Top 7 Predictions for 2013 (if the Internet As We Know It Still Exists)

Will the next year bring a seismic shift in who controls the Internet? Another Mac malware outbreak? Your smart TV being highjacked for a DDoS attack? Whatever 2013 may bring, it’s sure to be an interesting year. Here’s F-Secure Labs’ take on what could be in store for the next year.

Forecast_2013_logo-02

1. The end of the Internet as we know it?
“Depending on the outcome of an important conference taking place now in Dubai, a lot of things could happen in 2013,” says Sean Sullivan, Security Advisor at F-Secure Labs.That event, the World Conference on International Telecommunications, could have a major impact on the Internet as we know it. “The Internet could break up into a series of smaller Internets,” Sullivansays. “Or it may start to be funded differently, with big content providers like Facebook and Google/YouTube having to pay taxes for the content they deliver.”

The WCIT event is a meeting convened by the International Telecommunication Union (ITU) to finalize changes to the International Telecommunications Regulations treaty. In attendance are regulators representing governments from around the world, not all of whom are interested in Internet freedom. There is concern that some regimes would want to shift control of the Internet “from the geeks, and give it to governments,” as Sullivan puts it. New measures are also being proposed in the name of Internet security that privacy advocates suggest would mean the end of anonymity on the Internet.

2. Leaks will reveal more government-sponsored espionage tools
“It’s clear from past leaks about Stuxnet, Flame, and Gauss that the cyber arms race is well underway,” says Mikko Hypponen, Chief Research Officer at F-Secure Labs. While we may not always be aware of nation-states’ covert cyber operations, we can expect that governments are more and more involved in such activity. In 2013, we’ll most likely see more leaks that definitively demonstrate this, and from countries who haven’t previously been seen as a source of attacks. As the arms race heats up, the odds of leaks increase.

3. Commoditization of mobile malware will increase
The Android operating system has solidified in a way that previous mobile operating systems haven’t, extending from phones to tablets to TVs to specialized versions of tablets. The more ubitiquous it becomes, “the easier to build malware on top of it and the more opportunities for criminals to innovate businesswise,” Sullivan says. Mobile malware will become more commoditized, with cybercriminals building toolkits that can be purchased and used by other criminals without real hacking skills. In other words, malware as a service, for Android.

4. Another malware outbreak will hit the Mac world
2011 saw scareware called Mac Defender, and in 2012 Flashback took advantage of flaws in Java. The Labs predict 2013 will bring another Mac malware outbreak that will have some success within the Mac community.

“The author of the Flashback Trojan is still at large and is rumored to be working on something else,” Sullivan says. “And while there have been smart security changes to the Mac OS, there’s a segment of the Mac-using population who are basically oblivious to the threats facing Macs, making them vulnerable to a new malware outbreak.”

5. Smart TVs will become a hacker target
Smart TVs are plugged into the Internet, they’ve got processing power, and since they typically aren’t equipped with security, they’re wide open to attacks. Adding to their vulnerability is that unlike home computers, many smart TVs are directly connected to the Internet without the buffer of a router, which deflects unsolicited traffic. Also, consumers often don’t change the factory default username and password that have been set for web administration, giving easy access to hackers.

“It’s very easy for hackers to scan for smart TVs on the Internet,” says Sullivan. “When found, they only need to use the default username and password, and they’re in.” 2012 already witnessed LightAidra, a breed of malware that infected set top boxes. 2013 could see smart TVs being used for such purposes as click fraud, Bitcoin mining, and DDoS attacks.

6. Mobile spy software will go mainstream
2013 may see a rise in popularity of tracking software, and not just for parental control purposes. There has already been growth in child safety apps that monitor kids’ activities, for example, their Facebook behavior. “Of course this kind of software can also be used to spy on anyone, not just kids,” Sullivan says. “The more smartphones there are, the more people will be seeking out software like this – to find out what their ex is up to, for example.”

7. Free tablets will be offered to prime content customers
Tablets and e-readers are all the rage, and more and more often in closed ecosystems such as the iPad with iTunes or the Kindle with Amazon. As the Kindle price keeps dropping, the Labs predict that 2013 may bring a free e-reader or tablet for prime customers of companies who charge for content, like Amazon or Barnes & Noble. “Closed ecosystems are more secure, but you have to trust the provider to protect your privacy,” says Sullivan.

