HERRIMAN, Utah (ABC 4 News) – Someone could be eavesdropping on you using something as simple as a $99 baby monitor.
In just three hours wandering the streets of Herriman, we picked up 15 video and audio signals. We used just two brands of monitors.
At one house, we knocked on the door and invited Ranie to come see for herself. “Does that look familiar?” I asked pointing at a picture of a crib on a small black and white TV. “Yes,” Ranie answered, “That’s my crib.”
“It is very scary because I don’t even have the receiving monitor on right now, I just happened to forget to turn off the camera part and you have it on your monitor … so that makes me scared.”
We had picked up her signal more than a block away and had knocked on only one other door before finding the right house.
Ranie said she got the monitor as a baby gift. She likes it because it provides a measure of safety and peace of mind. “If you hear a sound, you don’t have to come in to see how he’s doing.”
Prior to our visit, she had no idea that when the crib camera was on neighbors or even strangers could be watching and listening. Still, when she thought about it, she remembered a family story that should have been a warning to her. “My sister, actually, heard her neighbors having an argument through a monitor.”
It’s not all that hard. In a block and a half of another street, we picked up three signals showing empty cribs.
Patrea and Shaun actually have cameras in two of their kids’ rooms. They were surprised to see the pictures of both rooms on our monitor. All we had to do was flip a switch on the back to change channels. “You would think they (the manufacturers) would try to make it a little more secure so maybe you have a certain frequency that maybe only yours would pick up.”
Another father, Brett, wondered, “How would you block that so that nobody’s watching your kid sleeping and doing whatever else?
Blocking the signal is really not practical, but parents do have options to secure their baby monitors:
– The best way is the most expensive. Use security cameras that can be routed through an encrypted, home wifi network. The cost of such systems start around $500.
– For about $300, parents can buy a digital baby monitor. Their signals are more secure than the cheaper analog models we used in our investigation.
– To be 100-percent secure, ditch the broadcast signal. Instead, hardwire a camera to a monitor with coaxial cable. It is a hassle, especially if you want to hide the cable, but there is no signal to be intercepted.
– The cheapest option is to keep the gear you have, just make sure you turn off your camera when you take your baby out of the crib. That would not stop a video voyeur, but would limit the exposure.
Speaking of the options, Ranie said, “I’m thinking about it!”
That is the point of this investigation. Most of the parents we talked to had no idea their cameras broadcast a signal well beyond their homes let alone that it could be easily picked up.
Now that they know their cameras are not secure, Ranie and others can make informed decisions that balance privacy and peace of mind.
Preventing cyberattacks is impossible, but governments and businesses can and should be able to stop attackers from stealing data, a computer security specialist says.
There is “nothing in the world you can do” to prevent attacks such as the one that penetrated computer systems in three Canadian federal government departments, said Stephen Northcutt, president of the SANS Technology Insitute, a security training facility in Bethseda, Md.
If a hacker penetrates the security of a computer system, “that’s bad, but it’s not terminal,” Northcutt says.
“Until the data actually gets out of your organization and into the hands of your adversary, you haven’t lost.”
Unfortunately, in the case of the recent attack, hackers are believed to have stolen sensitive government information.
Northcutt applauded the Canadian government for responding to the attack, which was detected in January, by disconnecting its computers from the internet.
He said that is a good move if you believe your system has been successfully compromised and the attack is ongoing.
The next step is to bring in experts who can find the malware responsible for the attack and help figure out where the data is headed.
Northcutt added that most organizations never even detect when a cyberattack is underway. Partly, that is because security systems tend to monitor data entering rather than leaving the system.
“It’s a big part of the problem,” he said. But he added that people are starting to recognize that and install software to monitor data leaving the system through strange routes like unsecured ports.
Organizations should, of course, also be trying to prevent attackers from getting in to begin with, he said.
He recommends implementing software that only allows a certain “whitelist” of approved programs to be installed on computers or tracks the programs that are installed, in order to prevent malicious software from taking root.
