Connect with us

Published

on

Over the years, travelers have repeatedly been warned to avoid public Wi-Fi in places like airports and coffee shops. Airport Wi-Fi, in particular, is known to be a hacker honeypot, due to what is typically relatively lax security. But even though many people know they should stay away from free Wi-Fi, it proves as irresistible to travelers as it is to hackers, who are now updating an old cybercrime tactic to take advantage.

An arrest in Australia over the summer set off alarm bells in the United States that cybercriminals are finding new ways to profit from what are called “evil twin” attacks. Also classified within a type of cybercrime called “Man in the Middle” attacks, evil twinning occurs when a hacker or hacking group sets up a fake Wi-Fi network, most often in public settings where many users can be expected to connect.

In this instance, an Australian man was charged with conducting a Wi-Fi attack on domestic flights and airports in Perth, Melbourne, and Adelaide. He allegedly set up a fake Wi-Fi network to steal email or social media credentials.

“As the general population becomes more accustomed to free Wi-Fi everywhere, you can expect evil twinning attacks to become more common,” said Matt Radolec, vice president of incident response and cloud operations at data security firm Varonis, adding that no one reads the terms and conditions or checks the URLs on free Wi-Fi.

“It’s almost a game to see how fast you can click “accept” and then ‘sign in’ or ‘connect.’ This is the ploy, especially when visiting a new location; a user might not even know what a legitimate site should look like when presented with a fake site,” Radolec said.

Today’s ‘evil twins’ can more easily hide

One of the dangers of today’s twinning attacks is that the technology is much easier to disguise. An evil twin can be a tiny device and can be tucked behind a display in a coffee shop, and the small device can have a significant impact.

“A device like this can serve up a compelling copy of a valid login page, which could invite unwary device users to enter their username and password, which would then be collected for future exploitation,” said Cincinnati-based IT consultant Brian Alcorn. 

The site doesn’t even have to actually log you in. “Once you’ve entered your information, the deed is done,” Alcorn said, adding that a harried, weary traveler probably would just think the airport Wi-Fi is having issues and not give it another thought.  

People who are not careful with passwords, such as use of pet’s names or favorite sports teams as their password for everything, are even more vulnerable to an evil twin attack. Alcorn says for individuals who reuse username and password combinations online, once the credentials are obtained they can be fed into AI, where its power can quickly give cybercriminals the key.

“You are susceptible to exploitation by someone with less than $500 in equipment and less skill than you might imagine,” Alcorn said. “The attacker just has to be motivated with basic IT skills.”

How to avoid becoming a victim of this cybercrime

When in public places, experts say it’s best to use alternatives to public WiFi networks.

“My favorite way to avoid evil twin attacks is to use your phone’s mobile hotspot if possible,” said Brian Callahan, Director of the Rensselaer Cybersecurity Collaboratory at Rensselaer Polytechnic Institute.

Users would be able to spot an attack if through a phone relying on its mobile data and sharing it via a mobile hotspot.

“You will know the name of that network since you made it, and you can put a strong password that only you know on it to connect,” Callahan said.

If a hotspot isn’t an option, a VPN can also provide some protection, Callahan said, as traffic should be encrypted to and from the VPN.

“So even if someone else can see the data, they can’t do anything about it,” he said.

Airport, airline internet security issues

At many airports, the responsibility for WiFi is outsourced and the airport itself has little if any involvement in safeguarding it. At Dallas Fort Worth International Airport, for example, Boingo is the Wi-Fi provider.

“The airport’s IT team does not have access to their systems, nor can we see usage and dashboards,” For said an airport spokesman. “The network is isolated from DAL’s systems as it is a separate standalone system with no direct connection to any of the City of Dallas’ networks or systems internally.” 

A spokeswoman for Boingo, which provides service to approximately 60 airports in North America, said it can identify rogue Wi-Fi access points through its network management. “The best way passengers can be protected is by using Passpoint, which uses encryption to automatically connect users to authenticated Wi-Fi for a safe online experience,” she said, adding that Boingo has offered Passpoint since 2012 to enhance Wi-Fi security and eliminate the risk of connecting to malicious hotspots.

