Armageddon Science (22 page)

However, a sabotage approach of this kind requires a concerted effort around the world—to be catastrophic, it would need be the most complex terrorist attack ever undertaken. By comparison, there is a simpler hardware approach to cause devastation—and devastation that would spread not just across computer networks, but potentially across all our modern devices. The only constraint here is that it would take a considerable time to set up. But if we are looking at sabotage that might originate from a rogue government or secret state apparatus, this does not seem inconceivable.

Practically every device we use these days, from a sophisticated computer to a TV remote control, contains microchips—tiny wafers of silicon carrying embedded circuits. If saboteurs could gain access to the relatively few companies making these essential components, and make secret modifications to the chips, they could set them up to fail at a set time in the future, or as a response to a particular input.

This possibility has been studied both by academics at Case Western Reserve University in Cleveland, Ohio, and by DARPA. The complexity of many chips is so high that it is entirely possible for there to be circuits in place that are never used or noticed by the manufacturer, but that can later be triggered by timing or an external signal. It is also possible with less technical skill to reduce the lifespan of a chip, causing it to deteriorate and fail quickly.

Although there have been some suggestions for mechanisms to aid in the detection of such dangers concealed in the hardware, realistically there is very little chance of spotting an extra circuit, even with the sophisticated checking processes used in chip-manufacturing plants. Although the relatively small number of chip manufacturers limits the opportunities for a would-be saboteur, it does mean that if such a cyberterrorist can get in place, the scale of the havoc caused (within a few years, when the terrorist’s designs have percolated out through the user base) can be immense.

This is one potential disaster where the only real precaution is good staff vetting in the chip manufacturers, and hope. Yet there is much more to cyberterrorism than the possibility of chips being sabotaged. It’s easy to underplay the impact of an act of cyberterrorism, whether software based, the result of physical attacks, or most likely a combination of the two. You may think, yes, it might be irritating to lose the Internet for a few weeks. Some businesses would go to the wall. The rest of us would suffer inconvenience. But we managed without the Internet before it came along, right? This picture is wrong on a number of levels.

First, we are increasingly dependent on the Internet—and that is far from being the only network at risk. We saw in the banking crisis of 2008–9 just how big an impact a failure of a relatively small portion of the banking system could have on the world’s economies. Yet almost all banking now depends on electronic networks. If the banking networks were brought down, not only would the banks fail to operate effectively, but commerce as a whole would find it difficult to function.

There are worse possibilities still. All our major utilities—electricity, natural gas, water—rely on computer networks and electrical power to operate. If an attack could take out the power and the control networks, we could see the rapid collapse of the utilities we all depend on for day-to-day living. That electrical power is needed to pump gasoline and diesel fuel too. That means no distribution of goods. Empty supermarkets, with no way to sell items, even if they had the produce on the shelves. It has been said that our modern society is only a few days away from chaos if we lose electrical power. We no longer have the capability to scrape by with what’s available around us. Without a support network, towns and cities can’t function.

We can see a smaller-scale version of the potential for this kind of breakdown in the blackout of 2003. As we have seen in our discussion of climate change (chapter 4), this affected a sizable part of Canada and the northeastern United States, leaving 50 million people without power. The result was not only loss of electricity, but disrupted water supplies for millions who rely on pumped water, chaotic disruption of transport, massive losses for business, restrictions on medical capacity, limited communications, and looting. This was survivable. But what if the whole continent lost power for weeks?

Some people ignore the threat from direct physical action to disrupt networks because, while it’s easy to imagine someone sitting at a computer terminal in a distant darkened room hacking into distant computer systems and wreaking havoc, it’s harder to get into the mind-set of someone who will blow other people up—or even kill himself—in order to disrupt society. Particularly American society. Yet all our experience with terrorism to date is that this is just what groups like al Qaeda are prepared to do. It’s how they think. So we must not ignore the possibility that cyberattacks will come in this way.

There have been small-scale attempts using both approaches. For example, in Australia in 2000, Vitek Boden accessed a utility company’s computerized control software using a laptop and a two-way radio to intercept the communications between the computers that formed the management system for Maroochy Shire Council’s sewage services. He caused the system to release a quarter of a million gallons of raw sewage into public waterways. He had recently been refused a job with a sewage company.

On the physical side of such system-based terrorism, a plot by the former terrorist group the Irish Republican Army was uncovered in 1996. The intention was to use an array of explosives to disable key points on the electricity and gas networks, causing chaos in London. This was potentially devastating—but was much smaller than the possibilities that are now available for truly large-scale cyberterrorism, particularly if applied to information networks rather than utilities.

It might help the terrorists who would resort to direct physical attack if they read academic papers. Scientists at the Dalian University in Liaoning, China, used computers to model how the U.S. West Coast electricity grid would hold up when different parts of the grid were taken out, whether accidentally or in a determined attack.

Before this research was undertaken, the assumption had been that the obvious subsection of the grid to take out in an attack would be a heavily loaded one. The idea was that the systems that control the grid should instantly transfer the load from the damaged subsection to adjacent subnetworks, which would then become overloaded and drop out, resulting in a cascade of failure that could take out the whole network. Surprisingly, the research showed that this wasn’t the best approach to take. Under some conditions it was more effective to disable a lightly loaded subnetwork first, if your intention was to cripple as much of the grid as possible. Details of the conditions required for such a collapse have been passed on to the operators of the grid and the Department of Homeland Security.

It has been pointed out, though, that such subtlety is not only beyond most terrorist groups, but unnecessary. Ian Fells from Newcastle University in England has bluntly remarked that “a determined attacker would not fool around with the electricity inputs or whatever—they need only a bunch of guys with some Semtex to blow up the grid lines near a power station.”