Adam Wosotwosky, principal engineer for internet security firm McAfee, said its not unusual for organizations loosen company-wide security measures for a select group of executives — something he recommends against.
“When you open up a back door like that, you’re opening a back door to all your hackers.”
Wosotowsky also suggests keeping web browser software up to date to minimize the chance that browsers will automatically download malware from malicious websites that employees have been lured to visit.
Companies can also ban their email system from transferring any executable files — the form that a lot of malware takes.
“There are other ways to transfer executable files,” Wosotowsky said.
Both he and Northcutt said that, in addition to technological defences, it’s important to educate employees to prevent successful phishing.
For example, Wosotowsky said, they need to know that all the text in an email can be “made up,” and that the person it appears to be from may not have sent it.
Northcutt said a number of U.S. government organizations, including the New York State government, have started “inoculation” campaigns that educate employees about security threats and hold occasional drills.
“From time to time, we need to send a note to ourselves — and see how many people fall for it,” he said.
He estimated that only five per cent of organizations actually do that.
But both he and Wosotowsky also acknowledge that technological measures to detect attacks are crucial even when employees are educated.
“We can’t get every single employee to do the right thing,” he said. “Humans make errors.”
The head of mining giant BHP Billiton (Hamburg: BHP1.HM – news) has confirmed he harboured concerns
about Chinese and competitor espionage on his business, citing it as a
reason behind his push for market pricing of key commodities.
Marius Kloppers, BHP’s chief executive, made his comments after the Sydney
Morning Herald said it saw Wikileaks cables that suggested Mr Kloppers
had offered to share intelligence about China with US authorities.
Asked on Wednesday to confirm whether he was concerned about espionage from
China and from competitors such as rival miner Rio Tinto (Berlin: CRA1.BE – news) , Kloppers told an
earnings briefing: “I would rather like to put that in a positive.”
“One of the reasons we have pushed so hard for market-clearing prices is
so that these sorts of things are not a concern, because if you sell your
product at the market-clearing price, that everybody can read off screens,
it minimises any impact of differential information that the one party or
the other may hold,” he said.
According to the Herald , Mr Kloppers said he would exchange information
with US diplomats in 2009, as he detailed the high level of surveillance
that Chinese authorities had on his company. China is BHP’s largest
customer.
Rival mining groups were also accused of spying on BHP’s activities. “Clearly
frustrated, Kloppers noted that doing business in Melbourne is like ‘playing
poker when everyone can see your cards’,” Michael Thurston, US
consul-general to Australia, said in a cable.
Mr Kloppers “complained that Chinese and industrial surveillance is
abundant and went so far as to ask consul-general [Thurston] several times
about his insights into Chinese intentions, offering to trade confidences,”
the cable said. BHP declined to comment on the report.
Price negotiations between China and mining companies were particularly
fraught in 2009 as commodity prices recovered from the credit crunch. This
led to the collapse of price discussion relating to iron ore, a vital
ingredient in steel making.
Four Rio Tinto negotiators were eventually convicted of stealing commercial
secrets given long jail sentences, including Australian national Stern Hu.
Objections from Chinese steel mills also contributed to BHP and Rio abandoning
their proposed iron-ore joint venture in the Pilbara region of Western
Australia last year.
The revelations come as BHP, the world’s largest mining company, unveiled
a 72pc surge in first-half profit .
Rising commodity prices have seen the company’s cash coffers swell and
investors are demanding the group announces plans for its cash mountain.
Some investors have complained that they want a substantial amount of cash
returned, but it is believed that Mr Kloppers is keen to make an acquisition
following the group’s failed $40bn bid for PotashCorp last year.
Cyber crime is costing the UK an estimated £27bn a year, and UK businesses are hit hardest owing to high levels of intellectual property theft and industrial espionage, according to a new report from consultancy Detica and the Office of Cyber Security and Information Assurance. Skip related content
The Cost of Cybercrime study found that the cost to businesses of cyber crime runs to at least £21bn a year, and that intellectual property theft accounts for the largest chunk at £9.2bn, followed by industrial espionage at £7.6bn and extortion at £2.2bn.
