News Briefs
Jan. 2014 (47, 01) pp. 18-21
0018-9162/14/$31.00 © 2014 IEEE

Published by the IEEE Computer Society
News Briefs
Topics include hackers hijacking Internet traffic, a study saying that government policies threaten the Web�s positive impact on society, a flying rescue robot built to withstand collisions and keep functioning, fears that ATM malware will spread from Mexico to other countries, new sensor technology that could help people who suffer accidental falls, research that indicates that biometric software designed to recognize people should analyze their bodies as well as their faces, and scientists using GPS to determine whether a mammoth iceberg will move into busy shipping lanes.
Hackers Hijack Internet Traffic
Hackers have redirected large amounts of Internet communications from organizations such as government agencies, financial institutions, and network service providers to various countries, perhaps to read or modify the information they contain.
Experts with Renesys—which provides intelligence to customers based on its monitoring of Internet traffic—say this is the largest attack of its type they have seen. They say they are unsure of the attackers' identities, intentions, or exact attack techniques but suspect the hackers looked at or altered data before sending it on to the intended destination.
Renesys researchers say they have seen traffic for organizations in the Czech Republic, Germany, Iran, Libya, Lithuania, South Korea, and the US diverted to Belarusian or Icelandic service providers' routers on about 40 occasions.
Internet-traffic monitoring company Renesys discovered that hackers have been diverting Internet communications through Belarus and Iceland, possibly to read or modify data, before sending it on to the intended recipients. In these two cases, one block of traffic from Guadalajara, Mexico, to Washington, DC, was redirected through Belarus and another between two points in Denver, was rerouted through Iceland.



Internet-traffic monitoring company Renesys discovered that hackers have been diverting Internet communications through Belarus and Iceland, possibly to read or modify data, before sending it on to the intended recipients. In these two cases, one block of traffic from Guadalajara, Mexico, to Washington, DC, was redirected through Belarus and another between two points in Denver, was rerouted through Iceland.



The Internet route hijacking attacks exploit the border gateway protocol (BGP), which enables the transfer of routing information between gateway hosts and the Internet or a network of autonomous systems.
Security analysts have long contended it is too easy to manipulate BGP and—in a type of man-in-the-middle attack—change or delete authorized routes for Internet communications, or even create entirely new ones. They say this capability lets hackers send traffic to their own systems and then possibly access data before sending it on to the intended recipient, with few signs of the diversion.
A traceroute would not necessarily reveal a hijacking because Internet traffic frequently takes circuitous routes to travel from one place to another. In addition, the hackers obscured their redirections.
So far, they have grabbed data sent to 150 cities worldwide.
One diversion involved a block of traffic that was supposed to travel from Guadalajara, Mexico, to Washington, DC, through Laredo, Texas, via Mexican and US ISPs.
However, the hackers redirected the traffic via various ISPs from Guadalajara through countries such as the UK, Russia, Belarus, and Germany before sending it on to Washington.
Another communication between two locations in Denver was routed through places in the US, Canada, the UK, and Iceland.
Renesys spotted the first set of hijackings in February and March 2013. Initially, hackers redirected traffic through Belarusian ISP GlobalOneBel.
The attacks occurred again briefly in May, one diverting traffic to Belarus and a second to Iceland. They happened again on a larger scale in July and August, this time with all redirections through Iceland.
Officials with the Icelandic ISPs involved say the incidents resulted from a software bug they have since fixed.
According to Renesys, security administrators must now take man-in-the-middle BGP hijackings very seriously. The company recommends that they monitor all of their important online communications and work together to develop ways to keep such incidents from occurring.
Study Says Government Policies Threaten Web'S Positive Impact
A recent study says that issues such as government surveillance, content controls, and access limitations—occurring even in democratic countries with highly developed economies—threaten the positive role the Web could play in societies worldwide.
The second annual Web Index report ( http://thewebindex.org) points to problems such as low Web availability in less-developed countries, and government snooping like that exposed recently as having taken place in the UK and US. Other issues raised include widespread censorship and a lack of content on issues of importance to women—such as reproductive health—in many nations.
The World Wide Web Federation conducted the Web Index study. Web inventor and World Wide Web Consortium director Tim Berners-Lee started the foundation as a way to create, as its website says, "an open Web available, usable, and valuable for everyone."
The recent report ranked 81 countries based on how much the Web has contributed to social, economic, and political development.
Sweden and Norway finished at the top, while the UK and US ranked third and fourth, respectively.
Among countries with emerging economies—those experiencing rapid growth and industrialization—Mexico ranked first (30th overall), followed by Colombia (32nd), Brazil (33rd), Costa Rica (34th), and South Africa (35th).
And for countries with less-developed economies, the Philippines was on top (38th), followed by Indonesia (48th), Kenya (53rd), Morocco (54th), and Ghana (55th).
In ranking nations, the report took into account factors such as government policies that affect Web openness and the quality of a country's technical infrastructure.
It also took into consideration Web-related issues such as
  • universal access;
  • freedom and openness of online access and use;
  • relevant content, which reflects matters such as the degree of government censorship and the availability of information in local languages; and
  • empowerment, which addresses the degree to which the Web enables people to receive information, voice their opinions, participate in public affairs, and take action.
"One of the most encouraging findings is how the Web and social media are increasingly spurring people to organize, take action, and try to expose wrongdoing in every region of the world," said Berners-Lee. "But some governments are threatened by this, and a growing tide of surveillance and censorship now threatens the future of democracy."
"Bold steps are needed now," he continued, "to protect our fundamental rights to privacy and freedom of opinion and association online."

