Builders Beware: Smart Homes Under Attack by “Hide ‘N Seek” Botnet
October 30, 2018 —
Scott L. Satkin & Amtoj S. Randhawa - Newmeyer & Dillion LLPGerman manufacturer eQ-3 has found itself under siege by a botnet known as "Hide 'N Seek." This pernicious malware has infected tens of thousands of eQ-3's smart home devices by compromising the device's central control unit. Once a device has been infected, the malware spreads to other Internet of Things ("IoT") devices connected to the same wireless network. IoT devices have become the prime target for botnet attacks. As opposed to computers, laptops, or other larger computing devices, the smaller storage capacity and lower processing power of IoT devices limit the amount and complexity of the security measures that can be installed—making them an easier target for botnets.
What is a Botnet?
For those unfamiliar with the term, a botnet is a network of devices infected with a malware program allowing the infector to control and/or exploit the devices. Once a suitable number of devices are infected, the person or group controlling the botnet can harness the computing power of each infected device to perform activities which were previously constrained by a single device's capabilities (i.e. DDoS attacks, spamming, cryptocurrency mining, etc.).
Hide 'N Seek – History and Capabilities
The Hide 'N Seek botnet first appeared in January 2018 and has since spread rapidly. Its sophisticated design and capabilities have captivated the attention of many security watchdogs and researchers. While many botnets are designed to be "quick and dirty" (i.e. infect a few devices, eke out a little profit, and inevitably be cleared out or rendered ineffective by security updates and fixes), Hide 'N Seek was designed to maintain itself in the host's system indefinitely. When it was first released, Hide 'N Seek primarily targeted certain routers and internet-enabled security cameras; however, it has now began targeting digital video recorders, database servers, and most recently, smart home hubs.
Hide 'N Seek's communication capabilities are also more advanced than previous botnets. Previous botnets relied on existing communications protocols to communicate with other another, but Hide 'N Seek uses a custom-built peer-to-peer system to communicate. This advancement allows Hide 'N Seek to spread more rapidly than previous botnets.
Hide 'N Seek is also capable of extracting a device owner's personal information (i.e. name, address, e-mail, telephone numbers, etc.) whereas previous botnets were not. Most importantly, Hide 'N Seek is consistently updated to increase its infection rate, decrease its detection probability, and bypass any security measures designed to detect and remove it from the system. This modularity has proved to be Hide 'N Seek's greatest strength.
Protecting Against Hide 'N Seek and Other Botnets
While many of the precautions will undoubtedly come from the device manufactures vis-à-vis software programming and updates, homebuilders can still take some precautions to protect their customers.
- When selecting a smart home system to incorporate into a home's construction, be sure to evaluate its security features including, but not limited to its: wireless connectivity, password/passphrase requirements, interconnectedness with other IoT devices, etc. Third-party reviews from tech-oriented outlets will likely have useful information on a device's security measures, vulnerabilities, and any recent security compromises.
- Be vigilant in installing any eQ-3 smart home systems. The extent of the damage caused by Hide 'N Seek botnet remains unknown, as does damage from other potentially-infected technology. Thus, it may be prudent to avoid installing any eQ-3 device until it becomes evident that the threat has been neutralized and all security vulnerabilities have been remedied.
- If a builder uses technology other than eQ-3, precautions must be taken. Ensure that technology providers are thoroughly researched. It is also recommended to include strong contractual indemnity provisions, and require vendors to carry cyber-specific insurance policies.
- Homebuilders should consider purchasing their own stand alone cyber liability policies as a safety net, should potential exposure arise.
