Category Archives: Business

Stealing all your firm’s secrets

These days, you don’t need to sit outside in a van with your headphones on, listening to static for an hour before the battery runs out and the tape recorder gives a tell-tale clunk.

Tiny matchbox-sized gadgets are now capable of transmitting audio and video for hours on end to the other side of the world.

Not only that, but we are all constantly connected to the internet via mobile phones and computers, and happily share details of our work and home life on social media – all valuable information for spies.

For experts like Alex Bomberg, whose company International Intelligence provides counter espionage services to large organisations, the result is that the threats to company security are now almost too many to count.

He is casting his eye over one corporate head office to demonstrate the kind of things he “sweeps” for when giving security advice.

The organisation doesn’t want to be named – no-one is keen to have their security weaknesses pointed out publicly. Despite having identity passes and security guards, the company is still vulnerable, he says.

Traditional vulnerabilities, such as sensitive documents casually thrown into the bin or poorly paid cleaning and security staff being bribed to steal secrets, are now being amplified by technology.

Almost every meeting room is furnished with a conference phone that could be hacked. Anyone with a portable memory stick and a few minutes at a work station could download vast amounts of data or upload a virus. If you chuck out an old photocopier these days, the hard drive can hold years of stored data.

And corporate spies are continually developing new tech-based tricks.

“You pre-load a USB [memory] stick [with malware], and leave it where someone will find it,” says Mr Bomberg. “It’s human nature to wonder whose it is… especially if it says Accounts or HR on it.”

And then there’s the smartphone.

“They are very, very dangerous things,” he says. “You are bringing basically a transmitting device into a building.”

We are all effectively carrying the perfect James Bond gadget in our pockets.

“A lot of the larger companies now are creating sterile areas in which to hold a meeting. You can’t even take your mobile phone in, which is very good practice, because what have we got on our phones? A microphone.”

When it comes to business travel, executives are routinely advised nowadays to check a hotel suite thoroughly for listening devices, not to leave their laptop unattended, and to shun public wi-fi networks.

‘They’re investigating you’

But the most effective corporate espionage attacks of recent times have relied as much on human frailty as technology.

Former FBI agent Eric O’Neill is National Security Strategist at the Washington-based cybersecurity company, Carbon Black.

He says the race between virus and antivirus software has reached a stalemate – the new battleground is personal.

“Today, attackers are using sophisticated, ‘spear-phishing’ attacks,” says Mr O’Neill.

 

These are emails that have been carefully tailored to chime in with your own interests and experiences, using personal details gleaned about you from social media and elsewhere.

“They’re investigating you,” he says. “They’re learning about an individual and putting together emails that people will click on.”

The email might suggest your local golf shop is having a sale, for example, or that the renovation work on your office building is near completion. The aim is usually to entice you to click on a link containing malware.

In 2014, the US accused five Chinese military officers of spying on US industrial giants – including Alcoa, Solarworld, US Steel and Westinghouse – by sending emails that appeared to come from executives within the company, the US indictment said.

Hech helping Your Work

But not through my ears. I’m wearing a SubPac, which is strapped on to my back and allows me to feel the beat of the music as it thumps through my body.

Chris is trying to replicate what it would feel like if, like him, I were deaf. And this is his aim – to give the opportunity for deaf dancers in his classes to feel the music so they can learn his choreography with ease.

“Dance classes are always so fast-paced, and without being able to hear the music you end up just being out of time,” says Chris.

The SubPac, which is widely used in the music world to help music producers feel the music without damaging their ears, works by transferring low, bass frequencies directly to your body, providing the physical dimension to sound.

As soon as his aunty introduced him to music videos, dancing became a passion for Chris. But when he became deaf at a young age, after having meningitis, he thought his dreams of dancing and choreography were over.

Through his love of dance, Chris persevered, joining dance classes at the back and allowing his natural ability to shine through.

But he knew that not every deaf dancer would be as confident as him without being able to hear the music.

James Williams, who does business development for SubPac, tells the BBC: “Giving Chris, and those with hearing impairments the ability to experience something that we all take for granted is a rare opportunity.