Countries finishing highest in the 2013 Web Index report.

Country Overall rank Universal access rank Freedom and openness rank Relevant content rank Empowerment rank
Sweden 1 3 6 5 2
Norway 2 6 1 4 4
UK 3 8 24 1 3
US 4 12 27 10 1
New Zealand 5 11 8 3 5
Denmark 6 2 7 7 12
Finland 7 9 2 13 10
Iceland 8 1 3 9 17
France 9 16 5 8 6
South Korea 10 4 33 6 8
Source: World Wide Web Foundation

Using Sensors to Help People Who Suffer Accidental Falls
Two US engineers have developed a sensor-based technology that could better detect whether a senior citizen or some other person has fallen. The system could then summon help.
This could be very important because, according to the United Nations' World Health Organization, falling is a leading cause of injury or death for people at least 65 years old, an increasingly large segment of the global population.
Some current products that help people who fall require them to put on a sensor and push a button to call for assistance. However, they must remember to wear the sensor.
Other products use a video camera and software to detect falls and call for help. However, the fall must occur within the camera's field of view. And not everyone wants to be videotaped at all times while at home.
Two University of Utah researchers—assistant professor Neal Patwari and graduate student Brad Mager—have developed a technology designed to address these shortcomings.
Their approach uses a wireless network of sensors that is installed on or in walls. Patwari and Mager decided to work with RF sensors because their signals can penetrate walls.
The researchers sought to develop a system that could determine a person's horizontal and vertical orientation, including whether an individual fell or lay down deliberately.
During testing, they placed 12 sensors on walls at a low level and 12 higher up. They use their transceivers to send data to a computer for processing. If there is data from only lower-level sensors, that means a person is on the floor.
The RF sensors communicate with one another and thus can detect the nature of a person's movements. For example, they can measure how fast someone who was once horizontal became vertical, thereby identifying whether the person fell or lay down.
If a fall occurred, the system could contact a designated individual, agency, or monitoring company for help.
Patwari and Mager received a US National Science Foundation grant and have six months to show their approach's commercial potential, at which point they'd receive a second grant.
They are still testing the accuracy of their system, which they hope to release commercially via Patwari's Xandem Technology within three years.
Robot Withstands Collisions, Could Help Search-and-Rescue Missions
A new flying robot is designed to be able to crash into objects and keep functioning, making it very useful for working in disaster sites.
A team of scientists from the Swiss Federal Institute of Technology in Lausanne's Laboratory of Intelligent Systems developed GimBall, a spherical flying robot in a protective cage.
Expert say building flying rescue robots is important because ground-based robots can't easily climb stairs or navigate rubble-strewn disaster sites. Ground-based robots sent to search the World Trade Center site in New York City right after the 11 September 2001 terrorist attacks became bogged down in debris.
However, flying robots run the risk of hitting walls, girders, trees, or other objects commonly found in disaster zones, and either breaking down or having important components—such as cameras—damaged.
The GimBall flying robot has a strong, flexible outer frame that enables it to keep functioning even if it crashes into surfaces, making it well-suited for disaster-related rescue work.



