The Sony cyberattack: portent of things to come?
When I first read about the cyberattack on Sony I didn’t pay all that much attention.
That turned out to be wrong. This attack on a US company, almost certainly by the government of North Korea, is a devastating blow to which Sony—and, more importantly, the US—have offered no effective reaction so far. In fact, Sony has caved in the face of the threats.
Obama is promising an “appropriate response” to what the administration labels a “serious national security matter.” But it’s unclear what that could possibly be, unless it involves a retaliatory cyberattack on North Korea, or some cyber-activity that suggests that we at least have the capacity to do so if we wanted to.
A nation such as North Korea—or any of the other numerous hostile countries or groups in the world—could go to the heart of our economic system and strike a huge blow. Computers have taken over much of the record-keeping and communications in business and government, and the centralization that they have accomplished, while both comprehensive and convenient, is convenient for hackers, too.
The sophistication of the attackers seems to keep pace with all efforts to protect against them. The entire incident has pointed to a tremendous vulnerability as well as cowardice (at least so far) on our part.
Very very worrisome. Very.
[NOTE: This piece by, of all people, George Clooney, makes some very good points.]
The hackers are, usually, invoking backdoors that the NSA-GCHQ have folded into the various BIOS chips in the computer industry.
The savant-idiots at NSA figured that no-one else would ever discover them.
The reality is that they can be reverse engineered by any serious player.
Which is why various ‘errors’ keep popping up early in the design life of every operating system out there.
EVERY computer built has a unique identifier burned into its critical chip.
MSFT OS use NSA certified encryption methods to scramble the file tables for every operating system at least as far back as XP. (This goal was at the heart of the NTFS which replaced FAT32. Any OS can read FAT32, as it’s not encrypted. The encryption engine blows up whenever any significant change occurs to your computer. This ‘bricks’ the hard disk drive. It’s entirely up to MSFT to decide what constitutes too much system change. It’s not mentioned in any of their documentation.)
The problem for MSFT is that, with enough systems on the market, any serious player can reverse engineer their scheme.
It just takes a digital electronics lab to do so. This is beyond the means of ordinary citizens — but not nation states.
%%%%
So the ‘holes’ were, and are, engineered in. And they’re a LOT of them.
When these become public, the firm involved is always ‘shocked.’
Adobe Flash is VERY likely the source of the Sony debacle.
Suddenly, Adobe Flash code is shut down across the Internet. A new ‘update’ is suddenly required.
As you might imagine, Adobe Flash is going to be on EVERY computer in Hollywood. Its backdoor was the size of the Grand Canyon.
Adobe Flash, obviously, had direct access to the BIOS logic. This REQUIRED MSFT and NSA-GCHQ approvals.
Without such approvals, MSFT operating systems BLOCK direct access to the BIOS chip.
Shielding the BIOS chip (logic) has been THE major goal of MSFT going back decades. The first stage began with Win95. It has taken generations of BIOS chips for MSFT to gain total control of the BIOS — for code running on their operating systems.
&&&&
If you think this debacle is bad… be aware that our power grid has been digitized — with no encryption to speak of. (!)
A smart phone + an app will permit you to drive by home after home — turning of their power right at the meter.
This flaw can only be corrected by swapping out the digital meters — installed across the entire nation.
The brains involved never considered that some hackers would delight in messing with their system.
Addendum:
MSFT Vista — with DRM — Digital Rights Management — Hollywood ghost code — checks the system configuration every 30 microseconds.(!)
It semi-bricks the system by deliberately locking it up — and forcing a re-boot.
Hence, Vista systems got the reputation for ‘buggy code’ — when it was locking up per specification.
Once the word got out, Vista sales died.
At this time Vista has been largely ghosted from Windows history. Its shelf experience was THAT short.
Windows 7 is northing more than Vista without DRM — and a few tweaks.
Anyhow, what North Korea knows is what Beijing knows.
Think about that.
