Category Archives: News

News

Hacking the “Bike Angels” System for Moving Bikeshares

Read Time:1 Minute, 26 Second

I always like a good hack. And this story delivers. Basically, the New York City bikeshare program has a system to reward people who move bicycles from full stations to empty ones. By deliberately moving bikes to create artificial problems, and exploiting exactly how the system calculates rewards, some people are making a lot of money.

At 10 a.m. on a Tuesday last month, seven Bike Angels descended on the docking station at Broadway and 53rd Street, across from the Ed Sullivan Theater. Each rider used his own special blue key -­- a reward from Citi Bike—­ to unlock a bike. He rode it one block east, to Seventh Avenue. He docked, ran back to Broadway, unlocked another bike and made the trip again.

By 10:14, the crew had created an algorithmically perfect situation: One station 100 percent full, a short block from another station 100 percent empty. The timing was crucial, because every 15 minutes, Lyft’s algorithm resets, assigning new point values to every bike move.

The clock struck 10:15. The algorithm, mistaking this manufactured setup for a true emergency, offered the maximum incentive: $4.80 for every bike returned to the Ed Sullivan Theater. The men switched direction, running east and pedaling west.

Nicely done, people.

Now it’s Lyft’s turn to modify its system to prevent this hack. Thinking aloud, it could try to detect this sort of behavior in the Bike Angels data—and then ban people who are deliberately trying to game the system. The detection doesn’t have to be perfect, just good enough to catch bad actors most of the time. The detection needs to be tuned to minimize false positives, but that feels straightforward.

Read More

News

Cybersecurity and compliance: The dynamic duo of 2024

Read Time:20 Second

Graham Cluley Security News is sponsored this week by the folks at ManageEngine. Thanks to the great team there for their support! It’s almost the end of 2024, and one thing is clear: cybersecurity and compliance are no longer optional; they’re inseparable pillars of survival. This year has seen some of the most severe cyber … Continue reading “Cybersecurity and compliance: The dynamic duo of 2024”

Read More

News

Quantum Computing and Cybersecurity – Preparing for a New Age of Threats

Read Time:6 Minute, 10 Second

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

Quantum computing is no longer just a distant technological breakthrough confined to research labs. It is quickly becoming a reality that will transform the digital landscape as we know it. Quantum computers utilize the principles of quantum mechanics to perform complex computations at unprecedented speeds. While this revolutionary computing power has the potential to solve problems that traditional computers cannot handle, it also poses a significant threat to modern cybersecurity practices.

Currently, most data encryption systems rely on algorithms that are effective against classical computers. However, quantum computers can break through these encryption methods with relative ease, leading to a new and unprecedented era of vulnerability. This makes quantum computing a double-edged sword—unlocking new possibilities while simultaneously disrupting the security foundations of the digital economy.

Many companies that store and transmit sensitive information, such as financial data, health records, or intellectual property, are particularly at risk. Even though quantum computers are not widely accessible yet, the data encrypted today could be harvested and decrypted in the future using quantum technology. This is why businesses must act now to prepare for the quantum future, ensuring they are not caught off guard when this technology becomes mainstream. Being proactive will safeguard data and strengthen cybersecurity systems against emerging threats.

Understanding Quantum Risks 

The advent of quantum computing introduces a series of unprecedented risks to the current landscape of cybersecurity. While traditional cryptographic algorithms such as RSA and elliptic curve cryptography (ECC) have long been trusted to protect sensitive data, they are now under threat from quantum computers’ immense processing power. Quantum computing can break the mathematical problems that these encryption methods rely on, making them obsolete.

One of the most concerning threats is the possibility of “harvest now, decrypt later” attacks. In these scenarios, malicious actors collect encrypted data now, anticipating that quantum computers will soon have the power to decrypt it. This is particularly dangerous for organizations dealing with highly sensitive, long-lived data. While this data may be safe from current threats, it is vulnerable to future decryption, potentially exposing private information once quantum technology becomes more accessible. This threat, combined with existing vulnerabilities from insider threats, underscores the urgent need for organizations to reassess their cybersecurity measures.

