News: 2018 Archives
Embedded in an increasing number of the devices and objects surrounding us, computers are turning the everyday world into a radically programmable attack surface. This is the subject of computer security & cryptography legend Bruce Schneier's latest book, Click Here To Kill Everybody. In this episode we meet up with Bruce to explore how the profusion of insecure devices, capable of being put to a variety of unpredictable purposes, is radically shifting the balance of power. Via cyberattacks, smaller states get the ability to content with the great powers — and an entirely new class of non-state actors are being granted the power to disrupt nations.
Phenomena like the Mirai Botnet, Bruce argues, are just the beginning: we discuss a host of potential attacks on life and property, from car and thermostat hacking to ransomware against hospitals — and how surveillance capitalism' is one of the most important vectors behind this worrying new paradigm.
More than 40 years ago, Bill Gates and Paul Allen founded Microsoft with a vision for putting a personal computer on every desk.
No one really believed them, so few tried to stop them. Then before anyone realized it, the deed was done: Just about everyone had a Windows machine, and governments were left scrambling to figure out how to put Microsoft's monopoly back in the bottle.
This sort of thing happens again and again in the tech industry.
The world is wired. Thanks to the Internet of Things (IoT), pretty much every electronic device we own can now talk to each of our other devices. While it might seem fun to be able to adjust settings on your refrigerator from your cell phone or track brush strokes from your e-toothbrush app, the IoT comes with a brand new set of vulnerabilities as well. Last spring, a computer security company revealed that hackers had stolen a casino's entire database of high rollers by exploiting vulnerabilities in an Internet-connected aquarium.
A report last week from Bloomberg Businessweek suggested that Chinese spies had embedded tiny little microchips on motherboards that control computers in order to steal information from nearly 30 U.S. companies, including Apple and Amazon. Both of those companies, and Super Micro Computer Inc., the electronics maker that was allegedly infiltrated have categorically denied the report. China issued a statement in response to the report that said in part: "Supply chain safety in cyberspace is an issue of common concern, and China is also a victim." But the story is lingering, in part because it brings up a very scary reality that lots of cybersecurity experts keep talking about.
The US government and Silicon Valley have designed and created an insecure world to maximize political control and corporate profit, but in the cyberphysical world we now live in, where cars, planes, trains and nuclear power plants are connected to the internet, that deliberate insecurity must be reversed — for safety reasons, or people are going to start dying, Bruce Schneier argues in his new book, Click Here to Kill Everybody (W.W. Norton & Company, 2018).
The days of "going online" are over. We now live on the internet.
Bruce Schneier, Chief Technology Officer at IBM Resilient, guests to discuss his new book, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. We discuss how the Internet of Things (IoT) opens up new possibilities for catastrophes, how social media companies and governments follow a model of surveillance capitalism, and how the Internet can be made more secure moving forward.
Featuring Bruce Schneier, the author of Click Here to Kill Everybody in conversation with Abby Everett Jaques, MIT.
Schneier (Data and Goliath), a fellow at the Berkman Center for Internet and Society at Harvard University, provides a clear perspective on the threat posed by the evolution of the internet into what is commonly referred to as the “internet of things.” As “everything is becoming a computer... on the Internet,” with even pedestrian items such as light bulbs or refrigerators collecting, using, and communicating data, the convenience and efficiency of such “smart” technology comes at the cost of increased vulnerability to the schemes of crafty hackers. Horror stories, such as a vehicle’s controls being taken over remotely, are not new, but Schneier’s vast experience enables him to tie together many strands and put them in context. For example, after discussing the inherent security issues with software (there are “undiscovered vulnerabilities in every piece”), Schneier goes on to observe that such flaws are only part of the problem; he convincingly demonstrates that a major, if not the main, reason, for an insecure internet is that its “most powerful architects—governments and corporations—have manipulated the network to make it serve their own interests.” Schneier concedes that his book has “a gaping hole” in not explaining how his nuanced recommendations for increasing security and resilience could become policy, but it is a useful introduction to the dimensions of the challenge.
In this week's episode of Hidden Forces, Demetri Kofinas speaks with Bruce Schneier, about cyberattacks, cyberwar, and survival in a hyperconnected world.
