Turn off your wifi: Challenges and opportunities in cyber space

What can we learn from ‘ethical hackers’? Two experts explain what the lottery sector can learn from experiences of others.

Turn off your Wi-Fi! Seriously!

Nowadays, it is extremely easy to profile and track any unsuspecting individual using free Wi-Fi in public spaces such as airport or a shopping centre. These profiling and tracking activities are dangerous as they can potentially put at a considerable risk not only the person concerned, but also the company they work for.

Román Ramírez – a ‘sorcerer’ that uses the nickname ‘Patowc’ as he ‘doesn’t want to take himself too seriously’ from Rootedcon, Spain – explains that in the active scanning process (the default in just about any device existing nowadays) the Wi-Fi card transmits several probe requests on the tuned channel. By listening on the Wi-Fi radio spectrum and by scattering around a number of receivers on different channels, a malicious actor is able to log the person’s probe requests and timestamp them, create a unique signature and just wait for it to reappear. In other words – it allows for real-time tracking of ‘the target’, e.g. which shops or hotels does the target go to, how much time does the target spend there, even how fast does the target walks and the relation it has with other targets.

This malicious actor can then even clone an existing Wi-Fi network known by its target, creating an ‘evil twin’ where – as he fully controls the network – he can easily capture confidential data, redirect connections or perform potentially malicious actions on target’s device.

However, even if such tampering can be achieved easily and cheaply, Román remains positive. Namely, in order to disappear from the radar, he suggests for employees with access to sensitive data to use replacement phones and other devices when travelling. Otherwise, one should just turn off Wi-Fi unless actually using it and make sure they have erased all the Wi-Fi networks from their devices’ memory!

Artificial intelligence is the future of cybersecurity, but also of cyberattacks

Juan Carlos Díaz, a Cybersecurity Director at the PWC Business Security Solutions in Spain and an expert on cognitive (security) systems explains that nowadays such systems can process vast amounts of (un)structured data to automate ingesting information to give real-time input. They use advanced analytics to identify potential threats of frauds and help to speed detection of risky user behaviour, data exfiltration and malware detection before damage actually occurs. Until now, such knowledge and insights could have only be obtained following years of experience.

However, as artificial intelligence systems become ever more advanced, Juan Carlos believes there are some serious risks involved and suggests an appropriate way will need to be found to address these in the future, as we will begin to see social engineering computerised attacks, increasingly automated and elaborated. To support his claims, he makes a reference to a recent joint scientific research by the University of Oxford and the Future of Humanity Institute on the intersection between artificial intelligence and cybersecurity, in particular how artificial intelligence systems can be protected against malicious actors, as well as how people could be protected from a faulty or malicious artificial intelligence.

The presentations were given at the 2018 EL/WLA Security and Integrity Seminar.

Related Articles

View all

Synopsis

Français

Défis et opportunités dans le cyberespace

De nos jours, il est extrêmement facile de déterminer le profil et suivre tout individu peu méfiant en utilisant le Wi-Fi gratuit dans les espaces publics. Ces activités de profilage et de suivi sont dangereuses, car elles peuvent potentiellement présenter un risque considérable, non seulement pour la personne concernée, mais également pour l’entreprise pour laquelle celle-ci travaille. Román Ramírez explique les modalités et recommande la prudence : les employés ayant accès à des données sensibles doivent utiliser des téléphones de remplacement et d’autres appareils lors de leurs déplacements ; sinon, ils doivent désactiver le Wi-Fi sauf quand ils l’utilisent réellement, et s’assurer qu’ils ont effacé tous les réseaux Wi-Fi de la mémoire de leurs appareils. Juan Carlos Díaz explique qu’aujourd’hui les systèmes cognitifs (de sécurité) sont en mesure de traiter de grandes quantités de données (non) structurées afin d’automatiser l’ingestion d’informations pour fournir des apports en temps réel, une action qui jusqu’à présent n’était possible que grâce à des années d’expérience. Cependant, si l’intelligence artificielle constitue l’avenir de la cybersécurité, elle est également l’avenir des cyberattaques.

