Builders Beware: Smart Homes Under Attack by “Hide ‘N Seek” Botnet
October 30, 2018 —
Scott L. Satkin & Amtoj S. Randhawa - Newmeyer & Dillion LLPGerman manufacturer eQ-3 has found itself under siege by a botnet known as "Hide 'N Seek." This pernicious malware has infected tens of thousands of eQ-3's smart home devices by compromising the device's central control unit. Once a device has been infected, the malware spreads to other Internet of Things ("IoT") devices connected to the same wireless network. IoT devices have become the prime target for botnet attacks. As opposed to computers, laptops, or other larger computing devices, the smaller storage capacity and lower processing power of IoT devices limit the amount and complexity of the security measures that can be installed—making them an easier target for botnets.
What is a Botnet?
For those unfamiliar with the term, a botnet is a network of devices infected with a malware program allowing the infector to control and/or exploit the devices. Once a suitable number of devices are infected, the person or group controlling the botnet can harness the computing power of each infected device to perform activities which were previously constrained by a single device's capabilities (i.e. DDoS attacks, spamming, cryptocurrency mining, etc.).
Hide 'N Seek – History and Capabilities
The Hide 'N Seek botnet first appeared in January 2018 and has since spread rapidly. Its sophisticated design and capabilities have captivated the attention of many security watchdogs and researchers. While many botnets are designed to be "quick and dirty" (i.e. infect a few devices, eke out a little profit, and inevitably be cleared out or rendered ineffective by security updates and fixes), Hide 'N Seek was designed to maintain itself in the host's system indefinitely. When it was first released, Hide 'N Seek primarily targeted certain routers and internet-enabled security cameras; however, it has now began targeting digital video recorders, database servers, and most recently, smart home hubs.
Hide 'N Seek's communication capabilities are also more advanced than previous botnets. Previous botnets relied on existing communications protocols to communicate with other another, but Hide 'N Seek uses a custom-built peer-to-peer system to communicate. This advancement allows Hide 'N Seek to spread more rapidly than previous botnets.
Hide 'N Seek is also capable of extracting a device owner's personal information (i.e. name, address, e-mail, telephone numbers, etc.) whereas previous botnets were not. Most importantly, Hide 'N Seek is consistently updated to increase its infection rate, decrease its detection probability, and bypass any security measures designed to detect and remove it from the system. This modularity has proved to be Hide 'N Seek's greatest strength.
Protecting Against Hide 'N Seek and Other Botnets
While many of the precautions will undoubtedly come from the device manufactures vis-à-vis software programming and updates, homebuilders can still take some precautions to protect their customers.
- When selecting a smart home system to incorporate into a home's construction, be sure to evaluate its security features including, but not limited to its: wireless connectivity, password/passphrase requirements, interconnectedness with other IoT devices, etc. Third-party reviews from tech-oriented outlets will likely have useful information on a device's security measures, vulnerabilities, and any recent security compromises.
- Be vigilant in installing any eQ-3 smart home systems. The extent of the damage caused by Hide 'N Seek botnet remains unknown, as does damage from other potentially-infected technology. Thus, it may be prudent to avoid installing any eQ-3 device until it becomes evident that the threat has been neutralized and all security vulnerabilities have been remedied.
- If a builder uses technology other than eQ-3, precautions must be taken. Ensure that technology providers are thoroughly researched. It is also recommended to include strong contractual indemnity provisions, and require vendors to carry cyber-specific insurance policies.
- Homebuilders should consider purchasing their own stand alone cyber liability policies as a safety net, should potential exposure arise.
Scott Satkin and Amtoj Randhawa are associates in the Cybersecurity group of Newmeyer & Dillion. Focused on helping clients navigate the legal dispute implications of cybersecurity, they advise businesses on implementing and adopting proactive measures to prevent and neutralize cybersecurity threats. For questions on how they can help, contact Scott at scott.satkin@ndlf.com and Amtoj at amtoj.randhawa@ndlf.com.
Read the court decisionRead the full story...Reprinted courtesy of
Texas Mechanic’s Lien Law Update: New Law Brings a Little Relief for Subcontractors and a Lot of Relief for Design Professionals
June 07, 2021 —
Tracey L. Williams - Peckar & Abramson, P.C.After several recent failed attempts to amend Chapter 53 of the Texas Property Code (the “Texas Mechanic’s Lien Statute”), it appears that long awaited relief may, at least in part, be on the horizon for subcontractors in Texas. Additionally, architects, engineers, and surveyors also appear to be significant benefactors of House Bill 2237 (“HB 2237”). Under existing law, many subcontractors often fail to perfect their mechanic’s liens under the Texas Mechanic’s Lien Statute because of complex notice requirements which must be sent for every month in which labor or material are furnished. And architects, engineers and surveyors currently have no lien rights unless they have a direct contractual relationship with the owner of the project. Effective January 1, 2022, HB 2237 amends the Texas Mechanic’s Lien Statute in several significant respects.