Cyberattacks constitute one of the most urgent threats facing collective humanity according to Bruce Schneier. History has proven him right. In the summer of 2017, a weapon of cyberwar was dropped onto a world without borders, where the heavy artillery and nuclear warheads that defined the battlelines of the 20th century have been rendered useless.
The Center on National Security at Fordham Law hosted a discussion on Bruce Schneier's new book, Click Here to Kill Everybody: Security and Survival in a Hyper-connected World.
Electronic security expert Bruce Schneier's studiously terrifying new book Click Here To Kill Everybody: Security and Survival in a Hyper-connected World, is a concerted counter-playbook to the end of human civilization, and the deaf ears it will fall upon have been deadened by two completely erroneous assumptions: that an unregulated Internet is better than a regulated one, and that Internet problems only affect people on the Internet.
Ninety percent of Schneier's readers have more than one "smart" electronic device, be it a cellphone or a tablet or a laptop or a new-model automobile. And ninety percent of that ninety percent have the same personal password for all of those separate devices and haven't changed that password in years. Virtually every single one of Schneier's readers who choose to download his book instead of buying a printed copy in a bookstore leaves a wide and easily-followed data-trail back to themselves.
Schneier is a security guru. And in his new book, subtitled Security and Survival in a Hyper-Connected World, he explains the real risks in a world where everything is becoming a computer, and networked in a way that he calls "internet plus."
From hacked cars to vulnerable power grids, Schneier paints a detailed picture of just how IT-dependent our modern world is. And how fragile it has become, in the context of what he calls "internet plus."
Nora Young: People often use this term 'Internet of Things'.
We are fully back from our August hiatus, and leading off a series of great interviews, I talk with Bruce Schneier about his new book, Click Here to Kill Everybody: Security and Survival in a Hyper-Connected World. Bruce is an internationally renowned technologist, privacy and security commentator, and someone I respect a lot more than I agree with. But his latest book opens new common ground between us, and we both foresee a darker future for a world that has digitally connected things that can kill people without figuring out a way to secure them. Breaking with Silicon Valley consensus, we see security regulation in the Valley’s future, despite all the well-known downsides that regulation will bring.
FIX THE INTERNET BEFORE IT FIXES US — Technologist Bruce Schneier is out with his latest book and his most alarming title yet: "Click Here to Kill Everybody." In fact, it's one of the most ominous in the entire cybersecurity canon. Even in his introduction, Schneier admits to hyperbole, yet writes the title isn't without merit since "we're already living in a world where computer attacks can crash cars and disable power plants — both actions that can easily result in catastrophic deaths if done at scale."
So, OK, it's scary. In this outing, published last week, Schneier digs into the dangers posed by the rapid spread of internet connectivity into all our things. But since he doesn't think the marketing term "internet of things" is encompassing enough, he coined his own term: Internet+.
In this week’s podcast (episode #111), sponsored by CyberSN: what happens when the Internet gets physical? Noted author and IBM security guru Bruce Schneier joins us to talk about his new book on Internet of Things risk: Click Here to Kill Everybody. Also: everyone knows that cyber security talent is hard to come by, and even harder to keep. But why does precious cyber talent walk?
The Aspen Institute's Cybersecurity & Technology Program hosted the launch of Bruce Schneier's newest book, Click Here to Kill Everybody. In the book, Schneier explores the risks and security implications of our new, hyper-connected era, and lays recommendations for a more resilient Internet of Things and government oversight. Following a one-on-one conversation with Schneier—moderated by the Chair of the Cybersecurity & Technology Program, John Carlin—a panel of experts in the field will respond to Schneier's recommendations and discuss the future of cybersecurity more broadly.
As a preview of the Aspen Institute's 3rd annual Cyber Summit (to be held November 8, 2018, in San Francisco, CA) an expert panel, moderated by Aspen Cyber Chair John Carlin, featuring President and CEO of the Cyber Threat Alliance Michael Daniel and Senior Adviser for CSIS' Homeland Security and International Security Programs Suzanne Spaulding will discuss Schneier's recommendations and address issues that exacerbate the gap between policymakers and technologists.
