Whole multi-storey buildings are not protected from cyber attacks

In 2013, Google Corp. underwent an unusual attack. There was no hacked search site, access to the ad platform or to users of the Google+ social network. Nothing of the sort happened. The hacker attack was aimed at an office building owned by the corporation.

Operation to find vulnerable objects

In fact, the infiltration was by sheer coincidence, when experts in the field of cybersecurity searched for vulnerable objects around the world. Thus, Billy Rios and his colleague with the help of the search engine Shodan penetrated into the computers that control the Sydney office of the company. First, experts compiled a list of devices connected to the Internet. Then in the course went his own program, analyzing the data. When it became clear that the building belongs to Google, the company's management was immediately informed. Hacking opened access to control systems. And if it happened once, then without proper protection, it will happen the next time. With the amendment that hackers may act as attackers.

Weak protection

According to Billy Rios, the owner of Whitescope, at present there are about 50 thousand buildings connected to the Internet all over the world. In addition to the offices of large companies, it can be hospitals, research centers and even churches. You will be surprised, but at least two thousand objects are not protected even by passwords. Burglars can easily access a temperature control system or a door lock system.

What are computerized buildings for?

"Smart home" usually has a subsidiary system that controls heating, lighting and CCTV cameras. All data is transferred to the main office through corporate channels connected to the Internet. Enterprising owners, equipping buildings with such centralized systems, significantly reduce operating costs by reducing the number of staff.

An even more weighty argument in favor of such a system is the ability to regulate the costs of basic communications by means of literate economy. "With reasonable use, heating costs alone can be reduced by almost 50 percent," says Andrew Kelly, chief consultant at Qinetiq, who works in the defense industry.

Two sides of the medal

However, despite the noticeable savings in the company's budget, the centralized system makes the building vulnerable. Let's consider what will happen in the event of potential hacking. In winter, attackers can disable the heating system. You can only sympathize with the residents of the nursing home or hospice. Well, if in the hospital wards electricity is disrupted, it will be impossible to conduct any operation. And we are not talking about electronic systems supporting the vital activity of critical patients. Well, if computer burglars are hijacked and robbed, access to CCTV cameras in the house that is under their "sights" will be the most valuable for them.

The most famous cases of cyber attacks

From the hacker attack at various times, the US Department of Homeland Security, the Target stores, the management system of radio stations in Simferopol, and the hotel complex in Shenzhen (China) suffered. Having access to the system that controls the building of the Ministry of Internal Security in 2013, hackers concluded office workers in a real steam room. Well, the hacked network of American stores Target gave fraudsters data on the loans of millions of its customers. And this fraud has become possible, thanks to access to control systems for heating and ventilation.

Hacking in Ukraine left almost 80,000 residents without electricity. Well, the result of the penetration into the computer system of the hotel complex in Shenzhen was a check of the computer security specialist Jesus Molina. Thus, the expert managed to gain access to two hundred numbers of one of the buildings.

Attackers use blackmail

There are also known cases of cyberattacks with the purpose of selling information to interested persons, as well as blackmail. If a large factory or factory is left without heating or electricity, scammers will ask for a solid reward in exchange for providing an access code.

Conclusion

While such systems will be developed without taking into account elementary security, thousands of innocent citizens will suffer. The password should not be used by default. And corporate networks need to limit access to a centralized system. And if even the most technologically advanced corporations can become victims of cyberattacks, what can we say about simple hospitals or football stadiums?