Internet News (July 2017)

Massive attack

The UK Parliament has received its largest cyber attack on record, admitting that it had suffered a “sustained and determined cyber attack” that began on the 23rd June – the attack lasted more than 12 hours. The unknown hacker’s goal? Gaining access to MP emails, of which they managed to ‘brute force’ fewer than 90 email accounts belonging to MPs, their aides, and other staff and peers that had weak passwords. Parliament issued a statement on the following Saturday explaining, “We have discovered unauthorised attempts to access accounts of parliamentary networks users and are investigating this ongoing incident”.

Needless to say, once the intrusion had been discovered, parliamentary officials had to work quickly to lock the affected accounts, even locking out the actual MPs in order to ensure as little damage as possible could be caused from the breach. The Parliamentary IT team stated they had “temporarily restricted remote access to the network”, warning that, “as a result, some members of Parliament and staff cannot access their email accounts outside of Westminster”.

The attack was made on the primary email network used by every MP, including that of current Prime Minister, Theresa May, and that of her cabinet for discourse with constituents. By Saturday night, experts were warning that those affected, and possibly others by proxy that were mentioned in emails of compromised accounts, may lead to being exposed to blackmail, or worse, increased likelihood of being a terrorist target, if emails from these accounts had been successfully accessed or downloaded.

On Sunday there was an update posted by the Commons Press Office to update the nation on the attack:

“Parliament’s first priority has been to protect the parliamentary network and systems from the sustained and determined cyber attack to ensure that the business of the Houses can continue. This has been achieved and both Houses will meet as planned tomorrow.
 
Investigations are ongoing, but it has become clear that significantly fewer than 1% of the 9,000 accounts on the parliamentary network have been compromised as a result of the use of weak passwords that did not conform to guidance issued by the Parliamentary Digital Service. As they are identified, the individuals whose accounts have been compromised have been contacted and investigations to determine whether any data has been lost are under way.
 
Parliament is now putting in place plans to resume its wider IT services.”

Directory of the Parliamentary Digital Service, Rob Greig, also gave a statement:

“Earlier this morning we discovered unusual activity and evidence of an attempted cyber-attack on our computer network.

Closer investigation by our team confirmed that hackers were carrying out a sustained and determined attack on all parliamentary user accounts in attempt to identify weak passwords. These attempts specifically were trying to gain access to users emails.

We have been working closely with the National Cyber Security Centre (NCSC) to identify the method of the attack and have made changes to prevent the attackers gaining access, however our investigation continues.”

The potential for sensitive information to be in these emails is probably what led to the attack, as you might imagine, especially if this then allowed the attackers to gain deeper access into Parliamentary resources. Disabling remote access to the network seems to have been enough to bring the attacks to an end, albeit leaving MPs and their staff without the ability to respond to their constituents throughout Saturday and most of Sunday. Some MP’s decided to take to social media to issue their apologies in the absence of any email access.

Amidst the worry, after being informed by security services of the damage that a successful attack could bring, some MPs such as Andrew Bridgen, Tory MP for North West Leicestershire, expressed concerns regarding the compromise of “confidential information” that voters had shared with their local politicians. “People come to us with the worst problems in their life in the confidence that their emails are secure. If people thought our emails were not secure it would seriously undermine our constituents’ confidence and trust in approaching their MP at a time of crisis.”

This attack took place mere hours after a report from a newspaper claiming that the login details of roughly 1,000 MPs and staff, including cabinet ministers, were being traded online by Russian hackers. That being said, government ministers and officials use a separate email network: one is used for sharing more confidential information, which is reportedly unaffected by the attack.

Mean Time Between Very British Failures

After the global IT system failure that British Airways suffered recently, there has been much finger pointing and guesswork surrounding the reason for the total meltdown of its IT services. Before we delve into the details of what the investigations into this matter have revealed, let’s first take a look at fundamental architecture behind this “High Availability” system.

Defined in a document by Oracle entitled “Real Application Clusters Concepts”:

“Computing environments configured to provide nearly full-time availability are known as high availability systems. Such systems typically have redundant hardware and software that makes the system available despite failures. Well-designed high availability systems avoid having single points-of-failure. Any hardware or software component that can fail has a redundant component of the same type.

When failures occur, the failover process moves processing performed by the failed component to the backup component. This process remasters systemwide resources, recovers partial or failed transactions, and restores the system to normal, preferably within a matter of microseconds. The more transparent that failover is to users, the higher the availability of the system.”