For ongoing analysis from the F-Secure Labs, follow News from the Lab.

More posts from this topic

FB archive

Your digital memories – will they vanish or persist?

If you like sailing and tall ships, I can recommend this podcast about Pam Bitterman’s book Sailing to the far horizon. It’s a great story about the last years of the community-operated ship Sofia, covering both a lot of happy sailing and the ship’s sad end in the early eighties. But this is not about hippies on a ship, it’s about how we record and remember our lives. In the podcast Pam tells us how the book was made possible by her parents saving her letters home. Perhaps they had a hunch that this story will be written down one day. Going on to state that e-mails and phone calls wouldn’t have been saved that way. That’s a very interesting point that should make us think. At least it made me think about what we will remember about our lives in, say, twenty years? We collect more info about what we are doing than ever before. We shoot digital pictures all the time and post status updates on Facebook. We are telling the world where we are, what we are doing and what we feel. Maybe in a way that is shallower than letters home, but we sample our lives at a very granular rate. The real question is however how persistent this data is? If we later realize we have experienced something unique enough to write a book about, have our digital life left enough traces to support us? Pam wrote the book about Sofia some twenty years later. A twenty year old paper is still young, but that’s an eternity in the digital world. Will you still be on the same social media service? Do you still have the same account or have you lost it. Does the service even exist? And what about your e-mails, have you saved them? How are your digital photos archived? You may even have cleaned up yourself to fit everything into a cheaper cloud account. Here’s something to keep in mind about retaining your digital life. Realize the value of your personal records. You may fail to see the value in single Facebook posts, but they may still form a valuable wholeness. If you save it you can choose to use it or not in the future. If you lose it you have no choice. Make sure you don’t lose access to your mail, social media and cloud storage accounts. That would force you to start fresh, which usually means data loss. Always register a secondary mail address in the services. That will help you recover if you forget the password. Use a password manager to avoid losing the password in the first place. Redundancy is your friend. Do not store important data in a single location. The ideal strategy is to store your files both on a local computer and in a cloud account. It provides redundancy and also stores data in several geographically separated locations. This is easy with younited because you can set it to automatically back up selected folders. Mail accounts have limited capacity and you can’t keep stuff forever. Don’t delete your correspondence. Check your mail client instead for a function that archives your mail to local storage. Check your social media service for a way to download a copy of your stuff. In Facebook you can currently find this function under Settings / General. It’s good to do this regularly, and you should at least do it if you plan to close your account and go elsewhere. Migrate your data when switching to a new computer or another cloud service. It might be tricky and take some time, but it is worth it. Do not see it as a great opportunity to start fresh and get rid of "old junk". If you are somewhat serious about digital photography, you should get familiar with DAM. That means Digital Asset Management. This book is a good start. Pam did not have a book in mind when she crossed the Pacific. But she was lucky and her parents helped her retain the memories. You will not be that lucky. Don’t expect your friends on Facebook to archive posts for you, you have to do it yourself. You may not think you’ll ever need the stuff, just like Pam couldn’t see the book coming when onboard Sofia. But you never know what plans the future has for you. When you least expect it, you might find yourself in a developing adventure. Make yourself a favor and don’t lose any digital memories. Safe surfing, Micke  

Oct 13, 2014
BY 
WP_20141003_09_44_53_Raw

On Ello you’re not a product, you’re a feature.

