Builders Beware: Smart Homes Under Attack by “Hide ‘N Seek” Botnet
October 30, 2018 —
Scott L. Satkin & Amtoj S. Randhawa - Newmeyer & Dillion LLPGerman manufacturer eQ-3 has found itself under siege by a botnet known as "Hide 'N Seek." This pernicious malware has infected tens of thousands of eQ-3's smart home devices by compromising the device's central control unit. Once a device has been infected, the malware spreads to other Internet of Things ("IoT") devices connected to the same wireless network. IoT devices have become the prime target for botnet attacks. As opposed to computers, laptops, or other larger computing devices, the smaller storage capacity and lower processing power of IoT devices limit the amount and complexity of the security measures that can be installed—making them an easier target for botnets.
What is a Botnet?
For those unfamiliar with the term, a botnet is a network of devices infected with a malware program allowing the infector to control and/or exploit the devices. Once a suitable number of devices are infected, the person or group controlling the botnet can harness the computing power of each infected device to perform activities which were previously constrained by a single device's capabilities (i.e. DDoS attacks, spamming, cryptocurrency mining, etc.).
Hide 'N Seek – History and Capabilities
The Hide 'N Seek botnet first appeared in January 2018 and has since spread rapidly. Its sophisticated design and capabilities have captivated the attention of many security watchdogs and researchers. While many botnets are designed to be "quick and dirty" (i.e. infect a few devices, eke out a little profit, and inevitably be cleared out or rendered ineffective by security updates and fixes), Hide 'N Seek was designed to maintain itself in the host's system indefinitely. When it was first released, Hide 'N Seek primarily targeted certain routers and internet-enabled security cameras; however, it has now began targeting digital video recorders, database servers, and most recently, smart home hubs.
Hide 'N Seek's communication capabilities are also more advanced than previous botnets. Previous botnets relied on existing communications protocols to communicate with other another, but Hide 'N Seek uses a custom-built peer-to-peer system to communicate. This advancement allows Hide 'N Seek to spread more rapidly than previous botnets.
Hide 'N Seek is also capable of extracting a device owner's personal information (i.e. name, address, e-mail, telephone numbers, etc.) whereas previous botnets were not. Most importantly, Hide 'N Seek is consistently updated to increase its infection rate, decrease its detection probability, and bypass any security measures designed to detect and remove it from the system. This modularity has proved to be Hide 'N Seek's greatest strength.
Protecting Against Hide 'N Seek and Other Botnets
While many of the precautions will undoubtedly come from the device manufactures vis-à-vis software programming and updates, homebuilders can still take some precautions to protect their customers.
- When selecting a smart home system to incorporate into a home's construction, be sure to evaluate its security features including, but not limited to its: wireless connectivity, password/passphrase requirements, interconnectedness with other IoT devices, etc. Third-party reviews from tech-oriented outlets will likely have useful information on a device's security measures, vulnerabilities, and any recent security compromises.
- Be vigilant in installing any eQ-3 smart home systems. The extent of the damage caused by Hide 'N Seek botnet remains unknown, as does damage from other potentially-infected technology. Thus, it may be prudent to avoid installing any eQ-3 device until it becomes evident that the threat has been neutralized and all security vulnerabilities have been remedied.
- If a builder uses technology other than eQ-3, precautions must be taken. Ensure that technology providers are thoroughly researched. It is also recommended to include strong contractual indemnity provisions, and require vendors to carry cyber-specific insurance policies.
- Homebuilders should consider purchasing their own stand alone cyber liability policies as a safety net, should potential exposure arise.
Scott Satkin and Amtoj Randhawa are associates in the Cybersecurity group of Newmeyer & Dillion. Focused on helping clients navigate the legal dispute implications of cybersecurity, they advise businesses on implementing and adopting proactive measures to prevent and neutralize cybersecurity threats. For questions on how they can help, contact Scott at scott.satkin@ndlf.com and Amtoj at amtoj.randhawa@ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
New Jersey Supreme Court Ruled Condo Association Can’t Reset Clock on Construction Defect Claim
September 20, 2017 —
David Suggs – Bert L. Howe & Associates, Inc.The New Jersey Law Journal reported that New Jersey Supreme Court “justices reversed an Appellate Division ruling that found three suits filed against contractors by the Palisades at Fort Lee Condominium Association on various dates in March and April 2009 and September 2010 were within the six-year limit because the association received notice of construction defects in the building in an engineer's report issued in June 2007.”