So, if this is the manner in which British Airways designed their systems, how then was it possible for the entire lot to fall like a pile of dominoes in a very intricately laid path? Well, first let’s start with a statement made by the Chief Executive of British Airways. “Tens of millions of messages every day that are shared across 200 systems across the BA network and it actually affected all of those systems across the network.”

So, as you can see, the sheer number of systems involved already complicates matters, and if you think about it for a second, it’s somewhat hard to understand why they have that many running for something as deceptively simple as handling flight bookings and handling luggage organisation. The problem is that it’s nowhere near that simple, and the system is most likely designed such that you can add in new systems to handle a specific tasks, which then necessitates additional systems added to the network surprisingly often, resulting in the now large 200 system strong setup BA has today.

The issue then, is that in general IT systems, even ones that aren’t in a high availability configuration or even built for that purpose, after some initial wearing in period are incredibly reliable pieces of hardware and software – to the point that failures are rare enough that the general public almost never notices, which encourages complacency.

Another organisation that had struggled with this same issue, NASA, failed to communicate the problems with reliability risk which had even worse visible consequences than BA’s issue. Also demonstrating how poor the management’s understanding of risk was in the circumstances surrounding the Challenger Space Shuttle disaster.

During that investigation, the Rogers Commission’s Richard Feynman decided to take a closer look at NASA’s approach to estimating failure rates. There was a huge disparity between estimates given, depending on whom he approached. First, management believed the risk of failure to be 1 in 105, to which Feynman, himself a noted physicist and a nobel prize winner, decided the figure didn’t seem correct.  Feynmann then proceeded to do his own estimate, and came up with a figure of 1 in 100. He then proceeded to talk to NASA’s engineers, who then gave him numbers ranging from 1 in 50 to 1 in 200, further muddying the waters for any relatively solid solution to an actual agreed upon risk assessment value.

So how could there be such varying degrees of risk when each of them should have the same data to work from? Well, it wasn’t quite that simple. For starters, a number of the engineers pointed out the issue with the shuttle that ultimately led to the failure that caused the disaster, but their warnings went unheeded by the management; in fact most of the management, even senior management, often had neither an engineering or scientific background, so could probably not even fully comprehend what their engineers were telling them.

Despite the glaringly obvious, explosive, and public outcome that would present itself should a shuttle fail to the point of exploding, which NASA were well aware of, they still went ahead with the launch. So why would they proceed with such varying failure rate ratios and the risks involved? Because no organisation likes to foster doomsaying.

So what are the parallels with IT systems, especially those at the scale used by companies such as British Airways?

Well, to begin with, there is a direct correlation with the qualifications of management not aligning, or at least overlapping, with the field(s) they are presiding over. The senior management of IT companies very often have no relevant IT knowledge, outside of being capable of using a smartphone or checking their email.

Then you have to consider just how many organisations create detailed fit-for-purpose models for their systems. Just as NASA’s management’s original failure rate estimate of 1 in 105 proved to be woefully inaccurate, how many IT systems claim incredible reliability, based on nothing more than some box quotes and a couple of diagrams explaining the basics of their system redundancy?

With the systems BA has tacked on over the years to add functionality or manage load or redundancy, you have to imagine there’s a good chance that there’s a certain level of bloat that has crept into the main line. When confronted with that level of complexity to a degree that it cannot be almost immediately deciphered, people tend to retreat back into simplicity, hope, or falling back on prior experiences, and this is where the problems arise.

By now it should be clear that all organisations that run IT systems, which these days is probably most, should be working towards doing their own risk and reliability assessments , with clear and well researched evidence to back up their findings.
Grand Theft Auto publisher controversially bans single-player modding tool

Open IV, a modding tool for Grand Theft Auto 5 that is widely used in the modding community for the game to create single player content, has come under legal fire from Take-Two, the publishers of the game, due to claims that it can be used to create cheats in the online multiplayer.

The outcry from players and modders over this misinformed “attack” on a tool that is specifically designed for single player only modding and has no actual way of creating mods for the multiplayer game, due to the fact that it disables multiplayer on the game once installed specifically so that can’t happen, has been nothing short of prolific.

