Trekkies and modest Star Trek fans may recall the plot in an episode known as “The Enemy Within” where a malfunction in a transporter causes Captain Kirk to be split into two - a good Captain Kirk and an evil Captain Kirk. After incapacitating several crew members and otherwise disrupting the starship Enterprise, evil Captain Kirk becomes weak and, ultimately, his physical being ceases to exist. Were it not for the transporter malfunction, evil Captain Kirk wouldn’t have had the opportunity to wreak havoc from within the Enterprise. The same can be said for technological evils and our electronic devices. From malware to zero day attacks (when, through holes in software unknown to the vendor and the user, hackers exploit the holes and attack), the devices we utilize for personal use, employment-related use, or both, are vulnerable to risks posed by increasingly savvy and brazen hackers trolling for information about you, your customers and your clients.
Malware and zero day attacks are cause for concern because successful attacks can result in the attacker overhauling your entire device or network. Once accomplished, an attacker can potentially control the device by deleting or altering data, creating new files, accessing private and sensitive information, and running any number of other commands. With malware, viruses can be picked up by a user partaking in the most innocent of activities. Take, for example, an individual searching the web for information about global warming and the resulting impact on polar ice caps. Innocent, right? Except what this person found was a PowerPoint presentation with an embedded virus. Once the PowerPoint is downloaded, the user’s entire system is susceptible to that virus’s arsenal.
Another example of how a user’s otherwise innocent activities can lead to disaster is vulnerability in USB devices, known as BadUSB. What happens is the user connects a USB device to their computer and, in the event there is malware on their computer designed to infect USB devices, voila! The malware attaches to their USB device and has been programmed to infect every file or program the USB device has access to on their system, and that’s just the beginning. This type of attack operates silently and, in the rare event it is detected, can’t be deleted. Imagine the ramifications of BadUSB in the context of a vehicle’s computer system. Connect a malware-infected USB device to your vehicle’s USB port and the vehicle’s computer system is essentially hijacked—braking, steering, the works.
While many devices we use likely have some protections in place for the purpose of fending off any number and variety of technological evils, hackers are extremely good at what they do and, unfortunately, the threat of an evil Captain Kirk is not only always present, but attacks are often executed. While difficult to combat the enemy within, there are best practices recommended by industry professionals. In the case of a zero day attack, vendors typically have the resources to execute protocols, such as searching for and providing updates for purposes of patching holes in vulnerable software. These actions quickly help and effectively protect users from hacker attacks. For prevention of malware attacks, users should, at a minimum, avoid unknown or non-trustworthy websites and files, utilize up-to-date security software, turn on their firewall and avoid peer-to-peer communications.
Neda Shakoori is an attorney with McManis Faulkner. Her practice focuses on civil litigation with an emphasis on commercial and business law matters. She is currently leading the firm’s eDiscovery Initiative and oversees all ESI-related issues in the firm’s cases. She also presents MCLE programs relating to eDiscovery. For more information, please visit mcmanislaw.com.