(Photo: Facebook)

If you've recently received an email--not sent by your kooky aunt--with the subject line "Check out these kitties! :-)," you may have been the victim of a fake cyberattack. The Wall Street Journal reports that companies are hiring "ethical hackers" to build fake phishing scam emails to test which employees are dumb enough--or big enough cat lovers--to fall for them.

Users who click the link promising more cute cat pics are greeted with a gotcha warning: you've been the victim of a simulated cyberattack, ya dummy. If you want cute cat pics, just Google for 'em.

But the deception goes much deeper. Companies can hire firms like Trustwave Holdings, which will do everything from randomly scattering USB drives around to see if employees stick them in their computers to dressing up in disguises to dupe security. Trustwave's Ryan Jones keeps an arsenal of costumes and frequently employs crutches to "persuade sympathetic people to open locked doors."

He's basically the Gene Parmesan of cybersecurity.

The moral of this story? Never trust a man with crutches asking you to "have a peek at the server room."

Happy Friday. (Photo: Sodahead)

Perhaps feeling jealous of China, North Korea is now accusing the U.S. of committing cyberattacks against it. [Tech in Asia]

We've reached the point where online programming could actually make a significant dent at the Emmy's. House of Cards, anyone? [The Daily Dot]

Google Reader's demise as a wake up call: what do we lose when we become so wholly reliant on a cloud-based app? [Slate]

More techies have stepped up to the plate to fight gun violence. Big name Silicon Valley investors have launched an "innovation and investment" campaign called Sandy Hook Promise. [TechCrunch]

Guns aren't the only political issue techies are taking up. Zuck and others are working for high-skilled immigration reform. [Hillicon Valley]

(flickr/mjtmail)

Firms specializing in technology security make it their business to scare potential customers, but that doesn't make an Internet Identity (IID) report predicting cyber doom in 2014, highlighted today by Ray Kurzweil's Accelerating Intelligence, any less spooky.

According to IID, looming cybersecurity threats in 2013--more mobile malware, increasingly aggressive hacktivism, attacks on the cloud--are "well-anticipated and mundane."

Those "mundane" threats are nothing next to the bleak wasteland of death and destruction IID expects in 2014:

[By] 2014 significant new methods of cybercrime will emerge. These new threats include the utilization of Internet connected devices to actually carry out physical crimes, including murders and cybercriminals leveraging mobile device Near Field Communications (NFC) to wreak havoc with banking and e-commerce. IID also expects the industry to combat such threats with new platforms for sharing intelligence across researchers, commercial enterprises and government agencies.

IID elaborated on "Murder By Internet Connected Devices" with scenarios that sound pretty plausible. They predicted that criminals could use pacemakers with remote connections, control systems on Internet-connected vehicles or even connected machines that control IV drips to potentially carry out long-distance, untraceable crimes.

It sounds like hyperbole, but pacemakers (for example) are already hackable, and as Forbes noted in this early December post about the reality of compromised medical equipment, Homeland has already used a hacked pacemaker as a plot device.

IID also warned about the dangers of NFC-enabled smart phones. NFC, or near-field communication, allows information exchange between compatible devices. It's pretty common on phones now but may one day even permit cars to talk to each other. Paul Ferguson, the company's vice president of Threat Intelligence, says NFC could be "a gold mine for cybercriminals and we have already seen evidence that they are working to leverage these apps to siphon money."

Additional threats IID believes may manifest in 2014 include an increase in state-sponsored malware, like Stuxnet, Flame and Duqu, a successful cyberattack on a power grid and an "exploit of a significant military assault system like drones."

Not directly mentioned but already in the wild: hackers already taking advantage of poorly-secured supervisory control and data acquisition (SCADA) systems which have easily cracked web administration pages. At the moment SCADA vulnerabilities might just cause discomfort and disruption, but in 2014's creepy killer web scenario, compromising a large-scale heating and cooling system might just be round one in an all-out infrastructure attack on a regional, even a national scale.

In posting a link to the Kurzweil write-up about IID's dire warnings, Quartz's Christopher Mims sounded the necessary note of caution needed after reading hints of a looming cyber-pocalypse:

Cybercriminals will straight-up kill you, says firm that profits massively by hyping threat. kurzweilai.net/murder-by-inte…

— Christopher Mims (@mims) January 4, 2013

Duly noted. However, if IID is correct, we've only got a year.

Cower and whimper accordingly.

Mr. Lockhart (www.frbatlanta.org)

Back in late September, you probably went a couple of weeks unable to access your bank account, thanks to a massive wave of cyberattacks against Bank of America, JPMorgan Chase, and others. Well, Dennis Lockhart, the president of the Atlanta Federal Reserve, certainly hasn't forgotten about it.

He recently delivered a speech in Berlin, much of which is about as dry as white toast. Mr. Lockhart, whom we're sure is positively scintillating when you get him a subject like Real Housewives, focused his remarks on "potential sources of financial instability," namely the payments system and public pensions. It's appropriately wonky.

