March 21, 2017
Back in the 1990s when businesses started going online they
frequently didn’t realize that their new networking gear came with
simple default passwords like “admin”. So a whole generation of early
hackers simply scanned the web for companies that had inadvertently
exposed themselves in this way, siphoning off (probably, no one really
knows) billions of dollars and causing various other kinds of mischief.
Now that process is repeating with the Internet of things (IoT). As
pretty much every device in homes and businesses is imbued with sensors
and connected to internal networks and/or the broader Web, hackers are
exploiting the many resulting vulnerabilities.
But this time around it’s personal, as formerly innocuous things like
TVs, phones and thermostats gain cameras and microphones, creating all
kinds of privacy issues – some of which are potentially (and
catastrophically) financial. Here’s a sampling of what appeared on the
subject in yesterday’s Wall Street Journal:
While Bea Lowick’s customers were busy folding clothes last year, the
security system at her Carbondale, Colo., laundromat was also hard at
Though she didn’t know it, Ms. Lowick’s Digital ID View video
recorder was scanning the internet for places to spread a strain of
malicious software called Mirai, a computer virus that took root in more
than 600,000 devices last year.
Ms. Lowick, 59, said she wasn’t aware the device was doing anything
other than acting up. Her remote-viewing app kept disconnecting. She was
able to reconnect it by restarting the digital video recorder.
“I would have to go in and unplug and plug in the DVR” to fix it, Ms.
Lowick said, adding that she didn’t know that unwanted software was to
The culprit went unnoticed because Mirai usually doesn’t take full
control of its hosts but rather uses their computing power to attack
websites, many of them halfway around the globe. Most victims aren’t
aware they are infected. Researchers at two independent security firms
confirmed a device using the laundromat’s internet address hosted the
Bill Knapp, who installed the laundromat’s surveillance system, said he learned of the virus after being notified by a reporter.
“One of the hardest parts of this business is that everyone loses
their passwords,” said Mr. Knapp, owner of Security Solutions LLC. When
Ms. Lowick forgot her password, he said, Digital ID View would reset the
DVR to its default password, “123456”—a weak but common option that
opens the door to attackers.
A wave of inexpensive webcams, thermostats and other
internet-connected devices are hitting the market, many of them carrying
minimal safeguards against remote hacking. Hundreds of thousands of
these machines already host malicious software, unbeknown to their
Security researchers are constantly finding new flaws in connected
devices. Some allow voyeurs to peer into internet-enabled cameras.
Others give hackers a jumping-off point to infect nearby computers where
bank-account information and other sensitive data can be pilfered.
Researchers in recent weeks discovered a laundry list of
vulnerabilities that leave web cameras and digital video recorders open
to hacking, often because the devices continue to run outdated software.
Earlier this month, independent security researcher Pierre Kim named
seven bugs afflicting more than 1,200 webcam models, allowing attackers
to bypass firewalls, log into the devices with a preprogrammed
“backdoor” account or watch a live stream of the cameras without signing
in at all.
Mr. Kim advised owners of the affected cameras to immediately
disconnect them from the internet, noting that hundreds of thousands of
the devices are vulnerable to one bug and millions more could be
accessed through another security flaw.
Manufacturers are expected to add another 2.5 billion connected
devices, from laptops to lightbulbs, to the market this year, according
to IHS Markit Research. Many are programmed to download the latest
security updates out of the box, but others require their owners to do
To summarize, in today’s world pretty much everything could be
watching you and sharing that data with governments or hackers. And as
embarrassing as it might be to have videos of your private habits appear
on YouTube, having your finances compromised might be a lot worse. What
if, for instance, your laptop watches you sign into your online broker,
or your thermostat sees where you hide the next batch of silver coins?
The upshot: You can save lots of money and invest it brilliantly —
and still lose it to this new generation of predators. There are,
however, some basic precautions that will help. Also from yesterday’s
Spotting computer viruses is getting harder as threats spread from
well-protected PCs and phones to cars and household appliances with
fewer safeguards. Experts say it’s hard for consumers to detect all
viruses, but users can still follow a few low-tech steps to protect
Many computer viruses found on home routers, digital video recorders
and cameras won’t survive a hard reset. That is because the unwanted
software lodges itself in the machine’s temporary memory banks instead
of its permanent storage. Powering off the machines if you suspect an
infection can help clear the most basic malicious software.
Quarantine Before Curing
Malware can reinfect clean devices in seconds, so it is important to
sever the machines’ pathway to the internet before restoring power. You
can still access the equipment’s login screen over home Wi-Fi, but first
you should disconnect your Wi-Fi from the internet to prevent instant
reinfection. And many devices don’t need go back online to work, even if
they’re internet capable. “Pretty much, if you don’t need it or aren’t
using it, don’t be afraid to turn it off, mute it or unplug it,” says
Yolonda Smith, product manager for security firm Pwnie Express.
Fix the Password
Before restoring internet access, use the machine’s control
panel—accessible over Wi-Fi from any nearby laptop or desktop—to reset
the password. Some of the most powerful computer worms spread by
exploiting devices’ default credentials, which can be “admin” and
“12345.” A unique username and password will protect the machine from
many of the threats plaguing the internet.
Most responsible manufacturers offer software patches once they’re
aware of a security vulnerability, but many companies leave it up to the
user to take the initiative. If a company offers smartphone- or
desktop-management software, download it and make sure automatic updates
are enabled. Steer clear of any internet-ready device that isn’t able
to patch itself.
Batten Down the Hatches
Home routers usually ship with a preinstalled firewall—an electronic
barrier that filters unwanted internet traffic. But not all firewalls
are of equal strength. Many homeowners can tweak their router or modem
settings to apply stricter rules to suspicious internet traffic. If
you’re very worried, you can buy specialized firewall equipment, which
has come down in price in recent years.
John Rubino runs the popular financial website DollarCollapse.com. He is co-author, with
GoldMoney’s James Turk, of The Money Bubble (DollarCollapse Press, 2014) and The Collapse of the Dollar and How
to Profit From It (Doubleday, 2007), and author of Clean Money: Picking Winners in the Green-Tech Boom (Wiley,
2008), How to Profit from the Coming Real Estate Bust (Rodale, 2003) and Main Street, Not Wall Street(Morrow,
1998). After earning a Finance MBA from New York University, he spent the 1980s on Wall Street, as a Eurodollar
trader, equity analyst and junk bond analyst. During the 1990s he was a featured columnist with TheStreet.com and
a frequent contributor to Individual Investor, Online Investor, and Consumers Digest, among many other
publications. He currently writes for CFA Magazine.
The author is not affiliated with, endorsed or sponsored by Sprott Money Ltd. The
views and opinions expressed in this material are those of the author or guest speaker, are subject to change and
may not necessarily reflect the opinions of Sprott Money Ltd. Sprott Money does not guarantee the accuracy,
completeness, timeliness and reliability of the information or any results from its use.