This is not the first such attack this year. The Sands casino suffered a very serious hack after Adelson talked about bombing Iran. The culprit is thought to be the Iranian government.
http://www.bloomberg.com/news/2014-12-11/nuke-remark-stirred-hack-on-sands-casinos-that-foreshadowed-sony.html
Maybe they should get one of these before they leave the office at night.
http://www.urbanremainschicago.com/media/catalog/product/cache/1/small_image/295×295/9df78eab33525d08d6e5fb8d27136e95/2/0/20110706-018m.jpg
Another attack by a foreign power or enemy against us and our interests, and another totally unbelievable vow of retaliation by Obama & Co.
We have never had so awful a President, weak, and yet very dangerous–usually to our dwindling number of Allies and to the U.S., our Constitution, our Freedom, and to our citizens, not to our enemies.
A weak, tough talking President who is a friend to division and chaos in the streets, and who cultivates and rewards our enemies.
The Harding administration now has a rival for incompetence and criminality.
Thanks to our liberal citizens — and tort lawyers — terrorism works.
When we’re hit again, we’re in for a world of hurt beyond the attack itself. Next time, this country will roll up into a little ball and cry for its Binky and blanky. Or worse, we’ll have our own idiots pushing the #iridewithyou nonsense. If Barky is still president, he’ll hold a candlelight vigil for the terrorists, because we mustn’t prejudge and because we have somehow wronged them.
“JPMorgan Chase, other U.S. banks hit by cyberattacks”
“Report: ‘Sustained Cyberattack’ Crippled White House for Two Weeks”
“China, ‘one or two’ other countries can mount cyberattack shutting down US power grid: NSA director”
There’s another related threat that is looming ever closer to reality;
“DHS: 100 Million Americans Could Lose Power in Major Sun Storm”
A solar storm or more accurately, a “coronal mass ejection” is a natural phenomena. They vary in intensity and the last three strong ones occurred just four years ago (missed the earth) and in 1921 and 1859.
The effect of a natural CME event can be duplicated artificially and is known as an EMP attack.
“The Growing Threat From an EMP Attack” By R. James Woolsey And Peter Vincent Pry Aug. 12, 2014
A nuclear device detonated above the U.S. could kill millions, and we’ve done almost nothing to prepare.
Both Iran and N Korea are rumored to be working on ‘superEMP nukes’.
“U.S. Intel: Iran Plans Nuclear Strike on U.S.”
America is highly vulnerable to attack.
another portent:
TALIBAN LEADER JUST RELEASED BY OBAMA INVOLVED IN THE PAKISTANI SCHOOL MASSACRE
According to Reuters, only eight days before the Taliban faction known as Tehreek-e-Taliban Pakistan (TTP) brutally massacred over 130 school children in Peshawar Pakistan on Tuesday, Obama released the terror group’s second in command, Latif Mehsud.
Perhaps the attack on Sony was itself a retaliation. We would probably not have heard of a specific action against the suggested actors in the Sony attack; the NORKS, China, Russia, and Iran.
I do not trust gub’mint to act in a rational manner generally. And I especially don’t trust gub’mint as defined by Obama 2.0.
GB…
Forget all of that industry generated hysteria.
(BTW, low power nukes are known to NOT work.)
The REAL problem is that the digital power grid is ALREADY wide open to hackers.
The ‘system’ is just as vulnerable as SONY. (Actually, more so.)
Why on Earth would anyone launch an undeniable attack via a missile when even MORE trauma can be inflicted DENIABLY!
The Soviets and Americans investigated EMP DECADES AGO. That mode of attack was tossed aside.
The REAL threat is digital hacking.
And it’s here, right now.
BTW, Barry’s Smart Grid fantasy would make the system even MORE vulnerable to hacking.
This was best illustrated by “Live Free or Die Hard.”
The villain (Thomas Gabriel) was only effective because the big brains decided to centralize all control.
In another light, this is seen in Barry Soetoro, himself. He has too much (economically, socially) destructive power. He gets it because we’ve routed too much authority through the oval office.
It now exists as a single point of failure node.
Of which we are all too aware of at this time.
So Boner and McConnell buttress his authority with a spigot.(!)
And wasn’t the White House having electricity problem at the beginning of the week? No idea if NK really did the Sony hack, but I doubt we’re prepared or protected for a cyber attack on our infrastructure.
And Obama has just demonstrated that he is not prepared to deal with blackmail from a foreign nation.
