Cyber Week in Review: Ministry of Home Affairs, Pot Dispensary & Smart Electrical Grids

Media Division | February 24, 2017

Another week, another series of cyber attacks to report.  For better or worse, the hacks keep making headlines, so we are here to cover them, entertain you, and keep you apprised of the cyber threats across the global horizon.

This week had some top stories in some diverse places: governments, infrastructures, and…marijuana supply lines.

Yes, it’s a week that’s all over the map…but in the cyberverse, the world is flat, anyway.

Stop One: India

In the United States, cyber tensions exist between the former Cold War rivals Russia and the US.  Over near the Sea of Japan, it’s North Korea versus South Korea.  But over in India, the main cyber-rival is neighboring Pakistan.

This time it’s the Ministry of Home Affairs site, which was hacked and then very quickly taken down by authorities.  Reportedly, more than 700 websites within the Indian government have been hacked in just the past four years, with a total of more than 8,000 people arrested in that same timeframe for their involvement in cyber crimes.

That’s a pretty top prosecution rate, but also a top number of hacks.

India and Pakistan have been at odds since before the Indo-Pakistani wars had weapons…now those threats just include a cyber angle as well.

Stop Two: Colorado, USA

For the next stop across the globe of cyber attacks this week, the cloud-based marijuana dispensary inventory tracking company, MJ Freeway.

In Colorado, as well as several other states within the United States, recreational marijuana use is legal but taxed and regulated.  Part of that regulation system requires tracking through programs like MJ Freeway, seed-to-store-to-user style.

In January the folks at MJ experienced a “service interruption” that was actually a hack, leaving more than 1,000 retail cannabis clients unable to use their point-of-sale systems, track sales or inventory.  Some dispensaries shut down during the interruption, unable to keep records in a way that would comply with state regulations.

According to an online persona claiming to be the IT Director at MJ Freeway, the pot-tracking company system was built on a dated Drupal core.

Customer data was reportedly lost, but not compromised (since they claim, it was sufficiently encrypted).  This same individual claims they had the records of about 15 million people, not all of whom would necessarily want their name out in the cyberverse associated with being a “pot user.”

Current estimates are that it will be a couple of weeks before full service is restored.

Considering a basic cyber threat assessment would have flagged Drupal (support was discontinued years ago), other companies may also wish to examine their data core.

Stop Three: Anywhere, Globally

For the next stop on this hop around the cyber threat world this week we visit…any civilized nation.  That is, anywhere with a smart electrical grid.

Ukraine’s power grid got hacked, Vermont’s didn’t.  One thing they have in common: increased concern over the possibility of hacking a power grid and causing a major power outage.  What’s the big deal about a power outage, anyway?  They had one in New York City a little over a decade ago, and everyone just went about eating their ice-cream before it melted, right?

For most areas, a power outage of any magnitude can mean much more than melted ice-cream, potentially:

  • Traffic lights not working.
  • Hospitals and emergency care left without power (think, you’re in the middle of a routine operation when…electricity out).
  • Businesses unable to operate, costing potentially millions of dollars to an economy.
  • Security features inoperable and ensuing chaos.

It can be a big deal.  Most emergency places have back-up generators, but only for limited periods of time.

Power grids around the globe are increasingly automated: saves on personnel resources, higher vulnerability to hackers.

Researchers have taken note.  The question is, who will win the digital race: will power grids keep up with the security demands at the rate that hackers evolve?

Avoiding the Stops

Lest your business become another stop on the cyber threat tour, stay on top of cyber security issues as they happen.  With a thorough assessment and monitoring, and a top-notch team in your personal corner, you can enjoy reading the headlines and avoid becoming one.

MEDIA DIVISION
Massive's Media Division publishes timely news and insights based on current events, trends, and actionable cross-industry expertise.