Tag Archives: cyber terror

Obama Issues Cyber Response Directive

president-cyber-response-directive-gets-mixed-reviews-showcase_image-9-a-9290

President Obama consults with special assistant Lisa Monaco (White House Photo)

President Obama has sealed his legacy as not only America’s first African-American president but also America’s first cyber president. No president before has overseen the development of internet initiatives and cyber warfare capabilities as President Obama.

To add to that legacy President Obama has issued a new Presidential Policy Directive; the United States Cyber Incident Coordination Directive. Like many other of his policies this too has come under scrutiny. Experts in the field disagree on whether the policy is workable in the event of a large scale cyber attack. On the other hand others believe that the policy is right on target.

Announced on July 26th the presidential directive assigns specific roles to the FBI, DHS and the Office of the Director of National Intelligence (ODNI). The agencies are directed to establish three lines of action that include threat response, asset response and intelligence support activities.

The policy places the FBI in charge of coordinating the immediate response to a terror related cyber event. DHS will lead the asset response action by providing technical assistance, locating the cyber attacker, protecting assets and recovering from the attack. Intelligence and analysis responsibilities will fall to the ODNI who will perform an analysis of the threat and identify opportunities to mitigate and disrupt it.

Some cyber experts believe that the new policy is “overly complicated” and has “too many moving parts.”  These experts believe the policy requires new and different parts of the federal government to work together efficiently in a cyber crises without having been tested.

Phil Reitinger is CEO of Global Cyber Alliance and a former DHS deputy undersecretary for the  for cyber security.  Reitinger does not believe the complexity of the directive will hinder its effectiveness.   “I don’t think it’s a huge lift for implementation. I suspect this is the way the government already works,” says Reitinger. “I think it’s more a likely description of the way things now generally work and ought to work as opposed to a notional thing to work toward.”

Lisa Monaco assistant to the president for homeland security and terrorism spoke at a cyber security conference on the day the directive was issued. “Our new policy acknowledges that when businesses and federal agencies are the victim of or experience a significant cyber incident, one of the most important considerations is likely to be restoring operations and getting back online. Our policy makes clear that we will coordinate with the victim to minimize any interference between their incident response and our own.”

Even though the president’s directive is design to integrate both private and federal response to a cyber attack many in the private sector feel that it leaves them out.

Internet Security Alliance chief executive Larry Clinton is happy about federal efforts to clarify its responsibilities in the event of a major cyber event. “However, defining these roles and responsibilities on a government-only basis, as this appears to have done, is bad policy making and counter to the administration’s own oft stated views on the need for government to work with the private sector,” he says. “As far as I can tell, there has been little or no private sector involvement in the development of this new system. Clinton went on to say, “Every Cyber Storm (a combined cyber exercises with industry and government) action report has stressed the need to increase coordination between the public and private sectors. This program seems to move in the opposite direction.” 

See also:

Obama; First Cyber President

President Obama Launches Cyber Offensive, Part 2, Part 3

Obama Launches ConnectedHome Initiative

 

Halloween’s Most Horrible Hacks

ID-100197712

Courtesy of hyena reality

Halloween happens in just a few days. And on that frightful night some pretty horrifying little creatures will be knocking at your door. Terror and fright on Halloween is all fun and games. But real terror has become part of our lives in the digital age. We have come to fear identity theft, data breaches and other digital age terrors. Everyday someone has a bank account emptied. There are monsters in cyber space. Online digital demons commit evil acts and do horrible things using technology and the Internet. We all need to be aware of the evil that lurks in cyber space. But evil has no limit as hackers are always trying to out do one another. There is a threat in cyber space that could kill thousands and even cripple civilization. Here are some really terrifying Halloween hacks.

1) Aircraft hacking is real. What happened to Malaysian Airlines Flight 370? It disappeared without a trace. Was it hacked? No one knows. It simply disappeared.  IOActive’s Ruben Santamarta said it was possible to hack satellite communications equipment on passenger jets. This is done by hacking into the Wi-Fi and in-flight entertainment systems such as those found on Southwest Airlines. This attack was proven possible but only in a laboratory. Santamarta said a potential attacker could hack the plane’s avionics disrupting or altering satellite communications. The result would be a modification or disruption of the aircraft’s navigation and safety systems. Aviation experts disagree, calling such an attack impossible. But is it? PlaneSploit is an Android app that has demonstrated the ability to take over an aircraft. Created by security researcher and commercial pilot Hugo Teso, the app allows users to control a plane from the ground using an Android phone, a radio transmitter and flight management software. The app is not exactly highly technical but you need some hacking knowledge. PlaneSploit was demonstrated during the Hack In The Box conference in Amsterdam. Teso demonstrated how he could change the flight path of a plane to a crowd. You can use this system to modify approximately everything related to the navigation of the plane,” said Teso, adding, “that includes a lot of nasty things.”

