Turn off your wifi: Challenges and opportunities in cyber space

What can we learn from ‘ethical hackers’? Two experts explain what the lottery sector can learn from experiences of others.

Turn off your Wi-Fi! Seriously!

Nowadays, it is extremely easy to profile and track any unsuspecting individual using free Wi-Fi in public spaces such as airport or a shopping centre. These profiling and tracking activities are dangerous as they can potentially put at a considerable risk not only the person concerned, but also the company they work for.

Román Ramírez – a ‘sorcerer’ that uses the nickname ‘Patowc’ as he ‘doesn’t want to take himself too seriously’ from Rootedcon, Spain – explains that in the active scanning process (the default in just about any device existing nowadays) the Wi-Fi card transmits several probe requests on the tuned channel. By listening on the Wi-Fi radio spectrum and by scattering around a number of receivers on different channels, a malicious actor is able to log the person’s probe requests and timestamp them, create a unique signature and just wait for it to reappear. In other words – it allows for real-time tracking of ‘the target’, e.g. which shops or hotels does the target go to, how much time does the target spend there, even how fast does the target walks and the relation it has with other targets.

This malicious actor can then even clone an existing Wi-Fi network known by its target, creating an ‘evil twin’ where – as he fully controls the network – he can easily capture confidential data, redirect connections or perform potentially malicious actions on target’s device.

However, even if such tampering can be achieved easily and cheaply, Román remains positive. Namely, in order to disappear from the radar, he suggests for employees with access to sensitive data to use replacement phones and other devices when travelling. Otherwise, one should just turn off Wi-Fi unless actually using it and make sure they have erased all the Wi-Fi networks from their devices’ memory!

Artificial intelligence is the future of cybersecurity, but also of cyberattacks

Juan Carlos Díaz, a Cybersecurity Director at the PWC Business Security Solutions in Spain and an expert on cognitive (security) systems explains that nowadays such systems can process vast amounts of (un)structured data to automate ingesting information to give real-time input. They use advanced analytics to identify potential threats of frauds and help to speed detection of risky user behaviour, data exfiltration and malware detection before damage actually occurs. Until now, such knowledge and insights could have only be obtained following years of experience.

However, as artificial intelligence systems become ever more advanced, Juan Carlos believes there are some serious risks involved and suggests an appropriate way will need to be found to address these in the future, as we will begin to see social engineering computerised attacks, increasingly automated and elaborated. To support his claims, he makes a reference to a recent joint scientific research by the University of Oxford and the Future of Humanity Institute on the intersection between artificial intelligence and cybersecurity, in particular how artificial intelligence systems can be protected against malicious actors, as well as how people could be protected from a faulty or malicious artificial intelligence.

The presentations were given at the 2018 EL/WLA Security and Integrity Seminar.

Related Articles

View all

Synopsis

Français

Défis et opportunités dans le cyberespace

De nos jours, il est extrêmement facile de déterminer le profil et suivre tout individu peu méfiant en utilisant le Wi-Fi gratuit dans les espaces publics. Ces activités de profilage et de suivi sont dangereuses, car elles peuvent potentiellement présenter un risque considérable, non seulement pour la personne concernée, mais également pour l’entreprise pour laquelle celle-ci travaille. Román Ramírez explique les modalités et recommande la prudence : les employés ayant accès à des données sensibles doivent utiliser des téléphones de remplacement et d’autres appareils lors de leurs déplacements ; sinon, ils doivent désactiver le Wi-Fi sauf quand ils l’utilisent réellement, et s’assurer qu’ils ont effacé tous les réseaux Wi-Fi de la mémoire de leurs appareils. Juan Carlos Díaz explique qu’aujourd’hui les systèmes cognitifs (de sécurité) sont en mesure de traiter de grandes quantités de données (non) structurées afin d’automatiser l’ingestion d’informations pour fournir des apports en temps réel, une action qui jusqu’à présent n’était possible que grâce à des années d’expérience. Cependant, si l’intelligence artificielle constitue l’avenir de la cybersécurité, elle est également l’avenir des cyberattaques.

Español

Desafíos y oportunidades en el ciberespacio

Hoy en día es sumamente fácil elaborar un perfil y hacer un seguimiento de cualquier persona incauta usando el Wi-Fi gratuito de los espacios públicos. Dichas actividades de elaboración de perfil y seguimiento son peligrosas ya que pueden poner en un riesgo considerable no solo a la persona involucrada, sino también a la empresa para la que trabaja la persona. Román Ramírez explica las modalidades y aconseja tomar precauciones: los empleados con acceso a información confidencial deberían usar móviles de repuesto y otros dispositivos cuando estén de viaje; a falta de esa medida, deberían siempre desactivar el Wi-Fi a menos que de hecho lo estén usando y deberían asegurarse de borrar todas las redes Wi-Fi de la memoria de su dispositivo. Juan Carlos Díaz explica que hoy en día los sistemas cognitivos (de seguridad) son capaces de procesar enormes cantidades de información (des)estructurada para automatizar la asimilación de información y dar información en tiempo real, una acción que hasta hace poco solo había sido posible tras años de experiencia. Sin embargo, mientras que la inteligencia artificial es el futuro de la seguridad cibernética, también es el futuro de los ataques.

