Category Archives: Internet

Cyber security, Economic, Government, Internet, Society, Technology

CrowdStrike: The risk is ours

INTERNET SECURITY

THE bleak lesson from the devastating global computer breakdown on Friday 19 July – which grounded flights, crashed payment systems, crippled NHS surgeries and hospitals, disconnected phone lines, and knocked media outlets off air – could have been even worse. With no end in sight, this malfunctioning has been dubbed the “digital pandemic” and has already incurred colossal costs in time and money.

To those unversed in the intricacies of computer technology, the speed and extent of the disaster are almost incomprehensible. Surely, many will say, computer systems should be designed to avoid crashes on this scale at all costs. We would not accept planes, trains, or automobiles that dysfunction so badly.

But the truth is when it comes to computers, we accept inherent levels of risk that would be utterly intolerable elsewhere. The technology companies’ profits soar and, when things go wrong, we – the digital serfs of this brave new world – must humbly accept the cost and inconvenience that our masters inflict on us.

To appreciate the scale and complexity of the problem, consider this thought experiment.

Imagine if we allowed almost every traffic light in the world to be made by the same manufacturer. Worse, imagine that all of them were made with a remote-controlled switch that turned them to red. And – catastrophically – that a simple error at the manufacturer or one of its suppliers could trigger this switch all over the world.

Traffic would be instantly gridlocked on every continent. To repair these traffic lights, technicians would in many cases have to dismantle them and fiddle around in the works.

That, in crude terms, is the story of CrowdStrike in this computer breakdown and collapse. Most computers in the world use Microsoft – which makes the ubiquitous Windows operating platform, as well as Word, Excel, and the Teams video-calling system. Many Microsoft customers also rely on other software – in this case the Falcon Sensor program provided by the cybersecurity firm CrowdStrike.

Security software protects computers from attack, typically by screening incoming data to ensure that it does not include “malware” – malevolent programs that steal data, freeze computers, or scramble their contents.

To work properly, these programs must operate unhindered on our computers, phones, and tablets. And to protect against new threats, they must update regularly – and automatically. In this current incident, one of the automatic software updates from CrowdStrike contained a simple, devastating error. Automatically installing on computers that run Windows, it crashed affected devices, triggering a page containing Windows’s error message – the so-called “blue screen of death”.

The result: the world suddenly had to switch to cash payments and handwritten boarding passes, while shops were forced to shut, medical appointments cancelled, and aircraft at airports grounded.

It is little comfort that George Kurtz, the co-founder and chief executive of CrowdStrike, says he is “deeply sorry”. Fixing the problem will not just take hours, but days or even weeks. At best, computers will need to be switched on and off again, allowing a new update to install. At worst, affected machines will need hours of specialist attention.

Nor will it be any comfort to furious customers around the world that CrowdStrike’s share price has crashed, knocking £10billion off its £65billion capitalised market value.

It could have been far worse.

This does not appear to have been a cyber-attack by a foreign power. Microsoft systems in countries all over the world, including Russia and China, were affected.

Nor was it the work of cyber-criminals. The faulty update did not scramble our databases, leaving us open to ransom demands from crime gangs in return for a key to recover our information.

Nor – unlike many recent cyber-attacks – did it whisk our most precious private information away to the Chinese Communist Party’s spy services in Beijing.

A far worse – and narrowly avoided – cyber-attack earlier this year could have given our enemies the master key to hundreds of millions of computers around the world, enabling them to wreak deadly havoc. Known in tech circles as the “xy” attack, it involved a little-known but ubiquitous program that compresses data to improve efficiency.

This attack, probably the work of Russian spies, was uncovered and stopped by chance at the last minute. And because in the end the damage was minimal, it attracted almost no public attention.

That was a near-miss. Far worse was the SolarWinds attack, exposed in 2021. Hackers – almost certainly Russian – bugged an update issued by Microsoft for a widely used program. The targets were Western (chiefly American) defence and other government networks. The cyber raid also exposed data from the U.S. Treasury, Justice, and Commerce departments, and thousands of Wall Street’s top companies.