The GimBall flying robot has a strong, flexible outer frame that enables it to keep functioning even if it crashes into surfaces, making it well-suited for disaster-related rescue work.



The Swiss Federal Institute scientists said they were inspired to create GimBall by insects that can fly around buildings despite having poor eyesight. The researchers explained that insects are able to do this because their outer shells let them survive crashing into surfaces.
They designed GimBall as a 37-centimeter (14.6-inch)-diameter robot weighing just 370 grams (13.1 ounces). It has a rigid inner frame and two propellers than allow it fly at 5 km (3.1 miles) per hour. Its batteries enable five minutes of flight.
The aircraft can fly either autonomously or via remote control, and has a camera that can send images to rescue crews.
GimBall has a rotating outer frame consisting of 90 flexible carbon rods that absorb the force of running into a surface and thereby let the inner workings avoid damage.
During tests in forested areas, the scientists say, their robot flew and rolled along the ground with-out experiencing problems despite hitting objects.
They express hope GimBall will be ready for use in rescue missions sometime next year.
Experts Fear ATM Malware Will Spread from Mexico
Security vendor Symantec has found that hackers have upgraded malware previously found in automated teller machines (ATMs) in Mexico and have created an English-language version, indicating the thieves might be about to spread the Trojan horse to other countries.
Symantec analysts discovered two versions of the Ploutus malware, both designed to work with a specific type of ATM, which the company has declined to name.
The first version contained function names in Spanish, indicating that Spanish-speaking coders might have written the software, Symantec says. The second version is more robust, makes its malicious activities harder to detect, and is in English.
Attackers install Ploutus by picking the lock of an ATM running Windows and inserting a CD boot disk. This indicates that the hackers might be singling out stand-alone ATMs in areas with little traffic.
Within 24 hours after the cybercriminals install Ploutus, they enter a set of numbers on the ATM's keypad or, in the case of the initial version, an external keyboard. They then access an interface through which they can interact with the machine's software and withdraw money.
Symantec said the nature of the malware indicates that the hackers are very familiar with how their target ATM works.
The company said businesses concerned about their ATMs should use good locks on their machines so that thieves can't access their CD drives, change the BIOS boot order so that the machines boot only from the hard disk, and use BIOS passwords so that hackers can't alter the boot options.
Scientists: Biometric Systems Need More than Face Recognition
A recent study by scientists at the University of Texas at Dallas (UTD) and the US National Institute of Standards and Technology (NIST) indicates that biometric systems designed to recognize people should analyze their bodies and not, as is currently the case, just their faces.
"For 20 years, the assumption in the automatic face-recognition community has been that all important identity information is in the face," said NIST electronics engineer Jonathon Phillips. "These results should point us toward exploring new ways to improve automatic recognition systems by incorporating information about the body."
The researchers showed study participants pairs of images—displaying the head and upper body—of the same person in some cases or different people in others. They asked viewers whether the photos were of the same individual.
At different times, the scientists showed viewers only the face, only the upper body, or both. They tracked the participants' eye movements to see what they looked at while making their determinations.
The study found that participants who viewed the face and upper body or just the upper body did a better job of recognizing whether image pairs were of the same person than those who viewed only the face.
"Eye movements revealed a highly efficient and adaptive strategy for finding the most useful identity information in any given image of a person," concluded the study's lead author, UTD professor Alice O'Toole.