Spectre and Meltdown Highlight Online Banking and Digital Gold Risks
– Critical hardware flaw breaks basic security: risks to online banking & digital assets
– Nearly all computers worldwide, smartphones and other devices – exposed to major security risk
– Two separate security flaws identified in devices powered by Intel, ARM and AMD chips
– Vulnerability known about for six months by tech insiders
– Cyber crime represents the biggest transfer of economic wealth in history
– Cyber crime damage costs to hit $6 trillion annually by 2021
– All digital assets and information at risk
– Crypto currencies, digital assets including gold exposed
– Physical gold’s benefits highlighted
Editor: Mark O’Byrne
The Spectre and Meltdown double whammy this week underlines the increasing risks in the global computing infrastructure and our online banking and digital asset world of banking and finance.
On Wednesday, came news that anyone who uses a computer, smartphone, tablet etc has been introduced to the concept of ‘hacked hardware’. Two separate security flaws, named ‘Meltdown’ and ‘Spectre’ have been identified in devices powered by Intel, ARM and AMD chips. The flaws make pretty much any device hackable.
Not only are our ‘things’ affected but data centres and devices that connect to the cloud are also at risk.
The problem was identified by Google engineers and has been known about for approximately six months. Whilst no attacks taking advantage of these security flaws have yet been identified, we are talking about an unprecedented number of computers, devices, people and companies, including banks, being exposed.
The BBC estimates that ‘for personal computers alone: there are 1.5 billion in use today (desktop and laptop combined) and around 90% are powered by Intel chips, IDC estimates. That means exposure to the Meltdown bug is potentially huge.’
Meltdown affects laptops, desktop computers and internet servers with Intel chips. However, Spectre is an arguably bigger threat. It affects chips powered by Intel, ARM and AMD. in smartphones, tablets and computers.
Why is this a big deal?
The weaknesses leave any device with affected chips vulnerable to both hacking and slowdown in performance. The flaw could give cyberattackers unauthorized access to sensitive data.
This is scary as for years users have been used to warnings by the tech industry that there are security holes in software. These are regularly taken advantage of by hackers. But we are now exposed to a flaw in hardware. Hardware troubles are arguably much harder to fix and newer impossible to replace given their extensive presence around the world.
Scott Borg, director of the U.S. Cyber Consequences Unit, is most concerned about hardware vulnerabilities over software ones. He sees the biggest threat in industry.
Borg recently spoke at Stanford University and explained the shift in hackers’ mentality:
“Initially,” he said, “[hackers] focused on operations control, monitoring different locations from a central site. Then they moved to process control, including programmable logic controllers and local networks. Then they migrated to embedded devices and the ability to control individual pieces of equipment…You can imagine countless attacks manipulating physical things,”
Why are hackers turning to hardware over software? Surely software has a greater reach? No, argues Borg. The decision to move to hardware is purely economic. Stock manipulation is a key way cyberattackers can take advantage of a hardware malfunction.
“There is a limit to how much you can steal from credit card fraud; there is no limit to how much you can make in taking a position in a market and making something happen,” Borg says. “You can short a company’s stock in a highly leveraged way, then attack the company in a way that makes stock fall, reinvest on the way down, and multiply your investment hundreds of times. This is a big growth area for cybercrime; it has been done multiple times already, but it is really just starting to get under way. This is going to be a huge area for cybercriminals.”
Previously individuals were worried about the clicking on a dodgy link or downloading an unknown file. Worst case we believed was credit card or identity fraud. Now, we’re looking at elements of our portfolio being attacked – imagine if you have shares affected by this latest round of news regarding chip security.
We are also, very seriously, facing an attack on our homes.
Nowhere is safe
This Christmas showed the smart home had arrived. Sales of Amazon’s Alexa and Google’s Echo made headlines as families realised they could have a smart home for just $500. The total spend on Internet of Things products and services was expected to reach $2 trillion by the end of last month.
Gadgets such as wearables and smart fridges make our busy lives more productive. They’re supposed to free up time for us to do ‘fun’ things but they arguably just create space for more tasks we create for ourselves, one of those being securing our home from hackers.