Good Clooney interview, but he’s wrong that this snuck up on us. Every newspaper that refused to publish drawings of a 7th century terrorist is to blame for this. The guy who looks like a genius is the one who identified the militant Muslim states and North Korea as belonging to the same axis, and called them evil.
Here is my question:
Given that American citizens have had their tax returns processed by Indians in India for over 10 years now, when will it all be compromised to such a degree that we suffer all of our IRS personal information spread throughout, Russia, China, N. Korea, etc.?
Hollywood could not make this stuff up:
A direct attack on America’s liberty (and 1st Amendment) by a foreign government and who comes out with the strongest rebuke?
Barack Obama? No.
George Clooney.
It’s difficult to withhold laughter…
Reference to India and processing American IRS tax returns:
http://www.cbsnews.com/news/out-of-india-23-12-2003/
_______________________________________
Just this year, Americans being targeted by very savvy criminals acting as IRS “officials”:
http://www.consumer.ftc.gov/blog/fake-irs-collectors-are-calling
_______________________________________
Proof that individuals with Indian accents are targeting Americans with IRS oriented scams:
http://800notes.com/Phone.aspx/1-530-238-5813/6
https://www.callercenter.com/585-697-3487.html
http://www.theridgefieldpress.com/36203/irs-scam-targets-spot-the-ruse/
http://800notes.com/Phone.aspx/1-646-757-1653
http://ymax.pissedconsumer.com/call-from-202-241-5003-claiming-to-be-irs-audit-attorneys-20140701505306.html
Heck of a post on Ace of Spades, that we’re used to giving in to blackmail as a society.
I’m seeing a somewhat bright side in all this. Which is that maybe now more people will start taking the threat posed by North Korea seriously, instead of seeing it as just an odd place run by a plump, boyish-looking dictator with a silly hairdo.
Is it a surprise that Hollywood rolled over? They act to pretend they are edgy and dangerous. But they don’t actually fight people who might actually hurt them or their business. They are like the French: crocodile mouths and butterfly butts.
blert,
I’m aware of the arguments you express. I find those arguments less than persuasive and suspiciously dismissive.
The experiments you cite by the US and Russians took place not decades ago but back in the 60s, when our electronics were far less vulnerable to an EMP attack. In addition, an attack by either upon the other would have resulted in ‘hard’ retaliation, since back then there would have been no doubt as to the origin of the attack and the whole point of an EMP attack would then be moot.
Today things are very different and, a missile(s) with a powerful emp profile could easily be launched from a commercial container ship off our coasts. The Russians have been selling them for years and the Iranians have successfully experimented with them. There’s no way to stop it since it detonates at only an apogee of 150-300 miles. No way to trace it back to the perps, especially if they blow up the ship because there’s then no evidence linking back to the perpetrator. And if a non-state terrorist group takes responsibility, where do you retaliate against?
The digital hacking threat is indeed serious but in and of itself, much faster to recover from (computers and software) than a properly configured EMP attack. What makes the EMP so dangerous is the destruction it would do to the thousands of large high-voltage transformers that are critical to our grid. It is their destruction that would create the long recovery period. We have few replacements and estimates are that it could take a decade of more to restore the grid. That is time we would not have, not when our entire civilizational infrastructure rests upon the nation’s electrical grid.
Obviously, a substantial CME event, a properly configured EMP attack or a comprehensive digital hacking attack are all very serious threats, whose potential damage is so astronomical as to demand preventative measures. Most of our leadership is simply hoping it doesn’t happen and criminally negligent to their responsibilities.
Just a public example of what has been happening for years. Why do you think politicians go so heavily against who elected them, and how do they keep getting re-elected. Save the notion of a “party” change, show me what they even intend to do differently?
Actually, I am betting this was an partially inside job, and has nothing to do with some stupid movie. And, by the way, NorK? Really? This is the new hacker capital? How many places there even have reliable electricity, and an external link to the internet? Of course, even a thousand places like that, if that many existed, aren’t clogged with spyware? Please. I may have better actually security on my computer.
