Saturday, 13 February 2016

Cybergeddon: Why a global security disaster is inevitable

Cybergeddon: Why a global security disaster is inevitable

Attacks on TalkTalk and Wetherspoon’s are a mere blip compared to what could happen to our global IT infrastructure. Davey Winder examines the genuine doomsday scenarios

Ambassador R James Woolsey Jr, a former director of central intelligence in the US, gave evidence before the Senate Homeland Security and Governmental Affairs Committee in July 2015. Woolsey warned that the US is “heading toward an EMP catastrophe”, meaning a natural or man-made electromagnetic pulse represents an existential threat to the American people. “EMP is a clear and present danger,” Woolsey said. “Something must be done to protect the electric grid and other life-sustaining critical infrastructures - immediately.”


EMP weapons aren’t the only electrical threat to civilisation as we know it. National-security experts use the acronym CHEW (cybercrime, hacktivism, espionage and war) to describe the risk to national economic, political and social stability. Given the number of high-profile reported data leaks, it’s fair to assume that there are also plenty of unreported and undiscovered breaches. It’s also fair to assume that the latter category is most likely to have been carried out by nation-state actors with the financial resources and technical wherewithal to successfully cover their tracks.

So far, the online world has proved pretty resilient when it comes to fending off attacks. However, the attack surface is always expanding, with increasing numbers and types of devices being added to the internet. Add to this the fact that both the nation-state and terrorist threats are better funded than ever before, and many security analysts will tell you that cybergeddon isn’t only likely, but inevitable.

Over the next four pages, PC Pro, with the help of security experts, explores five potential cybergeddon scenarios.

1 Zero-day worms attack critical national infrastructure


Security experts agree that the most plausible worst-case scenario would be an attack on national critical infrastructure. Elad Sharf, security research manager at Performanta, suggests the “zero-day worm” would likely be the weapon of choice.

The rapid distribution capability of a worm, when combined with the unknown impact of a zero-day attack, could potentially be devastating. We’ve seen it before with Conficker, a worm that infected seven million machines within a year of launch in 2008 and still resides on an estimated one million of them today. “Despite research demonstrating that the Conficker virus didn’t have an end-goal or specific purpose, it still caused havoc, including causing fighter planes to be grounded and infecting military systems, including 75% of the Royal Navy fleet,” said Sharf. “The worst-case scenario for a zero-day worm is extreme: it could rapidly disable vast swathes of military and civilian infrastructure… as a prelude to even greater tragedy.”

Zero-day worms could infect industrial control systems, known as SCADA (supervisory control and data acquisition). SCADA sits at the heart of almost everything, be it a nuclear power plant, water-treatment plant or system controlling traffic flow.

States have already performed SCADA attacks, such as an alleged joint US-Israeli strike against the Natanz uranium-enrichment plant in Iran using the Stuxnet worm, with a payload of four zero-day exploits. The attack, which has never officially been confirmed, sabotaged Iran’s nuclear programme by destroying the centrifuges used for separating nuclear material. By attacking its SCADA systems, enough damage was done to shut down the plant. The plant systems were even airgapped – not connected to the outside internet or networks – but the worm still managed to infect them, most likely via contractors with USB drives. Stuxnet was a targeted attack, with a very narrow focus. Imagine how much damage could be done if an attack was broadened. “If you were working with other malicious actors, and putting together a co-ordinated effort, you can probably disrupt multiple services in small and medium-sized countries,” warned Stephen Coty, chief security evangelist at Alert Logic.

If an attack on the power grid, for example, lasted several days and led to blackouts, you could easily envisage looting and violence. Or what about, as Elad Sharf suggests, “if a hospital was hacked and its patient records destroyed?” Worse yet, “this type of attack cannot be 100% prevented: a zero-day worm can take control of any computer on the network, and the impact is exponential”.

2 Self-Crashing cars


Not every expert is convinced that cybergeddon can be delivered by a worm, mainly because defences have been hardened to mitigate against them. “Most systems have defaultdeny firewalls… limiting the attack surface to write a worm for,” said 451 Research senior security analyst Adrian Sanabria.

So what keeps him awake at night? “What would scare the hell out of me is if someone managed to hijack system-update mechanisms,” he said. “Whether Windows, Mac, Android, IOS [or] IoT devices, nearly anything that runs updatable software nowadays has an update mechanism that allows for patches or new firmware versions to be sent out. This makes writing a worm completely unnecessary, because if this mechanism can be leveraged to send out a malicious update, millions of devices could be effectively compromised in a very short timespan.”

What if such an attack targeted integrated software controlling pressure in water or gas pipelines? Obviously, there are massive benefits in fixing issues overnight from a central source, but that also paints a big target on the update system. Sanabria actually discovered such a flaw in some cloud-managed wireless access points that could be updated without any real authentication. Owning one access point made it possible to infiltrate the configuration for all of them, with the help of a small Python script.

When Charlie Miller and Chris Valasek discovered flaws in GM vehicles, they were in a position to sabotage over a million cars using a similar Python script. That’s why Robert Hansen, VP of WhiteHat Security Labs, fears for the future: “What if, in another 20 years, most of us are using self-driving or computer-assisted driving that’s vulnerable to remote compromise? What if, during peak rush-hour time, every single one of them suddenly made an extremely rapid turn?” The potential is certainly there to block roads, halt food supplies and cause widespread chaos. “Most cities are food islands, which means they don’t grow enough food within the city to sustain the population,” Hansen explained. “After a few days of no food, a certain percentage of the population would begin turning on itself.”

