Recent Facebook Hack Highlights the Vulnerability of Smart Buildings | #emailsecurity | #phishing | #ransomware

Facebook is one of the world’s tech giants. The company is worth almost a trillion dollars. Nearly half of the people on the planet, 3.5 billion, use one of Facebook’s apps, which include Instagram and WhatsApp, regularly. They are at the forefront of the tech revolution and have been a driving force behind many of the major changes in our society, both good and bad. But for five hours on Monday, their entire global operation was frozen, anyone who typed into their web browser was automatically told that “this site can’t be reached.”

Many suspected that the company was hacked. The outage came only hours after a 60 Minute segment aired which featured a whistleblower who claimed that the company knew their platform was causing disinformation and hate speech but did little to curtail it. But an official statement later said that the problem was due to a faulty configuration change in the company’s Border Gateway Protocol (BGP) records. The BGP is how internet service providers share routing information so the error basically deleted the map telling computers and mobile phones where to find the pictures of food, cat memes, and news (both real and fake) that the company is known for. Several domain registrations sites even listed the domain as up for sale when their automated web crawlers found that the site had seemingly expired. 

It wasn’t just users that were locked out of Facebook. Employees reported that they were not able to use even get into the building because their badges no longer worked. This was likely one of the reasons why the site was down for so long.

So, how did this happen? “This is what happens when systems are not properly segmented,” said Charles Meyers. He worked as a Chief Technical Architect for Wells Fargo for nearly twenty years and his work integrating their workplace technology led him to start the Real Estate Cyber Consortium last year. “I felt like Chicken Little,” he said, “I kept telling our team that the technology in our offices was a vulnerability but most people didn’t believe me.” 

It wasn’t until he walked through a new office with the company’s head of IT that he finally got his message heard, “I asked him how he planned on dealing with the system’s shadow networks and he kept saying ‘there are no networks on our system that I don’t know about.’ Then I walked him up to a light switch and told him that it was running on a Zigbee protocol completely outside of our architecture and then he understood the threat.”

The cyber security struggles of Facebook when it comes to their physical office is not unique. There is often a disconnect between a company’s IT departments and the building’s operational technology (OT) personnel that can lead to a “not my problem” mentality. It can also be due to how building systems are outsourced. “The team that installs and configures building systems is usually not the one that maintains it,” Meyers said. “The installers usually have an admin account but then create an operator account once they are done so the admin never gets updated.” This can lead to laughable and disastrous oversights like guessable user names like ‘admin’ and predictable passwords like ‘password.’  

See also

Part of the solution, Meyers thinks, is to have an industry-wide partnership to help standardize protocols and best practices. “If enough users and vendors get together and demand a certain level of security then anyone else creating or maintaining building systems will have to conform,” he explained.

Increased scrutiny of build system cyber security might also effect the relationship between the landlord and the tenant. Savvy occupiers might spend as much time analyzing and vetting a building’s digital systems as they do its physical properties. Building engineers will need to become well versed in their tenants IT practices and IT departments will need to have a better understanding of how operation technology fits into their system architecture.

When Facebook went down the internet erupted with people exclaiming that the world was better without it. Whether the company is a net positive for society is still up for debate but what is clear is that Facebook’s high-profile tech troubles have taught the world about the interconnectivity of companies’ internal technology and their offices. Facebook’s pains were self-inflicted but as embarrassing as that might be, it could have been much worse. How long before we see another one of the world’s tech giants brought down by a thermostat or light switch with a ‘temporary’ password?

Original Source link

Leave a Reply

Your email address will not be published. Required fields are marked *

− one = 7