“Since the focus is on physicality, the SubPac is great for helping dancers with hearing problems to dance in time to the beat.”

Sport for all

And technology is giving people with all kinds of disabilities the chance to stay active and keep fit.

Take Simon Wheatcroft, who lost his sight at 17.

Simon was born with the genetic degenerative eye condition retinitis pigmentosa (RP), which causes gradual deterioration of the retina. But that hasn’t stopped Simon becoming an ultra-marathon runner.

“I started running for something to do. I used a guide dog to run outside or went running with other people,” he says.

 

He has run the New York marathon and many much longer races, normally with a human guide. But what happens when you want to run solo?

In a bid to do a 155-mile ultra-marathon in the Namibian desert this May he turned to IBM Bluemix – the tech giant’s app development arm – to help him create an app.

Called eAscot after his guide dog, the app uses sensors, similar to car parking sensors, and satellite navigation to help him stay on course.

A desert race can be broken down into a series of straight lines, each with its own bearing on a compass. If he veers off to the right, the app emits a high-pitched beep that increases in frequency the further away he goes. If he runs too far left, low pitch beeps warn him.

Silence means he’s heading in the right direction.

“I was tired and in pain after the marathons, but I was also happy knowing I had achieved something that once seemed impossible, made possible thanks to technology,” says Simon.

“What sticks with me is the feeling of accomplishment,” he adds. “Being able to do something that had never been done before. To create an application in a matter of weeks that changed what was possible for visually impaired runners felt even better than completing any race.”

In it to win it

Paralympians, too, are using technology to help them compete at the highest level.

Advances in 3D printing, lightweight materials and computer design are having an impact in a number of areas, from tailor-made racing wheelchairs to aerodynamic prosthetic limbs.

“The technology being used, such as 3D tech, is evolving every year and we will see a wide range of new advancements at the upcoming Paralympics that will aid those competing to achieve even greater records across all disciplines,” says Nick Braund, head of tech and innovation at PHA Media.

Designworks carried out full body scans of track and field athletes in the US Paralympics team to create the sporty racing wheelchairs.

But what about assistive technology for everyday sports?

Firms cash to fraudsters

“Hi, are you busy? I need you to process a wire transfer for me urgently. Let me know when you are free so I can send the beneficiary’s details. Thanks.”

Many of us would jump to it, eager to please.

But this message has all the hallmarks of CEO fraud, one of the most common forms of business email fraud targeting thousands of companies around the world every day.

Last year, Barbie manufacturer Mattel sent more than $3m (£2.3m) to a fraudulent account in China, after a finance executive was fooled by a message supposedly sent by new chief executive Christopher Sinclair.

Mattel eventually got its money back from China – where the company has significant business interests – but most companies usually have to take the hit after falling victim.

Earlier this year, for example, Austrian aerospace parts maker FACC fired its president and chief financial officer after losing a thumping €42m (£36m) in a business email fraud.

Some smaller companies targeted have gone bust as a result.

“Criminals have realised that hitting businesses rather than individuals can mean much bigger wins,” says Orla Cox, director of security response at cyber security specialist Symantec.

The US Federal Bureau of Investigation (FBI) says CEO fraud has shot up by 270% since January 2015 and has cost businesses around the world at least $3bn (£2.3bn) over the past three years.

Out of control

Simply tricking companies into sending invoice payments to the wrong people costs UK companies about £9bn a year, according to research from invoicing company Tungsten Network.

And procurement fraud – charging for stuff that was never delivered; taking a bribe for awarding a contract to a particular supplier; or encouraging suppliers to charge over the odds then creaming off the difference – accounts for 88% of total UK fraud losses.

“Procurement fraud is becoming a big problem, with at least 20% of corporate spend categorised as ‘unmanaged’,” says Philip Letts, chief executive of enterprise services platform, Blur Group.

‘Unmanaged’ means there is insufficient monitoring of the tendering process and whether the terms of the contract have been fulfilled, for example. Quite often smaller jobs are given to suppliers without any written contract at all and paid for cash-in-hand.

“This puts businesses at high risk of procurement fraud,” says Mr Letts.

