Builders Beware: Smart Homes Under Attack by “Hide ‘N Seek” Botnet
October 30, 2018 —
Scott L. Satkin & Amtoj S. Randhawa - Newmeyer & Dillion LLPGerman manufacturer eQ-3 has found itself under siege by a botnet known as "Hide 'N Seek." This pernicious malware has infected tens of thousands of eQ-3's smart home devices by compromising the device's central control unit. Once a device has been infected, the malware spreads to other Internet of Things ("IoT") devices connected to the same wireless network. IoT devices have become the prime target for botnet attacks. As opposed to computers, laptops, or other larger computing devices, the smaller storage capacity and lower processing power of IoT devices limit the amount and complexity of the security measures that can be installed—making them an easier target for botnets.
What is a Botnet?
For those unfamiliar with the term, a botnet is a network of devices infected with a malware program allowing the infector to control and/or exploit the devices. Once a suitable number of devices are infected, the person or group controlling the botnet can harness the computing power of each infected device to perform activities which were previously constrained by a single device's capabilities (i.e. DDoS attacks, spamming, cryptocurrency mining, etc.).
Hide 'N Seek – History and Capabilities
The Hide 'N Seek botnet first appeared in January 2018 and has since spread rapidly. Its sophisticated design and capabilities have captivated the attention of many security watchdogs and researchers. While many botnets are designed to be "quick and dirty" (i.e. infect a few devices, eke out a little profit, and inevitably be cleared out or rendered ineffective by security updates and fixes), Hide 'N Seek was designed to maintain itself in the host's system indefinitely. When it was first released, Hide 'N Seek primarily targeted certain routers and internet-enabled security cameras; however, it has now began targeting digital video recorders, database servers, and most recently, smart home hubs.
Hide 'N Seek's communication capabilities are also more advanced than previous botnets. Previous botnets relied on existing communications protocols to communicate with other another, but Hide 'N Seek uses a custom-built peer-to-peer system to communicate. This advancement allows Hide 'N Seek to spread more rapidly than previous botnets.
Hide 'N Seek is also capable of extracting a device owner's personal information (i.e. name, address, e-mail, telephone numbers, etc.) whereas previous botnets were not. Most importantly, Hide 'N Seek is consistently updated to increase its infection rate, decrease its detection probability, and bypass any security measures designed to detect and remove it from the system. This modularity has proved to be Hide 'N Seek's greatest strength.
Protecting Against Hide 'N Seek and Other Botnets
While many of the precautions will undoubtedly come from the device manufactures vis-à-vis software programming and updates, homebuilders can still take some precautions to protect their customers.
- When selecting a smart home system to incorporate into a home's construction, be sure to evaluate its security features including, but not limited to its: wireless connectivity, password/passphrase requirements, interconnectedness with other IoT devices, etc. Third-party reviews from tech-oriented outlets will likely have useful information on a device's security measures, vulnerabilities, and any recent security compromises.
- Be vigilant in installing any eQ-3 smart home systems. The extent of the damage caused by Hide 'N Seek botnet remains unknown, as does damage from other potentially-infected technology. Thus, it may be prudent to avoid installing any eQ-3 device until it becomes evident that the threat has been neutralized and all security vulnerabilities have been remedied.
- If a builder uses technology other than eQ-3, precautions must be taken. Ensure that technology providers are thoroughly researched. It is also recommended to include strong contractual indemnity provisions, and require vendors to carry cyber-specific insurance policies.
- Homebuilders should consider purchasing their own stand alone cyber liability policies as a safety net, should potential exposure arise.
Scott Satkin and Amtoj Randhawa are associates in the Cybersecurity group of Newmeyer & Dillion. Focused on helping clients navigate the legal dispute implications of cybersecurity, they advise businesses on implementing and adopting proactive measures to prevent and neutralize cybersecurity threats. For questions on how they can help, contact Scott at scott.satkin@ndlf.com and Amtoj at amtoj.randhawa@ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Affordable Housing should not be Filled with Defects
November 26, 2014 —
Jesse Howard Witt – Acerbic WittPrime Time for Condos: Today’s Denver Business Journal presents a feature on Colorado’s hot market for condominiums and other forms of affordable housing. In several stories, reporter Molly Armbrister discusses how high demand for apartments and low construction of new condominium projects have put a premium on existing property.
Addressing the argument that lawsuits have made builders reluctant to develop multifamily housing, she quotes The Witt Law Firm’s Jesse Witt, who said that both homeowner and builder advocates would like to see changes to Colorado’s existing statutes. Current laws do little to prevent defective work and often leave consumers no choice but to pursue claims in court or binding arbitration if they want a builder to correct code violations and other mistakes.
Read the court decisionRead the full story...Reprinted courtesy of
Jesse Howard Witt, The Witt Law FirmMr. Witt welcomes comments at www.wittlawfirm.net
Recovering Unabsorbed Home Office Overhead Due to Delay
May 30, 2022 —
David Adelstein - Florida Construction Legal UpdatesIn the
preceding article, I discussed the use of a retrospective as-built delay analysis in a case before the Civilian Board of Contract Appeals (CBCA). This case also discussed a damages component in certain delay claims known as unabsorbed home office overhead—a challenging damages component to recover because this deals with indirect costs as opposed to direct costs.
Unabsorbed home office overhead is a damages component when the contractor is on standby, but this is NOT as easy as just claiming standby thereby you are automatically entitled to unabsorbed home office overhead. There are requirements that MUST be met.
To obtain an equitable adjustment for unabsorbed home office overhead as compensation for being on standby, [the contractor] must initially show “[1] a government-caused delay of uncertain duration,” that “[2] the delay extended the original time for performance” or precluded the contractor from finishing earlier than scheduled, and that “[3] the contractor [was] on standby and unable to take on other work during the delay period.