The justices stated that the statute of limitations is not reset when property changes hands: "An owner of a building cannot convey greater property rights to a purchaser than the owner possessed. If the building's owner knew or reasonably should have known of construction defects at the time of the sale of the property, the purchaser takes title subject to the original owner's right—and any limitation on that right—to file a claim against the architect and contractors."
Read the court decisionRead the full story...Reprinted courtesy of
Effective Allocation of Damages for Federal Contract Claims
October 25, 2021 —
Dirk D. Haire, Joseph L. Cohen & Jane Han - ConsensusDocsFederal construction contracts law generally recognizes four basic methods for pricing damages: (1) Actual Cost Method (ACM); (2) Total Cost Method (TCM); (3) Modified Total Cost Method (MTCM); and (4) Jury Verdict Recovery Method (JVRM). In practice, it is difficult to obtain significant recoveries on TCM and JVRM claims, and only marginally easier on MTCM claims. That is because the courts and boards that hear federal government contracts cases have developed a clear preference for the ACM. Despite this preference, many contractors do not have systems in place to maximize their opportunity to recover damages under the ACM. This article introduces various strategies for tracking and allocating damages during project performance in a manner that will support an ACM analysis if a federal construction claim is litigated.
Background: Four Basic Methods for Pricing Damages
The four methods for pricing damages are described, below:
1. Actual Cost Method
The actual cost method claims damages based on records of “actual costs” that were documented during the performance of the contract. All additional costs must be separately recorded from the costs incurred in the normal course of contract performance. Because contractors provide the court or board with documented underlying expenses under the actual cost method, courts and boards prefer this method. However, the actual cost method may not always be feasible where a contractor is confronted with drastic changes early and often in a project.
Reprinted courtesy of
Dirk D. Haire, Fox Rothschild LLP,
Joseph L. Cohen, Fox Rothschild LLP and
Jane Han, Fox Rothschild LLP
Mr. Haire may be contacted at dhaire@foxrothschild.com
Mr. Cohen may be contacted at jlcohen@foxrothschild.com
Read the court decisionRead the full story...Reprinted courtesy of
Novation Agreements Under Federal Contracts
November 29, 2021 —
Hal Perloff - Construction ExecutiveA unique aspect of doing business with the federal government is the built-in limits on a contractor’s right to assign the contract or the right to payment under the contract to third parties. The Anti-Assignment Act (41 U.S.C. § 6305) prohibits the transfer of a government contract or interest in a government contract to a third party. An assignment of a contract in violation of this law voids the contract except for the government’s right to pursue a breach of contract remedies.
What’s a contractor to do when it is acquired/merged with another firm, is restructured or goes through a variety of other types of corporate transaction? The Federal Acquisition Regulations recognize that firms involved in government contracts get bought and sold from time to time and includes procedures for the novation of contracts in certain situations to avoid a potential violation of the Anti-Assignment Act.
What Is a Novation?
A novation is a three-party agreement between the United States, the original contractor and the new contractor offering to assume the government contract. The purpose the novation is to allow the government to recognize a new contractor as the successor-in-interest to a government contract and avoid a violation of the Anti-Assignment Act.
Reprinted courtesy of
Hal Perloff, Construction Executive, a publication of Associated Builders and Contractors. All rights reserved.
Read the court decisionRead the full story...Reprinted courtesy of
Mr. Perloff may be contacted at
hal.perloff@huschblackwell.com
Orchestrating Bias: Arbitrator’s Undisclosed Membership in Philharmonic Group with Pauly Shore’s Attorney Not Grounds to Reverse Award in Real Estate Dispute
June 21, 2017 —
Lyndsey Torp - Snell & Wilmer Real Estate Litigation BlogThe California court of appeal recently issued an unpublished decision in Knispel v. Shore, 2017 WL 2492535, affirming a judgment confirming an arbitration award in a real estate dispute involving Pauly Shore. The court of appeal held that the arbitrator’s failure to disclose her membership in the Los Angeles Lawyers Philharmonic Group with the attorney representing Pauly was not grounds to overturn the judgment.