The announcement on Twitter from the lead developer of Open IV about the team stopping development because of the cease and desist issued by Take-Two, said it all. “Almost ten years of my life were dedicated to @OpenIV and now this time is over.”

He also wrote a post on the GTA official forums, stating that the team had received a cease and desist letter on the 5th June arguing that it allowed “third parties to defeat security features of its software and modify that software in violation of  Take-Two’s rights.” He then proceeded on to say that fighting the legal battle necessary to clear them would take months, if they even won, and would not help them move forward.

This has lead to thousands of players writing negative reviews about the game, as well as signing a petition that is over 77,000 strong, in protest over the publisher’s flawed premise for their legal action against a harmless modding tool. Apparently the developers of the game, Rockstar, have also put pressure on their publisher to change their mind about the situation and end its legal action.

The shock of this legal action even prompted some players to hope that this legal action was some sort of joke, others saying it was a “sad day” for GTA fans and that Take-Two had removed a “massive selling point” for the PC version of the game.

The tool has since been taken down from the site for download, and anyone using it is now greeted with a message stating what has happened and urging people to uninstall the mod to “avoid possible legal issues”.

The tools have proved widely popular amongst players, letting them mess around with all the data files in the game to create fun and interesting new content for the single player, from new cars to new weapons, armour, and more.

Take-Two have since published a statement.

“Take-Two’s actions were not specifically targeting single player mods. Unfortunately OpenIV enables recent malicious mods that allow harassment of players and interfere with the GTA Online experience for everybody. We are working to figure out how we can continue to support the creative community without negatively impacting our players.”

Microsoft finally unveils the new Xbox

At the E3 (Electronic Entertainment Expo) games conference in Los Angeles, Microsoft has finally unveiled the latest version of their games console.  Titled the Xbox One X, it is a more powerful version of the original Xbox One.  The exhibition saw the company flaunting its specifications, claiming the ability to run games in 4k resolution at smooth frame rates, in what one would assume is in direct response to Sony’s Playstation 4 Pro that was released late last year. Obviously the idea had been floating around at Microsoft a lot longer than that, but it may have altered course slightly after the competition’s release.

The Xbox One X will be released on the 7th November and will cost $499 in America, or £449 in the UK. The Xbox One X is also the smallest Xbox yet – smaller even than the Xbox One S which was a more compact version of the Xbox One that had been released previously.

One analyst has said that Microsoft was keen to keep attracting the hardcore gamer audience, and it certainly seems to be the case with this latest incsarnation, easily touting its specs as “the most powerful console ever made”, on stage at the conference, by the head of Xbox division at Microsoft, Phil Spencer, and they definitely aren’t wrong judging by the hardware inside the box. Looking at its raw power alone, Microsoft is set to have potentially the best looking games on its platform compared to its main rival, and, as a slightly ironic twist, unlike the Playstation 4 Pro, the Xbox One X will be able to play 4k Blu-ray discs.

The Xbox One X, as one would assume, has been stated to support all current Xbox One games.  This console is basically a mid generation stepping stone to enable developers to push visuals and the bounds of what they can achieve, while still keeping to the same generation platform for at least the near future.

The inherent problem with these mid generation hardware upgrades, however, is that games still have to be able to run properly on the older Xbox One and Xbox One S, meaning that most of the extra processing power of the new version will only really be able to be put to use for some extra graphical fidelity at best in most cases, due to a requirement for feature parity. Also, since the focus is on 4k, unless you have a TV capable of that resolution, you probably won’t see as much of a difference as you might like, considering the price point. But that’s not to say there won’t be games that push their games graphically in different ways than just sharper visuals by proxy of higher resolutions, and higher frame rates will definitely make for a more pleasing experience all round.

All in all, this console appears to be aimed at early adopter hardcore gamers that really want the best visual quality out of their games that their money can buy, and with that in mind, it makes you wonder how much of a percentage of the current install base of the Xbox One family of consoles will be purchasing an X on, or near, release, making it probably less of a priority for game developers to take true and full advantage of the boost in processing power that the console brings.

Hub troubles

Broadband provider Virgin Media has indicated to nearly 800,000 customers may need to change the passwords to their new Super Hub 2 routers. They have found that the router has a weakness which leaves it open to being hacked.

