October 22, 2013
- Truth stranger than fiction: The plot to hack the vice president’s pacemaker
- How medical devices can be all too easily hacked: Racing to stay one step ahead of the hackers
- Up is down again: Market cheers rotten job numbers
- The next meeting of China’s Communist Party, and why it matters more than the Fed’s next meeting
- The president’s “mistress”: Hell hath no fury like readers insulted…
We begin today’s somewhat nightmarish episode with a scene from the hit Showtime series Homeland.
ABU NAZIR
If you want to help her, you will do exactly as I tell you. I need you to get into the vice president’s home office.
NICHOLAS BRODY
Why? Tell me, god**** it!
NAZIR
Walden has a bad heart.
BRODY
So?
NAZIR
His pacemaker can be wirelessly accessed with that number.
BRODY
You’re sh***ing me.
NAZIR
I’m not.
SPOILER ALERT: What you’re about to read divulges a pivotal plot twist in the show…
Abu Nazir, if you don’t know, is a terrorist who wants to avenge the death of his son, killed in a drone attack ordered by Vice President William Walden. Nicholas Brody is an ex-Marine being forced by Nazir to obtain the serial code on Walden’s pacemaker.
By the end of the show, Nazir gets the codes from Brody and hacks into Walden’s pacemaker, killing him.
Sounds far-fetched, right?
“I found [the Homeland plot] credible,” former Vice President Dick Cheney told CBS’ 60 Minutes this month.
In the interview, Cheney revealed when he had his pacemaker implanted in 2007, he made sure his doctors disabled its wireless capabilities to prevent any assassination attempts by malicious hackers.
“I know from the experience we had,” says Cheney, “and the necessity for adjusting my own device that [the show] was an accurate portrayal of what was possible.
“I was aware of the danger, if you will, that existed.”
“The biggest impact we’re seeing right now with medical devices are computer viruses,” says Matthew Neely, director of strategic initiative at a cybersecurity firm called SecureState.
“Most of these devices basically have little to no security built into them both from just design and very poor security protections enabled on them, so literally attacks — things that we haven’t seen working for the past 10 years — work on these devices. Even very simple denial-of-service attacks will cause these devices to go offline.”
Scary fact: Denial-of-service, or DoS, attacks, can be as simple as downloading a tiny game-like program, following simple instructions and clicking a button to “fire” on the target.
The program pictured below, dubbed the Low Orbit Ion Cannon (LOIC), is the same used by the hacker group Anonymous last December to render the websites of MasterCard and Visa inoperable.
A highly complex hack? Not really. Operation Payback consisted of thousands of people — who could have easily been near-computer illiterates — downloading the Low Orbit Ion Cannon as easily as you can download an e-book, typing in the target website in the correct space and clicking the oddly titled “IMMA CHARGIN’ MAH LAZER” button shown below in Step 5.
“LOIC: When harpoons, airstrikes and nukes fail…”
Yes, this is what brought down two of the biggest leaders in the massive payments industry… and, disturbingly enough, could stop nearly any wireless medical implant cold. Yes… just like in Homeland.
Here’s where it gets hairy: “I think the future of chronic disease control will be implanted devices,” said Sadie Creese, director of the Global Centre for Cyber Security Capacity at the University of Oxford, to an audience at FutureFest in London.
“They will be measuring vital signs, reaching back to the health care providers, whoever that might be and wherever they’re based. So you can imagine consultants and doctors around the world, or your local doctor, firing up a single app and being able to receive alerts on a patient.”
It’s this near-ubiquitous technology — the wireless biofeedback systems allowing doctors to download information from these devices — that’s opening the door for malicious hackers.
According to researchers at MIT, over 300,000 wireless electronic devices are implanted each year.
Wireless? It’s vulnerable…
And at the moment, this system of hundreds of thousands of vulnerable life-sustaining devices is based on… err… trust.