By the end of 2017 there were expected to be 8.4 billion internet-enabled devices in use, increasing to 20.4 billion by the end of 2020. This all sounds great but its a goldmine for hackers.
Which? carried out a series of tests in a ‘smart home’ last year. Eight out of the fifteen devices were found to have security vulnerabilities.
We can even be taken in by freebies. In 2006 McDonald’s Japan put their customers at major financial risk just by giving them a free mp3 player. Popular Science explains:
In late summer of 2006, the Japanese division of McDonald’s decided to run a new promotion. When customers ordered a Coca-Cola soft drink, they would receive a cup with a code. If they entered that code on a designated website and were among 10,000 lucky winners, they would receive an MP3 player pre-loaded with 10 songs.
Cleverly constructed, the promotion seemed destined for success. Who doesn’t like a Coke and a free MP3 player? But there was one problem the marketers at McDonald’s could not anticipate: In addition to 10 free songs, the music players contained QQPass malware. The moment winners plugged their players into a computer, the Trojan horse slipped undetected into their system and began logging keystrokes, collecting passwords, and gathering personal data for later transmission.
This is just one example but a good one of how easy it is for us to be affected by vulnerable hardware. These microchips that are under threat are in our fridges, our cars, our phone, planes and even missiles.
Popular Science goes onto explain:
Even hardware generally considered innocuous could be exploited by hackers and used for covert acts. Modified third-party phone chargers have served as vehicles for malware, as have game consoles. In the world of hardware hacking, any smart device—a refrigerator, clock, even a wearable fitness monitor—could be weaponized.
Such covert actions could inflict even greater harm were they to work their way into the backbone of the Internet: the servers and other networking equipment that comprise the infrastructure of the IT world. Instead of gathering embarrassing emails from a handful of executives, hackers with compromised servers could monitor most of the world’s Internet messages. As companies such as Huawei Technologies and ZTE Corporation—both of which supply telecommunication equipment and have ties to the Chinese military—continue to grow, so too will concerns about network security.
The Cybersecurity Business Report offers the following stats that outline just how vulnerable we are as society and financially:
1. Cyber crime damage costs to hit $6 trillion annually by 2021. It all begins and ends with cyber crime. Without it, there’s nothing to cyber-defend. The cybersecurity community and major media have largely concurred on the prediction that cyber crime damages will cost the world $6 trillion annually by 2021, up from $3 trillion just a year ago. This represents the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, and will be more profitable than the global trade of all major illegal drugs combined.
2. Cybersecurity spending to exceed $1 trillion from 2017 to 2021. The rising tide of cyber crime has pushed information security (a subset of cybersecurity) spending to more than $86.4 billion in 2017, according to Gartner. That doesn’t include an accounting of internet of things (IoT), industrial IoT, and industrial control systems (ICS) security, automotive security, and other cybersecurity categories. Global spending on cybersecurity products and services are predicted to exceed $1 trillion over the next five years, from 2017 to 2021.
3. Cyber crime will more than triple the number of unfilled cybersecurity jobs, which is predicted to reach 3.5 million by 2021. Every IT position is also a cybersecurity position now. Every IT worker, every technology worker, needs to be involved with protecting and defending apps, data, devices, infrastructure and people. The cybersecurity workforce shortage is even worse than what the jobs numbers suggest. As a result, the cybersecurity unemployment rate has dropped to zero percent.
4. Human attack surface to reach 6 billion people by 2022. As the world goes digital, humans have moved ahead of machines as the top target for cyber criminals. There are 3.8 billion internet users in 2017 (51 percent of the world’s population of 7 billion), up from 2 billion in 2015. Cybersecurity Ventures predicts there will be 6 billion internet users by 2022 (75 percent of the projected world population of 8 billion) — and more than 7.5 billion internet users by 2030 (90 percent of the projected world population of 8.5 million, 6 years of age and older). The hackers smell blood now, not silicon.
5. Global ransomware damage costs are predicted to exceed $5 billion in 2017.That’s up from $325 million in 2015—a 15X increase in two years, and expected to worsen. Ransomware attacks on healthcare organizations—the No. 1 cyber-attacked industry—will quadruple by 2020. Cybersecurity Ventures predicts that a business will fall victim to a ransomware attack every 14 seconds by 2019.
