The Urgent Need to Social Distance From Malware

Staying at home to avoid the COVID-19 virus means many of us are binge-watching movies and TV shows. But what if binge-watching content is leading to another pandemic? In a cruel twist, the combination of binge-watching and workers stuck at home is creating a once-in-a-lifetime opportunity for hackers and other criminals to invade our networks with viruses and do us harm. And now the stakes are higher than they have ever been.

Here’s how. When COVID hit, we all hunkered down. That included a mix of parents working from home, graduates biding their time and school-age children with hours to kill. Sixty-nine percent of Americans report they are watching more content since the lockdown.

And how do many of them get their content? From so-called piracy apps and devices that enable users to get illicit movies and TV shows for free.

Here’s the catch: When these devices are brought into the home and plugged into a network, they bypass the firewall. That means there is little getting in the way of criminals invading the network with their own types of viruses and malware. And once they do, there’s a lot more for them to find, because with the lockdown work computers are on the network often 24 hours a day.

In short, one virus (COVID) leads to a different virus (malware).

If you think this is a small problem, you’re mistaken. According to a recent research survey of 1,512 U.S. consumers by the Digital Citizens Alliance, 13 percent report having a piracy device in the home. That is consistent with other studies looking at North American piracy device usage. These devices are not difficult to find. A Digital Citizens investigation found them for sale on popular platforms such as Facebook and Craigslist. Others buy them buy them from swap meets or other retail sites or are given to them by a family member or friend.

When they get brought into the house, it’s the equivalent of the device being walked past a security guard without any disinfectant. In one instance, a Digital Citizens investigation last year found that once the device was connected to the network it forwarded the researcher’s Wi-Fi network name and password to a server that appeared to be in Indonesia. Later, malware (virus) probed the researcher’s network, searching for vulnerabilities that would enable it to access files and other devices. The malware uploaded (stole), without permission, 1.5 terabytes of data from the researcher’s device.

Others have also issued warnings about the risk. Microsoft warned of malware from piracy apps that enables hackers to use a consumer’s computer to engage in so-called coin-mining, which is the process of creating new digital currency such as Bitcoin. And the Federal Trade Commission last year warned consumers to be wary of malware from piracy devices.

The research bears out the risk of these devices. In a May 2020 research survey, Digital Citizens found that those who said they had a piracy device in the home were THREE TIMES more likely to be a victim of malware (49 percent) in the last year than those who didn’t have a device (16 percent).

Let that risk sink in for a moment and then think about the millions more work devices that are now in homes due to office closures from smartphones to tablets to laptops. Workers at home now play a game of Malware Roulette. Do they know whether there’s a piracy device in the home? And if there is, is their security updated and strong enough to withstand the malware that may seep from a device?

This threat has implications for corporate financial information, supply chain, intellectual property and, yes, even potentially national security, that no one is talking about. We’ve already received reports of a 148 percent increase in ransomware attacks since COVID.

Bank robber Willie Sutton once said he robbed banks because that’s where the money is, and hackers are now targeting homes because the combination of work computers, piracy devices and lax home security is a ripe opportunity to harvest data, steal and blackmail.

I know most people reading this will think, “This is a problem for someone else. My house is safe.” To that, I respond: Are you willing to bet your business, your bank account and personal details on it? If not, go check what device your children are using to watch “Rick and Morty.”

Tom Galvin is executive director of the Digital Citizens Alliance and is focused on raising awareness about issues such as piracy and malware, the illegal online sale of opioids, steroids and other prescription drugs, and the blurring of the lines between the Dark Web and mainstream digital platforms.

Morning Consult welcomes op-ed submissions on policy, politics and business strategy in our coverage areas. Updated submission guidelines can be found here.