The National Security Agency described for the first time a cataclysmic cyber threat it claims to have stopped On Sunday’s “60 Minutes.”
Called a BIOS attack, the exploit would have ruined or “bricked” computers across the country, causing untold damage to the national and even global economy.
Even more shocking, CBS goes as far as to point a finger directly at China for the plot — “While the NSA would not name the country behind it, cyber security experts briefed on the operation told us it was China.”
The NSA says it closed this vulnerability by working with computer manufacturers.
But the BIOS attack sounds staggering. From the 60 Minutes broadcast (emphasis ours):
(Director of Cyber Defence for the NSA) Debora Plunkett: One of our analysts actually saw that the nation state had the intention to develop and to deliver, to actually use this capability — to destroy computers.
John Miller: To destroy computers.
Debora Plunkett: To destroy computers. So the BIOS is a basic input, output system. It’s, like, the foundational component firmware of a computer. You start your computer up. The BIOS kicks in. It activates hardware. It activates the operating system. It turns on the computer.
This is the BIOS system which starts most computers. The attack would have been disguised as a request for a software update. If the user agreed, the virus would’ve infected the computer.
John Miller: So, this basically would have gone into the system that starts up the computer, runs the systems, tells it what to do.
Debora Plunkett: That’s right.
John Miller: — and basically turned it into a cinderblock.
Debora Plunkett: A brick.
John Miller: And after that, there wouldn’t be much you could do with that computer.
Debora Plunkett: That’s right. Think about the impact of that across the entire globe. It could literally take down the U.S. economy.
John Miller: I don’t mean to be flip about this. But it has a kind of a little Dr. Evil quality– to it that, “I’m going to develop a program that can destroy every computer in the world.” It sounds almost unbelievable.
Debora Plunkett: Don’t be fooled. There are absolutely nation states who have the capability and the intentions to do just that.
John Miller: And based on what you learned here at NSA. Would it have worked?
Debora Plunkett: We believe it would have. Yes.
John Miller: Is this anything that’s been talked about publicly before?
Debora Plunkett: No, not– not to this extent. This is the first time. The NSA working with computer manufacturers was able to close this vulnerability, but they say there are other attacks occurring daily.
It’s long been known that cyber attacks on critical infrastructure could level much of America’s economy. The difference here is the target.
Previous defence estimates focus on critical infrastructure — water, electricity, nuclear power — whereas this BIOS attack is solely focused on destroying computers.
A similar attack occurred last year, when a militant group called “The Cutting Sword of Justice” launched an attack on a Saudi oil company Aramco which destroyed the hard drives of 30,000 computers, destroying all stored data.
Though CBS reports that the BIOS plot came from a “nation-state” (allegedly China), experts and analysts largely don’t expect massive cyber attacks from the world’s largest nations due to the interconnectivity of the global economy.
It’s groups like “The Cutting Sword” — whose attacks occur because of perceived inequality of that economy — that have the world’s most powerful governments scrambling to patch up the holes in their cyber security.