CTA I, LLC v. Department of Veteran Affairs, CBCA 5826, 2022 WL 884710 (CBCA 2022) quoting Nicon, Inc. v. U.S., 331 F.3d 878, 883 (Fed. Cir. 2003).
Read the court decisionRead the full story...Reprinted courtesy of
David Adelstein, Kirwin Norris, P.A.Mr. Adelstein may be contacted at
dma@kirwinnorris.com
California Supreme Court Rights the “Occurrence” Ship: Unintended Harm Resulting from Intentional Conduct Triggers Coverage Under Liability Insurance Policy
June 13, 2018 —
Scott S. Thomas - Payne & Fears Legal AlertSUMMARY
In a ruling that bodes well for policyholders, the California Supreme Court provides much-needed clarity on the question of when a so-called "intentional act" may give rise to insurance coverage under a liability insurance policy. In Liberty Surplus Insurance Corp. v. Ledesma & Meyer Construction Co., Case No. S23765 (Cal. June 4, 2018), the Court holds that an employer's potential liability for negligent hiring, after its employee allegedly abused a 13-year old student, is the result of an "occurrence" and is thus covered under the employer's liability insurance policy.
COURT OPINION
The court's opinion dispels the misguided notion that an intentional act resulting in unintended harm is never an "occurrence" and can never trigger coverage. What matters, according to the Court, is that, from the insured's point of view, the consequences of its conduct are "unexpected, unforeseen, or undesigned" - even if the conduct is intentional. And in a concurring opinion, Justice Liu rightfully questions the legitimacy of the notion that intentional conduct cannot trigger coverage, even when it produces an unintended result, unless, in the words of a 1989 appellate court decision, some "additional, unexpected, independent, and unforeseen happening occurs that produces the damage." As Justice Liu explains, this intervening "happening" may be something as simple as the insured's mistaken belief that he was acting in self-defense, or that the victim had consented to the insured's conduct. This much-needed clarification restores vitality to the fundamental principle that injuries are "accidental" when they are "unexpected, unforeseen, or undesigned," regardless of their cause.
Read the court decisionRead the full story...Reprinted courtesy of
Scott S. Thomas, Payne & FearsMr. Thomas may be contacted at
sst@paynefears.com
CSLB’s Military Application Assistance Program
October 20, 2016 —
Garret Murai – California Construction Law BlogWho knew? I didn’t.
Military Applicants, with Proper Forms, Move to Front of Line for Contractor License Processing
SACRAMENTO – The Contractors State License Board (CSLB) salutes U.S. military personnel for their service and offers expedited application processing by specially trained staff to veterans seeking to become licensed contractors. Unfortunately, not all veterans applying for California contractor licenses are able to take advantage of this opportunity because they do not submit the forms required for this service.
Read the court decisionRead the full story...Reprinted courtesy of
Garret Murai, Wendel Rosen Black & Dean LLPMr. Murai may be contacted at
gmurai@wendel.com
World’s Biggest Crane Gets to Work at British Nuclear Plant
October 07, 2019 —
Jeremy Hodges - BloombergThe world’s largest crane is getting ready to hoist more than 700 of the heaviest pieces of the first new nuclear plant being built in Britain in decades.
The machine, affectionately known as “Big Carl” after an executive at Belgian owner Sarens NV, is in place at Electricite de France SA’s 19.6 billion-pound ($24.1 billion) Hinkley Point C project in southwest England. It can carry as much as 5,000 tons, or the same weight as 1,600 cars, in a single lift and arrived on 280 truck loads from Belgium. It has taken about three months to build.
Nuclear power makes up about a fifth of Britain’s electricity. Most of those plants are near the end of their lives and will close in the next decade. Replacing them won’t be easy—as the scale of the project shows.
Earlier this year, EDF poured 9,000 cubic meters of cement, the biggest single biggest pour of concrete ever recorded in Britain. It was reinforced by 5,000 tons of steel built into a nest 4 meters high that’ll serve as the base of the first new reactor in the U.K. since 1995.
Read the court decisionRead the full story...Reprinted courtesy of
Jeremy Hodges, Bloomberg
Traub Lieberman Attorneys Recognized as 2022 Illinois Super Lawyers® and Rising Stars
February 21, 2022 —
Traub LiebermanTraub Lieberman is pleased to announce that two Partners from the Chicago, IL office have been selected to the 2022 Illinois Super Lawyers list. In addition, three Partners have been named to the 2022 Super Lawyers Rising Stars list.
2022 Illinois Super Lawyers
2022 Super Lawyers Rising Stars
Read the court decisionRead the full story...Reprinted courtesy of
Traub Lieberman
No Coverage For Construction Defects Under Alabama Law
September 14, 2017 —
Tred R. Eyerly - Insurance Law HawaiiThe federal district court found there was no coverage for alleged defects caused by the insured homebuilder. Canal Indem. Co. v. Carbin, 2017 U.S. Dist. LEXIS 126662 (N.D. Ala. Aug. 10, 2017).
Carbin Construction filed suit against Aaron and Sherry Ford, asserting mechanic's and materialman's liens, and seeking sums allegedly due for work performed under a construction contract. The Fords filed a counterclaim, alleging that over a year had passed since Carbin was to complete construction, and that Carbin refused to do any further work on the house until he was paid an additional $11,771.43. The Fords further contended that Carbin had walked off the job after receiving 96.6 percent of the money owed under the contract although only 88 percent of the construction work had been completed. Carbin tendered the counterclaim to Canal. Canal then filed suit seeking a declaration that it had no duty to defend.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly - Insurance Law HawaiiMr. Eyerly may be contacted at
te@hawaiilawyer.com