Interestingly, direct online theft accounts for just £1.3bn, while loss or theft of customer data represents just £1.1bn, despite usually garnering the biggest headlines.
The government is said to be hit with a £2.2bn annual bill thanks to cyber crime, while taxpayers lose £3.1bn mainly through identity theft (£1.7bn) or other online scams (£1.4bn). Scareware and fake anti-virus scams are said to account for £30m.
The report highlights the need for a more strategic approach to cyber crime, but warned that current estimates of the scale of the problem are being undermined by “a lack of a clear reporting mechanism and the perception that, even if crimes were reported, little can be done”.
Businesses should have access to a “government-sponsored, authoritative, online and interactive service”, according to the report, which would help to raise awareness and promote best practice in cyber defence, as well as provide a centralised reporting mechanism.
Security minister Pauline Neville-Jones argued that cyber crime is a ” national security and commercial priority”, and that the public and private sectors need to co-operate.
“This report is an important example of how government and industry are working together to tackle specific threats posed by criminal use of the internet, and highlights the opportunity we have to turn this to our advantage and get ahead of the curve to drive our economic growth and prosperity,” she added.
However, the figures dwarf the amount that the government is currently spending on cyber security. Just £63m is likely to end up supporting cyber crime prevention out of the £650m pledged to the government’s cyber security strategy.
Some security experts have also called into question the huge figures estimated by Detica in the report, especially given that there is little evidence of how the figures were arrived at.
Sophos senior technology consultant Graham Cluley pointed out in a blog post that the £27bn figure easily smashes the estimated £13.9 billion cost to the UK per year of drug related crime.
There needs to be a proper mechanism for reporting cybercrime (both for home users and businesses) before we can begin to whisk up grand totals like this, he said.
Once we know the true scale of the problem, and can produce reports that aren’t dealt with scepticism, we can fund the computer crime authorities appropriately, and we can begin to measure if the UK’s attempts to fight the problem are really working or not.
Mikko Hyppönen, chief research officer at F-Secure, agreed that £27bn is an incredibly large sum, especially given that most of it seems to have come from IP theft and espionage, which he admitted was “very hard to quanitfy”.
During the shadow of Communist Russia, Estonia was once home to a major contingent of KGB secret police. Now free, the Estonians are taking the opportunity to display Soviet hardware used by the KGB to monitor transmissions and eavesdrop.
The exhibition – called “Viru Hotel and the KGB” – remembers a time when the hotel was a hub for eavesdropping on foreigners.
The exhibition shows in a once-secret “radio room” where operatives relayed information from the hotel in Tallinn, Estonia to Helsinki, Finland across the Baltic Sea. From there, the intel would go to Moscow.
“All we have here now is the room as they left it one night in 1991 when Estonia was getting close to restoring its independence,” said Peep Ehasalu, spokesman for the Viru, now run by Finnish hotel chain Sokos.
In 1975, the radio room became a hotline for Soviet leaders between Moscow and Helsinki during the European Security and Disarmament Conference held in Helsinki. Again the room went into high use in 1980 when Tallinn was the venue for the yachting competition for the Olympic Games hosted by the Soviet Union.
“In the Soviet times I was not afraid of losing my job because of my professional skills, and jobs were available for everybody and no one was sacked even if they came to work drunk,” said Enn Palmets, the hotel’s technical manager, who has been at the Viru since it opened.
“There was a threat of getting dismissed because of telling the wrong kind of stories or talking to foreigners. In fact, everybody was forced to sign a document saying that they promise not to contact foreigners.”
One visitor, Tiia Raudma, who visited Estonia frequently in the 70s said that foreigners weren’t allowed to stay anywhere else.
“Everyone knew the Viru was bugged and that the KGB people sat on the second and third floors near the hard currency bar, so people would just be careful in what they said on the telephone or while in the hotel.”