Although there has been no major attack using purely electronic means, we have seen enough smaller-scale examples to know what is possible. In 1997 the National Security Agency led a dummy attack on a range of networks that would enable it to produce denial-of-service attacks. (A denial-of-service attack is where a server is bombarded with requests and grinds to a halt, rather like the impact of Roger Morris’s ARPANET worm, but in this case undertaken deliberately.) The aim was to bring down telephone networks and to block the ability to use e-mail. All this was achieved using tools readily available at the time on the Internet.

It’s ironic that the same hackers who undertook the attack on behalf of the NSA pretended to be working for the North Koreans, as in July 2009 we saw a real denial-of-service attack on public computer systems at the White House, the Department of Defense, and the New York Stock Exchange that appears to have originated in North Korea. The only externally obvious result was the disappearance of a number of official Web sites, including the White House site; but one expert described this as a “massive outage,” and even if the actual result was reasonably cosmetic, the potential for damage had this been carried out on a wider scale was considerable.

To make matters more worrying, it is often true that the control systems for our essential utilities, called supervisory control and data acquisition (SCADA) systems, do not have as good a protection from outside interference as do Web sites and other more visible objects on the network. This is partly because those involved aren’t always aware that the external connections exist, but also because the level of real-time communication required for these control and reporting systems sometimes means that the more heavy-duty security protocols and devices used by secure Web sites aren’t appropriate, because they’re just too slow.

There is reasonable evidence that what we hear of these cyberspace attacks is just the tip of an iceberg of threats battering the firewalls and security systems of companies large and small—but most worryingly, also launched against the military and those responsible for key aspects of the infrastructure, such as the power companies. Large companies will get low-level attempts to get into their systems hundreds of times a day, but the power companies experience a serious, heavy-duty attack through the network around once a month. Month after month. Many of them, it has been suggested, are funded and organized by Middle Eastern organizations—or even governments. Occasionally something must give.

But it is not these individual assaults on electronic security that provide the real worry about the impact of a cyberattack. The real concern for those attempting to foil cyberterrorism is that there won’t be just a single stand-alone attempt, but a coordinated assault on many of the computers controlling our infrastructure, resulting in countrywide or even worldwide chaos.

We normally think of such attacks coming in through the Internet, routing their way from a distant country and carefully insinuating their electronic tentacles into supposedly secure systems. Although not infallible, most companies and organizations have software (and sometimes hardware) called firewalls, which are designed to reduce the possibility of an external influence on their systems by trapping all incoming messages that aren’t internally verified. Yet the Internet isn’t the only way of getting into a key system.

Often organizations intentionally open up their systems to the outside world for convenience, in order to be able to use them more effectively. And nothing has caught on more quickly than the ultimate convenience of wireless. Once upon a time, when you paid your tab in a restaurant you had to either give your credit card to the waiter (and hope he wasn’t going into a back room and ordering thousands of dollars’ worth of goods from Asia with it), or trudge over to the till to make use of a tethered machine to punch in your PIN. Now the device comes to your table. It’s wireless.

Many of us have the same kind of convenience at home or in the office. A wireless network means we can connect to the Internet or get data off a static PC from anywhere in the house, using a laptop in bed, or an iPhone in front of the TV. It’s great. After all, not many of our homes have network sockets in every room—and even if they did, we would be tripping over wires all the time. But that convenience comes with a price.

It’s a sobering lesson to wander around suburban streets with an iPhone or a similar device that latches onto wireless networks as it discovers them. Yes, some are password protected, but many are open. You can just jump in and make use of them. If all you want to do is piggyback on someone else’s wireless connection to access the Internet it’s not exactly the crime of the century, but the ease of getting onto wireless links does present a danger. And in the early days of such technology, there was limited security.

A particular source of concern a few years ago was the wireless systems used at airports for curbside check-in and to allow airline agents to get access to all the key computer systems as they combed queues for important passengers. Airlines provide a particularly attractive target for cyberterrorists. Though 9/11 and more recent bomb attempts like the December 26, 2009, Detroit incident were conventional plots, airlines operate complex electronic networks worldwide, making them susceptible to cyberattack.

For instance, American Airlines—inevitably one of the terrorists’ favorite targets because of its prominence and name—had wireless systems at 250 airports across the United States that in the early years of the implementation weren’t encrypted. So anyone monitoring the signal could follow the keystrokes as agents logged on to various systems, making passwords and procedures open to any electronic eavesdropper.

This wasn’t just opening up the commercial systems to dangers of manipulation, causing practical problems for airline operations. It also meant that terrorists intending to hijack a plane could find out key information—who were the sky marshals on board, for instance. It could even could allow the terrorists to manipulate the check-in data to make an unexpected bag “disappear” or to confuse the tally of passenger numbers to conceal an extra flier who hadn’t passed through security.

Since these threats were uncovered, the airlines have taken measures to ensure that their wireless communications are less easy to monitor. But there is still a lot of unprotected wireless traffic out there, and the chances are that some of it will be in areas where allowing open access creates a security risk.

The outcome the public fears most in this arena is that a cyberterrorist could hack into military computers in charge of nuclear weapons and start World War III. This was the scenario of the 1983 movie
WarGames,
where a teenager gets access to a Defense Department computer, believing it to be a game, and brings the world to the brink of war. Such a simplistic attack is not going to succeed—ever since the formation of MILnet, most low-security military computers have been off the Internet, and the high-security ones never were connected. The military has no need to use commercial networks for this kind of activity.