In addition to this future risk, some cybersecurity protocols are already at heightened risk due to quantum advancements. Public key infrastructure (PKI), which underpins many aspects of digital security, including secure web browsing, email encryption, and VPNs, is one example of a system vulnerable to quantum attacks. Algorithms like RSA and ECC are heavily used in these security measures, but their reliance on factorization or discrete logarithms makes them susceptible to quantum decryption, emphasizing the importance of insider threat monitoring.

As a result, encryption methods that have been reliable for decades are becoming increasingly fragile in the face of quantum power. Companies that fail to acknowledge this evolving threat run the risk of having their data exposed or stolen, even years from now. The quantum threat is real, and it’s only a matter of time before cybercriminals fully harness this power to break today’s most secure encryption methods.

Preparing for a Quantum-Resilient Future

As the quantum era approaches, companies need to take proactive steps to protect their data and systems from the vulnerabilities exposed by quantum computing. Preparing for a quantum-resilient future involves adopting new cryptographic methods, enhancing security protocols, and building agility into the organization’s cybersecurity framework.

One of the most important steps in this preparation is the adoption of quantum-safe cryptography, also known as post-quantum cryptography. These cryptographic algorithms are designed to be secure against both classical and quantum attacks. Companies should begin exploring these new encryption methods now to ensure a smooth transition as standards are finalized. Methods like lattice-based cryptography and hash-based signatures are promising candidates that resist quantum attacks.

Another crucial aspect of preparation is crypto-agility, which is the ability to switch between different cryptographic algorithms and protocols as threats evolve. Implementing crypto-agility now will allow organizations to adapt swiftly as quantum-resistant algorithms are developed and tested. This strategy reduces the risk of being locked into outdated cryptographic systems that could be rendered insecure overnight by quantum advancements.

Companies should also consider assessing their current cybersecurity infrastructure for vulnerabilities to quantum attacks. This includes conducting a thorough audit of all systems that use public key encryption and evaluating how long critical data needs to remain secure. Industries handling long-lived sensitive data, including healthcare, government entities, and travel platforms storing extensive user information, should prioritize these updates to protect their customers’ information from future threats.

Building a roadmap for quantum resilience is another essential step. This roadmap should guide the organization from its current cryptographic ecosystem to a post-quantum one. It includes setting milestones for adopting quantum-resistant encryption, developing protocols for securely handling long-term data, and ensuring that key personnel are trained on the emerging quantum threat landscape. Businesses that start planning now will be better positioned to adapt when quantum computing becomes mainstream.

While many companies are preparing for the future, it’s also important to monitor regulatory developments in quantum cryptography. Governmental agencies such as NIST and the European Telecommunications Standards Institute (ETSI) are actively working on quantum-safe standards. Staying informed on these efforts ensures organizations remain compliant while protecting their systems from quantum threats. 

Incorporating these strategies into a comprehensive cybersecurity plan is the key to future-proofing your organization against quantum-enabled threats. By investing in quantum-safe cryptography, developing crypto-agility, and staying ahead of regulatory changes, organizations can secure their data and protect their operations against the coming quantum revolution.

Future-Proofing Cybersecurity in the Quantum Era 

As we stand on the brink of the quantum computing revolution, the need to future-proof cybersecurity has never been more critical. While quantum computing holds immense promise for technological advancements, it also threatens to disrupt the security frameworks that protect our most sensitive data. Organizations must take a proactive approach to ensure they are prepared for the quantum era, which means thinking ahead, embracing innovation, and continuously adapting to an ever-evolving threat landscape.

The road to quantum resilience will require ongoing vigilance. The development of quantum-safe cryptography, the ability to adapt quickly to new security standards, and close monitoring of regulatory changes will be key elements in staying one step ahead of quantum threats. Organizations that begin their preparations now will be better positioned to protect their data and maintain trust in the digital economy as quantum computing progresses.

The challenge may seem daunting, but it is also an opportunity to build stronger, more resilient cybersecurity frameworks. By committing to long-term planning and fostering a culture of security awareness, businesses can safeguard their future and ensure they are ready for whatever the quantum era may bring.

In a world where the stakes are high, investing in quantum-resistant technologies today will pay off tomorrow. The future belongs to those who not only recognize the challenges ahead but also take decisive action to meet them. As the quantum era unfolds, being prepared will make all the difference in protecting the digital landscape for years to come.

 

Read More