Español

Desafíos y oportunidades en el ciberespacio

Hoy en día es sumamente fácil elaborar un perfil y hacer un seguimiento de cualquier persona incauta usando el Wi-Fi gratuito de los espacios públicos. Dichas actividades de elaboración de perfil y seguimiento son peligrosas ya que pueden poner en un riesgo considerable no solo a la persona involucrada, sino también a la empresa para la que trabaja la persona. Román Ramírez explica las modalidades y aconseja tomar precauciones: los empleados con acceso a información confidencial deberían usar móviles de repuesto y otros dispositivos cuando estén de viaje; a falta de esa medida, deberían siempre desactivar el Wi-Fi a menos que de hecho lo estén usando y deberían asegurarse de borrar todas las redes Wi-Fi de la memoria de su dispositivo. Juan Carlos Díaz explica que hoy en día los sistemas cognitivos (de seguridad) son capaces de procesar enormes cantidades de información (des)estructurada para automatizar la asimilación de información y dar información en tiempo real, una acción que hasta hace poco solo había sido posible tras años de experiencia. Sin embargo, mientras que la inteligencia artificial es el futuro de la seguridad cibernética, también es el futuro de los ataques.

Deutsch

Herausforderungen und Gelegenheiten des Internets

Es ist heutzutage unglaublich einfach, nichtsahnende Personen, die an öffentlichen Plätzen in kostenlosem WLAN surfen, zu profilieren und ihr Verhalten nach zu verfolgen. Profiling und Nachverfolgung sind mit Risiken verbunden, da sie nicht nur die Person selbst in Gefahr bringen können, sondern auch ihren Arbeitgeber. Román Ramírez klärt über die verschiedenen Möglichkeiten auf und rät zur Vorsicht: Mitarbeiter mit Zugriff auf sensible Daten sollten Firmen-Handys und andere Firmen-Geräte unterwegs nicht nutzen. Sollte eine Nutzung unumgänglich sein, sollte das WLAN nur dann aktiviert werden, wenn es tatsächlich benötigt wird, und der Benutzer sollte sicherstellen, dass alle WLAN-Netzwerke aus dem Speicher des Geräts entfernt wurden. Juan Carlos Díaz berichtet, dass kognitive (Sicherheits-)Systeme heutzutage riesige Mengen (un-)strukturierter Daten verarbeiten können. So wird die Datenaufnahme automatisiert und in Echtzeit Erkenntnisse generiert, was früher nur auf Basis langjähriger Erfahrung möglich war. Doch während die künstliche Intelligenz die Zukunft der Cybersicherheit darstellt, können Kriminelle auch bei Cyberangriffen auf sie zurückgreifen.

Other Articles

View all

Publication of the European Lotteries CSR GUIDELINES coming soon

All over the world, more and more companies are integrating sustainable standards and policies in order to carry out their business in a way that will better manage their risks, anticipate consumer......

Read more Synopsis: fr / es / de

New European Commission report on evaluation of regulatory tools for enforcing online gambling

The report is a result of a Call for Tender (No 641/PP/GRO/IMA/17/1131/9610) for a Study to “ascertain which enforcement tools EU/EEA Member States use, how effective they are and how the regulato......

Read more Synopsis: fr / es / de

Scientific Games | Instant Games’ Epic Evolution

Instant Games’ Epic Evolution Back in 1978, when instant “scratch” games were introduced in the European lottery market, ABBA and the Bee Gees topped the charts and a gallon of petrol cost £......

Read more Synopsis: fr / es / de

Upcoming EL Seminars & Events

INSTANT GAMES SEMINAR 27-29 MARCH 2019, ROTTERDAM (NL) Instant Games, or scratch card games, are a growth category, without any doubt. EL figures show a continuous sales increase for instant games o......

Read more

Intralot | Trends vs Fads

The idea that change is accelerating is a common place. A simple search for “exponential change” on any internet engine would yield an infinite number of articles on the topic, written by reputabl......

Read more Synopsis: fr / es / de

EL takes part in the OECD consultation on tax challenges of digitalisation

Possible solutions to the tax challenges of digitalisation In March 2018, the European Commission proposed new rules to ensure that digital business activities are taxed in a fair way in the EU. Gi......

Read more Synopsis: fr / es / de

European Lotteries adds new ‘Executive’ Module to its Corporate University ELCU

The ELCU – EXECUTIVE will be held over 1 ½ days and is designed for professional staff from Lottery Operators, Suppliers and Regulators who have sufficient experience to actively and usefully parti......

Read more Synopsis: fr / es / de

IGT | Are the bats & faangs biting yet?

The major players in today’s advanced and emerging markets are commonly known by two acronyms: “FAANGs” ─ Facebook, Amazon, Apple, Netflix and Google ─ and their Asian counterparts, “BAT......

Read more Synopsis: fr / es / de

EL/WLA Marketing Seminar 2019 – Recurring trends of the seminar

Particular themes stood out consistently among the seminar. Certain trends were obvious, trends all of us should be doing all we can to immerse ourselves in this year to stay with the current cultur......

Read more