By Shilpa Rao
According to a report by Verizon1, the US is facing an increased number of cyber-attacks from government sponsored hackers, cyber-terrorists, anarchists and hacktivists.
Critical infrastructure companies and the software used by these companies have been the targets of attacks innumerable times. In January 2008, a teenaged schoolboy hacked into the tram system in the Polish city of Lodz, derailing four vehicles and injuring at least 12 people2.
Similarly, in 2012, hackers broke into Australia’s Internet provider AAPT’s account and published individual, corporate and government account details including those belonging to the Australian Reserve Bank, Australian Federal Police, Australian Securities and Investments Commission, and the Australian Crime Commission3.
Centralised networks provide organisations with the ease of operations; however, they are also the single point of weakness at the time of a cyber-attack. Most SCADA (supervisory control and data acquisition)4 systems that are used at power companies, sewage and water treatment plants, are mostly secure but utilise phone lines for transmission. Any vulnerability on these phone lines could expose entire power grids, sewage systems, or gas lines to attack.
Governments need to do more to ensure the safety of critical infrastructure and citizens’ privacy. Due to bureaucracy and red tape, government departments and private companies hardly end up coordinating or sharing information that may help prevent a disastrous cyber-attack. Policymakers often maintain ambiguity leaving the responsibility of cyber security with the companies. Government websites and installations often face the highest threat against a cyber-attack but are not safeguarded well enough against such attacks. Ordinarily, due to the lack of the latest technologies in place, the attack is not mitigated in time and the damage sustained is huge.
On April 8, 2015, TV5 Monde, an international Francophone network, was hacked by a group claiming to be part of the Islamic State’s Cyber Caliphate. The network, popular across several countries, was forced to broadcast old programmes for 18 hours after the group had replaced all transmissions with a black screen and aired jihadist propaganda messages. Moreover, the group had also hacked into the TV channel’s Twitter and Facebook accounts, replacing their profile images with those of the Cyber Caliphate. However, further investigations into the attack revealed that the network was in fact hacked by a group of Russians who were disgruntled over the French President’s decision to cancel the delivery of two warships to Russia due to the latter’s war in Ukraine.
The group claiming to be the Cyber Caliphate also leaked ID cards and CVs of relatives of French soldiers fighting the IS in Syria and Iraq. The group posted threats warning the soldiers to “… stay away from the Islamic State! You have the chance to save your families, take advantage of it.” The network reported severe damage of its broadcasting system and said that the group probably took weeks to launch the attack. The attack compromised LAN systems, email accounts, production equipment and servers.
If the attack on TV5 Monde is any precedent, the ultimate aim of some groups could be to access sensitive intelligence files from government agencies in the hope of making them public or using them in attacks. The attack proved that intelligence agencies had a tough time attributing the attack to the right perpetrators.
Attributing of cyber-attacks to the criminals can be challenging, making these attacks harder to stop. In this case, the perpetrators launched the attack from a server in Brazil while sitting in Russia. In such cases, computer forensic experts often take days or weeks to completely assess the amount of damage done to the systems before they can prevent such an attack from taking place again.
In such a situation, it becomes tricky for governments and private companies to repair the damage in time. The Modus Operandi of such cyber-attacks can be easily replicated and reused on multiple targets. Due to the time involved in investigations, detection would be harder – allowing more attacks to take place. Given how dynamic cyberspace is, situations change dramatically over a short period of time. Additionally, since the nature of the attack and the amount of damage is not known for a long time, even if the perpetrators are caught, punishment meted out is usually low.
However, cyber threats and attacks are constantly evolving to become more and more deadly. At times, terrorists and hacktivist groups launch co-ordinated attacks against integrated systems, leading to mass disruptions. In April 2013, Anonymous, a decentralized electronic community, launched #OpIsrael as a coordinated cyber-attack against pro-Israeli governments and websites using DDoS (distributed denial of service), hijacking data and administration panels as well as defacing websites. The group, in a bid to protest the crimes committed against the Palestinian people, aimed to “erase Israel from the internet”.
Terrorist groups have, since recently, developed skilled hacker ‘armies’ who conduct regular attacks on enemy factions and opposing governments. The Islamic State in Iraq and Syria has been recruiting hackers and skilled professionals who are good at handling and using social media, for the purposes of recruitment and to update followers regarding their activities in the region. In January 2015, the group successfully hacked into Twitter and YouTube accounts of the US Central Command. The hackers left their signature mark “I Love you Isis” across the pages and sent out tweets with photos of US personnel in command outposts. The group also uploaded a few military documents.
The Syrian Electronic Army, a group of hackers in support of the Assad regime, used spamming, phishing, DDoS attacks, malware and other approaches to destabilise its targets – political opposition groups, western news channels and human rights groups. In 2011, the group hacked the websites of University of California, Los Angeles, and Harvard University. In April 2013, the group hacked into the Associated Press’ official Twitter account and tweeted “Breaking: Two explosions in the White House and Barack Obama is injured”. This led to a sudden drop in Dow Jones’ index and a $136 billion loss in the equity market5.
New cyber terrorist groups are using social engineering techniques to increase their reach and influence while keeping a tab on the surroundings. The method uses trickery to lure people into installing programmes or mobile applications that access the host’s sensitive data or latch on to their email or other communications. The method is fairly low-tech; however, it allows security breaches to take place without notifying the host unless proper security controls are in place. Terrorist groups are using this technology to plant bugs that make recordings on your phones or use them as microphones so they can access more information.
In the backdrop of these conditions, it would be impossible for government and private companies to successfully prevent or recover from such attacks, while working in silos. Companies and governments would have to come together to mitigate the effects of a cyber-attack. The key to improving the defence mechanism would be sharing of information. A greater situational awareness in the case of an impending cyber-attack would provide for a better cyber-response and defence. It could also help reduce the probability of a domino effect and limit the damages.
Moreover, engaging with the private sector for cooperation and participation would also aid in tackling the threat. Platforms like Facebook, Twitter and YouTube are constantly deleting pages, accounts and videos posted by fundamentalists on radicalisation. However, the companies have been facing a challenge in eliminating all radical content from their forums as a great number of fake addresses and handles pop up. It has become more difficult to monitor content and accounts manually, and intelligence agencies have recently started depending on data-mining capabilities to keep a check on cyber-radicalisation.
Similarly, both, governments and private companies would have to constantly test their multi-layered security systems to make sure they cannot be easily hacked into. Software should be stress-tested regularly using ethical hackers. Passwords should be changed mandatorily on a quarterly basis. Regular employee awareness programmes would help understand the nature of cyber-attacks.
As the use of technology increases, the nature of the attacks will get more sophisticated. It is important not to ignore the risks of cyber terrorism and to develop strategies, policies, create a framework and encourage open communication channels to alleviate the damage from the attack.
4 SCADA is a system operating with coded signals over communication channels so as to provide control of remote equipment (using typically one communication channel per remote station).