Alcorn says evil twin attacks are “definitely” occurring with regularity in the United States, it’s just rare for someone to get caught because they are such stealth attacks.  And sometimes hackers use these attacks as a learning model. “Many evil twin attacks may be experimental by individuals with novice-to-intermediate skills just to see if they can do it and get away with it, even if they don’t use the collected information right away,” he said.

The surprise in Australia wasn’t the evil twinning attack itself, but the arrest.

“This incident isn’t unique, but it is unusual that the suspect was arrested,” said Aaron Walton, threat analyst at Expel, a managed services security company. “Generally, airlines are not equipped and prepared to handle or mediate hacking accusations. The typical lack of arrests and punitive action should motivate travelers to exercise caution with their own data, knowing what a tempting and usually unguarded -target it is — especially at the airport.”

In the Australian case, according to Australian Federal Police, dozens of people had their credentials stolen.

According to a press release from the AFP, “When people tried to connect their devices to the free WiFi networks, they were taken to a fake webpage requiring them to sign in using their email or social media logins. Those details were then allegedly saved to the man’s devices.”  

Once those credentials were harvested, they could be used to extract more information from the victims, including bank account information.

For hackers to be successful, they don’t have to dupe everyone. If they can persuade only a handful of people – statistically easy to do when thousands of harried and hurried people are milling around an airport – they will succeed.

“We expect WI-Fi to be everywhere. When you go to a hotel, or an airport, or a coffee shop, or even just out and about, we expect there to be Wi-Fi and often freely available WI-FI,” Callahan said. “After all, what’s yet another network name in the long list when you’re at an airport? An attacker doesn’t need everyone to connect to their evil twin, only some people who go on to put credentials into websites that can be stolen.”

The next time you’re at the airport, the only way to be 100% sure you’re safe is to bring your own Wi-Fi.

Continue Reading

Technology

Google’s cloud outpaces rivals in third quarter as AI battle heats up

Published

on

By

Google's cloud outpaces rivals in third quarter as AI battle heats up

Alphabet CEO Sundar Pichai speaks at the Munich Security Conference at the Hotel Bayerischer Hof in Munich, Germany, on February 16, 2024.

Tobias Hase | Picture Alliance | Getty Images

With Wall Street laser focused on cloud computing this week, Google outpaced its rivals in growth, a key sign for investors that the internet company is gaining traction in artificial intelligence.

Google’s cloud business, which includes infrastructure as well as software subscriptions, grew 35% year over year in the third quarter to $11.35 billion, accelerating from 29% in the prior period.

Amazon Web Services, which remains the market leader, grew 19% to $27.45 billion, meaning it’s more than twice the size of Google Cloud but expanding about half as quickly. Second-place Microsoft said revenue from Azure and other cloud services grew 33% from a year earlier.

Five of the six trillion-dollar tech companies reported results this week, with AI chipmaker Nvidia as the outlier. Amazon, Alphabet and Microsoft always report around the same time, giving investors a snapshot of how the cloud wars are playing out.

“While Alphabet has often been criticized as a Johnny-one-note for its dependence on digital advertising, the rapid growth of Google Cloud has begun to diversify the company’s revenue,” analysts at Argus Research, who recommend buying the stock, wrote in a report on Oct. 31.

For a long time, cloud was a money sink for Google, but that’s no longer the case.

Google reported a 17% cloud operating margin in the third quarter, after first turning a profit last year. It was “a real beat to expectations there,” Melissa Otto, head of technology, media and telecommunications sector research at Visible Alpha, said on CNBC this week. She said she isn’t sure if the company can sustain that level of profitability.

Otto: The scale of Alphabet's cloud business, and spend on AI infrastructure, will be critical

The opposite story has been true at Amazon, which has long counted on AWS for the bulk of total profit.

AWS’ operating margin for the the third quarter was 38%, which analysts at Bernstein described as a “whopping” number. Executives have been careful with hiring and have discontinued less popular AWS services. Also, at the beginning of 2024, Amazon extended the useful life of its servers from five years to six, a change that boosted the operating margin by 200 basis points, or 2 percentage points.

Microsoft this week started giving investors more accurate readings of its Azure public cloud. When the company reported Azure revenue growth in the past, the number would include sales of mobility and security services and Power BI data analytics software. Microsoft, which is the lead investor in ChatGPT creator OpenAI, is getting a hefty boost from AI services.

