Mass US power hack possible

Cyber warfare is most certainly no longer the subject of blockbuster Hollywood movies. An ex-chief of US national intelligence has told CBS' 60 Minutes programme that not only is the country vulnerable to cyber warfare but that it is unprepared for an attack. Speculating on what an attacker might do, Retired Admiral Mike McConnell said:

"If I were an attacker and I wanted to do strategic damage to the United States, I would either take the cold of winter or the heat of summer, I probably would sack electric power on the U.S. East Cost, maybe the West Coast, and attempt to cause a cascading effect. All of those things are in the art of the possible from a sophisticated attacker." A couple of years ago this would have been a Jame Bond/Die Hard baddy-plan. Now the guy whose day job involved running the CIA and NSA is talking about hackers turning the lights out on the US.

The report also quoted President Obama as saying, "We know that cyber intruders have probed our electrical grid, and that in other countries cyber attacks have plunged entire cities into darkness." He is most likely referring to hacker attacks against Brazilian power supplies in 2005 and 2007. The report states, "Several prominent intelligence sources confirmed that there were a series of cyber attacks in Brazil: one north of Rio de Janeiro in January 2005 that affected three cities and tens of thousands of people, and another, much larger event beginning on Sept. 26, 2007."*

So when you're watching the inevitable action movies this Christmas, don't scoff at the evil hacker elements of the baddys' plans. They're probably realistic.

Watch the report or read about it.

* UPDATE: Brazilian government officials have recently denied that the 2007 blackout was the result of hacker action. The cause was apparently "pollution in the chain of insulators due to deposits of soot", as claimed in a report by Brazil’s independent systems operator group (Spanish).

Traffic Light Hackers

It's just like in the movies (again): Traffic Light Hackers.

Die Hard 4.0 - total bollocks?

A magazine called Total Film asked me to decide whether or not the hacker plotline for Die Hard 4.0 was "bollocks". As I understand it, the story involves a group of hackers that strike at the vulnerable United States computer infrastructure. The baddies systematically shut this system down, beginning with the traffic lights and moving on to crash banking networks and the stock market, thus crippling the economy.

That does sound like a rather ambitious hack and I've not seen the film, so I'm not in a position to comment on any techniques they might use. But essentially there are precedents for the types of attack mentioned above. And let's not forget that self-professed "bumbling amateur" Gary McKinnon managed to access military systems without much effort, allegedly causing $700,000 worth of damage.

So, with that in mind, here was my initial response:

"No, it's not bollocks. All computer systems have weak points, even military and government networks. There have already been real-life cases of hackers disabling US traffic lights by hacking into the central control computer, breaking into banks and even attacking the California power grid. The Russian stock market was hammered by a virus last year, so Bruce had better dig out his copy of Norton AntiVirus quick."

What does a computer virus look like?

If you've never seen a computer virus you might be wondering what one looks like. If Hollywood movies are to believed, they are pretty exciting with lots of virtual reality interfaces and 3D graphics.

In reality, and on the surface, a virus might appear in your email as an attachment, perhaps pretending to be an image or a security update from Microsoft. So that innocent-looking icon is one way that computer viruses can appear to the human eye.
But wouldn't it be more interesting to look beyond the image of an icon and see what it looks like under the hood?

Virus researchers use tools like Interactive Disassembler Pro (IDA) to reverse engineer malware. So you could argue that a virus looks like this program's output, as below:



This might be an accurate view, but it's not very exciting. I can't see this appearing in The Matrix IV. Anti-virus company F-Secure has developed a new tool that provides a pretty amazing, movie-style view of the effects a virus has on a computer system. The view below illustrates it. Add a pumping soundtrack and a 3D version of Bruce Willis and you've got Die Hard 5.1 (build 366478).


Read about (and visualise) more viruses and other threats.