“Unfortunately,” says Masoud Rostami, a Ph.D. candidate at Rice University, “manufacturers have not implemented any security mechanisms in [implanted medical devices]. They didn’t or couldn’t even use simple passwords, since they rightfully fear that the password can be lost or stolen.”
“People with these devices should be very concerned,” parrots Patrick Gray, a security journalist and podcaster, to The Sydney Morning Herald last year. “I can’t think of a good reason why an implantable medical device needs to be wirelessly readable at 10 meters, but hey, maybe that’s just me.”
Also, a diabetic hacker by the name of Jay Radcliffe demonstrated how to remotely turn off an insulin pump using a computer he bought on eBay for $20.
“Wireless communication with insulin pumps is not secure,” Radcliffe told an audience in 2011 at the “Black Hat” hacker conference in Vegas. “They’re not designed to be updated and there’s no way of patching them.”
A “patch” is a piece of software designed to fix problems or bugs or update a computer program. The problem with many insulin pumps is the programs are “fixed” and the code isn’t designed for reworking in case hackers learn how to crack them.
But it was the late hacker Barnaby Jack who first pointed out the insecurity of implanted medical devices…
“I can scan for any insulin pumps in the vicinity,” Jack tells the interviewer while waving a strange metal rod. “I will return those insulin pump IDs, and then I can have them dispense their entire 300 units of insulin, which for a Type 1 diabetic will easily prove fatal unless you seek medical attention.”
To prove it, he demonstrated his hack on a plastic dummy with an insulin pump attached to its insides. The hack works, he explained, even when the pumps are turned off.
And as for the pacemaker? Two months before the Homeland episode aired last December, Jack presented at Breakpoint Security Conference in Melbourne, Australia. He demonstrated how easily a hacker could remotely cause a pacemaker to deliver an 830-volt shock, which, he said, “could be heard with an audible pop.”
This revelation made global news… and it wasn’t the first time an exploit of his hit the headlines: In 2010, he ventured into the limelight after a live demonstration at the Vegas Black Hat conference, where he flawlessly “jackpotted” an ATM — a hack that causes them to spew out dozens of bills on demand.
Jack had planned to demonstrate again at the Black Hat conference last summer.
This time he would reveal how to hack pacemakers.
Only a week before his highly anticipated — and extremely controversial — presentation, he was found dead in San Francisco.
Barnaby Jack, before his death, made clear that “the threat of a malicious attack to anyone with an implantable device is slim.” But he saw something far worse looming in the distance: specially crafted viruses uploaded to a server that could spread “a worm with the ability to commit mass murder,” he said. “It’s kind of scary.”
Indeed.
[Ed. Note: Thousands of companies, big and small, are racing for solutions to the seemingly endless vulnerabilities in the infosphere. Which is why we’ve been pounding the table about investing in companies set to lead the cybersecurity boom for years to come.
Many of these firms are being groomed by the Pentagon. “The last time the Pentagon doled out this kind of cash,” says our own Byron King, “investors saw extraordinary gains 12,428%… 20,381%… and even 55,000%.” The next profit wave could start on Thursday. Click here to get in before it’s too late.]
To the markets, where it’s a “risk-on” day — thanks to the arrival of the Labor Department’s September jobs report, 18 days behind schedule, thanks to the partial government shutdown.
Surprise, surprise — it came in “below expectations,” at 148,000 new jobs for the month. That’s not even enough to keep up with population growth, much less the “expert consensus” of 185,000.
The U-3 unemployment rate most often cited by the media ticked down to 7.2% — once again because people are leaving the labor force, and not with a gold watch retirement.
None of these numbers is affected by the shutdown, which began Oct. 1. But as Barry Ritholtz is wont to remind us, the monthly number is noise. The long-term trend is what matters, and our favorite measure of the long-term trend is the chart of job losses and recoveries in every recession since World War II…
Hoo boy… The recovery is so sluggish the chartmeisters at Calculated Risk will again have to extend the time frame on their chart soon.