“Demand continues to be higher than our available capacity,” Amy Hood, Microsoft’s finance chief, said on the company’s earnings call.

While Azure growth in the current quarter will moderate a bit, Hood said it should pick up in the first half of 2025 “as our capital investments create an increase in available AI capacity to serve more of the growing demand.”

Amazon is seeing a similar dynamic.

“I think pretty much everyone today has less capacity than they have demand for, and it’s really primarily chips that are the area where companies could use more supply,” Amazon CEO Andy Jassy said on his company’s earnings call.

To help ease the burden, Amazon relies to a degree on its own processors, in addition to Nvidia’s graphics processing units (GPUs). Jassy said clients are showing interest in Trainium 2, the company’s second-generation chip for training models.

“We’ve gone back to our manufacturing partners multiple times to produce much more than we’d originally planned,” he said.

Google is now on the sixth generation of its own custom tensor processing units for AI. CEO Sundar Pichai told analysts that he’d been spending time with the TPU team.

“I couldn’t be more excited at the forward-looking roadmap, but all of it allows us to both plan ahead in the future and really drive an optimized architecture for it,” he said.

Microsoft introduced its own AI chip in the cloud, Maia, a year ago. The company has started to use Maia chips to power its own services, but it hasn’t yet made it available for customers to rent out, a spokesperson said.

Analysts at DA Davidson said in a note this week that they don’t see this as a battle Microsoft can win going up against Amazon and Google. They have a neutral rating on Microsoft.

Oracle, which generally ranks fourth among U.S. cloud infrastructure companies, is expected to report quarterly results in December. In its last report, Oracle said cloud infrastructure revenue jumped 45% to $2.2 billion, up from 42% growth in the prior quarter.

Oracle recently partnered with its three bigger cloud rivals to make its databases available on their services, a move that Chairman Larry Ellison said on the last earnings calls, “will turbocharge the growth of our database business for years to come.”

WATCH: Otto: The scale of Alphabet’s cloud business, and spend on AI infrastructure, will be critical

Otto: The scale of Alphabet's cloud business, and spend on AI infrastructure, will be critical

Continue Reading

Technology

Nvidia to join Dow Jones Industrial Average, replacing rival chipmaker Intel

Published

on

By

Nvidia to join Dow Jones Industrial Average, replacing rival chipmaker Intel

CEO of Nvidia, Jensen Huang, speaks during the launch of the supercomputer Gefion, where the new AI supercomputer has been established in collaboration with EIFO and NVIDIA at Vilhelm Lauritzen Terminal in Kastrup, Denmark October 23, 2024.

Ritzau Scanpix | Mads Claus Rasmussen | Via Reuters

Nvidia is replacing rival chipmaker Intel in the Dow Jones Industrial Average, a shakeup to the blue-chip index that reflects the boom in artificial intelligence and a major shift in the semiconductor industry.

Intel shares were down 1% in extended trading on Friday. Nvidia shares rose 1%.

The switch will take place on Nov. 8. Also, Sherwin Williams will replace Dow Inc. in the index, S&P Dow Jones said in a statement.

Nvidia shares have climbed over 170% so far in 2024 after jumping roughly 240% last year, as investors have rushed to get a piece of the AI chipmaker. Nvidia’s market cap has swelled to $3.3 trillion, second only to Apple among publicly traded companies.

Companies including Microsoft, Meta, Google and Amazon are purchasing Nvidia’s graphics processing units (GPUs), such as the H100, in massive quantities to build clusters of computers for their AI work. Nvidia’s revenue has more than doubled in each of the past five quarters, and has at least tripled in three of them. The company has sginaled that demand for its next-generation AI GPU called Blackwell is “insane.”

With the addition of Nvidia, four of the six trillion-dollar tech companies are now in the index. The two not in the Dow are Alphabet and Meta.

While Nvidia has been soaring, Intel has been slumping. Long the dominant maker of PC chips, Intel has lost market share to Advanced Micro Devices and has made very little headway in AI. Intel shares have fallen by more than half this year as the company struggles with manufacturing challenges and new competition for its central processors.

Intel said in a filing this week that the board’s audit and finance committee approved cost and capital reduction activities, including lowering head count by 16,500 employees and reducing its real estate footprint. The job cuts were originally announced in August.

