Photo Credit: Rose Innes
By: Lauren Kelly-Jones
The Hacking of Things: International Law’s Modern Challenge In December, in a fully-booked luxury hotel in the Austrian Alps, guests went to their doors and couldn’t open them. Something was wrong. In the middle of winter, beside the cold Turracher lake the computers went dark.
It was the first weekend of ski season, and the entire door-key system of Romantik Seehotel Jägerwirt ( a 111-year-old hotel) had been taken down. Hackers demanded that the hotel hand over €1,500 (around $1,600, payable in bitcoin) to restore their systems. Because management felt as though they had no choice, they did so. Then – systems back up, doors unlocked – they went public, to warn others of the dangers of this kind of cybercrime: a modern twist on criminal blackmail.
“Ransomware” is in itself not a new concept: in a typical scenario, an entity’s data is encrypted and made unavailable until a payment is made. For instance, in California in February 2016, a hospital was forced to pay $17,000 in bitcoin to free its computers of a hacker’s virus. And yet, the Seehotel Jägerwirt attack is seemingly the first report of ransomware involving a physical device of this scale: the “Ransomware of Things,” or “jackware.” This kind of ransomware has the potential to control connected, intelligent objects in the real world. The risks are all too obvious: AT&T has highlighted the concept of a smart car being hacked with its ignition or brakes remotely controlled; in 2015, a hacker claimed to have taken over a plane’s engine controls; in Finland last year, a DDoS attack halted heating in two buildings in the middle of winter.