2) Murder by hack! If someone has an implanted medical device an evil person could tamper with it and potentially kill them. Medical devices have the capability of being hacked. In 2012, the late New Zealand hacker Barnaby Jack discovered a way to hack an implanted insulin pump causing it to inject 45 days’ worth of insulin in one shot. He also figured out how to shut down a heart pacemaker. Needless to say either of these hacks would cause almost instant death.

An investigation by the US Department of Homeland Security is focusing on “two dozen cases of suspected cyber security flaws in medical devices and hospital equipment.” These flaws could cause serious injury or death in the recipient. Unnamed sources familiar with the investigation by the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) report the devices under investigation include infusion pumps from Hospira Inc. and implantable heart devices from Medtronic Inc and St Jude Medical Inc.

Modern implanted medical devices were never designed to be “hacker proof”. This makes them easy targets for the evil hackers we know are out there. 

3) Disrupt civilization. How would you survive without electricity, water or telephones? What would life be like if you could not buy groceries or gas? What if the traffic lights suddenly stopped working? What if a nuclear power plant became unstable due to a hacker taking over the controls? All these are very, very real possibilities and would most likely create panic even anarchy. Civilization would come to a halt.

University of Michigan security researchers using  a standard laptop hacked nearly 100 wireless networked traffic lights and were able to change the state of the lights on command. A hacker could paralyze a city with this technology.

Research released by Automatak in 2013 revealed 25 vulnerabilities in power plants across North America. The flaws found at electrical substations, water utilities, and power stations left them open to attack. If a hacker so desired they could exploit these vulnerabilities to crash or hijack the servers at these facilities resulting in the loss of utilities for millions of people.  Hackers have also attacked the banking and financial network causing outages at ATMs and retail point of sale systems locations.

4) Are the babies safe?  The connected home is here. Everything in your home can be connected to the Internet and controlled through your mobile device or web browser. And this means that a hacker can hack into your home turn off alarms and open doors for burglars or worse. They could tamper with the thermostat, lighting, sprinklers or other home controls systems. A hacker could penetrate, even take over devices. In April of this year an Ohio couple were awakened by the voice of an unknown man shouting “wake up baby!” through their wireless baby monitor. A hacker had penetrated their home network and was harassing a sleeping child. Cameras throughout the home allowed the hacker to see the child in her bed.  Hackers have taken control of laptops with webcams and microphones and spied on families. Hackers have taken pictures of women nude, including Miss Teen USA, and blackmailed them. Its called sextortion. Smart televisions with cameras and Internet connections have also been hacked and used to spy on people. Devices in the modern connected home present significant security risks. Keep that in mind as we enter the frightening age of the Internet of Things.

5) Empty the prisons. Did you ever see that movie where a small town was overrun and terrorized by escaped convicts? Is this possible? The answer is yes! Modern prisons are now computer controlled. At a recent DEFCON conference in 2011 researcher John Strauchs demonstrated that it is indeed possible to open every cell door in a prison at once. He hacked into an industrial programmable logic controller. The same hack used to attack an Iranian nuclear facility. What would happen if a hacker could do this to prisons or local jails all over the country on the same day?

6) Your car is a death trap! The newest cars are Internet connected with WiFi and Bluetooth technology. New cars no longer use keys. They can be unlocked and operated  using a wireless key fob. You can get GPS directions and Internet radio and movies. But a hacker could decide to disable your brakes while you’re doing 70 mph on the interstate! Maybe a criminal just wants your car and decides to hack the door locks and just drive away…with you in it! Imagine the horror of discovering your steering is locked while driving with your family in the car. These things can happen with the new technology in cars today. Read all about it here in the AACR report “Hack My Ride”

What we are talking about is not an imaginary scenario. Technological terror is real and the next hack could seriously impact the entire nation. Cyber terrorism is the new frontier for terrorists and they are seeking a target. The intend to do damage far worst than the 9/11 attacks. Imagine if every person in the United States woke up to find that our electronic financial infrastructure was crippled and the banks were shut down? It could happen. Ask  the FBI who have an entire division that is dedicated to stopping a cyber terror attack. But most experts agree, it will happen.

Happy Halloween!