Most customers will just use the password that is supplied with the Hub; it is often advised that passwords are changed, but is not usually an issue if it is not changed. However, Virgin have discovered that this is causing issues with the Super Hub 2. The issue was first brought to the attention of Virgin following an investigation by Which? Magazine. The investigation showed that hackers could primarily access the Hub, and once they are in, they could then access items that had been connected to the Hub, including some children’s toys, and more importantly security cameras.

It is deeply alarming that an individual could hack into your broadband hub and take control of the cameras in your home. You would never know when they are watching you, but at the same time they would know your movements and know when the property was empty.  Virgin announced, “The security of our network and of our customers is of paramount importance to us. We regularly support our customers through advice and updates and offer them the chance to upgrade to a Hub 3.0 which contains additional security provisions.”

While the Super Hub 2 has been flagged up as having this issue, there are other devices in the same situation. The study looked at 15 devices – alarmingly 8 of them were found to be open to security issues. For the majority, a fix is straightforward and simple, with just a change of the password to your router.

To change the password on your Super Hub, plug your router into your computer – you will need to use an Ethernet cable. Then, open up a web browser; once in the browser, go to the uniform resource locator sticker on the back of your Super Hub, access wireless network settings and then change your password. Once you have changed the password, do not forget to save the new one. You will then need to reconnect your SMART devices to the Hub with the new password.

Alex Neill, Managing Director of Which? Home Products and Services said, “There is no denying the huge benefits that smart-home gadgets and devices bring to our daily lives. However, as our investigation clearly shows, consumers should be aware that some of these appliances are vulnerable and offer little or no security. There are a number of steps people can take to better protect their home, but hackers are growing increasingly more sophisticated. Manufacturers need to ensure that any smart product sold is secure by design.”

Spread the love

Mark Zuckerberg, the founder of Facebook has made the decision to update the social media companies’ mission statement. He has done this to reflect his desire to make Facebook a revolutionary force. Zuckerberg delivered his message at Facebook’s first community summit. He wants to try and use Facebook to unify communities and tackle problematic issues.

Facebook’s mission statement has changed; it used to be “To give people the power to share and make the world more open and connected.” It has been updated to, “Give people the power to build community and bring the world closer together”.

Mark Zuckerberg said, “I used to think that if we just gave people a voice and helped them connect, that would make the world better by itself. In many ways it has. But our society is still divided. Now I believe we have a responsibility to do even more. It’s not enough to simply connect the world, we must also work to bring the world closer together.”

When looking at the way Facebook have changed their mission statement you have to ask the question: what impact does social media have on society? Social media has allowed people to connect across the world, some of these people are ones you may not know or may have lost touch with over time. When Zuckerberg speaks about the global community, he is referring to people being able to shares their passions with others across the globe, rather than being confined to the geographical area that they live in. His reference to ‘meaningful communities’ relates to the groups on Facebook having a profound bearing on your destiny.

When he spoke, he used examples such as groups of people who are suffering from severe illness and disease, to Fathers for Justice, and of a group set up for Nigerian women, that allows them to speak freely about the issues that they are facing – issues that they would not easily be able to talk about.

This is totally different from the type of groups many people are associated with on Facebook, and Zuckerberg is extremely aware of the directional change that this could be for Facebook and its users. “We found more than 100 million people are members of what they call ‘Meaningful Communities…’ So I started asking the question: if 2 billion people use Facebook, then how come we’ve only helped 100 million of them join Meaningful Communities?”

There are a number of people on Facebook who do not need to be involved in the type of community that Zuckerberg has discussed. There could be a variety of reasons for this; for example Facebook users may not be searching these groups, or may not be aware of them.

“We started a project to see if we could get better at suggesting groups that will be meaningful to you. We started building artificial intelligence to do this. And it works! In the first six months, we helped 50% more people join meaningful communities.”

After the changes to the mission statement, the questions are being asked as to whether they will be a change in the way that people use Facebook. Similarly, to anything when changes happen, Zuckerberg is expecting the impact to be small at first with a gradual increase over time. As the generations using the social media platform change, so will the way that it is accessed and used. Zuckerberg has high hopes and expectations. “In the next generation, our greatest opportunities and challenges we can only take on together – ending poverty, curing disease, stopping climate change, spreading freedom and tolerance, stopping terrorism.”

Will Zuckerberg and Facebook achieve success? Only time will tell us that however should he achieve the success that he wants then Facebook could achieve something immense.

What’s fake?