Most of us have some kind of relationship with Facebook. We either love it, hate it or ignore it. Some of us are hooked. Some have found new opportunities, and many have got themselves into a mess on Facebook. Some are worry-free and totally open while others are deeply concerned about privacy. But we probably all agree that Facebook has changed our lives or at least impacted our ways to communicate. Facebook has showed that social media is an important tool for both business and private affairs. Facebook was in the right place at the right time to become the de-facto standard for social media. But the success of Facebook is also what makes it scary. Imagine the power you have if you know everything about everyone in the civilized world. And on top of that with quite loose legislation about what you can do with that data. Ok, everything and everyone are exaggerations, but not too far from the truth. Others have tried to challenge Facebook, but no one has succeeded so far. One reason is that social media automatically is monopolizing. The most important selection criteria is where your friends are, and that drives everyone into one common service. The fact that even Google failed with Google+, despite their huge resources and a ready user base from services like Gmail, just underlines how solid Facebook’s position is. Ello is the latest challenger and they certainly have an interesting approach. Ello tries to hit Facebook straight in its weakest point and provide a service that respect user integrity. They may lack the resources of Google, but they can be credible in this area. The choice between Facebook and Google is like a rock and a hard place for the privacy minded, but Ello is different. Their manifesto says it all. Will Ello survive and will they be the David that finally defeats Goliath? Ello is in a very early phase and they certainly have a very long way to go. But remember that their success depends on you too. You may not be a product on Ello, but you are certainly a feature. The main feature, actually. The team can only provide a framework for our social interactions. But people to be social with is absolutely crucial for any social network. So Ello’s raise or fall is mostly in our hands now. They need enough pioneers to make it a vibrant society. The development team can make the service fail, but they can only create potential for success. Ello needs you to materialize that potential. So what’s my honest opinion about Ello? The fact that the service is based on privacy and integrity is good. We need a social media service like this. But there are also many open questions and dark clouds on Ello’s sky. People have complained about its usability. And yes, usability is quite weird in many ways. It’s also very obvious that Ello is too premature to be a tool for non-technical users. Now in October 2014, I would personally only invite people who are used to beta software. But both usability and the technical quality can be fixed, it just takes more work from the team. A bigger question mark is however the future business model of Ello. On Facebook you’re a product and that’s what pays for the “free” service. But how is Ello going to strike a balance between privacy and funding the operation? This is one of the big challenges. Another is if the privacy-promise really is enough? Many of us are already privacy-aware, but the vast majority is still quite clueless. What Ello needs is either a big increase in privacy awareness or something clever that Facebook doesn’t provide and can’t copy quickly. It may seem futile for a small startup to challenge Facebook. But keep in mind that Facebook was small too once in the beginning. Facebook showed us that we need social media. Perhaps Ello can show us that we need social media with integrity. But anyway, you are among those who decide Ello’s future by either signing up or ignoring it.   Safe surfing, @Micke-fi on Ello   Picture: ello.co screen capture

Oct 3, 2014
BY 
bash

Shellshock only concerns server admins – WRONG

Yet another high-profile vulnerability in the headlines, Shellshock. This one could be a big issue. The crap could really hit the fan big time if someone creates a worm that infects servers, and that is possible. But the situation seems to be brighter for us ordinary users. The affected component is the Unix/Linux command shell Bash, which is only used by nerdy admins. It is present in Macs as well, but they seem to be unaffected. Linux-based Android does not use Bash and Windows is a totally different world. So we ordinary users can relax and forget about this one. We are not affected. Right? WRONG! Where is your cloud content stored? What kind of software is used to protect your login and password, credit card number, your mail correspondence, your social media updates and all other personal info you store in web-based systems? Exactly. A significant part of that may be on systems that are vulnerable to Shellshock, and that makes you vulnerable. The best protection against vulnerabilities on your own devices is to make sure the automatic update services are enabled and working. That is like outsourcing the worries to professionals, they will create and distribute fixes when vulnerabilities are found. But what about the servers? You have no way to affect how they are managed, and you don’t even know if the services you use are affected. Is there anything you can do? Yes, but only indirectly. This issue is an excellent reminder of some very basic security principles. We have repeated them over and over, but they deserve to be repeated once again now. You can’t control how your web service providers manage their servers, but you can choose which providers you trust. Prefer services that are managed professionally. Remember that you always can, and should, demand more from services you pay for. Never reuse your password on different services. This will not prevent intrusions, but it will limit the damage when someone breaks into the system. You may still be hurt by a Shellshock-based intrusion even if you do this, but the risk should be small and the damage limited. Anyway, you know you have done your part, and its bad luck if an incident hurts you despite that. Safe surfing, Micke   PS. The best way to evaluate a service provider’s security practices is to see how they deal with security incidents. It tells a lot about their attitude, which is crucial in all security work. An incident is bad, but a swift, accurate and open response is very good.   Addition on September 30th. Contrary to what's stated above, Mac computers seem to be affected and Apple has released a patch. It's of course important to keep your device patched, but this does not really affect the main point of this article. Your cloud content is valuable and part of that may be on vulnerable servers.  

Sep 26, 2014
BY