The internet has become the central nervous system of our civilisation. Yet it was never designed or intended for this. It was built to promote academic cooperation and technological innovation, not global security. It is wide open to abuse by pranksters, fraudsters, and rogue states.

A handful of operating systems and software that updates remotely and automatically create a sitting target.

We would hardly accept such a concentration of risk in other walks of life, especially if we had no control over the decision-makers in such systems, and almost no redress if they made mistakes. With most other products and services, you can sue the provider if there’s a malfunction – and gain additional compensation for any damage caused. Not computers.

Unlike other parts of our technological universe, computers, phones, and software are not sold with proper guarantees. The manufacturers can shrug at their products’ shortcomings.

Buried in the terms and conditions are clauses that exempt the manufacturer from almost all liabilities.

One might well ask how on earth we got to such a parlous state of affairs.

One reason is greed: tech giants like their profits. They lobby hard for their privileged status, just as they do for the right to sell our attention to online advertisers – and to resist demands for proper age verification on social media platforms like TikTok.

But a deeper reason is that we have been naïve and complacent in our headlong embrace of new but untrusted technology. We have prized innovation and convenience ahead of security.

These risks, we were told, were the price of admission to the brave new world of computer wizardry. Maybe. But we are paying heavily for it.

In the case of this cyber meltdown, the culprit was carelessness. But suppose the perpetrator had been some rogue regime, perhaps distracting us at a moment of geopolitical tension?

Imagine that this outage had stopped the trains running, frozen all cash machines and, for that matter, turned all our traffic lights to red – or worse, green.

We would have nobody to blame but ourselves.

Standard
Britain, Economic, Government, Internet, Technology

5G and why we need it

TELECOMMUNICATIONS

5G

5G is the “fifth generation” upgrade to mobile telecommunications. It does not consist of a single new operating system but a “systems of systems” that will dramatically increase data speeds to such an extent you’ll be able to download a movie in just three seconds. It will also increase internet capacity a thousand-fold when it’s fully operational.

There is a big difference between 4G and 5G capabilities. 4G, like all the ‘G’s before it, is principally designed for smartphone browsing. 5G, however, is far more ambitious, linking together all kinds of devices, from household appliances such as fridges and washing machines to cars and electricity meters.

It is supposed to create what has been termed the “internet of things”, where everything we use in our day-to-day lives can be controlled remotely. For example, you could use the 5G network to control your washing machine from the other side of the world. It could also speed up the development of driverless cars by allowing vehicles to interact with each other.

5G will become increasingly relevant with a pressing need for it. In its strategy document for 5G rollout, published in 2017, the UK Government predicted that global data traffic would grow from 3.7 exabytes (3.7 billion-billion bytes of information, where one byte is equivalent to a short email) in 2015 to 30.6 exabytes in 2020. That’s the same as if the number of passengers on London’s Tube network grew by 53 per cent every year. Without an upgrade, existing systems face being overloaded.

There are also government policies which are dependent on 5G. If we are to reach net zero carbon emissions by 2050 – the ambitious target which was unveiled by former Prime Minister Theresa May last summer – then we will need to make much smarter use of the electricity grid. The 5G network would allow household appliances like fridges and electric car charges to switch in and out of the grid when needed.

There are risks with 5G. An “internet of things”, where every appliance is interconnected, provides new opportunities for hackers to interfere with electronic systems. They could potentially seize control of vehicles and cause them to crash, or by hacking smart door locks to gain entry to households.

Hostile nations could exploit 5G to try to disrupt our utility supplies, nuclear plants or airports. There are also serious privacy issues as 5G will make it easier for governments and corporations to track our lives one click at a time. But there are also considerable advantages – 5G networks involve far more secure data encryption. So, while there will be more appliances for hackers to target, doing so won’t be easy.

 

WHOEVER builds the 5G grid, or supplies equipment for it, could potentially plant bugs to allow interference with the network or enable mass surveillance by accessing data.

Huawei has repeatedly denied that it is an arm of the Chinese state, but as a Chinese company it is vulnerable to the control of a dictatorship with an appalling human rights record.