3 Bank raids


Governments are always identifying, classifying and securing what they consider to be critical national infrastructure. In the UK, it’s described as “those infrastructure assets (physical or electronic) that are vital to the continued delivery and integrity of the essential services upon which the UK relies, the loss or compromise of which would lead to severe economic or social consequences or to loss of life”. We can only speculate on the individual sites, as they’re classified to avoid making them targets, but the frequently attacked financial sector is almost certainly on that list. So far, most of the attacks targeting this sector have been for financial gain, but someone will “be tempted at one point to perform a real-life re-enactment of Mr Robot’s plot to destroy all digital records of a major financial institution”, warned George Chiorescu-Petre, security consultant at AVR International.

According to Chiorescu-Petre, the impact would be felt instantly. “The first immediate effect would be the inability to perform transactions as the systems would be taken offline,” he told us. “The whole economy can be impacted if companies and people are unable to perform payments.” The second effect would be a loss of trust in the financial system, which can lead to a run on the banks, as seen after the Northern Rock collapse. This destablisation of the economy can quickly lead to political unrest, and regime change often follows.

It could also be scarily easy to unleash a fintech attack, according to Rickey Gevers, CIO of RedSocks. He believes a Border Gateway Protocol (BGP) hijack would be the most likely form of attack. “Anyone with BGP access who is capable of altering BGP tables is able to control the flow of internet packets,” he said. “They can determine where packets are going and which route they will take.” That could make it possible to shut down all the payments systems in a country. Secure BGP on a global level was proposed back in the 2000s, but wasn’t implemented “as people were too afraid that switching to this protocol would cause an outage of their clients’ current internet connections,” according to Gevers.

4 The death of crypto


The most likely cause of cybergeddon will almost certainly be something that hasn’t occurred yet. After all, there’s a huge amount of resources going into preventing the obvious. The unknown is, by definition, hard to predict. Unless you are Guillaume Lovet, threat response manager at Fortinet, that is.

Lovet thinks that the scenario that will change our lives is the proving of the Riemann hypothesis. This is a conjecture that implies results about the distribution of prime numbers, which, if proven, would undermine the basis of asymmetric cryptography. “Modern cryptography completely relies on some unproven mathematical observations,” Lovet explained. “Such as the fact that when you count, prime numbers seem to occur unpredictably.” Prove that they don’t, and more importantly how they don’t, then concepts such as authentication, confidentiality and anonymity on the internet go to pot, with few alternatives in the short term. “That means that suddenly man-in-the-middle attacks cannot be prevented anymore.”

Anyone could intercept and modify sent data. “Think about the implication in terms of e-commerce, banking and authentication to critical systems,” Lovet added. “Now think how much our economy depends on all that today, and even more so tomorrow, with the probable ‘Uberisation’ of many sectors.”

Mathematical breakthroughs undermining modern cryptography would also have consequences for cryptocurrencies and blockchain technology. It would create a total loss of anonymity and privacy, and set back our ability to communicate with any confidence online. And that includes internet service providers and hosts, who would no longer be able to secure traffic to and from their networks. The world might not come to an end but, for a while at least, it would be a whole lot less secure.

5 Reboot failure


The US National Oceanic and Atmospheric Administration (NOAA) is a federal agency that, among other things, provides official space weather alerts, courtesy of its Space Weather Prediction Center in Colorado. If you’re wondering what this has to do with a potential cybergeddon scenario, Ian Trump the security lead at LogicNow, said that’s precisely the problem. “Imagine we started with just three-and-a-half days left before our lives were in for a sudden and drastic change,” he said. “Maybe it was because of the endless loops of terrorist attacks and environmental disaster news that the alert from the Space Weather Forecast Center was neglected.”

The hypothetical alert would be a warning of catastrophic impact due to coronal-hole high-speed stream activity, directly targeting Earth. In other words, a coronal mass ejection (CME) that would cause massive electromagnetic disruption on a scale no single EMP weapon could ever achieve. A CME is a colossal burst of gas and magnetic field from the solar corona that ejects into the solar wind. “It would be hard to accept the idea that our sun was about to switch the power off globally,”  Trump continued. “Forget an elite group of glove-wearing, black-hoodied hackers causing cyber-armageddon, a far more likely scenario is a coronal mass ejection of such magnitude that it disrupts, degrades and destroys not only IT systems, but the lifeblood of those systems. Without it, our way of life shuts down. And by down I don’t just mean Bluetooth-enabled selfie sticks are no longer working, I mean seriously down.”

Ambassador Woolsey and Trump may be right about EMP and CME, but we won’t be taken completely by surprise as researchers at NOAA and elsewhere will warn us to shut things down to prevent irreparable damage. Assuming we take any notice, of course. “The bushy haired, fashion-challenged scientists will tell us to stay indoors; brace ourselves and actually be thankful,” Trump said, reminding us that having switched everything off (and that means everything: IT systems, trains, planes, automobiles and power plants), we have to switch everything back on again. “A global shutdown and reboot is not without its complications. As many an IT admin or MSP knows, shutting down is the easy part – it’s turning everything back on again that can become the problem.” There are systems required for survival – such as life-support, refrigeration, defence and emergency services - which have never been turned off, meaning there’s no surefire way of knowing or predicting how CPUs, hard drives and memory chips that have been running for a decade or more will come back to life. “If we can’t get power plants back online, Facebook and Twitter may be the least of our worries,” Trump concluded. “With any mass event, the criminal element, cyber and otherwise, will seek to exploit the situation, before, during and after. We must all be vigilant, and governments and society will need to work together to reduce the impact of a global shutdown.”