That’s the view of security expert Bruce Schneier, who fears lives will be lost in a cyber disaster unless governments act swiftly.
Smart gadgets are everywhere. The chances are you have them in your workplace, in your home, and perhaps on your wrist. According to an estimate from research firm Gartner, there will be over 11 billion internet-connected devices (excluding smartphones and computers) in circulation worldwide this year, almost double the number just a couple of years ago.
Many billions more will come online soon.
The great and memorable title of Bruce Schneier's latest book, Click Here to Kill Everybody, certainly caught the eye of those in my household—my children kept trying to touch the button on the front cover to 'kill everybody'! (Indeed, the book's attention-grabbing title may make me a little wary about reading it openly on the Tube or while going through airport security.)
Of course, the book is not really about how to kill everybody, but rather how, from an ethical standpoint on the part of tech, and a moral standpoint on the part of government, we appear to be sleep-walking into a scenario where something, whether by accident or design, could possibly 'click here' and kill everyone.
My advance reading copy wasn't quite ready for publishing, but as it stood the book was divided into three approximately equal sections:
- The first section describes the issues of computing, IOT, and an Internet of the future.
- The second section describes the things technologists and policy makers should consider in order to bring about the changes needed for the Internet of the future.
- Finally, as with Schneier's previous book, the third section contains copious notes.
In the introduction ('Everything is a Computer'), Bruce describes three situations: hacking a car; hacking the power supply; and hacking printers (conventional, 3D and bioprinters). For each of these he expands on the potential issues: death of multiple passengers; wide-scale human and economic damage; etc.
Bruce Schneier discusses his new book Click Here to Kill Everybody: Security and Survival in a Hyper-connected World. Computers are connected to everything small and large from home appliances like ovens and thermostats to large industrial sites like chemical plants. Digital attackers can now crash your car, your pacemaker, and the nation’s power grid. Schneier reveals the hidden web of technical, political, and market forces that underpin the pervasive insecurities of today’s connected world.
If I were still doing radio shows, I would happily welcome Bruce Schneier back as a guest. He's a security expert who I first spoke with when he revealed the uselessness of the TSA's screening procedures at airports, which he labelled "security theater." Since then, he's made multiple appearances with me.
Bruce has just published a new book, Click Here To Kill Everybody: Security and Survival in a Hyper-connected World, and asked me to review it.
As in his previous works, Bruce sees the holes that exist in the digital world and explains the risks of having so many more things connected as part of the Internet of Things, from thermostats to refrigerators to manufacturing equipment to your kid's dolls.
Pervasive connected devices mean we REALLY can't afford shitty internet policy
Bruce Schneier (previously) has spent literal decades as part of the vanguard of the movement to get policy makers to take internet security seriously: to actually try to make devices and services secure, and to resist the temptation to blow holes in their security in order to spy on "bad guys." In Click Here to Kill Everybody: Security and Survival in a Hyper-connected World, Schneier makes a desperate, impassioned plea for sensible action, painting a picture of a world balanced on the point of no return.
Click Here... describes a world where all the bad policy decisions of PCs and laptops and phones are starting to redound onto embedded systems in voting machines and pacemakers and cars and nuclear reactors. He calls this internet-plus-IoT system the "Internet+" and the case he makes for its importance is by turns inspiring and devastating.
That's because Schneier, more than the average policymaker or marketing blowhard, has a pretty good idea of what the actual benefits of these systems can be.
Bruce Schneier’s new book, Click Here to Kill Everybody, explains the security risks of a new world of household devices connected to the Internet. I asked him what the risks are, why they are so serious and what their consequences are for politics.
HF: Technology has created a hyper-connected world. How does this lead to vulnerabilities?
BS: As we connect more things to the Internet, they can affect each other.
Big Brother is watching and scheming and up to no good—and, writes security technologist Schneier (Data and Goliath: The Hidden Battles to Collect Your Data and Control Your World, 2015), it looks like he's winning.