Who is on which side, what they are doing, and why… Yeah, no. We probably will never know. It isn’t just tech. Ask Putin. It isn’t just economic. It has been kept from going hot, mostly. Dead bankers, but few soldiers. Even Russia has decided that WW III isn’t quite what he had intended. The old boy is much simpler than he thought. Russia will burn for it, or fold. Already seems he gave Ukraine back some or all land. Hmm…
Just look to God and duck. It’s going to hurt. Not much to be done about it, at this point.
Doom,
You may well be right about the credibility of the NKoreans as the new hackers ‘extraordinaire’.
“Sony hack: China may have helped North Korea, US states”
“US official states that North Korea responsible for hacking of Sony over The Interview film — and that Kim Jong-un’s regime may have had Chinese help”
Not only do we know that the Chinese have the expertise but that N Korea doesn’t internationally, do much without China’s approval.
I am of the opinion that 14 year old computer geeks in Bulgaria (for example) can crash the global financial system. They are just waiting for the right time to release the black swan.
It’s hard to know what we could do to hurt North Korea. They can’t feed their people, they barely have electricity, and they don’t have an economy to be wrecked or disrupted.
Mr. Frank:
If we could unblock the computer access of the North Korean people and allow them to get information about the world that would be the truth, that might do it.
Pingback:breaking news
GB…
The Stuxnet digital attack showed everyone that real world massive physical damage can be triggered by a hack.
Getting the virus out of such complex, interlinked, nets is brutally difficult.
The virus just repropagates like it’s small pox. (!)
It’s not at ALL like re-booting ordinary computers.
Iran found that they ended up throwing entire systems away. They COULDN’T get the virus out!
****
The number one voice screaming about EMP: the NEMA crowd. (National Electrical Manufacturers Association)
They are using the clamor as a sales engine. Without it, many of their most important product lines would have no market — at all.
Flat electrical demand = no-one needs more heavy transformers… or synchronous capacitors… or etc.
It’s been half a century. No matter how severe the EMP blast, modern high voltage transmission lines are now equipped to trip and clear the fault — automatically — faster than you can blink your eyes.
It’s in the very nature of the ‘infinite bus’ that it can only take so much instability — before circuit protection devices ‘trip.’
This is exactly why all of Italy lost power one night. She had, de facto, received the electrical equivalent of an EMP attack on her critical power link to France — in the middle of the night.
This triggered a cascade of ‘trips.’
NO EQUIPMENT WAS DAMAGED.
It did take a full week for Italy to re-boot its power grid/ infinite bus. The dinky communities out in the sticks were slow to come back. The main loads in the Po river valley were brought back up first. (The Italian grid works from north to south — the original orientation of its development. {Alpine hydro-dams})
As for micro-electronics: the laws of physics dictate that small devices are the LEAST influenced by EMP bursts.
This is compounded by the absolute (FCC) requirement to shield all computer circuits (the guts) with a Faraday cage — ie a metal shield.
This requirement is a MUST because these circuits emit PLENTY of radio frequency noise that would jam receivers all over town.
You’ll find an FCC stamp on all such devices. It looks like a big F next to a big C with a small c nested inside the big C. Any such device will prove to be immune to EMP.
And for exactly the same reasons, the electronics in your car have to have a Faraday cage shield.
There was a time when this was unnecessary. The old systems simply didn’t generate radio frequency noise. Now, with tiny micro electronics — they all do.
This has reached its natural extreme with MacBook Pros. They are now machined out of a solid brick of aluminum!
Half a century ago the world was FUSED. Today circuit breakers are in almost universal use. So the worst that happens is that you have to re-set your Mains breaker. You might even pop a few branch circuits.
This means that EMP is LESS troublesome than Stuxnet, which is a complete nightmare.
Stuxnet is a digital disease. Once unleashed, it’s a nightmare to purge from computer nets. For it just keeps popping back up like Medusa’s heads!
Within the electric power community, all of the engineers are freaking out about digital assaults — NOT EMP. They’ve addressed EMP, considering it a threat for a generation.
PANIC is the only word to describe what’s going on within the power industry.
Digital meter sockets have NO ENCRYPTION. These gadgets were launched with an eye towards holding costs down… by digital naifs. No doubt, they thought that complicating the (signal transmission) scheme might make the meters ‘buggy’ and kill adoption.
As I write, the industry is in full (digital) panic mode. It’s so bad that the truth is suppressed from the general public.