The underlying arbitration involved a dispute between Michael Scott Shore, on the one hand, and his brother, Pauly, among others, on the other hand, regarding certain residential property located on Sunset Boulevard near The Comedy Store in West Hollywood (owned and operated by their mother, Mitzi Shore). The parties agreed to arbitrate their dispute before Judge Aviva K. Bobb (Ret.) of the Alternative Resolution Center. Judge Bobb issued an award in favor of Pauly, and he petitioned the trial court to affirm the award. Michael opposed, contending the arbitrator failed to disclose that she and Pauly’s attorney had both been members of the Lawyers Philharmonic, for which they had been practicing and performing together since November 2010.
Read the court decisionRead the full story...Reprinted courtesy of
Lyndsey Torp, Snell & WilmerMs. Torp may be contacted at
ltorp@swlaw.com
ADA Compliance Checklist For Your Business
February 06, 2019 —
Danielle Carter - Bremer Whyte Brown & O'Meara LLPThe Americans with Disabilities Act (ADA) protects people with disabilities against discrimination in three important settings:
1. Employment (ADA Title I)
2. Government Services and Public Transportation (ADA Title II)
3. Commercial Facilities and Places of Public Accommodation (ADA Title III)
Since business owners typically act as both employers and facility managers, they must pay careful attention to Title I and Title III of the ADA. A business owner’s ADA compliance checklist should include the following:
1. ADA Compliance Audit for Structural Accessibility. The ADA and its accompanying regulations set forth detailed legal standards and requirements for accessible design, which specify, for example, the minimum width of doors to conference rooms, the maximum height of public drinking fountains, and the maximum thickness of hallway carpeting. Many older buildings were built without features that accommodate people with disabilities, such that the ADA may require improvements to be made to existing facilities.
Read the court decisionRead the full story...Reprinted courtesy of
Danielle Carter, Bremer Whyte Brown & O'Meara LLPMs. Carter may be contacted at
info@bremerwhyte.com
The Word “Estimate” in a Contract Matters as to a Completion Date
February 12, 2024 —
David Adelstein - Florida Construction Legal UpdatesLanguage in a contract matters. The word “estimates” or “estimated” matters particularly when it comes to a date certain such as a substantial completion or completion date. Remember this.
Here is an example.
In Parque Towers Developers, LLC v. Pilac Management, Ltd., 49 Fla.L.Weekly D190a (Fla. 3d DCA 2024), a trial court held that the developer did not complete the construction of five condominium units by the date in the purchase agreements. The developer appealed because “[t]he agreements contain no date certain for the completion of the units, but rather include a clause that ‘Seller estimates it will substantially complete construction of the Unit, in the manner specified in this Agreement, by December 31, 2017, subject to extensions resulting from ‘Force Majeure (the ‘Outside Date’).’” Parque Towers, supra. Another provision in the purchase agreements stated, “[w]henver this Agreement requires Seller to complete or substantially complete any item of construction, that item will be understood to be complete or substantially complete when so completed or substantially completed in Seller’s opinion. Id.
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Kirwin Norris, P.A.Mr. Adelstein may be contacted at
dma@kirwinnorris.com
Ambiguity in Pennsylvania’s Statute of Repose Finally Cleared up by Superior Court
October 17, 2023 —
Mark L. Parisi - White and Williams LLPIn an unpublished opinion from the Pennsylvania Superior Court handed down on August 31, 2023, a long-standing disagreement about the wording of Pennsylvania's Statute of Repose was finally resolved. In Pennsylvania, “a civil action or proceeding brought against any person lawfully performing or furnishing the design, planning, supervision or observation of construction or construction of any improvement to real property must be commenced within 12 years after completion of construction of such improvement” to recover most forms of damages that are sought in these kinds of cases.
A statute of repose is different than a statute of limitations. A statute of repose is a hard line that does not shift. There is no discovery rule with a statute of repose. Most, if not all, states have statutes of repose for construction. The Pennsylvania statute of repose is among the longest in the country. It can be even longer – up to 14 years – if the injury (including property damage) or wrongful death “shall occur more than 10 and within 12 years after completion of construction.”
Read the court decisionRead the full story...Reprinted courtesy of
Mark L. Parisi, White and Williams LLPMr. Parisi may be contacted at
parisim@whiteandwilliams.com
