Security & Fraud

The Cyber Hack From Space

This week marked a historical milestone that many Americans probably missed in the course of trying to follow a news cycle that is always full, to say the least.  This week, allegedly, an American citizen’s bank account was hacked.

From space.

The story, admittedly, is a bit less exciting than the setup makes it sound; it is not the case that E.T. has picked up a bad bitcoin habit and turned to a life of cybercrime to support his cryptocurrency speculating addiction.  We had high hopes when we saw CNN’s headline about the “first criminal allegation from space,” but sadly, the story is a bit more mundane than that.

Anne McClain is a NASA astronaut who has recently returned from a six-month stint at the International Space Station. According to her ex-wife Summer Worden, McClain is also cybercriminal, insofar as Worden claims that while she was stationed in space, McClain illegally accessed Worden’s bank account.  The point of the incursion, according to Worden, was to gain access to sensitive financial materials to be used in a vicious custody dispute between two former spouses over their shared child.

McClain admits to accessing the bank account from a computer aboard the space station, but claims the point was to make sure her ex-wife had adequate funds to care for their shared child while she was in space.  She also contends that the access was permissioned and not identity theft as Worden alleges in the complaint against her.

There are many small lessons to be learned from this story.  If you get divorced, probably change your passwords. Don’t access your ex’s bank account. If you ignore the previous rule, don’t do it from a computer on the space station — because when someone traces the access records to the account, one IP address labeled “NASA” is really going to be a dead giveaway.

But there are also perhaps few bigger lessons to be learned from the family court issue that turned into the Earth’s first case of alleged interstellar crime.

There Are Bigger Security Threats in Space than NASA Astronauts 

One might assume that hacking a satellite would be a hard thing to do — but as it turns out, it’s not as hard as one might hope.  Modern satellites are designed to be software-dominated so that their functions can be adapted and reprogrammed while they are in flight.  Which means, according to Bill Malik, VP of infrastructure strategies at Trend Micro, a satellite is an IoT device — albeit a very specialized one.

“They’re snazzy, they’re wild, it’s spaaaaace, but they’re IoT devices,” he told PC Mag.

And they’ve been going up for a long time, with a wide range of capabilities, he noted. Until fairly recently, the idea of hacking a satellite in orbit was about as realistic an attack strategy as casting a curse on one. This means it is only in the last two or three years that the concern about securing them against hacking has even come up.

Moreover, Malik noted, until fairly recently, the concept of satellite hacking was only for the very devoted and well-capitalized — probably a government agency of some kind.  A satellite may at base be an IoT device — but it is one that is orbiting the planet ten miles above the surface at an extremely high rate of speed. But while the satelite can still be a much tougher nut to crack than the average smart refrigerator, Malik noted, it is also becoming an increasingly accessible target.

“The cost of an antenna is dropping via Moore’s Law,” said Malik. “Bad guys can set up a fairly sophisticated antenna for a couple hundred bucks.”

Combine a low cost of entry with a target no one took any interest in securing, he noted, and you create a fertile ground for hackers looking for points to access.

And given how much modern telecommunication relies on satellites in general — and specifically digital and mobile commerce rely on functioning satellite networks —maliciously-intended hackers could bring a lot of functionality down, at least temporarily. They might be happy to do so, according to most experts, particularly if they extract ransoms with the threat.

Hackers, while dissimilar from astronauts in most particulars, have one thing in common with them: They are happy to boldly go where no one has gone before.

But perhaps the biggest security lesson to be learned from the Star War Of The Roses this week isn’t about space, but about personal identity.

A Password-Free Future 

We at PYMNTS will not attempt to adjudicate the dispute between the ex-spouses over access to a bank account, as that is outside our purview.  We will note, however, that we can assess the party to blame in the confrontation: passwords.

In a world with better background authorization technology, the fact that the log-in attempt was being made from outside the terrestrial surface of the planet Earth is something that might have been flagged as unusual and worthy of follow-up.

Consumers may not be able to remember their passwords, but according to PYMNTS data, they do trust them, as the latest edition of the Digital Identity Tracker indicates.  Nearly half, 45.2 percent of consumers, rely solely on passwords to keep their digital identities safe, and an additional 73.4 percent said they were “very” or “extremely” satisfied with their current authentication options.

Combine that data with some outside findings that show consumers use the same or similar password for multiple accounts. And while there is no data we could find about how many people change their passwords after a divorce, 55 percent of consumers claim they would keep their password even if their accounts were hacked.

Passwords are hard to keep straight and frequently compromised, but consumers rely on them — despite the fact that the data indicates they know they probably shouldn’t.

NASA and family court will have to sort out the specifics of this case — but in general, we suspect the long-term success of securing accounts on Earth (and beyond) will require taking the institution of password-based authentication and retiring it.

Or, you know, shooting it off into space in a rocket — provided we can get that whole milieu under better security control.

——————————–

Latest Insights:

Our data and analytics team has developed a number of creative methodologies and frameworks that measure and benchmark the innovation that’s reshaping the payments and commerce ecosystem. In the November 2019 AML/KYC Report, Zillow’s Justin Farris tells PYMNTS how the platform incorporates stringent authentication without making the onboarding and buying experiences too complex.

TRENDING RIGHT NOW