&&&
Lastly, since 911, the US has tasked its overhead assets towards the discovery and mapping of all commercial shipping in all nearby oceans, anything within 13,000 miles of any American coast.
Ghost shots are no longer possible.
“What makes the EMP so dangerous is the destruction it would do to the thousands of large high-voltage transformers that are critical to our grid. It is their destruction that would create the long recovery period. ”
I’ve long felt we should be building replacement transformers sufficient to restore the grid in such an event. Better money spent there than on illegal EBTs.
As a Country, a Society, a Civilization, we are profoundly unserious.
Prep.
“This means that EMP is LESS troublesome than Stuxnet, which is a complete nightmare. ”
Blert, thanks for the schooling.
Still a the mercy of silly bean counters and short sighted fools. This makes y2k look like a picnic.
As a retired vet I’ve been gnashing my teeth at the slashing of the military since Cheny worked for Clinton collecting the “Cold War Dividend,” and I never understood the advertisement of our capacity to fight two large wars, then one and a half wars and so on, we were telling the world that it merely needed a small cabal of bad actors to paralyze us. We now have a nearly fully gutted and increasingly pansified military whilst the bad actors have proliferated and matured, with vulnerabilities growing exponentially. Without the ability, and the certitude that such ability would be mercilessly employed, to destroy our enemies, we are begging for a multi-actor attack that would over-whelm us. I am less than happy with our leaders.
The Shield Act has been introduced by Trent Franks from Arizona to get the process of protecting the grid started. According to an article from here:
http://acdemocracy.org/emp-congress-the-shield-act-exclusive/
“The good news is that the EMP Commission provided a cost-effective plan, endorsed by all subsequent U.S. government studies, that could within a few years protect U.S. critical infrastructures from the worst effects of EMP. Indeed, protecting the 300 most important high-energy transformers that are indispensable to the national power grid is estimated to cost $100-200 million—about one dollar for every American life that would be saved. This alone is probably not sufficient protection, but it is the absolute minimum necessary to create the possibility of saving millions of American lives.
The SHIELD Act, introduced by Congressman Trent Franks (R-AZ) and co-sponsored by Congresswoman Yvette Clarke (D-NY), would implement one of the most important recommendations of the EMP Commission. SHIELD would empower the U.S. Federal Energy Regulatory Commission to require the electric power industry to protect the national grid from EMP. SHIELD would require industry to protect the grid by selective “hardening” of vital components by using surge arrestors, blocking devices, faraday cages and other proven technologies that the Department of Defense has known for fifty years can reliably protect military systems from EMP.
There is no excuse to risk millions of American lives by failing to protect the grid. The Congressional EMP Commission estimated robust EMP protection of the national electric grid can be accomplished by a one-time investment of $2 billion dollars—which is what the U.S. gives to Pakistan every year in foreign aid. The U.S. Federal Energy Regulatory Commission estimates that protecting the national grid could be accomplished at a cost to the average rate payer of merely 20 cents annually.”
blert may be right about hacking being a more immediate threat, but some pretty reliable men, Frank Gaffney in particular, have been talking about the danger from EMP. My knowledge of the electronics is not enough to know how big a threat it is. You can read what Frank Gaffney has to say here:
http://www.nationalreview.com/articles/285601/real-emp-threat-frank-j-gaffney-jr
Isn’t it interesting that Dianne Feinstein is now saying that we have had no program against cyber attacks for 6 years. Doesn’t that coincide with a certain Messiah’s time in office?
EMP weapons rely on creating a strong enough EM field that electricity can be indirectly inducted through metal and conductive circuits to the point where it fries itself.
It’s basically like jacking in a few batteries at various points on a circuit and running current through them, until the voltage and current fries the circuit that was never designed to pass that much current through.
The fundamental problem was whether the solar system and the planet’s magnetic spheres of influence would allow such a thing to happen. Running current with magnetic poles create EM fields. Electro + magnetic. Nobody has dealt with the experimental problems of the magnetic poles of something the size of the Earth, however.
Theoretically it might cause easy EMP field induction amongst circuits down on Earth… but then again, scientists recently are more arrogant than intelligent about what they actually know on this planet.