What does it all mean? In 2015, Ginni Rometty, IBM’s chairman, president and CEO, said, “Cyber crime is the greatest threat to every company in the world.“
How can we protect ourselves?
It’s not time to move off-grid, we’re not suggesting that – don’t worry. But what we do suggest is that you take an element of your portfolio, savings and wealth off-grid.
Physical gold that is allocated and segregated is about as off-grid as you can get when it comes to investments. Sure, you can have some crypto currencies and some shares but they’re unbelievably connected to the outside world thanks to just the click of button. You cannot transact them without using an electronic device.
When it comes to physical gold, it does not rely on you having the safest chip in your smartphone or ensuring no-one is listening to you at home chatting to your loved ones.
Gold bullion has been bought by millions all over the world because of its role in protecting investors during times of war, financial hardship and economic disasters. It is only recently that the idea of cyber warfare and the misuse of this power by governments has become an important point of consideration.
Gold is as relevant here as it always has been. But it is specifically allocated, segregated physical gold which will protect from these risks – not paper gold or digital gold.
Owning gold coins and bars either in one’s possession or in allocated and segregated storage will protect people and will be accessible and liquid. It will protect investors and savers and those who use online banking from malicious attacks. Let’s face it we’re all there already and these growing risks are very real.
News and Commentary
Gold Prices (LBMA AM)
04 Jan: USD 1,313.70, GBP 969.77 & EUR 1,090.24 per ounce
03 Jan: USD 1,314.60, GBP 968.20 & EUR 1,092.96 per ounce
02 Jan: USD 1,312.80, GBP 968.85 & EUR 1,087.52 per ounce
29 Dec: USD 1,296.50, GBP 960.84 & EUR 1,082.45 per ounce
28 Dec: USD 1,291.60, GBP 960.43 & EUR 1,082.75 per ounce
27 Dec: USD 1,285.40, GBP 958.78 & EUR 1,081.54 per ounce
22 Dec: USD 1,268.05, GBP 947.74 & EUR 1,069.85 per ounce
21 Dec: USD 1,265.85, GBP 945.97 & EUR 1,065.09 per ounce
Silver Prices (LBMA)
04 Jan: USD 17.13, GBP 12.64 & EUR 14.20 per ounce
03 Jan: USD 17.12, GBP 12.63 & EUR 14.25 per ounce
02 Jan: USD 17.06, GBP 12.59 & EUR 14.15 per ounce
29 Dec: USD 16.87, GBP 12.48 & EUR 14.07 per ounce
28 Dec: USD 16.74, GBP 12.46 & EUR 14.02 per ounce
27 Dec: USD 16.50, GBP 12.30 & EUR 13.87 per ounce
22 Dec: USD 16.18, GBP 12.08 & EUR 13.65 per ounce
21 Dec: USD 16.15, GBP 12.08 & EUR 13.61 per ounce
Recent Market Updates
– Gold Has Best Year Since 2010 With Near 14% Gain In 2017
– Happy 2nd Birthday Bail-in Tool! We Suggest Gold As The Perfect Gift
– 98,750,067,000,000 Reasons to Buy Gold in 2018
– Gold, Bitcoin and the Blockchain Replaces the Banks – Realists Guide To The Future
– It’s A Wonderful Life Is A Wonderful Lesson To Hold Gold Outside of The Banking System
– Goldnomics Podcast – Gold, Stocks, Bitcoin in 2018. Everything Bubble Bursts?
– What Peak Gold, Interest Rates And Current Geopolitical Tensions Mean For Gold in 2018
– New Rules For Cross-Border Cash and Gold Bullion Movements
– ‘Gold Strengthens Public Confidence In The Central Bank’ – Bundesbank
– WGC: 2018 Set To Be A Positive Year For Price of Gold and Investors
– Year-end Rate Hike Once Again Proves To Be Launchpad For Gold Price
– UK Stagflation Risk As Inflation Hits 3.1% and House Prices Fall
– Buy Gold, Silver Time After Speculators Reduce Longs and Banks Reduce Shorts