As long as companies and governments continue investing in cyber militarization, there will be bigger, more catastrophic computer hacks.
There is no bottom to the rabbit hole when it comes to potential exploits in computer software, Professor Peter Ludlow, an Internet culture expert and professor of philosophy at Northwestern University recently told Business Insider.
Time to dive into that rabbit hole and take a close look at the seven most destructive, scary computer hacks that could come to be.
The Industrial Hack
The networks that control industrial systems — natural gas, water, electricity, nuclear —
are all incredibly vulnerable.
One can only imagine what it would be like if natural gas lines started exploding, or high-voltage transformers started to blow — simply by “spoofing” meters to give operators the wrong readings.
The results would be catastrophic — one disaster expert told Business Insider that long-term damage to these systems would make the fallout from Katrina look light.
The Defence Science Board — a Pentagon think tank — concluded about infrastructure hacks, “the cyber threat is serious, with potential consequences similar in some ways to the nuclear threat of the Cold War.”
The Market Hack
The so-called “flash crash” of 2010 was caused by a “
computer glitch” not a hack, but it shows devastating possibilities.
With high frequency traders adding algorithms and increasingly complex software to the market equation, there’s a need for reciprocal cyber security.
CNBC recently covered a cyber crime report that stated at least 53 per cent of major trading hubs around the globe had become targets of cyber criminals.
“Cybercrime also appears to be increasing in terms of sophistication and complexity, widening the potential for infiltration and large-scale damage,” said the report, released Tuesday. It warned that a major attack could result in widespread public mistrust and a retreat from the markets.
Late hacker Barnaby Jack exposed how a pacemaker could be hacked and basically manipulated to kill the user. Jack exploits an unencrypted wifi-like signal that doctors typically use to harvest information in order to diagnose the state of the pacemaker.
Pacemakers, as they are now, cannot be updated with new firmware without another invasive surgery.
Implanted devices have been around for decades, but only in the last few years have these devices become virtually accessible. While they allow for doctors to collect valuable data, many of these devices were distributed without any type of encryption or defensive mechanisms in place.
Even scarier: Jack demonstrated how the malware used to hack pacemakers is infectious, meaning everyone in range of the originally hacked pacemaker that is also using one, also gets the malware, and also dies.
Ground Control Hack
There are three major problems with the air transit system in the U.S., and all of them stem from the same thing: absolutely no encryption.
First, aircraft can be hacked into directly … and controlled:
Pilots can counteract that attack by switching off autopilot, but the greater problem is that many planes no longer have analogue flight instruments and are thus susceptible to other kinds of manipulation. [Information Technology expert Hugo] Teso said he could control most aircraft systems, put planes on collision courses and even give passengers a fun and exciting surprise by forcing the oxygen masks to drop.
Not quite done yet.
Second, is that the ground control systems are also totally unencrypted and unprotected. Third, is that the update to these systems (projected completion date 2020) is equally unencrypted and unprotected.
“The mere fact that someone could inject a fake air plan into the air traffic control screens is pretty serious,” Andrei Costin, an Information Security specialist who gave a presentation at the Black Hat conference earlier this month, told Airport Technology. “The main problem … is the possibility to inject these fake messages or to try to modify real messages sent by real planes as they’re sent over the air.”
It’s the same kind of exploit as the pacemaker hack, except inside a car.
At the Black Hat conference in Vegas, hackers Charlie Miller and Chris Valasek showed off how they could hack into the computer of a car and control it’s every function, from breaks to speed to air conditioning.
And it’s any car that has an Electronic Control Unit (an ECU, fancy for internal computer), which is every car since sometime in the mid-90s.
Mechanics — like cardiologists — typically use the signal from the ECU to diagnose problems with the car.
Turns out, that signal can also be used to control the car.
The Weapons Hack
Imagine nuclear weapons that didn’t fire … or that instead fired on America’s own cities?
The Defence Science Board imagined just such an outcome, due in large part to enemies hacking the military networks, or contractors installing foreign-made circuit.
The benefits to an attacker using cyber exploits are potentially spectacular. Should the United States find itself in a full-scale conflict with a peer adversary, attacks would be expected to include denial of service, data corruption, supply chain corruption, traitorous insiders, kinetic and related non-kinetic attacks at all altitudes from underwater to space. U.S. guns, missiles, and bombs may not fire, or may be directed against our own troops.
Nowadays all U.S. weaponry is on a network, and that network is like Swiss cheese to new-age hackers (or so the DSB concluded).
Their recommendation for America’s nukes: invest in more off-the-grid (under tons of water) nuclear subs, and, in the meantime, harden networks, and make sure there aren’t any foreign components in any of the circuitry controlling nukes.
Except there’s one thing: hackers at Black Hat say there’s a “small, but definite chance” they’ll be cracked within five years.
The result of the crack would be “a total failure of trust on the Internet,” Alex Stamos, chief technology officer of the online security company Artemis told MIT Tech Review.
From MIT Tech Review:
“The RSA protocol that is the foundation of security on the Internet is likely to be broken in the very near future,” said Philippe Courtot, CEO of security company Qualys, noting that while the computer security industry was underpinned by just a handful of key encryption schemes, “we are very slow at adapting them.”
Another option, called elliptic curve cryptography or ECC, is already in use in the Russian and American government.
Only problem, Russia holds the patents, and they’re planning to share.
“If the cryptopocalypse happens, those patents are not going to last,” Stamos told MIT.
Hopefully the damage isn’t too much to overcome by then.
Business Insider Emails & Alerts
Site highlights each day to your inbox.