Builders Beware: Smart Homes Under Attack by “Hide ‘N Seek” Botnet
October 30, 2018 —
Scott L. Satkin & Amtoj S. Randhawa - Newmeyer & Dillion LLPGerman manufacturer eQ-3 has found itself under siege by a botnet known as "Hide 'N Seek." This pernicious malware has infected tens of thousands of eQ-3's smart home devices by compromising the device's central control unit. Once a device has been infected, the malware spreads to other Internet of Things ("IoT") devices connected to the same wireless network. IoT devices have become the prime target for botnet attacks. As opposed to computers, laptops, or other larger computing devices, the smaller storage capacity and lower processing power of IoT devices limit the amount and complexity of the security measures that can be installed—making them an easier target for botnets.
What is a Botnet?
For those unfamiliar with the term, a botnet is a network of devices infected with a malware program allowing the infector to control and/or exploit the devices. Once a suitable number of devices are infected, the person or group controlling the botnet can harness the computing power of each infected device to perform activities which were previously constrained by a single device's capabilities (i.e. DDoS attacks, spamming, cryptocurrency mining, etc.).
Hide 'N Seek – History and Capabilities
The Hide 'N Seek botnet first appeared in January 2018 and has since spread rapidly. Its sophisticated design and capabilities have captivated the attention of many security watchdogs and researchers. While many botnets are designed to be "quick and dirty" (i.e. infect a few devices, eke out a little profit, and inevitably be cleared out or rendered ineffective by security updates and fixes), Hide 'N Seek was designed to maintain itself in the host's system indefinitely. When it was first released, Hide 'N Seek primarily targeted certain routers and internet-enabled security cameras; however, it has now began targeting digital video recorders, database servers, and most recently, smart home hubs.
Hide 'N Seek's communication capabilities are also more advanced than previous botnets. Previous botnets relied on existing communications protocols to communicate with other another, but Hide 'N Seek uses a custom-built peer-to-peer system to communicate. This advancement allows Hide 'N Seek to spread more rapidly than previous botnets.
Hide 'N Seek is also capable of extracting a device owner's personal information (i.e. name, address, e-mail, telephone numbers, etc.) whereas previous botnets were not. Most importantly, Hide 'N Seek is consistently updated to increase its infection rate, decrease its detection probability, and bypass any security measures designed to detect and remove it from the system. This modularity has proved to be Hide 'N Seek's greatest strength.
Protecting Against Hide 'N Seek and Other Botnets
While many of the precautions will undoubtedly come from the device manufactures vis-à-vis software programming and updates, homebuilders can still take some precautions to protect their customers.
- When selecting a smart home system to incorporate into a home's construction, be sure to evaluate its security features including, but not limited to its: wireless connectivity, password/passphrase requirements, interconnectedness with other IoT devices, etc. Third-party reviews from tech-oriented outlets will likely have useful information on a device's security measures, vulnerabilities, and any recent security compromises.
- Be vigilant in installing any eQ-3 smart home systems. The extent of the damage caused by Hide 'N Seek botnet remains unknown, as does damage from other potentially-infected technology. Thus, it may be prudent to avoid installing any eQ-3 device until it becomes evident that the threat has been neutralized and all security vulnerabilities have been remedied.
- If a builder uses technology other than eQ-3, precautions must be taken. Ensure that technology providers are thoroughly researched. It is also recommended to include strong contractual indemnity provisions, and require vendors to carry cyber-specific insurance policies.
- Homebuilders should consider purchasing their own stand alone cyber liability policies as a safety net, should potential exposure arise.
Scott Satkin and Amtoj Randhawa are associates in the Cybersecurity group of Newmeyer & Dillion. Focused on helping clients navigate the legal dispute implications of cybersecurity, they advise businesses on implementing and adopting proactive measures to prevent and neutralize cybersecurity threats. For questions on how they can help, contact Scott at scott.satkin@ndlf.com and Amtoj at amtoj.randhawa@ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Napa Quake Seen Costing Up to $4 Billion as Wineries Shut
August 27, 2014 —
Michael B. Marois, Zachary Tracer and Dan Hart – BloombergThe earthquake that struck northern California yesterday will lead to economic losses of as much as $4 billion, fueled by damaged wineries and shuttered businesses that rely on tourists.
