Our Computerized Infrastructure Is Already Under Active Attack
Many of the risks and vulnerabilities we have to consider are things that have not yet happened and which we hope might never happen. Nuclear war, for example. Or alternatively they are things that happen so rarely as to give us hope they might not recur during our lifetime – a massive asteroid strike, Yellowstone erupting, those sorts of things.
Very few things we consider are things which are actively happening at present, although perhaps that is definitional and a matter of degree. Maybe it is fairer to acknowledge that some pathways to disaster are already prepared, and we’re potentially heading down them currently.
For example, the risk of economic collapse is never far from the surface (particularly at present), and some type of medical problem – whether a super-flu bug or the consequences of super-antibiotic resistant bacteria – seems to be another type of risk that is of increasingly likelihood.
Furthermore, society’s evolution into an increasingly complex and interlocking structure of chained dependencies makes us ever more vulnerable in the event of any of these events occurring.
But most of these issues are topics for another time. Today, let’s focus on something that is very much ignored and overlooked by most of the mainstream media – the fact that we, in the west, are already locked in a deadly war that threatens our civilization as gravely as any of these other issues. We’re not talking about the global struggle against Muslim extremism. We’re talking about a battle with an enemy we can’t even identify. We don’t know who they are, and we don’t know where they are. We don’t even know if they are one (or many) organized groups, or just a random series of unrelated attacks by individuals.
We’re talking about the battle for our ‘cyberspace’. We don’t just mean what happens if your computer gets infected with a virus, although that’s for sure a bit of collateral damage of sorts. We mean the major battles that are raging beneath the chaotic surface of the internet, battles which usually go unnoticed and regrettably go unreported.
Here’s a case in point : This article in, of all unlikely places, a small regional newspaper/website in Montana, talks about a coordinated cyber-attack against the US earlier this month, known as OpUSA. Apparently it even had some moderate success, including taking down the ISP used by the reporter and more than a million other people (CenturyLink) for a couple of days.
As the reporter concludes,
virtually our entire world economy is now dependent in some way on the Internet, and if it is subverted by malignant forces, then heaven help us.
The only correction we’d suggest is to remove the word ‘if’.
You’d like another example? This time lets turn to a series of articles in the respected MIT Technology Review. Their headlines tell the stories, almost without needing to read the full articles. Protecting Power Grids from Hackers is a Huge Challenge is the headline in one. An earlier story on that theme is headlined Old-Fashioned Control Systems Make US Power Gris, Water Plants a Hacking Target.
Showing that such activity is not just theoretical is this article : Honeypots Lure Industrial Hackers Into the Open. That is an interesting article because it moves beyond the large theoretical element in the first two articles and points instead to a researcher who put up some dummy industrial control systems and found them immediately attacked and successfully penetrated by unknown hackers from no-one knows where.
The war is as much global as it is confined to the US. Here’s an interesting article about how earlier this year a person, as a hobby, collected data on some 310 million different devices connected to the internet.
His findings? The article discreetly says that many of the responses he received came from devices revealing vulnerabilities that would allow them to be readily taken over.
We should note that it isn’t just poorly configured computers that are at risk of takeover. The article mention government level computer takeovers (‘Red October’), as well as government sponsored intrusions (‘FinFisher’).
We ourselves have recent and personal experience with supposedly secure computers being taken over by we don’t know who, but at a level sufficiently severe to cause the FBI to contact us on their own volition and offer their help. Unfortunately, the bottom line appraisal of the situation by their experts is that nothing is 100% secure and a determined hacker will find a way in to just about anything.
There’s another dimension to this problem as well. In addition to the hacker attacks from shadowy individuals and organizations, might the key equipment that connects the essential backbone of the internet together contain deliberately engineered vulnerabilities hidden within them by government sponsored organizations? This worry is at the heart of the reluctance of many western governments, who are resisting the temptation of very low-priced internet routers and switchers offered for sale at low prices by the shadowy Chinese company, Huawei.
