Spectre, Meltdown Highlight Online Banking and Digital Gold Risks
-- Published: Friday, 5 January 2018 | Print | Disqus
– Critical hardware flaw breaks basic security: risks to online banking & digital assets – Nearly all computers worldwide, smartphones and other devices – exposed to major security risk – Two separate security flaws identified in devices powered by Intel, ARM and AMD chips – Vulnerability known about for six months by tech insiders – Cyber crime represents the biggest transfer of economic wealth in history – Cyber crime damage costs to hit $6 trillion annually by 2021 – All digital assets and information at risk – Crypto currencies, digital assets including gold exposed – Physical gold’s benefits highlighted
Editor: Mark O’Byrne
The Spectre and Meltdown double whammy this week underlines the increasing risks in the global computing infrastructure and our online banking and digital asset world of banking and finance.
On Wednesday, came news that anyone who uses a computer, smartphone, tablet etc has been introduced to the concept of ‘hacked hardware’. Two separate security flaws, named ‘Meltdown’ and ‘Spectre’ have been identified in devices powered by Intel, ARM and AMD chips. The flaws make pretty much any device hackable.
Not only are our ‘things’ affected but data centres and devices that connect to the cloud are also at risk.
The problem was identified by Google engineers and has been known about for approximately six months. Whilst no attacks taking advantage of these security flaws have yet been identified, we are talking about an unprecedented number of computers, devices, people and companies, including banks, being exposed.
The BBC estimates that ‘for personal computers alone: there are 1.5 billion in use today (desktop and laptop combined) and around 90% are powered by Intel chips, IDC estimates. That means exposure to the Meltdown bug is potentially huge.’
Meltdown affects laptops, desktop computers and internet servers with Intel chips. However, Spectre is an arguably bigger threat. It affects chips powered by Intel, ARM and AMD. in smartphones, tablets and computers.
Why is this a big deal?
The weaknesses leave any device with affected chips vulnerable to both hacking and slowdown in performance. The flaw could give cyberattackers unauthorized access to sensitive data.
This is scary as for years users have been used to warnings by the tech industry that there are security holes in software. These are regularly taken advantage of by hackers. But we are now exposed to a flaw in hardware. Hardware troubles are arguably much harder to fix and newer impossible to replace given their extensive presence around the world.
Scott Borg, director of the U.S. Cyber Consequences Unit, is most concerned about hardware vulnerabilities over software ones. He sees the biggest threat in industry.
Borg recently spoke at Stanford University and explained the shift in hackers’ mentality:
“Initially,” he said, “[hackers] focused on operations control, monitoring different locations from a central site. Then they moved to process control, including programmable logic controllers and local networks. Then they migrated to embedded devices and the ability to control individual pieces of equipment…You can imagine countless attacks manipulating physical things,”
Why are hackers turning to hardware over software? Surely software has a greater reach? No, argues Borg. The decision to move to hardware is purely economic. Stock manipulation is a key way cyberattackers can take advantage of a hardware malfunction.
“There is a limit to how much you can steal from credit card fraud; there is no limit to how much you can make in taking a position in a market and making something happen,” Borg says. “You can short a company’s stock in a highly leveraged way, then attack the company in a way that makes stock fall, reinvest on the way down, and multiply your investment hundreds of times. This is a big growth area for cybercrime; it has been done multiple times already, but it is really just starting to get under way. This is going to be a huge area for cybercriminals.”
Previously individuals were worried about the clicking on a dodgy link or downloading an unknown file. Worst case we believed was credit card or identity fraud. Now, we’re looking at elements of our portfolio being attacked – imagine if you have shares affected by this latest round of news regarding chip security.
We are also, very seriously, facing an attack on our homes.
Nowhere is safe
This Christmas showed the smart home had arrived. Sales of Amazon’s Alexa and Google’s Echo made headlines as families realised they could have a smart home for just $500. The total spend on Internet of Things products and services was expected to reach $2 trillion by the end of last month.
Gadgets such as wearables and smart fridges make our busy lives more productive. They’re supposed to free up time for us to do ‘fun’ things but they arguably just create space for more tasks we create for ourselves, one of those being securing our home from hackers.
By the end of 2017 there were expected to be 8.4 billion internet-enabled devices in use, increasing to 20.4 billion by the end of 2020. This all sounds great but its a goldmine for hackers.
Which? carried out a series of tests in a ‘smart home’ last year. Eight out of the fifteen devices were found to have security vulnerabilities.
We can even be taken in by freebies. In 2006 McDonald’s Japan put their customers at major financial risk just by giving them a free mp3 player. Popular Science explains:
In late summer of 2006, the Japanese division of McDonald’s decided to run a new promotion. When customers ordered a Coca-Cola soft drink, they would receive a cup with a code. If they entered that code on a designated website and were among 10,000 lucky winners, they would receive an MP3 player pre-loaded with 10 songs.