Insurers will probably cover about $2.1 billion, according to an estimate from Kinetic Analysis Corp., which projected total losses of about twice that sum. Costs borne by the industry may be limited because many homeowners don’t have earthquake coverage, according to the Insurance Information Institute.
“The main source of claims could well be commercial claims, those coming from wineries and vineyards and other commercial interests,” Robert Hartwig, the institute’s president, said in an interview today. “It will take a while for the business owners to sort this out.”
Mr. Marois may be contacted at mmarois@bloomberg.net; Mr. Tracer may be contacted at ztracer1@bloomberg.net; Mr. Hart may be contacted at dahart@bloomberg.net
Read the court decisionRead the full story...Reprinted courtesy of
Michael B. Marois, Zachary Tracer and Dan Hart, Bloomberg
Firm Seeks to Squash Subpoena in Coverage CD Case
May 20, 2015 —
Beverley BevenFlorez-CDJ STAFFAccording to the New Jersey Law Journal, the insurance firm Carroll McNulty & Kull was “subpoenaed in connection with an out-of-state coverage dispute stemming from construction litigation that yielded a $55 million verdict," and "is fighting a demand that it hand over its file.”
Carroll McNulty & Kull told the New Jersey Law Journal that “the subpoena ‘is a transparent attempt to obtain documents ordinarily protected by the attorney-client privilege and work product doctrine.”
The New Jersey Law Journal reported that the subpoena “seeks ‘your entire file for the time period beginning Oct. 1, 2012, and ending June 19, 2014, pertaining in any manner to insurance policies issued by Crum and Forster Specialty Insurance Company.’ Included in the demand are ‘all handwritten or electronically stored notes; electronic and other communications,’ ‘emails and all attachments to those emails, time records, and bills,’ and ‘any documents and materials reviewed.’”
U.S. District Judge Peter Sheridan has been assigned the motion to quash.
Read the court decisionRead the full story...Reprinted courtesy of
Pulte Home Corp. v. CBR Electric, Inc.
August 24, 2020 —
Michael Velladao - Lewis BrisboisIn Pulte Home Corp. v. CBR Electric, Inc., 50 Cal.App.5th 216 (June 10, 2020), the California Court of Appeal reversed the trial court’s entry of judgment in favor of six subcontractors with respect to an equitable subrogation lawsuit filed by St. Paul Mercury Insurance Company (“St. Paul”). St. Paul filed the lawsuit after defending Pulte Home Corp. (“Pulte”) against two construction defect lawsuits. The lawsuit contended that St. Paul was entitled to seek recovery of defense costs incurred on behalf of Pulte based on equitable subrogation. St. Paul relied on the indemnity clauses in each of the subcontracts, and argued that the subcontractors had breached their contracts with Pulte. As such, each subcontractor was obligated to pay an equitable share of the defense of the construction defect lawsuits relating to their work on the homes at issue in such lawsuits. The trial court ruled against St. Paul and held that the subcontractors’ failure to pay defense costs did not “cause” the homeowners’ claims, such that there was no causal connection supporting a claim for equitable subrogation. In addition, the trial court found that “equitable subrogation was an all-or-nothing claim, meaning it required a shifting of the entire amount of defense costs to the subcontractors on a joint and several basis and did not allow for an apportionment of costs among the defendant subcontractors.”
In reversing the trial court’s decision, the Court of Appeal reasoned that St. Paul stood in the shoes of Pulte and was limited to pursuing recovery from the subcontractors based on the same rights as afforded to Pulte under the subcontracts. The Court of Appeal noted that St. Paul was seeking reimbursement of defense costs from the subcontractors based on the theory that they were contractually liable for paying an equitable share of defense costs. The Court of Appeal also noted that St. Paul’s claim was not premised on the contention that the subcontractors’ failure to pay defense costs caused the homeowners’ claims. Rather, St. Paul’s claim was premised on the subcontractors’ breach of their defense duty owed to Pulte under the indemnity clauses in their subcontracts.
Read the court decisionRead the full story...Reprinted courtesy of
Michael Velladao, Lewis BrisboisMr. Velladao may be contacted at
Michael.Velladao@lewisbrisbois.com
How Mushrooms Can Be Used To Make Particle Board Less Toxic
April 15, 2015 —
Sam Grobart – BloombergThink much about particle board? You should. It’s in everything from the chairs we sit on to the houses we live in.