By way of an opening gambit, the author posits three scenarios in which hackers take over machines and computer systems, from printers to power plants, both to demonstrate their ability to do so and to show how the interdependence of the web can easily be put to work against us. In one of those scenarios, real-world to the core, Russian hackers came into a Ukrainian power plant through a malware backdoor, "then remotely took control of the center's computers and turned the power off." That's not just a threat to life, but it also erodes trust in social and economic systems, the basis for civil society. In another scenario, which gives the book its title, a "bio-printer" is hacked to "print a killer virus"—and does.
Bruce Schneier says that everything, basically, is a computer with some extra stuff attached.
When he wrote for New York Magazine, he described it this way:
Your modern refrigerator is a computer that keeps things cold. Your oven, similarly, is a computer that makes things hot. An ATM is a computer with money inside.
"Policymakers need to understand tech in the same way tech people need to understand policy."
As the internet gets more powerful and technology plays an increasing role in our lives, it becomes more and more important that we learn how to navigate uncharted technological territory. Cybersecurity expert Bruce Schneier looks at why it's necessary for us to find innovative ways to use surveillance data to the benefit of the public good, while still maintaining our individual security.
Click Here to Kill Everybody: Security and Survival in a Hyper-connected World Bruce Schneier W. W. Norton (2018)
Hardly a day now passes without reports of a massive breach of computer security and the theft or compromise of confidential data. That digital nightmare is about to get much worse, asserts security technologist Bruce Schneier in Click Here to Kill Everybody, his critique of government inertia on Internet security.
The burgeoning threat, writes Schneier, arises from the rapid expansion of online connectivity to billions of unsecured nodes.
The early architects of the internet did not want it to kill anybody. In cyber security expert Bruce Schneier's new book, David Clark, a professor at the Massachusetts Institute of Technology, recalls their philosophy: "It is not that we didn't think about security. We knew that there were untrustworthy people out there, and we thought we could exclude them".
Schneier describes how the internet, developed as a gated community, is now a battleground where these untrustworthy people cause great harm: harnessing computers to kill by crashing cars, disabling power plants and perhaps, soon enough, using bioprinters to cause epidemics.
Bruce Schneier is a computer security expert who, for decades, has been a leading voice for cryptography and all things security. In this question-and-answer formatted interview, Schneier describes the disjunction of today's abundance of encryption tools and a dearth of personal security. Schneier also touches on some of the dangers associated with "middle ground" compromises in encryption to placate law enforcement.
TP: What does the term "going dark" mean to you and is there a middle ground where law enforcement and cryptographers can meet?
Bruce: "Going dark" is a marketing term for an FBI narrative that encryption makes it impossible for the FBI to solve crimes.
With today's rapid technological advancement, almost every activity such as communication, work, and business can be done easily and efficiently through the many available devices and applications. Although it seems that we have so many benefits of the rapid development of technologies, many unseen threats also await. One of the most serious issues in this digital era is concerning our privacy and data protection. Today, in this big data era, governments and private companies can easily obtain our data from various media—such as devices and applications developed by the governments and private companies—and use these data to "surveil" us.
Bruce Schneier had harsh words at RSA Conference 2018 for U.S. lawmakers on the topic of cyber regulations.
Schneier, security expert and CTO of IBM Resilient, spoke twice this week at RSAC about the coming wave of cyber regulations and the dangers those laws and policies will bring if the lack of input from technologists continues. Speaking at a panel discussion Wednesday titled "Identity Insecurity—Another Data Hurricane Without 'Building Codes'," he discussed how new regulations are inevitable in light of recent privacy and data misuse episodes and renewed his call for more technology and security professionals to get involved in the policy-making process.
Flashpoint Editorial Director Mike Mimoso talks to security expert, cryptography pioneer and author Bruce Schneier about the security and privacy implications of rampant data collection by organizations.
This podcast was recorded at RSA Conference 2018.
Mike and Bruce discuss whether market pressure can impose a change on these practices, or if legislation is the inevitable outcome. Bruce also discusses how privacy has changed in recent years and why younger generations have "different defaults" when it comes to sharing personal information.
There are several risks to society that pose an even greater threat than terrorist attacks. Do you know what they are?
Photo of Bruce Schneier by Per Ervland.
Schneier on Security is a personal website. Opinions expressed are not necessarily those of IBM Resilient.