Deutsch

Herausforderungen und Gelegenheiten des Internets

Es ist heutzutage unglaublich einfach, nichtsahnende Personen, die an öffentlichen Plätzen in kostenlosem WLAN surfen, zu profilieren und ihr Verhalten nach zu verfolgen. Profiling und Nachverfolgung sind mit Risiken verbunden, da sie nicht nur die Person selbst in Gefahr bringen können, sondern auch ihren Arbeitgeber. Román Ramírez klärt über die verschiedenen Möglichkeiten auf und rät zur Vorsicht: Mitarbeiter mit Zugriff auf sensible Daten sollten Firmen-Handys und andere Firmen-Geräte unterwegs nicht nutzen. Sollte eine Nutzung unumgänglich sein, sollte das WLAN nur dann aktiviert werden, wenn es tatsächlich benötigt wird, und der Benutzer sollte sicherstellen, dass alle WLAN-Netzwerke aus dem Speicher des Geräts entfernt wurden. Juan Carlos Díaz berichtet, dass kognitive (Sicherheits-)Systeme heutzutage riesige Mengen (un-)strukturierter Daten verarbeiten können. So wird die Datenaufnahme automatisiert und in Echtzeit Erkenntnisse generiert, was früher nur auf Basis langjähriger Erfahrung möglich war. Doch während die künstliche Intelligenz die Zukunft der Cybersicherheit darstellt, können Kriminelle auch bei Cyberangriffen auf sie zurückgreifen.

Other Articles

View all

Insight on the working of the GLMS and how it can benefit EL and its members

The Global Lottery Monitoring System GLMS is the state lotteries’ mutualized monitoring system on sports betting. It aims at detecting and analysing suspicious betting activities that could questi......

Read more Synopsis: fr / es / de

Using Consumer Insights to Fill Gaps in the Draw Portfolio and Offer New Reasons to Play

In a mature and competitive market such as the Italian one, innovation is a key ingredient in the recipe for continued growth. And while innovation is clearly the backbone of the online gaming segme......

Read more Synopsis: fr / es / de

Newly appointed CEO for Eesti Loto in Estonia

Riina Roosipuu has been appointed CEO of Eesti Loto as of November 1st, 2018. She gives us an insight into the future projects of her lottery. Riina Roosipuu, newly appointed CEO of Eesti Loto i......

Read more Synopsis: fr / es / de

Mapping global consumers and markets: one-size does not fit all!

WHO IS THE GLOBAL CONSUMER OF TODAY? Living in a multi-geared world, dominated by different levels of attainment to technology and innovation, is a fact that INTRALOT knows all about.  From a glob......

Read more Synopsis: fr / es / de

Creating a Frictionless Lottery Experience

Though consumers have come to expect technology, such as mobile shopping apps, to enhance their buying experience, they have not abandoned brick-and-mortar stores. Instead, they have merged the onli......

Read more Synopsis: fr / es / de

EL welcomes 3 new Lottery Members

National Lottery JSC – Bulgaria Dimitar Ganev, CEO of the National Lottery in Bulgaria National Lottery JSC operates in Bulgaria, one of the most competitive and regulated lottery markets o......

Read more Synopsis: fr / es / de

A successful first edition of the new European Lotteries Corporate University ELCU

The new European Lotteries Corporate Unversity is EL’s response to the expressed demand for “basic training” for new entrants to our sector. The ELCU will be composed of different modules: Induc......

Read more Synopsis: fr / es / de

First EL Membership satisfaction survey

AA: I noticed when I arrived at EL that while we had always asked our members for feedback after a seminar or a congress for example and we regularly ask them to give us details about their national......

Read more Synopsis: fr / es / de

EL/WLA joint Security and Integrity seminar 2018

Spanish “white-hat” hacker Roman Ramirez of Patowc and Rootedcon, Spain, presented the building blocks of cyber security and cyber vulnerabilities. He demonstrated how hackers can identify and phy......

Read more Synopsis: fr / es / de

EL partners-up with the Council of Europe: fight against the manipulation of sports competitions by promoting & implementing the Macolin Convention

The Conference was organized around 11 workshops involving approximately 160 participants; the exchanges were positive and constructive, reflecting the mutual respect that stakeholders developed towar......

Read more Synopsis: fr / es / de

Preparations for the 10th EL Congress in Antwerp 2019 in full swing

The Congress will take place at the Elisabeth Center, a large conference centre right in the heart of the city and with a direct access to the Zoo of Antwerp. Many of the EL associate members have a......

Read more Synopsis: fr / es / de

EL Retail Seminar 2018

Keynote speaker Scott Annan emphasised the importance for lotteries of adapting to the move to “food” by retailers; the reduction in the average size of stores; the importance of convenience and h......

Read more Synopsis: fr / es / de

EL Legal and Regulatory Affairs Seminar 2018

The Seminar kicked off with a heated discussion on the Italian gambling advertising ban, set to take full effect in July 2019, and the expected impacts thereof, both internally and across other Member......

Read more Synopsis: fr / es / de

Upcoming EL Seminars & Events

Reserve your spot now for the EL Seminar that could change the course of your Lottery! EL and its Members are producing many educational programs designed to tackle real-world issues in a meaningful......

Read more