribed to
> Cyber Saturday
> *Unsubscribe here
> <https://pages.email.fortune.com/page.aspx?qs=1550dccf35ce5f7448636ad41dbb8a1de5abd7376b905facc427531013ad946e1b2e2f13cacbc49f37f69f41fc505b55992a42e7a0a08d7eff4e2a61213e3583c7575c5c47080276466dad8ecc8c455f>*
>
> Please read our Privacy Policy, or copy and paste this link into your
> browser:
> *http://www.fortune.com/privacy
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8ba2d82a44785b34fc598c6f5a04f82650446952675a8b115c8460ae65928c990>*
>
> For Further Communication, Please Contact:
> FORTUNE Customer Service
> 3000 University Center Drive
> Tampa, FL 33612-6408
>
>
>
>
>
> *Advertising Info
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8ba2d82a44785b34fc598c6f5a04f82650446952675a8b115c8460ae65928c990>
> | Subscribe to Fortune
> <https://click.email.fortune.com/?qs=7d1cb97b08a54cd8f27fcb1e2398e728028f06c3c314ae7f9c376ae40843d8d0ab9870faf81a26e3>**Ali
> Hussein*
> *Principal*
> *Hussein & Associates*
> +254 0713 601113
>
> Twitter: @AliHKassim
>
> Skype: abu-jomo
>
> LinkedIn: http://ke.linkedin.com/in/alihkassim
>
>
> "Discovery consists in seeing what everyone else has seen and thinking
> what no one else has thought".  ~ Albert Szent-Györgyi
>
> Sent from my iPad
>
> Begin forwarded message:
>
>
> _______________________________________________
> kictanet mailing list
> kictanet at lists.kictanet.or.ke
> https://lists.kictanet.or.ke/mailman/listinfo/kictanet
>
> Unsubscribe or change your options at https://lists.kictanet.or.ke/
> mailman/options/kictanet/chemukoechk%40gmail.com
>
> The Kenya ICT Action Network (KICTANet) is a multi-stakeholder platform
> for people and institutions interested and involved in ICT policy and
> regulation. The network aims to act as a catalyst for reform in the ICT
> sector in support of the national aim of ICT enabled growth and development.
>
> KICTANetiquette : Adhere to the same standards of acceptable behaviors
> online that you follow in real life: respect people's times and bandwidth,
> share knowledge, don't flame or abuse or personalize, respect privacy, do
> not spam, do not market your wares or qualifications.
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.kictanet.or.ke/pipermail/kictanet/attachments/20161023/be817bef/attachment.htm>