Problem is, the close cousin of plywood is usually made using urea formaldehyde to help bind the wood particles together. The substance has been classified as a known human carcinogen by the Environmental Protection Agency.
One company, Ecovative Design in upstate New York, has figured out how to replace urea formaldehyde with with an unlikely alternative: mushrooms. Not whole mushrooms like you'd find on a pizza, but the root structure of mushrooms, called mycelium. Mycelium does as good a job as any binding wood particles, but will break down into harmless organic matter when disposed.
Read the court decisionRead the full story...Reprinted courtesy of
Sam Grobart, Bloomberg
Pulled from the Swamp: EPA Wetland Determination Now Judicially Reviewable
September 15, 2016 —
CDJ STAFFLandowners and developers bogged in an EPA wetland determination were recently thrown a life line when the United States Supreme Court determined The Army Corps of Engineer’s (Corps) “jurisdictional determinations” (JD) regarding wetland designations are reviewable by the court. United States Army Corps of Engineers v. Hawkes Co. Inc.
Under the Clean Water Act (CWA) landowners and developers who do not have the proper permits can face severe criminal and civil penalties for releasing any pollutant into “the waters of the United States.” Anybody stuck wading through the permitting process will tell you it is difficult, time consuming, expensive, and may eventually prohibit the intended use of the property. Furthermore, there is yet to be a consensus on the definition or scope of the term “waters of the US”. Consequently, a landowners or developers may never be certain whether a permit is necessary before conducting any activity that may discharge a pollutant into a “water of the United States”.
Read the court decisionRead the full story...Reprinted courtesy of
Sean Minahan, Lamson, Dugan and Murray, LLPMr. Minahan may be contacted at
sminahan@ldmlaw.com
Court Throws Wet Blanket On Prime Contractor's Attorneys' Fees Request In Prompt Payment Case
September 03, 2015 —
Steven M. Cvitanovic & Abigail E. Lighthart – Haight Brown & Bonesteel LLPPrompt payment penalty cases do not come around very often, but when they do, there is bound to be fireworks.
In James L. Harris Painting & Decorating, Inc. v. West Bay Builders, Inc., et al. (No. C072169, filed 8/27/15), the California Court of Appeal for the Third Appellate District upheld the trial court's discretion to not award prevailing party attorneys' fees to the party who won a prompt payment dispute. California Business and Professions Code §7108.5 and Public Contract Code §§7107 and 10262 are the mechanisms for obtaining prompt payment relief in California. As shown by the outcome, it is possible to win and lose at the same time.
West Bay Builders, Inc. (“West Bay”) was the prime contractor on a school construction project for Stockton Unified School District. West Bay entered into a subcontract agreement with James L. Harris Painting & Decorating, Inc. (“Harris”) on the project. During construction there were disagreements between West Bay and Harris regarding the contractual scope of work, and Harris performed work it believed was outside the contract, believing it would be paid for the additional work. After West Bay refused to pay for the additional work, Harris left the project, and West Bay hired another subcontractor to complete the work.
Reprinted courtesy of
Steven M. Cvitanovic, Haight Brown & Bonesteel LLP and
Abigail E. Lighthart, Haight Brown & Bonesteel LLP
Mr. Cvitanovic may be contacted at scvitanovic@hbblaw.com
Ms. Lighthart may be contacted at alighthart@hbblaw.com
Read the court decisionRead the full story...Reprinted courtesy of
Prefabrication Contract Considerations
March 08, 2021 —
David Adelstein - Florida Construction Legal UpdatesPrefabrication (also referred to as modular construction in instances), is a form of offsite construction where certain construction activities occur at an offsite manufacturing facility or location. Construction components or units are preassembled (prefabricated) at this offsite location prior to being delivered to the project site and then integrated into the project.
When preparing a prefabrication contract (including a prefabrication subcontract), there are a number of complex considerations that need to be weighed, and these considerations are bullet-pointed below. The purpose of these bullet-points is to give you considerations to discuss and vet when preparing, negotiating, and agreeing to a prefabrication contract or subcontract.
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Kirwin Norris, P.A.Mr. Adelstein may be contacted at
dma@kirwinnorris.com