Subcontractor Impacts
HB 2237 impacts subcontractors in the following ways:
- Establishes uniformity in the notice requirements by imposing the same notice obligation on all subcontractors regardless of with whom they have contracted. Rather than sending one notice to the owner and one to the general contractor, the single notice now required must be sent to both simultaneously. Additionally, HB 2237 prescribes the form of the notice to be given under both Section 53.056 (notice of derivative claimant) and 53.057 (notice of contractual retainage).
Read the court decisionRead the full story...Reprinted courtesy of
Tracey L. Williams, Peckar & Abramson, P.C.Ms. Williams may be contacted at
twilliams@pecklaw.com
San Francisco Bucks U.S. Trend With Homeownership Gains
September 24, 2014 —
Prashant Gopal – BloombergHomeownership climbed in a small number of U.S. metropolitan areas last year including San Francisco; Nashville, Tennessee; and Austin, Texas, where strong job growth helped them buck the national trend.
Of 100 metropolitan areas, 17 had an increase in the “true” ownership rate, which measures the number of owner-occupied households per 100 adult residents, according to an analysis by Trulia Inc. of Census Bureau data. Even in those areas, advances were small. San Francisco had the biggest gain in 2013, rising about 0.6 percentage points from a year earlier, the property-information company said today. The Gary, Indiana, region, made up mostly of suburbs, had a similar increase.
The homeownership rate has been falling in much of the U.S. as incomes stagnate and rising prices make housing less affordable and more difficult to finance for entry-level buyers. The regions where the rate is up include strong job markets such as San Francisco and Austin, and areas with stable prices such as Albany, New York, that were spared the brunt of the nationwide foreclosure crisis, Trulia said.
Read the court decisionRead the full story...Reprinted courtesy of
Prashant Gopal, BloombergMr. Gopal may be contacted at
pgopal2@bloomberg.net
How Your Disgruntled Client Can Turn Into Your Very Own Car Crash! (and How to Avoid It) (Law Tips)
January 21, 2019 —
Melissa Dewey Brumback - Construction Law in North CarolinaOver the summer, I was involved in a car crash. It was *not* my fault– heck, I wasn’t even driving but riding shotgun. But it wasn’t my husband’s fault either. A guy pulling out of a parking lot was watching the traffic coming up the road, but failed to see our car sitting in the same intersection waiting to turn into the same parking lot. He ran right into us.
It may not look like much, but the panels were so damaged it cost almost $9k in damages, over a month of car rental fees, and a LOT of aggravation on our part. The guy who hit us was very nice, apologized, and was concerned if we were injured. His insurance company ultimately paid for all of the damage. However– it wasn’t he who suddenly got a new part time job– that was me. I had to spend lots of time with police, insurance representatives, auto body mechanics, rental car places, you name it. If you’ve ever been in an accident, you know the headache involved. In fact, I have had 2 other accidents over the years (again, neither of which were my fault– I think I’m just a beacon for bad drivers?). One of those accidents was a 4 car accident– a driver hit my car, pushing it into the car ahead, which went into the car ahead of that. In that accident, my car was actually totaled. Fun times!
How is this relevant to your life as an architect or engineer? If you stay in the game (that is, the design field) long enough, chances are, you will, at some point, end up dealing with disgruntled clients. One of those clients may even file a lawsuit against you. Or, for that matter, you may end up getting sued by another party involved in your construction projects– one that you don’t even have a contract with.
Read the court decisionRead the full story...Reprinted courtesy of
Melissa Dewey Brumback, Ragsdale Liggett PLLCMs. Brumback may be contacted at
mbrumback@rl-law.com
Negligent Failure to Respond to Settlement Offer Is Not Bad Faith
May 03, 2017 —
Tred R. Eyerly - Insurance Law HawaiiThe Ninth Circuit found that the insurer's negligent failure to respond to a settlement offer did not constitute bad faith. McDaniel v. Gov't Employees Ins. Co., 2017 U.S. App. LEXIS 4029 (9th Cir. March 7, 2017).
McDaniel was the assignee of claims against GEICO assigned by the insured after settling a wrongful death suit. McDaniel alleged that GEICO unreasonably refused to accept a $100,000 policy limits offer. The case went to trial and a jury awarded McDaniel over $3 million against the insured.