We wouldn’t allow a Chinese company to supply fighter jets for the RAF, goes the argument, and therefore we shouldn’t allow one to supply vital communications infrastructure.

Former national security adviser Lord Ricketts has dismissed the fears, however, saying: “I personally think we can find a solution which does allow them to have some role.”

Another serious concern is what it would mean for Britain’s role within the “Five Eyes” network of security partners – the US, Australia, Canada, New Zealand and Britain – who frequently exchange intelligence. Canada has yet to make a decision, while New Zealand initially stopped Huawei providing 5G equipment but has since said it has not imposed a complete ban.

The United States is worried. Donald Trump doesn’t trust Huawei to build even the smallest part of our 5G network and the US has warned that it might be reluctant to share intelligence with the UK if we utilise the services of the Chinese company – although MI5 chief Andrew Parker recently claimed that this is an unlikely consequence. Some analysts have argued that the US is only saying this as a protectionist ruse in its ongoing trade war with China.

Yet, that doesn’t explain why Australia, too, has banned Huawei from building its own 5G network. The chair of Australia’s intelligence and security committee, Andrew Hastie, claims it is a question of “digital sovereignty”, while his colleague James Paterson points out: “Successive Australian governments banned Huawei from our broadband and 5G networks with very little controversy.”

In any case, no US company currently makes 5G network equipment. Instead, the US is considering subsidising Swedish firm Ericsson and Finnish company Nokia in order to help develop its own 5G network. In the US, T-Mobile has already switched on a slower version of its 5G network, claiming it covers 200 million people.

Some of our other allies are also refusing to denounce the Chinese firm. German Chancellor Angela Merkel is reluctant to ban Huawei, fearing retaliation against German companies exporting to China. France, too, has said it will allow Huawei to build parts of its 5G network.

Under Theresa May’s premiership, the government announced that Huawei would be allowed to provide equipment for the periphery of the 5G network, such as masts, but not the control systems at the core of the network. The security services – MI5, MI6 and GCHQ – claim that the risk to 5G from using a Chinese supplier is manageable.

But one complication that will need to be resolved is that our existing 3G and 4G telecoms networks already contain equipment manufactured by Huawei. In 2005, for example, BT signed a contract with Huawei that allowed it to connect customer lines to the main part of the network.

The UK Government announced this week that it is to stick to its existing policy, which is to allow Huawei to build communication towers and other peripheral equipment for the 5G network but ban it from the core parts of the network (such as military intelligence). Measures were also announced to reduce future reliance on China’s involvement by imposing a 35 per cent cap on Huawei’s share of the market.

Our Government claims that Huawei has such a technological head-start in creating 5G equipment that shunning it would delay the introduction and considerably increase costs. Alternative, though significantly more expensive, suppliers are ZTE, which is owned by the Chinese government, Ericsson, Nokia, Samsung (South Korean) and Viettel (owned by the Vietnamese military). The actual cost to the Government of Huawei’s input into 5G is unknown, as is the time frame. Restricting Huawei’s involvement would have delayed the launch of 5G by up to two years and cost the economy between £4.5billion and £6.6billion, according to a 2019 report by the telecoms industry body, Mobile UK.

We could have decided to upgrade the existing 4G network which would have given extra capacity for now. But, in the long run, that would have led to Britain lagging behind in telecommunications.

The pros and cons of using Huawei

Advantages –

. Banning the Chinese would reduce the number of companies supplying 5G, decreasing competition and leading to a rise in costs for consumers.

. Whitehall officials have also said it would cost the UK economy tens of billions of pounds in the coming years, from the lost opportunity of the productive gains of using 5G.

. There would also be a cost to companies who have started to roll it out across the country.

. Officials have warned that by barring Chinese involvement could slow down the rollout of 5G by up to three years.

. Huawei’s exclusion would likely damage relations with China, where Britain is also seeking to strike a post-Brexit trade deal.

The Risks –

. The U.S. says Huawei could be used as a back door for spying by the Chinese state.

. Critics have also warned China could use its access to Britain’s data network to shut down critical national infrastructure.

