March 25, 2023

Flaws in Videoconferencing Systems Make Boardrooms Vulnerable

With the move of a mouse, he steered a camera around each room, occasionally zooming in with such precision that he could discern grooves in the wood and paint flecks on the wall. In one room, he zoomed out through a window, across a parking lot and into shrubbery some 50 yards away where a small animal could be seen burrowing underneath a bush. With such equipment, the hacker could have easily eavesdropped on privileged attorney-client conversations or read trade secrets on a report lying on the conference room table.

In this case, the hacker was H D Moore, a chief security officer at Rapid 7, a Boston based company that looks for security holes in computer systems that are used in devices like toaster ovens and Mars landing equipment. His latest find: videoconferencing equipment is often left vulnerable to hackers.

Businesses collectively spend billions of dollars each year beefing up security on their computer systems and employee laptops. They agonize over the confidential information that employees send to their Gmail and Dropbox accounts and store on their iPads and smartphones. But rarely do they give much thought to the ease with which anyone can penetrate a videoconference room where their most guarded trade secrets are openly discussed.

Mr. Moore has found it easy to get into several top venture capital and law firms, pharmaceutical and oil companies and courtrooms across the country. He even found a path into the Goldman Sachs boardroom. “The entry bar has fallen to the floor,” said Mike Tuchen, chief executive of Rapid 7. “These are literally some of the world’s most important boardrooms — this is where their most critical meetings take place — and there could be silent attendees in all of them.”

Ten years ago, videoconferencing systems were complicated and erratic, and ran on expensive, closed high-speed phone lines. Over the last decade, videoconferencing — like everything else — migrated to the Internet. Now, most businesses use Internet protocol videoconferencing — a souped-up version of Skype — to connect with colleagues and customers. Most of these new systems were designed with visual and audio clarity — not security — in mind.

Rapid 7 discovered that hundreds of thousands of businesses were investing in top-quality videoconferencing units, but were setting them up on the cheap. At last count, companies spent an estimated $693 million on group videoconferencing from July to September of last year, according to Wainhouse Research.

The most popular units, sold by Polycom and Cisco, can cost as much as $25,000 and feature encryption, high-definition video capture, and audio that can pick up the sound of a door opening 300 feet away. But administrators are setting them up outside the firewall and are configuring them with a false sense of security that hackers can use against them.

Whether real hackers are exploiting this vulnerability is unknown; no company has announced that it has been hacked. (Nor would one, and most would never know in any case.) But with videoconference systems so ubiquitous, they make for an easy target.

It certainly would not be the first time hackers had exploited holes in office hardware. After a security breach at the United States Chamber of Commerce last year, the Chamber discovered that its office printer, and even a thermostat in a Chamber-owned apartment, had been communicating with an Internet address in China.

But with videoconferencing, companies have seemingly gone out of their way to make themselves vulnerable. In many cases, they are not only putting their systems on the Internet, but setting them up in a way that allows anyone to listen in unnoticed.

New systems are outfitted with a feature that automatically accepts inbound calls so users do not have to press an “accept” button every time someone dials into their videoconference. The effect is that anyone can dial in and look around a room, and the only sign of their presence is a tiny light on a console unit, or the silent swing of a video camera.

Article source:

On All Levels of the Economy, Concern About the Impasse

Some economists say the effects of lowering the federal government’s credit rating to AA from AAA can be measured in the billions of dollars in increased borrowing costs for the government, and in the billions more that consumers, corporations, states and municipalities will have to pay for their credit. It could also erode consumer and business confidence, slowing even further the economy and job creation.

The prospect of a downgrade by one of the credit rating agencies once seemed almost unimaginable. But the impasse in Washington over the government’s deficit and $14.3 trillion debt limit has led some global financial players to expect the change.

A downgrade on debt issued by the United States would have less severe consequences than a default, which takes places when a government fails to pay its creditors. Many Wall Street bankers on Tuesday said they still believed a default would be avoided because its consequences for the markets and economy could be catastrophic. They were less certain, however, what the cumulative effect might be of a downgrade.

The view among many on Wall Street on Tuesday was that long-term Treasury yields could edge up by 0.10 percentage points, to 0.70 percentage points. That would eventually increase the amount of interest the United States pays on its debt by as much as tens of billions of dollars each year. The government now pays $250 billion a year on interest costs to service its debt.

The size of the increase depends on how long the stalemate in Washington continues, Terry Belton, the global head of fixed-income strategy at JPMorgan Chase, said in a conference call with reporters on Tuesday.

On the high end, the government’s interest payments could climb an additional $100 billion a year, Mr. Belton said. “That is a huge number, representing a long-term permanent increase in U.S. borrowing costs.”

Rates would also increase on some markets priced off Treasuries, including mortgages, credit cards and student and auto loans, analysts warned.

For a typical consumer with a $200,000 mortgage, the increase in yields could translate into an increase of $200 to $400 a year in their loan payments, according to Citigroup analysts.

Treasuries are also widely held as collateral in the huge repurchase markets that are used by banks around the world to raise overnight loans, and in clearing houses for financial derivatives. If Treasuries decline in value, participants could be asked to put up more collateral, which could cause selling across a broad swath of the markets.

Mohamed El-Erian, the chief economist at the investment firm Pimco, said he believed lawmakers would reach an agreement to raise the debt ceiling and avert a default on the country’s debt, but that the nation’s rating would remain vulnerable.

“A downgrade would mean a weaker dollar, somewhat higher interest rates and a further blow to the already fragile national economic confidence,” Mr. El-Erian said. “This translates into weaker growth and even greater headwinds when it comes to job creation, which is absolutely critical at this stage.”

Standard Poor’s, one of the three major ratings agencies, has said that just raising the debt ceiling would not be enough. Without a “credible” plan by Congress for at least $4 trillion in savings, the agency has warned, the United States’ credit rating might still be downgraded.

Analysts and economists pointed to that stance this week when they expressed growing concerns about a downgrade. On Monday, some of the country’s largest state pension funds sent a letter to President Obama and Congress, warning that “the fallout will be felt all across America” and that economic growth “will stall for years to come.”

Standard Poor’s has warned that if the United States is downgraded, many other sectors and institutions could be as well, which would cause them to face higher borrowing costs. Among those it put on a negative credit watch in mid-July were some bond issues by Fannie Mae and Freddie Mac, a few insurance companies, 604 structured finance transactions that totaled $373 billion when issued and some municipal debt backed by the United States.

It was unclear whether the borrowing costs for these entities would climb much higher. Some investors said they did not give much weight to the difference between a triple-A and a double-A.

But in the broader economy, if money that might have gone to new purchases or increased investment were instead diverted to higher interest payments, the result could be slower economic growth and a higher jobless rate for the remainder of the year, analysts warn.

Macroeconomic Advisers said the country’s gross domestic product could slow in the second half of this year to 2.6 percent from a forecasted 3.2 percent, and that the jobless rate could end the year at 9.6 percent, above the 9.2 percent expected.

Joel Prakken, chairman of Macroeconomic Advisers, said any change in interest rates would probably be small and not felt for several years. “The real story is whether the uncertainty will cause consumers and companies to stop spending,” he said.

On that front, some analysts noted that corporations stopped spending long before the debt-limit debate hit the news.

“Companies clearly have had record cash on the books for a year and a half now,” said Alec Young, an equity strategist at Standard Poor’s Equity Research. “Yes, they’re not spending the money, they’re not hiring, but is it because of this issue?”

Eric Dash and Mary Williams Walsh contributed reporting.

Article source: