OFF THE WIRE
By Taylor Armerding
The security threat Stephen King warned us about.....
Remember the film "Maximum Overdrive," where machines took over and went on a murderous rampage? With cars and appliances ever more computerized, such a security threat seems a little less farfetched as we head into 2012.
Most people know that their computers and smart phones are under the constant threat of attack from hackers. But your car? Your house? Your TV and other consumer electronics?
It seems like a take on Stephen King's short story "Trucks" -- where machines come to life and go on a murderous rampage (the movie version was "Maximum Overdrive"). In this case, hackers find security flaws in the computers running our vehicles, appliances and medical devices and wreak havoc.
See the related Salted Hash blog post, "McAfee report reminds me of 'Maximum Overdrive'"
The real threat is far less dramatic, of course. But just a couple years ago, few people were seriously talking about this as a danger that might someday come to pass. As we look to 2012, however, the potential seems a lot less ridiculous, since our electronics increasingly tend to be part of a home network with an IP address -- one that can be controlled by a mobile device.
Some experts in information security believe 2012 will be a year when hackers focus more on those things.
Anup Ghosh, CEO of Invincea, says that, "in the search for more interesting devices to hack, the adversary is going to transition from traditional IT networks to embedded systems, which we normally think of as physical systems -- your car, TVs, your house, your office building. Systems that are networked and run a lot of software will be fertile ground for hackers."
Ghosh says the devices in the house simply become another node on the home network. "The devices will run an operating system kernel of some kind and accept network connections. Hackers will be able to exploit the network interface and software services running on these devices to gain privileged access to these devices. From there, they can launch attacks against other devices, store data, and exfiltrate data off the home network."
Ghosh says researchers from the University of California at San Diego and the University of Washington have already demonstrated how to hack cars through the CD player and Bluetooth interface. He says that makes any number of subsystems in the car vulnerable to exploitation. Hackers could track a vehicle, kill the ignition switch and unlock the doors.
Jason Rouse, principal security consultant at Cigital, says these capabilities are not new.
"Frankly, we've been able to break into a car for a decade," he says. "There is a worm hole attack that lets you unlock a car door just by walking past the driver. But in most cases that's not that interesting to hackers. Their primary goal is to make money."
But he does agree that there is increased danger to cars and appliances because of the convergence of controls for home or car systems with mobile devices.
Indeed, there are television ads showing mom turning the lights on and off in her house from her smart phone while she sits on an airplane waiting to leave the gate.
"You can turn on your car, you can lock or unlock it with your mobile device. That convergence comes with possible consequences," Rouse says.
"You could imagine hackers getting control of a number of vehicles and then selling that list to criminals. They can say where the vehicles are, what their license plates are, and they could unlock them all at the same time."
Rouse says the best thing consumers have going for them is that hackers tend to be lazy. "Most of them don't have the attention span to do something like that."
The primary danger, experts agree, is not to the car or the home itself but to the personal data that lies behind it -- things like passwords, credit card numbers and other information that can then be easily monetized.
When it comes to office buildings, Brenden Williams, global CTO of Marketing at RSA, The Security Division of EMC, says most companies do a good job of identifying physical assets to be secured.
For more on smart building security, see the interactive case study "Protecting Joe's Office"
"We even build security enclaves in the physical world like we might design in an electronic world. Data centers tend to be like vaults, networking closets are like locked file cabinets, and Wi-Fi is like a chain-link fence," he says.
But, he says, the systems that control the locks may not be so secure. "Are they vaulted?" he asks, "or sitting in a locked closet somewhere in an area of the network that might be accessible remotely?"
Those systems should be in a vault as well, he says.
Ghosh says the responsibility for security of home and office systems "falls squarely on the shoulders of the device manufacturers. As these manufacturers network-enable these devices, they must also engineer them for resiliency against cyber attack.
But Rouse says that may be a long time coming.
Home, auto and office systems that can be controlled remotely, "are very sexy," he says. They are sold by charm. Security is an afterthought."
Read more about network security in CSOonline's Network Security section.
Much of the most important stories in the San Jacinto Valley this year involved crime.
The most notorious of those stories was the series of attacks on the Hemet Police Department, which started early in 2010 and came to an end in 2011 with the arrest, trial, conviction, and sentencing to multiple life terms in prison for the man deemed mostly responsible for the attacks.
Jon Smit was sentenced to four life terms for the multiple attempts to kill Hemet police offi cers, particularly detective Chuck Johnson, who arrested Smit on drug charges and was scheduled to testify against Smit about the time the attacks started. Booby traps were set at Johnson's house and attached to his police car.
Neither succeeded, nor did a zip gun attached to the gate at the Hemet/San Jacinto Gang Task Force headquarters, which narrowly missed offi cer Matt Hess instead because for once it was him, and not Johnson, who rolled the gate back.
Smit's suspected accomplice has yet to be tried.
An offbeat result of the investigation into the case was a lawsuit by the Vagos motorcycle gang, which objected to hints the bikers were responsible for the attacks.
Former District Attorney Rod Pacheco indicated during a news conference that the Vagos could be suspects and the homes and businesses of several Vagos were subsequently raided with assorted results.
The DA and city later conceded that the Vagos were not considered suspects, though the city refused to issue an apology for law enforcement statements or actions regarding the Vagos.
Another maximum sentence went to Jose Manuel Campos, who was convicted of the shooting death of his friend, Adrian Rios, during an argument at Campos' home on Blue Jay Way in south Hemet. Rios' body was subsequently burned and dismembered.
Parts were found in the back yard of the home and other locations, including a lake in which a skull proven by DNA tests to be Rios' was found.
Campos was sentenced to 25 years to each for murder and for using a fi rearm in the commission of the murder.
Because of the combined convictions, Campos, who was 17 years old at the time of the crime, will not be eligible for parole for 50 years.
Sentences were also handed down in the cases of most of the four San Jacinto City Council members and members of their families in the money laundering issues involving Jim Ayres' run for the California Legislature.
He and the other presumptive major fi gure in the case, developer Steve Holgate, pleaded guilty to the money laundering charges while a number of associates, including Ayres' wife and motherin- law, members of fellow councilman John Mansperger's family, and former councilman Dale Stubblefi eld pleaded guilty to lesser charges and received sentences ranging from jail, in Ayres' case, to probation and parole.
The only former member of the city council who has yet to be tried is Jim Potts, who maintains his innocence and has been demanding a trial since he was indicted with the others two years ago.
His trial was to have started within the next couple of weeks, but a change of judges has put it off. Potts said he was not part of any conspiracy.
Not all the news was bad, though. Hemet found a way out of its deepening fi nancial problems when it decided to hire a private company to provide trash service that the city formerly provided through a city department.
The city will receive a series of franchise payments over a period of years, including a multimillion dollar payment up front. Getting less cordial treatment were the marijuana outlets that had set up shop in the valley.
Both San Jacinto and Hemet have launched legal cases to close them down for violations of the law under which medical marijuana can be legally dispensed to those with prescriptions.
Riverside County supervisors, who govern the parts of the valley not in the two cities, decided at year's end to follow suit by notifying dispensaries in violation of the law that they must close and, if they don't, that they face legal action to force their closure. Public safety in Hemet was getting a lot of attention at year's end.
Dave Brown, a veteran of the department, was named police chief and a consultant was hired to examine how the fi re department can work more effi ciently and the police and fi re departments can work more closely.
A second consultant was hired in December to examine the police department's ability to gather and analyze the kind of data city management said it needs to accurately assess public safety needs.
Even before the second contractor was in a city offi ce, members of the city council were asking for a clearer picture of his responsibilities.
Two of Hemet's long-time institutions were sold during the year, or nearly sold.
The century-old Hemet Theatre's owners reached agreement with a newly formed foundation that wants to turn the building into a sevenday operation that mixes live performances with the movies it once showed and other entertainment concepts.
The agreement had yet to be fi nanced by press time, though both sides said they expect the deal to go through. The foundation is planning events to help raise money for the theatre purchase.
Also sold was the Valley Chronicle, established a decade ago to bring local news to the valley. Owner Jerry Bean said he decided to sell to Henderson, Nevada publisher Eric Buskirk because he was losing $15,000 per week.