. There are fears the UK could lose its intelligence sharing relationship with countries such as the US and Australia, who have warned against allowing Huawei anywhere near their networks.

. Members of the US Congress have also threatened to block a future post-Brexit trade deal if the UK pushed ahead with using Huawei.

Standard
Britain, Government, Internet, Legal, Society, Technology

New enforceable code for web giants

INFORMATION COMMISSIONER

FACEBOOK, Google and other social media platforms will be forced to introduce strict age checks on their websites or assume all their users are children.

Web firms that hoover up people’s personal information will have to guarantee they know the age of their users before allowing them to set up an account.

Companies that refuse will face fines of up to 4 per cent of their global turnover – £1.67billion in the case of Facebook.

The age checks are part of a tough new code being drawn up by the Information Commissioner’s Office (ICO), which is backed by existing laws and will come into force as early as the autumn.

. See also Internet safety: The era of tech self-regulation is ending

Experts claim it will have a “transformative” effect on social media sites, which have been accused of exposing young people to dangerous and illicit material, bullying and predators. It includes rules to help protect children from paedophiles online.

The code also aims to stop web firms bombarding children with harmful content, a problem highlighted by the case of Molly Russell, 14, who killed herself after Instagram allowed her to view self-harm images. Under the new code:

. Tech firms will be banned from building up a “profile” of children based on their search history, and then using it to send them suggestions for material such as pornography, hate speech and self-harm.

. Children’s privacy settings must automatically be set to the highest level.

. Geolocation services must be switched off by default, making it harder for trolls and paedophiles to target children based on their whereabouts.

. Tech firms will not be allowed to include features on children’s accounts designed to fuel addictive behaviour, including online videos that automatically start one after the other, notifications that arrive through the night, and prompts nudging children to lower their privacy settings.

Once the new rules are implemented, children should be asked to prove their age by uploading their passports or birth certificate to an independent verification firm. This would then give them a digital “fingerprint” which they could use to demonstrate their age on other websites.

Alternatively, the tech firms could ask children to get their parents’ consent, and have the parents prove their identity with a credit card.

If the web giants cannot guarantee the age of their users, they will have to assume they are all children – and dramatically limit the amount of information they collect on them, as set out in the code.

At present, a third of British children aged 11 and nearly half of those aged 12 have an account on Facebook, Twitter or another social network, OFCOM figures show.

Many youngsters are exposed to material or conversations they are too young to cope with as a result.

The Deputy Commissioner at the ICO, said: “We are going to be making it quite clear that there is a reasonable expectation that companies stick to their own published terms and policies, including what they say about age restrictions.”

A House of Lords amendment tabled by Baroness Beeban Kidron that ensures the new code will be drawn up and put into law, said: “I expect the code to say: ‘You may not, as a company, help children find things that are detrimental to their health and well-being.’ That is transformative. This is so radical because it goes into the engine room, into the mechanics of how businesses work and says you cannot exploit children.”

The rules will come into force by the end of the year, and will be policed by the ICO, which has the powers to hand out huge fines.

It will also use its powers to crack down on any web firm that does not have controls in place to enforce its own terms and conditions. Companies that say they ban pornography and hate speech online will have to show the watchdog they have reporting mechanisms in place, and that they quickly remove problem material.

Firms that demand children are aged 13 or above – as most web giants do – will also have to demonstrate that they strictly enforce this policy.

At the moment, web giants such as Facebook, simply ask children to confirm their age by entering their date of birth without demanding proof.

 

FOR far too long, social media giants have arrogantly refused to take responsibility for the filth swilling across their sites.

Many of these firms, cloistered in Silicon Valley ivory towers, are owned by tax-avoiding billionaires who are indifferent to the trauma inflicted on children using websites such as Facebook and Instagram.

At the click of a mouse, young children are at risk of exposure to paedophiles, self-harm images, online pornography and extremist propaganda.

Finally, however, these behemoths are being brought to heel by the Information Commissioner (ICO). They must ensure strict age checks and stop bombarding children with damaging content – or face multi-million-pound fines.

Such enforced regulation is very welcome and well overdue.

Standard