On August 7, 2009, McDaniel's attorney Steven Nichols extended a $100,000 policy limits settlement offer with a fifteen day acceptance deadline to GEICO's attorney Michael Griott. The parties subsequently agreed to extend the acceptance deadline to ten days following MacDaniel's service of responses to outstanding interrogatories, which Nichols hand-delivered to Griott on August 27, 2009. On September 1, 2009, Griott emailed GEICO claims adjuster Aldin Buenaventura with a letter attachment indicating that Nichols had submitted the requested interrogatories and, in bold and underlined text, that "[o]ur response to Plaintiff's policy limits demand is due on or before September 11, 2009.
Read the court decisionRead the full story...Reprinted courtesy of
Tred R. Eyerly - Insurance Law HawaiiMr. Eyerly may be contacted at
te@hawaiilawyer.com
Why Biden’s Infrastructure Plan Is a Green Jobs Plan
April 26, 2021 —
Gernot Wagner - Bloomberg“Once you put capital money to work, jobs are created.”
These are not the words of President Joe Biden, announcing his administration’s infrastructure plan in Pittsburgh on Wednesday. Nor were they the words of Transportation Secretary Pete Buttigieg, standing on a train platform to announce expanded service, or of any of the administration’s economists charged with touting the virtues of the $2.25 trillion spending plan.
It was Michael Morris, then-CEO of Ohio utility American Electric Power, who uttered them on an investor call a decade ago. AEP was fighting an Environmental Protection Agency proposal to reduce mercury and other pollutants from power plants, citing the expense of creating jobs to install new scrubbers on smokestacks or build cleaner plants. Morris, taking his fiduciary responsibility to the utility’s investors seriously, argued these new roles would come at a cost to AEP and were, thus, bad. What he did not question, and correctly so, was whether more investments would indeed create more jobs.
Read the court decisionRead the full story...Reprinted courtesy of
Gernot Wagner, Bloomberg
Cooperating With Your Insurance Carrier: Is It a Must?
January 02, 2024 —
Susana Arce - Saxe Doernberger & Vita, P.C.A majority of insurance policies require the insured to cooperate with the insurer. The cooperation clause generally states, “the insured agrees to Cooperate with us in the investigation, settlement or defense of the suit.”
The “cooperation clause” is often an afterthought because once litigation has ensued an insured is focused on other important considerations. However, insureds should not forget that complying with the cooperation clause can make the difference between the insurer covering or denying a claim.
The Cooperation Clause in Action
The Court in
HDI Glob. Specialty SE v. PF Holdings, LLC,1 highlighted the importance of cooperating with an insurance carrier. In the underlying litigation, residents of an apartment complex sued four entities, all insured by the same insurance policy: two were named insureds and two were additional insureds. The primary insurer provided a defense for the named insureds.
Read the court decisionRead the full story...Reprinted courtesy of
Susana Arce, Saxe Doernberger & Vita, P.C.Ms. Arce may be contacted at
SArce@sdvlaw.com
A Court-Side Seat: Guam’s CERCLA Claim Allowed, a “Roundup” Verdict Upheld, and Judicial Process Privilege Lost
June 14, 2021 —
Anthony B. Cavender - Gravel2GavelThis is a brief account of some of the important environmental and administrative law cases recently decided.
THE U.S. SUPREME COURT
BP PLC, et al. v Mayor and City of Baltimore
The issue the court confronted was a procedural matter: Can the defendant energy companies use the federal removal statutes (see 28 USC Section 1442) to remove a state law climate change lawsuit to federal court? Here, a group of energy companies were sued by the mayor and city council of Baltimore in state court, where they alleged that the defendants had concealed the adverse environmental effects of the fossil fuel products they promoted and sold in Baltimore City. Several similar lawsuits have been filed in many state courts, where typically it is alleged that the defendants can be sued on various common law theories. Rather than defend these cases in state court, the defendants have sought to remove these cases to federal court because climate change liability appears to be an issue that should be settled at the federal level. These efforts have been unsuccessful, with most federal trial and appellate courts holding that the reasons cited for removal (oftentimes the federal officer removal statute) have not been persuasive. In this case, both the Maryland federal district court and the U.S. Court of Appeals held they had no jurisdiction to authorize removal, and thus returned the case to the state court. Noting that the U.S. Court of Appeals for the Seventh Circuit ruled that a removal action could be countenanced under Section 1442, thus creating a circuit split, the Supreme Court held that a straightforward reading of the removal statute empowers the reviewing court to examine all theories for removal that a district court has rejected. Consequently, the Court remanded the case to the Fourth Circuit where it can decide, “in the first instance,” whether there actually exist grounds to remove this case to federal court.
Read the court decisionRead the full story...Reprinted courtesy of
Anthony B. Cavender, PillsburyMr. Cavender may be contacted at
anthony.cavender@pillsburylaw.com