Lots of such payments add up to a big amount of cash potentially lost down the back of the corporate sofa.

Blur’s platform helps companies find vetted service providers and manage the entire contract from pitch to payment, theoretically making invoice fraud easier to spot and harder to perpetrate.

‘Suspicious’

Most business email fraud is relatively lo-tech, relying on psychological manipulation and people’s willingness to get the job done.

But Jim Wadsworth, managing director at Accura, the data analysis arm of payments giant VocaLink, believes his company’s hi-tech solution could prove the best way to combat it.

Called Accura Invoice Payment Profiling, it is an anti-fraud analytics system that uses VocaLink’s massive store of payments data to identify and flag fraudulent payments before the money is even transferred.

“We are working with one of the country’s largest banks to prevent these frauds by scanning transactions and contacting the bank directly when we see something suspicious,” Mr Wadsworth says.

Home be a weapon of web destruction

Do you use a webcam to check on Tiddles the cat or Bonzo the dog while you’re at work?

If so, you could be unwittingly turning your internet-connected “smart” home into a weapon of web destruction.

That’s the unsettling conclusion to be drawn from the recent web attacks that made use of a botnet army of compromised connected devices, from webcams to printers, to knock out a number of popular websites.

The smart home, it seems, is pretty dumb when it comes to security.

Wi-fi routers, digital video recorders, controllable lighting, security cameras – all these devices offer a potentially easy way in to your network and then the wider internet.

As the Internet Society warned last year: “The interconnected nature of IoT [internet of things] devices means that every poorly secured device that is connected online potentially affects the security and resilience of the internet globally.”

Yes, checking on Frou-Frou, your Miniature Schnauzer, via a poorly secured webcam could help break the internet. Forget Kim Kardashian.

In the good old days, hackers could launch a distributed denial-of-service (DDoS) attack – overloading computer servers with millions of pointless requests for information, thereby knocking them out – using personal computers infected with malware.

Nowadays, they also have the IoT to play with – the increasingly diverse array of web-connected devices, from industrial sensors to clever fridges, thermostats to baby monitors.

Research consultancy Gartner forecasts that there will be nearly 21 billion connected things in use worldwide by 2020, up from about seven billion now.

So the hackers are moving away from better-policed corporations and governments to easier targets – and they don’t come easier than the IoT-connected smart home.

So what should we be doing to protect ourselves?

Building defences

One quick and easy thing we can all do is change default passwords as soon as we buy an IoT gadget.

“The first rule of security is ‘do not use default accounts or passwords’. They are posted on the internet, so the bad guys don’t have to scan for credentials of assets to compromise,” says Gary Hayslip, IoT specialist and chief information security officer for the City of San Diego.

Simple tools such as Bullguard’s IoT Scanner software can also help spot weaknesses.

The scanner detects any devices on a smart home network that are publicly exposed using the vulnerability service Shodan, the Google for finding unprotected computers and webcams.

If the scan identifies any exposed devices specified by the vendor, then you should immediately change log-ins and passwords. BullGuard has also published an IoT manual that gives a checklist on what to check and how.

Interestingly, the company recently acquired Israeli start-up Dojo-labs and will soon announce a smart network security device that plugs in to a wi-fi router to protect all connected devices on a home network.

All internet traffic on the home network is routed via Dojo, allowing it to secure the network against cyber-attacks and protect the user from privacy breaches.

When malicious activity or a privacy breach is detected, Dojo automatically blocks it and notifies the owner through a mobile app, the company says.

“The recent internet outage caused by the Mirai botnet enhances the fact that IoT security needs to be taken more seriously,” says Bullguard chief executive Paul Lipman.

“The Mirai botnet consists of easily hackable low-end security cameras with no changeable passwords. A home security device such as Dojo has the ability to instantly detect and block an attack such as Mirai.”

And Martin Talks, founder of digital consultancy Matomico, offers this advice for smart home owners.

“Only point connected cameras where they are really needed. It was Edward Snowden who alerted us to the fact that cameras can be taken over and our presence in our houses monitored. If you don’t need a camera active, tape over it.

“Think about what devices you really need to connect to the internet,” he adds. “And if you decide you do need to connect a device, use the connectivity only when you need it… turn it off at night.”