Scott Satkin and Amtoj Randhawa are associates in the Cybersecurity group of Newmeyer & Dillion. Focused on helping clients navigate the legal dispute implications of cybersecurity, they advise businesses on implementing and adopting proactive measures to prevent and neutralize cybersecurity threats. For questions on how they can help, contact Scott at scott.satkin@ndlf.com and Amtoj at amtoj.randhawa@ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Beyond the COI: The Importance of an Owner's or Facilities Manager's Downstream Insurance Review Program
March 15, 2021 —
Hugh D. Hughes, Eric M. Clarkson & Mollie H. Levy - Saxe Doernberger & Vita, P.C.The risk of bodily injury lawsuits is an unavoidable reality for property owners and facilities managers (“FMs”) of large commercial sites such as universities, malls, office buildings, or stadiums. Any person who steps foot on the property is a potential plaintiff, including students, tenants, customers, contractors, and vendors.
Insurance mitigates these risks, but a property owner’s or FM’s risk transfer strategy should include more than their own suite of general liability and other third-party policies. Ensuring additional insured status on a vendor’s or contractor’s policy is also essential to a comprehensive risk transfer strategy. In a functional risk transfer program, a vendor’s or contractor’s general liability insurer should defend and indemnify property owners or FMs as additional insureds (“AIs”) for liability for bodily injury caused, in whole or in part, by the vendor’s or contractor’s operations. When this works as intended, it effectively transfers costs associated with such a lawsuit from the owner or FM to the vendor’s or contractor’s insurer. It also increases the insurance limits available for a loss.
Reprinted courtesy of
Hugh D. Hughes, Saxe Doernberger & Vita, P.C.,
Eric M. Clarkson, Saxe Doernberger & Vita, P.C. and
Mollie H. Levy, Saxe Doernberger & Vita, P.C.
Mr. Hughes may be contacted at HHughes@sdvlaw.com
Mr. Clarkson may be contacted at EClarkson@sdvlaw.com
Ms. Levy may be contacted at MLevy@sdvlaw.com
Read the court decisionRead the full story...Reprinted courtesy of
Lay Testimony Sufficient to Prove Diminution in Value
September 25, 2018 —
Tred R. Eyerly - Insurance Law HawaiiThe trial court erred in excluding lay testimony on diminution of value of the insured's property and by requiring expert testimony. Woodrum v. Georgia Farm Bureau Mut. Ins. Co., 2018 Ga. App. LEXIS 429 (Ga. Ct. App. June 27, 2018).
During a thunderstorm, a large tree fell onto the roof the insured's house, causing significant damage. The damage was reported to their insurer, Georgia Farm Bureau Mutual Insurance Company. When there was disagreement on the amount of the loss, an appraisal was invoked. An award was agreed to and payment was made by Georgia Farm.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly, Damon Key Leong Kupchak HastertMr. Eyerly may be contacted at
te@hawaiilawyer.com
Several Wilke Fleury Attorneys Featured in Sacramento Magazine 2022 Top Lawyers!
October 03, 2022 —
Wilke Fleury LLPWilke Fleury is extremely proud of its incredibly talented attorneys! Congratulations to Steve Williamson, Dan Egan, Neal Lutterman, Danny Foster, George Guthrie, Mike Polis, Ron Lamb, and David Frenznick, who are all featured in this year’s Sacramento Magazine’s List of Top Lawyers 2022!
Reprinted courtesy of
Wilke Fleury LLP
Read the full story... Read the court decisionRead the full story...Reprinted courtesy of
New York Revises Retainage Requirements for Private Construction Contracts: Overview of the “5% Retainage Law”
January 22, 2024 —
Levi W. Barrett, Patrick T. Murray, Skyler L. Santomartino & Mark A. Snyder - Peckar & Abramson, P.C.On November 17, 2023, the State of New York enacted the “5% Retainage Law.” This legislation effectively limits the amount of retainage that can be held from general contractors and subcontractors to no more than 5%. It applies to many but not all construction contracts. In addition, the new law revises late stage billing requirements, enabling contractors to invoice for retainage at substantial completion. Previously, the parties to a construction contract were free to negotiate any retainage amount, limited only by an unspecified “reasonable amount” that would be released as the parties contractually set forth.