Cleverly constructed, the promotion seemed destined for success. Who doesn’t like a Coke and a free MP3 player? But there was one problem the marketers at McDonald’s could not anticipate: In addition to 10 free songs, the music players contained QQPass malware. The moment winners plugged their players into a computer, the Trojan horse slipped undetected into their system and began logging keystrokes, collecting passwords, and gathering personal data for later transmission.
This is just one example but a good one of how easy it is for us to be affected by vulnerable hardware. These microchips that are under threat are in our fridges, our cars, our phone, planes and even missiles.
Popular Science goes onto explain:
Even hardware generally considered innocuous could be exploited by hackers and used for covert acts. Modified third-party phone chargers have served as vehicles for malware, as have game consoles. In the world of hardware hacking, any smart device—a refrigerator, clock, even a wearable fitness monitor—could be weaponized.
Such covert actions could inflict even greater harm were they to work their way into the backbone of the Internet: the servers and other networking equipment that comprise the infrastructure of the IT world. Instead of gathering embarrassing emails from a handful of executives, hackers with compromised servers could monitor most of the world’s Internet messages. As companies such as Huawei Technologies and ZTE Corporation—both of which supply telecommunication equipment and have ties to the Chinese military—continue to grow, so too will concerns about network security.
Significant cost
The Cybersecurity Business Report offers the following stats that outline just how vulnerable we are as society and financially:
2. Cybersecurity spending to exceed $1 trillion from 2017 to 2021. The rising tide of cyber crime has pushed information security (a subset of cybersecurity) spending to more than $86.4 billion in 2017, according to Gartner. That doesn’t include an accounting of internet of things (IoT), industrial IoT, and industrial control systems (ICS) security, automotive security, and other cybersecurity categories. Global spending on cybersecurity products and services are predicted to exceed $1 trillion over the next five years, from 2017 to 2021.
3. Cyber crime will more than triple the number of unfilled cybersecurity jobs, which is predicted to reach 3.5 million by 2021. Every IT position is also a cybersecurity position now. Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure and people. The cybersecurity workforce shortage is even worse than what the jobs numbers suggest. As a result, the cybersecurity unemployment rate has dropped to zero percent.
4. Human attack surface to reach 6 billion people by 2022. As the world goes digital, humans have moved ahead of machines as the top target for cyber criminals. There are 3.8 billion internet users in 2017 (51 percent of the world’s population of 7 billion), up from 2 billion in 2015. Cybersecurity Ventures predicts there will be 6 billion internet users by 2022 (75 percent of the projected world population of 8 billion) — and more than 7.5 billion internet users by 2030 (90 percent of the projected world population of 8.5 million, 6 years of age and older). The hackers smell blood now, not silicon.
5. Global ransomware damage costs are predicted to exceed $5 billion in 2017.That’s up from $325 million in 2015—a 15X increase in two years, and expected to worsen. Ransomware attacks on healthcare organizations—the No. 1 cyber-attacked industry—will quadruple by 2020. Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 14 seconds by 2019.
It’s not time to move off-grid, we’re not suggesting that – don’t worry. But what we do suggest is that you take an element of your portfolio, savings and wealth off-grid.
Physical gold that is allocated and segregated is about as off-grid as you can get when it comes to investments. Sure, you can have some crypto currencies and some shares but they’re unbelievably connected to the outside world thanks to just the click of button. You cannot transact them without using an electronic device.
When it comes to physical gold, it does not rely on you having the safest chip in your smartphone or ensuring no-one is listening to you at home chatting to your loved ones.
Gold bullion has been bought by millions all over the world because of its role in protecting investors during times of war, financial hardship and economic disasters. It is only recently that the idea of cyber warfare and the misuse of this power by governments has become an important point of consideration.
Gold is as relevant here as it always has been. But it is specifically allocated, segregated physical gold which will protect from these risks – not paper gold or digital gold.
Owning gold coins and bars either in one’s possession or in allocated and segregated storage will protect people and will be accessible and liquid. It will protect investors and savers and those who use online banking from malicious attacks. Let’s face it we’re all there already and these growing risks are very real.
The content on this site is protected
by U.S. and international copyright laws and is the property of GoldSeek.com
and/or the providers of the content under license. By "content" we mean any
information, mode of expression, or other materials and services found on GoldSeek.com.
This includes editorials, news, our writings, graphics, and any and all other
features found on the site. Please contact
us for any further information.
Live GoldSeek Visitor Map | Disclaimer
The views contained here may not represent the views of GoldSeek.com, Gold Seek LLC, its affiliates or advertisers. GoldSeek.com, Gold Seek LLC makes no representation, warranty or guarantee as to the accuracy
or completeness of the information (including news, editorials, prices, statistics,
analyses and the like) provided through its service. Any copying, reproduction
and/or redistribution of any of the documents, data, content or materials contained
on or within this website, without the express written consent of GoldSeek.com, Gold Seek LLC,
is strictly prohibited. In no event shall GoldSeek.com, Gold Seek LLC or its affiliates be
liable to any person for any decision made or action taken in reliance upon
the information provided herein.