Other ways to increase IoT security including keeping product software and firmware up-to-date and buying from trusted brands and trusted platforms.

Do away with smartphone apps

Is the smartphone app doomed?

To look at the stats you wouldn’t think so: Apple has two million of them in its App Store and Google Play has a few hundred thousand more than that. Total app downloads have passed the 150 billion mark.

But some are wondering whether apps are about to be replaced by something smaller, smarter and faster.

Bots.

These programs, thanks to AI [artificial intelligence] software in the cloud, can chat to humans via text, extract the meaning and then act on it.

They are little digital helpers.

Any time you see a live chat box open up on a retailer’s website, or order a taxi or flowers through chat platforms such as WeChat and Facebook Messenger, you’re most likely talking to a bot.

App fatigue?

Despite the vast choice of apps open to us, the average number we use is 27, according to research by Nielsen. This hasn’t changed for years.

And the problem with apps – and their seemingly endless updates – is that they eat up our smartphone storage capacity alarmingly quickly.

Developers often get a raw deal as well. One estimate suggests that 94% of the cash generated by apps in Apple’s App Store goes to just 1% of publishers, and those firms also get 70% of all downloads.

“One of the worst things about the App Store is the App Store itself, because it’s such a walled garden,” says Ted Nash of Tapdaq, who was a veteran app developer while still a teenager.

Apple’s oversight of all apps slows down development and forces programmers to include specific chunks of code that look after adverts, usage statistics and other metrics, he says.

Add to this the trouble of making apps work across lots of different devices and keeping up with changes to Apple software, and it’s no wonder some people are disillusioned, he says.

So is app fatigue setting in?

The joy of text

“Apps used to be the big thing,” says Kriti Sharma, head of mobile development at accounting software firm Sage. “But many more people are messaging than are posting on social media these days.”

This is why she thinks bots are the natural successors to apps – the interface is instantly familiar to customers.

Ms Sharma started her coding career at Barclays, where she co-created its Pingit banking app and oversaw its mobile portfolio.

 

For companies or brands that want meaningful interaction with customers, a conversation mediated by a bot could work well, she believes.

Sage is developing a bot called Pegg that acts as a smart business assistant. It will help small business owners keep track of outgoings and expenses, making tracking cashflow easier.

“Bots don’t have to be super-complicated,” says Ms Sharma. “But over time they must add a lot more value for a customer.”

 

Bots are more credible because good progress has been made in writing artificially intelligent software, she says. And also because many companies now have huge amounts of data they can use to fine-tune bot responses.

Another advantage bots have over apps is the speed with which they can be developed, deployed and updated, she argues.

‘Bots are the new black’

This growing interest is being inflated by work at Facebook, Microsoft and Google, as well as by newer firms such as Slack and HipChat. And start-ups such as Begin, Growbot, Butter, Wisdom and Operator are also helping to take bots mainstream.

One catalyst for the interest was Facebook’s announcement earlier this year of a bot framework that streamlines the bot-creation process.

One report suggests that this massive amount of interest has unleashed a $4bn (£3bn) flood of venture capital funding into big and small bot developers.

“Bots are the new black,” says Jon Moore, chief product officer at rail ticket booking service, The Trainline.

Although most people now use The Trainline via a smartphone and many regular users have installed its app, the company is keen to investigate what bots can do, Mr Moore says.

For booking train tickets, a website or an app is profoundly better than using a bot, he maintains, but there are times when an app falls short and a conversation handled by a bot may be better.

“We’re just at the point of saying it’s another interesting piece of technology,” he tells the BBC. “We expect that they are going to be useful to us, though it won’t work for every context and circumstance.”

‘Immensely complicated’

Tapdaq’s Ted Nash warns that though bots might look straightforward, they’re not necessarily an easier option.

“A bot is a much more simple technology from a customer perspective, but the AI that powers it is immensely complicated to do,” he says.

That difficulty often means that bots are pretty crude.

“A lot of them now have pre-defined inputs and responses,” says Mr Nash. “The only way they are going to become truly ubiquitous is when they can respond as a human would.”