The Dow contains 30 components and is weighted by the share price of the individual stocks instead of total market value. Nvidia put itself in better position to join the index in May, when the company announced a 10-for-1 stock split. While doing nothing to its market cap, the move slashed the price of each share by 90%, allowing the company to become a part of the Dow without having too heavy a weighting.

The switch is the first change to the index since February, when Amazon replaced Walgreens Boots Alliance. Over the years, the Dow has been playing catchup in gaining exposure to the largest technology companies. The stocks in the index are chosen by a committee from S&P Dow Jones Indices.

WATCH: Nvidia leaps and bounds ahead of AMD

Nvidia is leaps and bounds ahead of AMD on the AI story, says Susquehanna's Christopher Rolland

Continue Reading

Technology

Super Micro’s 44% plunge this week wipes out stock’s gains for the year

Published

on

By

Super Micro's 44% plunge this week wipes out stock's gains for the year

Charles Liang, chief executive officer of Super Micro Computer Inc., during the Computex conference in Taipei, Taiwan, on Wednesday, June 5, 2024. The trade show runs through June 7. 

Annabelle Chih | Bloomberg | Getty Images

Super Micro investors continued to rush the exits on Friday, pushing the stock down another 9% and bringing this week’s selloff to 44%, after the data center company lost its second auditor in less than two years.

The company’s shares fell as low as $26.23, wiping out all of the gains for 2024. Shares had peaked at $118.81 in March, at which point they were up more than fourfold for the year. Earlier that month, S&P Dow Jones added the stock to the S&P 500, and Wall Street was rallying around the company’s growth, driven by sales of servers packed with Nvidia’s artificial intelligence processors.

Super Micro’s spectacular collapse since March has wiped out roughly $55 billion in market cap and left the company at risk of being delisted from the Nasdaq. On Wednesday, as the stock was in the midst of its second-worst day ever, Super Micro said it will provide a “business update” regarding its latest quarter on Tuesday, which is Election Day in the U.S.

The company’s recent challenges date back to August, when Super Micro said it would not file its annual report on time with the SEC. Noted short seller Hindenburg Research then disclosed a short position in the company and wrote in a report that it identified “fresh evidence of accounting manipulation.” The Wall Street Journal later reported that the Department of Justice was in the early stages of a probe into the company.

Super Micro disclosed on Wednesday that Ernst & Young had resigned as its accounting firm just 17 months after taking over from Deloitte & Touche. The auditor said it was “unwilling to be associated with the financial statements prepared by management.”

A Super Micro spokesperson told CNBC that the company “disagrees with E&Y’s decision to resign, and we are working diligently to select new auditors.” Super Micro does not expect matters raised by Ernst & Young to “result in any restatements of its quarterly financial results for the fiscal year ended June 30, 2024, or for prior fiscal years,” the representative said.

Analysts at Argus Research on Thursday downgraded the stock in the intermediate term to a hold, citing the Hindenburg note, reports of the Justice Department investigation and the departure of Super Micro’s accounting firm, which the analysts called a “serious matter.” Argus’ fears go beyond accounting irregularities, with the firm suggesting that the company may be doing business with problematic entities.

“The DoJ’s concerns, in our view, may be mainly about related-party transactions and about SMCI products ending up in the hands of sanctioned Russian companies,” the analysts wrote.

In September, the month after announcing its filing delay, Super Micro said it had received a notification from the Nasdaq indicating that its late status meant the company wasn’t in compliance with the exchange’s listing rules. Super Micro said the Nasdaq’s rules allowed the company 60 days to file its report or submit a plan to regain compliance. Based on that timeframe, the deadline would be mid-November.

Though Super Micro hasn’t filed financials with the SEC since May, the company said in an August earnings presentation that revenue more than doubled for a third straight quarter. Analysts expect that, for the fiscal first quarter ended September, revenue jumped more than 200% to $6.45 billion, according to LSEG. That’s up from $2.1 billion a year earlier and $1.9 billion in the same fiscal quarter of 2023.

WATCH: I don’t know if Super Micro is guilty or innocent, says Jim Cramer

I don't know if Super Micro is guilty or innocent, says Jim Cramer

Continue Reading

Trending