The Ongoing Fight to Thwart Hackers
The mouse and rat action around our properties continues. Two years ago it was the summertime invasion of the Chicago rats into the backyard of the bunker in Bucktown. This problem was eventually subdued with the installation of a Maginot line of steel sheets and cement on the fences facing the alley. There is a price to be paid for living in a neighborhood that is chock-full of wonderful restaurants; the presence of tossed foodstuffs is heaven for the Chicago Rattus norvegicus.
After solving the backyard problem, I thought I was home free. However, this past year sustained the penetration of our fishing cabin in Michigan by untold numbers of mice. While I much prefer mice to rats, neither is acceptable.
So we took drastic measures to stop the four-legged invaders. Poison packs, mouse traps, sticky traps, etc. were laid out with the precision of a South Korean landmine barrier. Multiple cans of Great Stuff sealant was squirted into holes in the garage while steel wool plugs were formed for all floor penetrations in the kitchen. These maneuvers seemed to stop the bulk of the intruders. However, every time we visit the cabin (about once a month) there is always at least one mouse corpse to be found. Despite my best efforts, it seems the mouse invasion can be slowed but not stopped.
While reading The Wall Street Journal one day, I happened upon the article, “State Department Can’t Beat Hackers,” published on Feb. 20, 2015. The facts as reported by the paper are these: the U.S. State Department detected hacker activity within their network and have yet to fully stop the hacker activities after three months of efforts to lock out the “bad guys.”
I would assume the government’s best and brightest would be dedicated to the task of tossing the hackers out of this critical network and locking it down against further digital dangers. But it seems that, like the mice in my fishing cabin, dedicated hackers will continue to attack those targets that provide a.) access and b.) juicy data ripe for the plucking. While one could assume those who hacked into the State Department IT network are somehow working with another country’s government, it seems nearly impossible to identify the network intruders, much less bring them to justice.
Why is this important to the electronic physical security industry? As our systems become increasingly IP and cloud based, the opportunities for hackers to invade our clients’ systems are multiplied. As we have seen from the State Department story, even with dedicated anti-hacker professionals on the job, just detecting that systems and data have been compromised can be very difficult, and the process of locking out hackers once they are detected may be very difficult as well.
I have two concerns about such attacks on our systems. First, if the devices we have installed such as PCs and servers are connected to the client’s main LAN and Internet connection, it’s possible an attack that penetrates the electronic security device can be used to grab data from the client’s LAN devices. In this case security companies could be held responsible for allowing successful outside hacking to get onto a customer’s network, with a minimal result of an unhappy client and a possible lawsuit. For this reason, security companies should consider installing completely separate networks for physical security.
My second concern is the potential for hackers to compromise the security systems themselves. Recently there have been “demonstrations” by computer whiz kids who have successfully intruded wireless residential alarm systems and have purportedly hacked into IP cameras connected to the Internet. You can read an article on this subject at www.wired.com/2014/07/hacking-home-alarms/. Now I really don’t care if someone wants to watch me kicking back in the Lazy Boy on a Saturday afternoon, but if systems can be disarmed, it is a very important matter to consider.
I’ve said it before but the message needs repeating: All IP security devices should be programmed with “strong” passwords including letters, numbers and symbols (#$%*&, etc.). Most successful hacking attempts come from the use of automated password-cracking programs that keep trying thousands of passwords until one works. The use of strong passwords will “harden” the password portal target, making it much more difficult and time-consuming for the hacker to gain access. While we cannot guarantee an Internet-facing device such as an IP camera cannot be hacked, using strong passwords can make such hacks very difficult.
When designing security system installations, industry professionals should be on the lookout for storage areas of valuables such as gun closets and add door contacts and/or additional protection for these locations.
So think about your clients’ network security every time you are installing IP products. And we will wait for the first reported central station hacking attack...which has probably already happened. The central station’s IT people may not even be aware that the mice are in the machines.