Open systems, open data and software open source contribute to greater transparency and public confidence as well as greater and easier user engagement. However, these systems can be exploited by malicious agents, which carries many risks. In other words, public security systems that are open to everyone are also open to those who want to use them for malicious activities.
It's not uncommon for open source ecosystems like this GitHub and npm have been used to spread malware. We have also seen how public WiFi hotspot can attract hackers. Similarly, public security systems designed to protect citizens from malicious agents have been used by the latter to carry out malicious activities.
Cameras monitoring and "open data"
A recent report reported an automatic data leak (ANPR) leak from an electronic control panel that feeds surveillance cameras. and production . This violation was due to the fact that a database was publicly exposed without password. In the United Kingdom, traffic cameras and some public security cameras have been found to be visible to any citizen. This is mainly due to open data initiatives derived from privacy and transparency legislation. The United Kingdom provides more visibility to the network of cameras in major cities such as London and on highways. Regarding USA, depending on the state and location, have similar traffic cameras that openly spread live streams to anyone via the web. For example, one can see a live stream of 42nd Street in New York, Madison Avenue and the Hudson River from Skyline cameras. These cameras record streets and different corners of the area.
Mark Sangster, vice president of eSentire, when asked about what malicious agents can do with these open public security systems, said that criminals or state-funded actors could use traffic patterns to determine high traffic points and cause maximum damage. They could also maximize the impact of an attack. For example, according to research, publicly accessible cameras located around London's Vauxhall Cross provide live viewing of areas around the MI5 building. Surveillance cameras also exist around notable landmarks, traffic lights, bridges and monuments.
Former CIA chief executive Marcus Fowler, who is currently the director of strategic threat at security company Darktrace, told BleepingComputer details on how to exploit the public systems closed source security. Indicatively, he stated that a strategic attack on the traffic lights could cause unrest in an entire city. For example, traffic lights could be the target on election day to cause traffic jams and delay people going to the polls. A team of researchers from the University of Michigan was able to control more than 100 lanterns in Michigan with a laptop and a radio transmitter.
As recent cyberattacks targeted the healthcare industry, Fowler has expressed concern about how malicious agents could disrupt emergency response systems. In particular, he noted that there has been a worrying increase in attacks on the healthcare industry during his pandemic. COVID-19, which means that malicious agents could expand them attacks in emergency response systems. If the attackers manage to gain access and control these systems, they could cause chaos in an entire country and endanger the lives of patients.
Fowler added that the attackers were increasingly targeting port facilities, taking advantage of the growing public dependence on commodity deliveries and the pressure on the pandemic supply chains. If computers in a port facility stop working due to an attack, supplies such as food and medical equipment may not reach their destinations.
IoT devices, drones and "smart" vehicles
With surveillance technologies increasingly intensified in the form of autonomous systems such as drones, motor vehicles and robots, there are some security risks.
According to Stephen Cobb, a UK-based security researcher, the growing use of remote-controlled and autonomous vehicles is paving the way for malicious agents to commit criminal acts. Cobb coined the term "jackware" a few years ago to describe malware-based attacks involving hijacking of motor vehicles, stressing that this could be applied to autonomous vehicles or vehicles that are controlled remotely, either in the air or on land. . He also pointed out that the use of autonomous or remote-controlled vehicles for public safety can easily be exploited by a malicious agent.
Commenting on the situation over the past two decades, Cobb noted that appropriate protection measures and levels are usually not applied, except when a malicious activity is detected on a large scale.
Public policy and social engineering documents
Government websites often mistakenly publish law enforcement manuals. If a malicious actor is able to obtain a specially authorized number of "office-only" help from these manuals and "forge" one of his employees, such as a police detective, it is very likely that he will extract sensitive and confidential information about individuals. and case files.
For example, malicious agents could spy on a rich person's financial information if they knew his or her social security number (SSN). They could do this by "falsifying" the prospective victim and calling the Internal Revenue Service (IRS) to request information on the tax return of the target.
In addition, due to the recent invasion of BlueLeaks, which leaked sensitive information, there are concerns that state-funded hackers can misuse data in many ways. In this case, the group that committed the violation claimed that it was aimed at combating police violence. However, it also released thousands of bank accounts, addresses, names of crime victims and suspected criminals who were never charged, said Alexander M. Kehoe, co-founder and business director of Caveni.
He added that the collection of this information could prove extremely useful for malicious foreign actors or organized crime unions. Both groups could use this information for malicious purposes, thanks to the exchange of information intended for the police.
In conclusion, technology provides innovations within governments to ensure the safety of citizens and national security. However, policies need to be put in place to ensure that these initiatives, including public safety systems, are not exploited by malicious agents.