Buskirk publishes a similar paper in Henderson and stepped in at the last minute to keep the Valley Chronicle from closing, which was Bean's plan. The paper has not ceased publishing since the sale, despite the last-minute deal.
Another San Jacinto council member, Steve Di Memmo, made headlines as well, but not for committing crimes.
Instead, Di Memmo got attention for his bankruptcy fi ling worth half a million dollars and the subsequent discovery that a business listed in the bankruptcy papers as operating for at least three years through 2010 had never been licensed.
Neither did Di Memmo claim income from the business on his form 700, the mandatory report on income derived from activity within the jurisdiction of the council, which is the city.
Di Memmo subsequently said the dimensions of the bankruptcy were misstated in news coverage and that the business had been closed down before he joined the council in 2004, despite their being claimed on the bankruptcy form.
Hemet got some good news for its downtown. A building that burned at Florida and Carmelita avenues will be replaced.
The city council approved the fundamental design, but had questions about what businesses would be operated at the site.
Council members expressed a desire to know the building could be converted in better economic times to something along the lines of a coffee house or small restaurant.
Some council members have also expressed a desire to link such an establishment with other evening entertainment venues to which easy pedestrian access could be provided.
Moving a little slower is the relocation of Highway 79 through San Jacinto and Hemet to connect Highway 60 to I-215 near Winchester.
The highway has been in the planning for more than a decade and was to have seen the start of construction in 2006.
However, fi nancial and bureaucratic barriers pushed the deadline back repeatedly until 2011 when the last of the environmental study components were completed and the report was distributed for comment.
Sometime in 2012 the project will be brought back to the construction and alignment stage with the goal of establishing a time line for construction.
The highway could eventually become a divided, limited access highway, but early plans call for just two lanes and some interests are militating for creating intersections with stop signs or lights to provide businesses with better exposure to passing traffic.
The highway will start at Sanderson Avenue and Lamb Canyon Expressway and terminate at Winchester Road.
Where the access ramps will be located has yet to be determined. Hemet resident George Hayes had a good year.
He won $1.127 million playing penny wheel of fortune at the Fantasy Springs Casino in Indio. Hayes noticed irony in his win. It was on his birthday, March 18, 25 years ago when he and his late wife hit the Flamingo Hilton in Las Vegas $250,000.
When Hayes hit the Fantasy Springs Casino for $1-millionplus, it was on May 5 – his late wife's birthday.
Hayes said the jackpot will change his life little, if at all.
"It will help me through my golden years," said Hayes. "It's not really going to change my lifestyle any."
The Community Pantry got a new home and a new manager during the year.
Board Chairman Sandie Foreman said the pantry had to move because the Hemet Valley Hospital, which owns the building the food pantry has used since 1996, was needed for medical records.
That has been the agreement since the food bank moved in, said Foreman.
The hospital owns several buildings at the food bank's former location and took over each one as a hospital need arose. The new executive director, Jim Lineberger, who replaced the retiring Sandy Jernegen, soon after moved to San Jacinto and Oakland avenues, an unfurnished building that he has since been working to provide with chairs and tables and other necessities.
Riverside County Supervisor suggested California should be split into two states, North and South California, because he did not like Gov. Jerry Brown's handling of the deficit.
The proposal did not immediately generate widespread support.
When it was presented to the board of supervisors, the best deal Stone could make was an agreement that the county would serve as host of a regionwide meetings in Riverside to determine whether any other jurisdictions have an interest in the proposal.
No meetings have been held yet.
Two well-known community members died during the year. The 81-year-old Lyle Alberg was not only former Hemet city manager, but a former member of the city council.
He died of congestive heart failure at Eisenhower Medical Center in Palm Springs in May.
Anne Bollow, a long-time advocate for both the Hemet City Library and the valley's historical endeavors, died in August at the age of 65 after several years of battling cancer.
During a memorial held at the Ramona Bowl, one of the causes for which she worked, friends recalled Bollow's unstinting efforts on behalf of everything from the failed attempt to turn the Stock Farm into a historical site to San Jacinto's conversion of its historic Estudillo mansion into a landmark.
Bollow was one of several Estudillo mansion supporters who turned up every Fourth of July in period costume to provide mansion tours and to answer visitors' questions.