This is a vulnerability that is already surrounding us. Do you have a Lenovo computer, for example (Lenovo is a Chinese company that bought the IBM laptop business a decade or more ago)? Even if you have an American brand computer such as Dell or HP, where was it made and, more to the point, where were its components made?
Modern integrated circuits have as many as a billion or more transistors plus countless other resistors and capacitors. Who’s to know what might not be hidden in all of that?
Similar concerns have attached to allowing Huawei to supply equipment for wireless communication services. Let’s extrapolate a bit : Here’s an interesting – and totally speculative – thought. The amazing value new handheld transceiver radios that companies such as Baofeng and TYT are now flooding the US market with – who’s to know if they don’t have some type of remotely activated functions hidden inside them, too?
Some high-end two-way radios have a ‘Stun/Kill’ function which allows the radio to be ‘put to sleep’ via a remote command (ie, to be ‘stunned’) and also to be de-activated totally (ie to be ‘killed’). This is useful in a law-enforcement/security environment – if a radio is lost or stolen, you can remotely destroy it so as to protect the security of your radio communications.
How do we know there isn’t an undocumented function buried within these radios that could result in them all suddenly being de-activated upon receiving a special command signal?
The same is true of much of the electronics in most other things we surround ourselves with. Some risks are minimal and benign – it would be unfortunate if our television set destroyed itself after getting a special coded signal in a regular tv transmission. It would be more inconvenient if the new generation of internet connected refrigerators all failed. If the engine control computers in our vehicles also failed, then things start to move beyond inconvenient, and once we see the control systems for water, sewage, power, buildings, computerized manufacturing, and all the other things that are now computerized (the elevator in your apartment building or office) stop working, then we’re into the middle of a massive disaster.
The fact of the growing number of electronic type risks we are surrounding ourselves with is beyond question, and indeed, our governments themselves are sufficiently concerned as to sometimes refuse to buy lower priced equipment that, on the face of it, seems as good as or better than higher priced equipment.
The reality of the risks is underscored by the ongoing active probing attacks on our infrastructure every day. Some of this may be individuals having fun, some of it is uncoordinated, but some of it for sure seems to be sponsored by state level organizations.
When the time comes for such forces to decide to mount an all-out attack on our computerized infrastructure, it could literally all be over in less than 15 minutes. Almost before we realized we were under attack, sleeping ‘worm’ infections in control systems could be activated and the systems they control destroyed or disabled. Power generators and most other machinery could be destroyed due to being deliberately run too hot or too fast, nuclear power stations could be at risk of meltdowns and major radioactive releases, our grid could be in melt-down, and every computer controlled device, from industrial processes to the pumps at gas stations and the cash registers in our stores would all be disabled.
And then, for the coup-de-grace, the internet as a whole would come crashing down, with the backbone routers and switches all failing. The same would happen to wireless services and even to ham radio type gear too.
Life as we know it would come to an end in less time than it takes to read this summary.
Note, near the end of this article, the observation
It would be possible to adapt to an outage of one or two days with minimal long-term impact on GDP, according to Healy, thanks to backup generators and other measures. “Once you get more than about 10 days, then about 80 percent of economic activity ceases,” he said.
That’s an interesting observation. We have less than ten days from a major failure before our economy collapses, long-term, down to one fifth its present level. How would you manage with one fifth the food you currently eat? One fifth the water? One fifth the electricity and gas?
Remember that it can take two to three years to get a replacement major power transformer. Indeed, with a widespread nationwide attack, almost nothing could be repaired and restored to normal operation in ten days. It is almost a certainty that after a massive electronic attack, our society’s underpinnings would be down for not ten days but more likely ten weeks or ten months, maybe even ten years, and it could take ten decades for a recovery process to be complete.
In an earlier article, we quoted Los Angeles officials as saying people should prepare for a fourteen day period being ‘on their own’. The only thing wrong with that advice is the assumption that, on day 15, it will all magically be okay again. With a major national disaster, the only thing that will happen on day 15 is even greater misery than on day 14, and a growing realization that help will not be magically coming.
Which is, of course, why we are actively preparing for our own self-sufficiency.