But it's when he turns his attention to cyberattacks that Mr. Lockhart catches our attention. He's warns that, "A real financial stability concern, however, is the potential for malicious disruptions to the payments system in the form of broadly targeted cyberattacks." Oh, great!

Let's harken back to those bank attacks:

The recent attacks involved unprecedented volumes of traffic—up to 20 times more than in previous attacks. Banks and other participants in the payments system will need to reevaluate defense strategies.... What was previously classified as an unlikely but very damaging event affecting one or a few institutions should now probably be thought of as a persistent threat with potential systemic implications.

"Potential systemic implications"? Do we need to start stocking up on canned goods and gold bars, here? The good news is that Mr. Lockhart is pretty sure that, on the grand scale of things that could go wrong with the financial system, DDOS attacks aren't the absolute worst:

But I feel the need to be measured about the potential for severe financial instability from this source. In my judgment, cyberattacks on payments systems are not likely to have as deep or long lasting an impact on financial system stability as fiscal crises or bank runs, for example. Nonetheless, there is real justification for a call to action.

But we've got to say that "not as bad as a bank run" isn't the most reassuring thing we've ever heard. Perhaps Mr. Lockhart has been talking to antivirus mogul Eugene Kaspersky.

President Barack Obama. (Photo: Wikimedia)

At some point in October this year, President Obama signed the slightly creepy-sounding and secret Presidential Policy Directive 20, a source tells The Washington Post. According to the Post, the directive gives the military license to "act more aggressively" when combating cyber-attacks directed at major U.S. networks.

In essence, anyone waging war on the country via the internet is on notice:

The new directive is the most extensive White House effort to date to wrestle with what constitutes an “offensive” and a “defensive” action in the rapidly evolving world of cyberwar and cyberterrorism, where an attack can be launched in milliseconds by unknown assailants utilizing a circuitous route. For the first time, the directive explicitly makes a distinction between network defense and cyber-operations to guide officials charged with making often-rapid decisions when confronted with threats.

Policy Directive 20 is a refresh of a presidential directive signed during the Bush administration and falls in line with the Obama administration's concerns regarding internet-based threats to the nation's infrastructure.

Given the reported mid-October signing of Directive 20, it's worth noting the timing of Secretary of Defense Leon Panetta's October 11 speech about cyber threats. In his address, Secretary Panetta outlined a nightmare scenario combining real and cyber attacks, resulting in what he termed a "cyber Pearl Harbor." Mr. Panetta said such devastating actions would result in "physical destruction and loss of life, paralyze and shock the nation, and create a profound new sense of vulnerability."

Secretary Panetta. (Photo: flickr.com/usnavy)

Earlier this week, Defense Secretary Leon Panetta took a little trip to the Intrepid Air and Space Museum, where he gave a speech. The New York Times reports that in that speech, he proceeded to do what appears to have been his damnedest to scare the ever-loving crap out of everyone, everywhere about the prospect of cyberattacks on our precious bodily fluids American infrastructure.

Painting a picture that sounds an awful lot like a Michael Bay film, Secretary Panetta warned: 

“An aggressor nation or extremist group could use these kinds of cyber tools to gain control of critical switches,” Mr. Panetta said. “They could derail passenger trains, or even more dangerous, derail passenger trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.”

Mass chaos: It's not just for Deceptacons any more!

He also dropped the term "cyber-Pearl Harbor," because of course.

The New York Times also points out that Mr. Panetta is currently stumping for new legislation demanding new standards for things like power plants and gas pipelines. So, you know--grain of salt and all.

HoneyMap (screengrab)

The Honeynet Project has made monitoring the war in cyber space weirdly fascinating with its HoneyMap, which displays malicious attacks as they happen. The result is reminiscent of old animated maps from newsreels reporting on battles during World War II.

The Atlantic Wire explains how to read the HoneyMap:

Each red dot that pops up when you go to the map represents an attack on a computer. Yellow dots represent honeypots, or systems set up to record incoming attacks. The black box on the bottom says where each attack is coming from as they come in.

The Honeynet Project is a worldwide chain of honeypots that track these attacks. As The Atlantic reports, some members of the network aren't pushing their data to the map, so it currently tends to display more attacks across Europe.

Betabeat observed several attacks occurring across Brazil and fewer in the United States, though it appears computers in Google's home city of Mountain View, California and Microsoft's area of Washington State are under sustained attack throughout the day. A large number of the attacks come from various locations in Russia, however we spotted a few actually coming from servers in Mountain View.

Try to not lose a few minutes gazing at the HoneyMap making exploding sounds with your mouth as each red dot bursts on the screen.

Who, me? [Inside IPO]

More and more cyberattacks are being launched against U.S. infrastructure. Okay, but does the malware play AC/DC? [New York Times]

Amazon saw a 96 percent drop in Q2 profits. We're guessing you're not reading this on a Kindle, then. [Wall Street Journal]

The Verge uncovered top secret old Apple product prototypes. [The Verge]

How will Google fiber make money, and what does it mean for already-established broadband companies? [GigaOm]