Turn off your wifi: Challenges and opportunities in cyber space

What can we learn from ‘ethical hackers’? Two experts explain what the lottery sector can learn from experiences of others.

Turn off your Wi-Fi! Seriously!

Nowadays, it is extremely easy to profile and track any unsuspecting individual using free Wi-Fi in public spaces such as airport or a shopping centre. These profiling and tracking activities are dangerous as they can potentially put at a considerable risk not only the person concerned, but also the company they work for.

Román Ramírez – a ‘sorcerer’ that uses the nickname ‘Patowc’ as he ‘doesn’t want to take himself too seriously’ from Rootedcon, Spain – explains that in the active scanning process (the default in just about any device existing nowadays) the Wi-Fi card transmits several probe requests on the tuned channel. By listening on the Wi-Fi radio spectrum and by scattering around a number of receivers on different channels, a malicious actor is able to log the person’s probe requests and timestamp them, create a unique signature and just wait for it to reappear. In other words – it allows for real-time tracking of ‘the target’, e.g. which shops or hotels does the target go to, how much time does the target spend there, even how fast does the target walks and the relation it has with other targets.

This malicious actor can then even clone an existing Wi-Fi network known by its target, creating an ‘evil twin’ where – as he fully controls the network – he can easily capture confidential data, redirect connections or perform potentially malicious actions on target’s device.

However, even if such tampering can be achieved easily and cheaply, Román remains positive. Namely, in order to disappear from the radar, he suggests for employees with access to sensitive data to use replacement phones and other devices when travelling. Otherwise, one should just turn off Wi-Fi unless actually using it and make sure they have erased all the Wi-Fi networks from their devices’ memory!

Artificial intelligence is the future of cybersecurity, but also of cyberattacks

Juan Carlos Díaz, a Cybersecurity Director at the PWC Business Security Solutions in Spain and an expert on cognitive (security) systems explains that nowadays such systems can process vast amounts of (un)structured data to automate ingesting information to give real-time input. They use advanced analytics to identify potential threats of frauds and help to speed detection of risky user behaviour, data exfiltration and malware detection before damage actually occurs. Until now, such knowledge and insights could have only be obtained following years of experience.

However, as artificial intelligence systems become ever more advanced, Juan Carlos believes there are some serious risks involved and suggests an appropriate way will need to be found to address these in the future, as we will begin to see social engineering computerised attacks, increasingly automated and elaborated. To support his claims, he makes a reference to a recent joint scientific research by the University of Oxford and the Future of Humanity Institute on the intersection between artificial intelligence and cybersecurity, in particular how artificial intelligence systems can be protected against malicious actors, as well as how people could be protected from a faulty or malicious artificial intelligence.

The presentations were given at the 2018 EL/WLA Security and Integrity Seminar.

Related Articles

View all

Synopsis

Français

Défis et opportunités dans le cyberespace

De nos jours, il est extrêmement facile de déterminer le profil et suivre tout individu peu méfiant en utilisant le Wi-Fi gratuit dans les espaces publics. Ces activités de profilage et de suivi sont dangereuses, car elles peuvent potentiellement présenter un risque considérable, non seulement pour la personne concernée, mais également pour l’entreprise pour laquelle celle-ci travaille. Román Ramírez explique les modalités et recommande la prudence : les employés ayant accès à des données sensibles doivent utiliser des téléphones de remplacement et d’autres appareils lors de leurs déplacements ; sinon, ils doivent désactiver le Wi-Fi sauf quand ils l’utilisent réellement, et s’assurer qu’ils ont effacé tous les réseaux Wi-Fi de la mémoire de leurs appareils. Juan Carlos Díaz explique qu’aujourd’hui les systèmes cognitifs (de sécurité) sont en mesure de traiter de grandes quantités de données (non) structurées afin d’automatiser l’ingestion d’informations pour fournir des apports en temps réel, une action qui jusqu’à présent n’était possible que grâce à des années d’expérience. Cependant, si l’intelligence artificielle constitue l’avenir de la cybersécurité, elle est également l’avenir des cyberattaques.

Español

Desafíos y oportunidades en el ciberespacio

Hoy en día es sumamente fácil elaborar un perfil y hacer un seguimiento de cualquier persona incauta usando el Wi-Fi gratuito de los espacios públicos. Dichas actividades de elaboración de perfil y seguimiento son peligrosas ya que pueden poner en un riesgo considerable no solo a la persona involucrada, sino también a la empresa para la que trabaja la persona. Román Ramírez explica las modalidades y aconseja tomar precauciones: los empleados con acceso a información confidencial deberían usar móviles de repuesto y otros dispositivos cuando estén de viaje; a falta de esa medida, deberían siempre desactivar el Wi-Fi a menos que de hecho lo estén usando y deberían asegurarse de borrar todas las redes Wi-Fi de la memoria de su dispositivo. Juan Carlos Díaz explica que hoy en día los sistemas cognitivos (de seguridad) son capaces de procesar enormes cantidades de información (des)estructurada para automatizar la asimilación de información y dar información en tiempo real, una acción que hasta hace poco solo había sido posible tras años de experiencia. Sin embargo, mientras que la inteligencia artificial es el futuro de la seguridad cibernética, también es el futuro de los ataques.

Deutsch

Herausforderungen und Gelegenheiten des Internets

Es ist heutzutage unglaublich einfach, nichtsahnende Personen, die an öffentlichen Plätzen in kostenlosem WLAN surfen, zu profilieren und ihr Verhalten nach zu verfolgen. Profiling und Nachverfolgung sind mit Risiken verbunden, da sie nicht nur die Person selbst in Gefahr bringen können, sondern auch ihren Arbeitgeber. Román Ramírez klärt über die verschiedenen Möglichkeiten auf und rät zur Vorsicht: Mitarbeiter mit Zugriff auf sensible Daten sollten Firmen-Handys und andere Firmen-Geräte unterwegs nicht nutzen. Sollte eine Nutzung unumgänglich sein, sollte das WLAN nur dann aktiviert werden, wenn es tatsächlich benötigt wird, und der Benutzer sollte sicherstellen, dass alle WLAN-Netzwerke aus dem Speicher des Geräts entfernt wurden. Juan Carlos Díaz berichtet, dass kognitive (Sicherheits-)Systeme heutzutage riesige Mengen (un-)strukturierter Daten verarbeiten können. So wird die Datenaufnahme automatisiert und in Echtzeit Erkenntnisse generiert, was früher nur auf Basis langjähriger Erfahrung möglich war. Doch während die künstliche Intelligenz die Zukunft der Cybersicherheit darstellt, können Kriminelle auch bei Cyberangriffen auf sie zurückgreifen.

Other Articles

View all

INTRALOT | The challenge of privacy and security in a modern gaming world

THE INCREASING SIGNIFICANCE OF PERSONAL DATA PROTECTION In our heavily-loaded-information era, global players deal with a large amount of information in their daily lives; they produce, process and s......

Read more Synopsis: fr / es / de

Webinar 23 April – Lotteries In COVID-19 Lockdown

In a webinar on Thursday 23 April (14:00 GMT, 15:00 CET), conducted in association with EL, VIXIO GamblingCompliance brings together lottery industry experts and executives. Register here =>>......

Read more

EL/WLA Marketing Seminar: “It’s all about the Player”

The 2020 Annual EL/WLA Marketing Seminar, held in London, saw a vibrant mix of senior industry figures and speakers from leading-edge agencies and consultancies combine to create a dynamic event for the assembled international delegates....

Read more Synopsis: fr / es / de

Lotteries and COVID-19: From tactical to strategic continuity

As the COVID-19 outbreak continues to have a dramatic impact worldwide, EL has produced an overview of operational continuity elements that could be – and many of them already are – implemented by individual lotteries to enhance their capability of an effective response....

Read more Synopsis: fr / es / de

“Reflecting on 11 years at the European Lotteries’’ | An interview with former EL Deputy Secretary General Jutta Buyse

Since 2016 Jutta Buyse was the Deputy Secretary General of EL and represented the Association in the Brussels office since 2009. During this time, Jutta led the public affairs for EL and experienced historic moments for the Association at European level....

Read more Synopsis: fr / es / de

EL Communications Seminar: The Good, The Bad and The Ugly!

At a time when digital communication is rapidly evolving and social media is one of the biggest sources of new, it is increasingly important to distinguish fact from fiction. The objective of this year’s EL Seminar was to focus on ‘‘the good, bad and the ugly’’ sides of communications....

Read more Synopsis: fr / es / de

Introduction to the new General Manager of Loteria Romana

Since 10 January 2020 Sebastian – Iacob Moga is the new General Manager of the C.N.  "Loteria Română" S.A., being appointed to this position by the Board of Administrators....

Read more Synopsis: fr / es / de

EL Report on the Lottery Sector in Europe

Every year EL members provide an overview of how they work and demonstrate the importance of lotteries for the benefit of society....

Read more Synopsis: fr / es / de

EL supports ENGSO-led Erasmus+ Sport project launched to foster mental well-being in sport

EL has become a reliable and invaluable advocate for the role of sport in society and it has lent its backing as a ‘Supporting Partner’ to the SPIRIT project, co-funded by the Erasmus+ Programme....

Read more Synopsis: fr / es / de

A partnership for society: EL and ENGSO commit to enhancing the role of grassroots sport in 2020–2021

EL and ENGSO, the European Sports NGO are further extending their partnership with a new two-year agreement (2020-21)....

Read more Synopsis: fr / es / de

Scientific Games | Data in Motion Reimagines Play

C-stores and supermarkets are modernizing to attract consumers who have come to expect more conveniences. The lottery category has the opportunity to create better experiences for players and efficiencies for retailers....

Read more Synopsis: fr / es / de

IGT | Lottomatica: Boosting Support for Women in the Workplace

Italian operator Lottomatica uses a range of programmes and tools to promote gender balance and offer personal and professional support for female employees....

Read more Synopsis: fr / es / de

EL Statement: Postponement of Seminars & Events until 1 July due to COVID-19

Due to the recent outbreak and rapid spread of the Coronavirus COVID-19, the EL Executive Committee has taken the decision to postpone all EL seminars and events until 1 July 2020. It is further decided that the EL Industry Days will not take place this year due to the uncertain situation....

Read more Synopsis: fr / es / de