In correlation between decreasing software quality standards and increased demand for convenience, resulting in ever increasing deployment of network connected infrastructure, the risk of exploitation increases exponentially.
This paper outlines the coherent intertwinement between aforementioned factors and factors like cybercrime, and cyber terrorism become a much neglected problem.
Cyber security must become an essential part of such things as the upcoming smart grid.
Why there will be a Cyber-9/11. Soon (Cyber security, cybercrime, terrorism)
1. CREATING THE LEADERS OF THE DIGITAL ECONOMY
Lars Hilse – Digital Strategy Consultants
Eichstrasse 10 B | 25767 Bunsoh | Germany
+1 (949) 208 4181 | +49 (0)4835 9513027 | +44 (0)845 5089559
WWW.LARSHILSE.COM
//WHY THERE WILL BE A CYBER-9/11. SOON
Published on July 29
th
, 2014 //
1//EXECUTIVE SUMMARY
To orchestrate and execute a major cyber terrorism attack, you need to circumvent four major
obstacles:
• Anonymous communication, so that you cannot be interrupted during the planning
• Finding the right specialists with a low ethical standard (or short on cash)
• Transferring assets to pay these specialists untraceably across borders
• Vulnerable infrastructure you can exploit for such attacks.
I have privately funded over two years of research worth over USD $125.000, revealing not
only financial crimes with damages in excess of USD $2+ trillion p. a.
During the research I have come to the conclusion that the aforementioned obstacles can all be
circumvented today, and that vulnerabilities in both in civilian and military infrastructure can
be exploited.
While terrorists of the past had to sacrifice their lives or liberty to create major incidents,
today they don’t even have to leave the comfort or their own home.
Furthermore, these vulnerabilities don’t have to be exploited for classic, terrorist motives.
They can also be used for anonymous extortion of corporations/governments, because attacks
can be targeted in an exceptional fashion.
2//WHY A CYBER 9/11 IS IMMINENT
On July 29th, 2014 Israel became victim to a cyber attack, in which Chinese hackers exploited
their “Iron Dome” missile system, which protects the State of Israel from the rocket attacks
originating from territories of their surrounding adversaries.
This was the most recent example of exploits in network-connected infrastructure, outlining
the massive vulnerabilities even in newer systems being deployed, preceded by the “Stuxnet”
virus, which was probably the first publicly known incident in which a piece of software was
2. CREATING THE LEADERS OF THE DIGITAL ECONOMY
Lars Hilse – Digital Strategy Consultants
Eichstrasse 10 B | 25767 Bunsoh | Germany
+1 (949) 208 4181 | +49 (0)4835 9513027 | +44 (0)845 5089559
WWW.LARSHILSE.COM
used to destroy/alter a piece of network-connected infrastructure.
Two main factors, which create a majority of the aforementioned vulnerabilities, are
• The ever increasing demand for network connected infrastructure, and
• The decreasing quality in software, or it’s so called End-of-Life
When combined with the negligence towards technological advancement of governments
attempting to create policy to reduce such risks, the potential devastation becomes
incomprehensible.
3//INCREASING USAGE OF NETWORK CONNECTED
INFRASTRUCTURE
The exponential increase in network-connected infrastructure is due to two main factors:
• Convenience and cost reduction in operational systems
• Monitoring the operation decentralized/without human assets being on location
This exponential increase, while bringing economic benefits along with them, create gaping
holes in any organization’s infrastructure because their deployment is - more often than not -
run on a tight budget, and/or are not sufficiently supervised during installation.
Furthermore, a lot of the operators of such systems are insufficiently trained to understand the
background of the system they are handling.
This leads to a combination of critical factors, making anything from a traffic light to a power
plant very vulnerable.
3. CREATING THE LEADERS OF THE DIGITAL ECONOMY
Lars Hilse – Digital Strategy Consultants
Eichstrasse 10 B | 25767 Bunsoh | Germany
+1 (949) 208 4181 | +49 (0)4835 9513027 | +44 (0)845 5089559
WWW.LARSHILSE.COM
4//DECREASING SOFTWARE-QUALITY & END-OF-LIFE
After Microsoft released Windows XP, it became clear that a majority of the focus on security
had been sacrificed for the benefit of such things as “Windows XP Media Center Edition” and
other gadgets built into operating systems.
This diversion was the start to the creation of more consumer-focused operating systems with
gaping security vulnerabilities, which can be exploited in any number of ways.
Further, Windows XP was the last operating system capable of running a majority of the
software, which in turn controlled the connected SCADAs, PLCs, and other network connected
infrastructure interfaces of the world.
XP’s end-of-life/end-of-support in early 2014 has increased the threat of exploitation of such
systems significantly, as a majority of companies operating XP cannot/will not afford the
continued maintenance offered through Microsoft at additional costs.
The end-of-life-problem also applies for software written to control the interfaces between the
operating system and the controller.
The controllers are a difficulty by themselves because their average lifespan significantly
exceeds that of the software running it, or the operating systems, which support them.
In addition to this, the lifecycles of the operating systems have also shortened.
Besides many other factors, it’s the lack of imagination and negligence towards such threats
that elevates them significantly.
5//VULNERABILITIY PROLIFERATION OF NETWORK CONNECTED
INFRASTRUCTURE
For over 2 years I have been investigating the “Deep Web” and Bitcoin, exploiting terrorists
using these channels to communicate and transfer funds anonymously.
While the extent of these communications isn’t that far spread (yet), I recently discovered the
standard passwords and other vulnerabilities of SCADAs and other systems controlling
network-connected infrastructure.
4. CREATING THE LEADERS OF THE DIGITAL ECONOMY
Lars Hilse – Digital Strategy Consultants
Eichstrasse 10 B | 25767 Bunsoh | Germany
+1 (949) 208 4181 | +49 (0)4835 9513027 | +44 (0)845 5089559
WWW.LARSHILSE.COM
Exploiting these vulnerabilities can have significant consequences, because an ever-increasing
amount of everyday infrastructure is controlled remotely through the Internet.
Most of these systems are protected more of less sufficiently from the “outside world”, but
once these protection methods have been circumvented, the systems controlling anything
from a traffic light to a power plant, are freely accessible.
6//CONCLUSION
For over two years I have been researching the “Deep Web” and Bitcoin, revealing a lot of
startling crimes being committed therein and financed through Bitcoin.
What makes these two elements of the Internet so attractive to criminals and terrorists is the
fact that it provides
• Almost absolute anonymity in communication through Email and other services
• Untraceable money transfer across borders, even in large sums, with ways to obscure
transactions
Russia recently put out over USD $110.000 for anyone that can make usage of the Deep Web
through TOR traceable.
Looking at the criminal complaint filed against Ross Ulbricht makes it evident, that his
apprehension in context to allegedly running Silk Road, the Deep Web’s number one site for
drug trade (USD $1.2B transactions within 2 years), was only possible because he made
mistakes in the founding stages of his endeavor.
Resulting thereof, it is safe to assume that had these mistakes been avoided, the Silk Road
would still be in operation.
When these to major elements are combined with the fact that the world has tens of thousands
vulnerabilities for criminal elements to exploit, the next step of assembling a team of
specialists is just a matter time.