Summary
The new law amends Sections 756-a and 756-c of the General Business Law (part of Article 35E of the GBL, known as the “Prompt Pay Act”), and applies to private construction contracts “where the aggregate cost of the construction project, including all labor, services, materials and equipment to be furnished, equals or exceeds one hundred fifty thousand dollars.”
Reprinted courtesy of
Levi W. Barrett, Peckar & Abramson, P.C.,
Patrick T. Murray, Peckar & Abramson, P.C.,
Skyler L. Santomartino, Peckar & Abramson, P.C. and
Mark A. Snyder, Peckar & Abramson, P.C.
Mr. Barrett may be contacted at lbarrett@pecklaw.com
Mr. Murray may be contacted at pmurray@pecklaw.com
Mr. Santomartino may be contacted at ssantomartino@pecklaw.com
Mr. Snyder may be contacted at msnyder@pecklaw.com
Read the court decisionRead the full story...Reprinted courtesy of
The Big Three: The 9th Circuit Joins The 6th Circuit and 7th Circuit in Holding That Sanctions For Bad-Faith Litigation Tactics Can Only Be Awarded Against Individual Lawyers and Not Law Firms
September 03, 2015 —
Christopher B. Lloyd & Stephen J. Squillario – Haight Brown & Bonesteel LLPIn Law v. Wells Fargo Bank, N.A. (2015 S.O.S. 13–56099 – filed August 27, 2015), the Ninth Circuit joined the shortlist of Circuit Courts to hold that sanctions for bad-faith litigation tactics under 28 U.S.C. section 1927 can only be sought against individual attorneys and not law firms. Section 1927 authorizes sanctions against “[a]ny attorney or other person admitted to conduct cases in any court of the United States … who so multiplies the proceedings in any case unreasonably and vexatiously….”
On behalf of the client, an attorney with Kaass Law filed a complaint against ten different defendants, including Wells Fargo Bank, which moved to dismiss under F.R.C.P. Rule 12(b)(6). Rather than responding to the motion to dismiss, plaintiff filed a motion to amend the initial complaint; Wells Fargo Bank filed a notice of non-opposition.
Reprinted courtesy of
Christopher B. Lloyd, Haight Brown & Bonesteel LLP and
Stephen J. Squillario, Haight Brown & Bonesteel LLP
Mr.Lloyd may be contacted at clloyd@hbblaw.com
Mr. Squillario may be contacted at ssquillario@hbblaw.com
Read the court decisionRead the full story...Reprinted courtesy of
Lost Rental Income not a Construction Defect
November 27, 2013 —
CDJ STAFFA judge in Colorado has ruled that although the homeowner’s policy excluded construction defects from coverage, lost rental income and the cost of deck repair involved in fixing a defective drainage system were.
Read the court decisionRead the full story...Reprinted courtesy of
White and Williams Elects Four Lawyers to Partnership, Promotes Six Associates to Counsel
January 13, 2017 —
White and Williams LLPWhite and Williams is pleased to announce the election of Edward Beitz, Justin Fortescue, Jennifer Santangelo and Amy Vulpio to the partnership and the promotion of Paul Briganti, Joshua Galante, Dana Spring Monzo, George Morrison, Craig O’Neill and Steven Urgo from associate to counsel.
The newly elected partners and promoted counsel represent the wide array of practices that White and Williams offers its clients, including bankruptcy, corporate, finance, healthcare, insurance coverage, labor and employment, real estate and reinsurance. These lawyers have earned their elevations based on their contributions to the firm and their practices.
“We are thrilled to elect these four lawyers to the partnership and promote six associates to counsel. These promotions are representative of the breadth of services and deep bench that we have to offer at White and Williams,” said Patti Santelle, Managing Partner. “The election of our new partners and promotion of our counsel is a reflection of their success and dedication as well as the continued health of the firm.”
Read the court decisionRead the full story...Reprinted courtesy of
White and Williams LLP