Accurate reporting of the news is very important. However there have been a number of ‘fake’ news stories appearing on Facebook recently. Because of this, people are being forced to look elsewhere for accurate news stories. They are increasingly accessing apps like WhatsApp to stay accurately informed of daily events. The number of fake news stories circulating has increased significantly. This has been shown in research carried out by the Reuters Institute and the University of Oxford where they produced a report on Digital News. When completing this study, they surveyed 71,805 people across 36 different countries.

Facebook was found to be the news choice for 47% of the respondents. However it was found that the number of people accessing people for daily news had reduced considerably in the countries surveyed. WhatsApp allows users to send news stories between groups, and 15% of people use the messaging service for their news fix. Although this is not a large percentage, it is said to be a significant increase. WhatsApp is now said to be the next most commonly used social media platform for news across nine countries.

In Malaysia 51% of people said that they used WhatApp to share news stories or talk about news events in group chats. WhatsApp was least popular for news in the US, where only 3% of the respondents use it. Overall the study found that 24% of respondents felt that social media platforms do not do a good job of separating real news from fake news. This was significantly less than those who had said that they trusted traditional news media to be able to separate the two. 30% said that they now deliberately avoided the news as they were unsure as to how reliable it was.

The issue of Facebook and fake news first came to light during the US Presidential Election last year. Since then, Facebook have been pushed to deal with the issue. In response, Facebook have created a feature where users can flag up fake news. Facebook are also working with fact checkers to stop and reduce the amount fake news circulating.

Gridlocked and loaded

There are concerns that there will be cyber-attacks on power stations and the electricity grid, according to a leading figure in the industry. The threat to both of these is ‘off the scale’, with the energy industry extremely concerned about the threat of cyber-attacks, their fears increased following the WannaCry ransomware attack on the NHS recently. Steve Halliday the former chief of the National Grid allayed his fears following the Wannacry attack. “The UK stands out uniquely on cyber threats. Nowhere else is as worried as the UK about cyber threats: we are just off the scale on our energy system concerns on cyber (sic).”

He also said that there was a greater danger to power stations and the electricity grid since power stations are no longer well protected. Rather than centralised power stations where protection was at a premium, they are becoming decentralised and protection is reduced.

By the end of 2020, Smart Metres will be installed in every home. The Data from the smart metre is sent to a Capita run subsidiary, DCC; this has been set up to receive and deal with the data that is sent through. Chief Technology Data Officer of DCC, Matt Roderick said: “We don’t hold personal information [on energy supplier customers], we don’t see any form of sensitive data and we are not connected to the internet.”

Halliday’s warnings were issued about potential attacks on power stations following the attack on parliament late last month.

Being able to identify threats and counter them is vitally important. Energy UK who are the industry trade body has confirmed that there is a central system where threat can be logged and then responded to: “Maintaining the highest level of security against cyber threats is a top priority for the industry,” a spokeswoman said.

Energy UK have recently held a meeting for security experts. The meeting was attended by representatives from the National Cyber Security Centre, and companies such as Siemens were also in attendance at the meeting about cybersecurity and energy infrastructure. Cyber-Attacks are not just a concern for electricity power stations, but also the suppliers of gas and oil as well. BP have recently commented that “we are a target for this activity.”

Carl Henric Svanberg who is the chairman at BP commented, “Cyber is high on the agenda. It is one of the key risks the company identifies, We were not affected luckily by this [Wannacry] attack, primarily because everybody had followed procedures of continuous updates.”

Internet News – May 2017

Subscribe to the Starjammer Bulletin

AimHighInt5

More about The Starjammer Bulletin

The Starjammer Bulletin is the official newsletter for The Starjammer Group, its customers, clients, affiliates and subscribers. With over ten years under our belt, we are proud of our commitment to our clients, and of our assurance that we provide them with the best level of service and help that they have come to know and respect us for. The Starjammer Group is proud of its track record to date, and strives to improve its products, services and standing on all fronts. Our mantra has always been '21st century thinking'. Why? Simple: we love doing what we do, enjoy our work, and work on the principle that our customers, clients and associates should share in the fun. Business shouldn't be a chore: we spend on average 8 hours per working day in the office, or factory, behind a desk, stall or wheel. We employ people who are not only competent and good at their job, but people who have that something; that little spark that grabs our attention. It can't be defined, and it's not always obvious. Nethertheless, we have been lucky to attract and keep the right people. Something we are proud of.