Meanwhile the real-world unemployment rate kept by John Williams at Shadow Government Statistics is unchanged, at 23.3%
Markets reacted on the assumption that sluggish jobs numbers will ensure the Federal Reserve won’t contemplate “tapering” its money-printing programs when its Open Market Committee meets next week.
- The S&P 500 is reaching higher into record territory, above 1,750 at last check
- Bonds are rallying; the yield on a 10-year note is about to dip below 2.5% — a three-month low
- Gold is up $27, to $1,344. Silver’s up 2.5%, to $22.80
- The dollar index has tumbled to 79.25, a level last seen in February.
“The question is not tapering,” suggests the Gloom Boom & Doom Report’s Marc Faber. The Fed’s “QE” program has run at an $85 billion a month pace since last December.
“The question is at what point will they increase the asset purchases to, say, $150 [billion], $200 [billion], a trillion dollars a month,” Faber said during a CNBC interview.
“Every government program that is introduced under urgency and as a temporary measure is always permanent… The Fed has boxed itself into a position where there is no exit strategy.”
Faber is sticking to his call 18 months ago — “massive wealth destruction” in which “well-to-do people will lose up to 50% of their total wealth.”
Only now the fall would be steeper because the Fed has run up asset prices that much more. “One day, this asset inflation will lead to a deflationary collapse one way or the other. We don’t know yet what will cause it.”
“Next month’s meeting of the Chinese Communist Party is shaping up to be a big deal,” writes business columnist Alan Kohler in Australia’s Business Spectator.
While the Fed is currently the world’s chief source of liquidity, “expectations are growing that President Xi Jinping will announce the opening of China’s capital account, allowing easier investment abroad by China’s wealthy.”
China’s national savings total $4.2 trillion – one and a half times as much as America’s. Mr. Kohler cites a report from Lombard Street Research saying a “wall of money” could “swamp global financial markets.”
“And it’s not going to go for Treasuries and other government bonds,” reads the report. “Much more likely it will follow the children into U.S., U.K. and Australian real estate, private equity and eventually quoted stocks.”
Now that China has worked out a currency swap agreement with Great Britain, the eurozone is next, suggests Chuck Butler from his post at EverBank World Markets.
“Japan and the U.K. are done. That leaves the euro and francs as the other two majors, other than the dollar, that have not worked out a currency swap agreement with China.
“So I expect the euro to be the next to work out a currency swap agreement with China. Talk about gaining a wide distribution for the renminbi/yuan! After euros, I would expect China to work out something with the U.S., although I see the U.S. dragging their feet, for why would they want to help the challenger currency to the dollar’s status as reserve currency gain an even wider distribution?
“But the U.S. will eventually give in to the Chinese, because, well, the Chinese have the power of persuasion. These are the things that happen when you get yourself into too much debt.”
“What a bunch of crap!” begins a selection of email that flooded into The Daily Reckoning over the weekend.
Among the perils of the publishing business is that you offend people now and then. But the reaction to a message over the weekend from Laissez Faire Club Director Doug Hill has been — well, “hostile” doesn’t even begin to capture the essence. The s-word made repeated appearances.
“These kinds of stupid articles are only damaging your brand,” read a more restrained email.
Sheesh… Doug’s a nice guy. We’ve been working together in one form or another for nearly four years. Shame to see him beat up like this.
Well, OK, we concede it’s a little, uh, over-the-top.
If you’re curious what’s inspired the ire, it’s a presentation that starts with this provocative image…
Not enough to encourage you to click? Here’s one more email: “It’s a**h**** like you that have f***** the USA up, not the president.”
Aw, c’mon, click the link and check it out…
Cheers,
Dave Gonigam
The 5 Min. Forecast
P.S. On further reflection, why didn’t we get such a hostile response when we put this out to the world some months back?