The Internet of Things is a wonderful concept. But as itnews pointed out a few weeks ago, it’s all fun and games until a racist takes over your printer. We’ll get back to that in a moment. This month I wanted to talk about the continuing importance of human interaction in a technical world that is turning more and more to automation and open source access. As people get busier they are always looking for ways to save themselves time and energy, which results in a number of amazing and sophisticated solutions involving automation or open access for all so that admin teams don’t need to be involved. With the biggest cause of problems in IT still being down to basic human error, it’s not surprising that solutions are developed to mitigate the potential for human involvement, and therefore error. After all, what’s the worst that can happen when the human element is bypassed, or even removed altogether?
In late March 2016 the IT departments of thousands of US collages and universities got the surprise of their lives when all of their printers suddenly started printing out large volumes of racist, anti-Semitic and anti-immigrant messages. After investigating, it was discovered that each printer affected by the takeover had port 9100 exposed, and turned up in searches using Masscan, a mass IP port scanner. From there it took just 5 lines of code to take them over from a remote location. It was discovered that person responsible was a serial and high profile hacker by the name of Andrew ‘Weev’ Auernheimer, who said the point of the attack was ‘to demonstrate to his fellow white supremacists the insecurity of ‘The Internet of Things’ devices, and the ease with which someone might carry out an attack on these devices. You can find an entire log of the attack, including how he carried it out, on his storify account. It’s quite an eye opener. Printing out some unpleasant posters might seem like a minor incident compared to say major data theft, but in reality this represents something much scarier. Usually when we hear about security issues involving connected printers, smart phones, TV’s or even cars they are all in the hypothetical, with patches released to fix vulnerabilities long before anyone can do any real damage, or even knows they’re there. It’s very rare to find a malicious attack actually carried out on such a large scale. But it has made a lot of people think twice about their security and the interaction they have with it.
Another great example of unmanned tech going rogue is Microsoft’s experiment with AI in the form of twitter account Tay. Tay was a chatterbot set up by Microsoft on the 23rd of March 2016 who was designed to simulate the online ramblings of an average teenage girl. She was programmed to interact with other Twitter users in a natural way and become ‘smarter’ as more users interacted with her. To that end she was a personality entirely created by the Internet, which Microsoft forgot can contain some quite unpleasant things. It took 2 tweets by an Internet troll to turn Microsoft’s AI dreams into an online nightmare. It was suggested to Tay that: ‘The Jews prolly did 9/11. I don’t really know by it seems likely.’, and within minutes Tay tweeted back: ‘Jews did 9/11’. It took Microsoft 24 hours to call the experiment off and shut it down, and in that time Tay had abused President Obama, suggested that Hitler was right, called feminism a disease and delivered a stream of online hate many won’t be forgetting in a hurry. Microsoft has since said they are deeply sorry for the messages and taken actions to remove them from the internet. However, Tay made a comeback a few days after the incident, although this too was short lived. In her second dealing with Twitter, Tay began tweeting about smoking drugs in front of the police and spamming her 210,000 followers with the same nonsense message over and over again. Tay has since been switched to private and stopped from tweeting. This little exercise can be considered very valuable. It held up a mirror to the internet and showed us just what online culture can be like, but it also demonstrated what can happen when a human being doesn’t have any interaction with or control over their online representation.
These two examples are of course just a snapshot of how unmanned technology can go horribly wrong, but it does also show us some of the damage hyper automation and lack of the human control factor can do. Leaving internet connected devices open and available to be used by the Internet of Things can be incredibly useful, but it is also exposing a great deal of information and leaving your personal and business life open to attack. When connecting any part of your system to the Internet, security should be the first thing you’re thinking of. Sadly, with many elements like virtual machines or new printers being connected or deployed automatically, this crucial step is sometimes missed. Understanding how each machine or device can be vulnerable is the first step to preventing hacking, and that kind of thought only comes from real people. For more information about making your business secure while still embracing the Internet of Things, get in touch for your free consultation