Being a detective means investigating and solving crimes. President Trump said about Russia’s cyber meddling in our voting process, “No one can really know who’s doing it.”
It’s not unusual for someone not familiar with the computer industry to make such a statement. Chances are most adults would come to that conclusion, but they would be wrong. Cyber detectives within government security agencies have the tools to know whose meddling.
A cyber-crime detective is no different than a burglary-crime detective; they consider motive, clues and evidence. The low-level, email-based cyber criminal tries to conceal themselves in the “From” line of an email. Those types are relatively easy to detect by looking at the hidden, detailed, return address information.
However, when dealing with sophisticated cyber criminals, especially when they’re part of an elite group run by a foreign government, it requires the talents of cyber detectives.
It’s important to understand that computer code is just another language. How code is written is not that dissimilar from writing a letter. Each person has their own style: their use of certain words, where they’re placed in phrases; their use of punctuation; and their choice of verbs and pronouns. It’s their fingerprint.
Further, people in different countries have distinct ways of expressing the same idea. In the United States, we say “Mom”; in the United Kingdom, it’s “Mum.” It’s tough to conceal who you are or where you’re from no matter how hard one tries; it’s part of their psychological makeup.
It’s unfortunate some people in our government cannot grasp this concept or just don’t want to. As such, multifaceted, complex attacks by a foreign government will go completely over or blocked from entering their head, and that’s dangerous to our country.
Our society is run by computers and communication systems and, of course, requires power. An attack aimed at our power-generation infrastructure can be catastrophic. The Wall Street Journal reported that a federal analysis indicated that a coordinated terrorist strike on just nine key electric transmission substations could cause cascading power outages across the country in each of the nation’s three synchronized power networks. A loss would not only affect personal power use but also money, health and food supply, to mention just a few.
To acquire additional information, I interviewed a security expert working at a major power generating system in the United States. I asked, “How often has your plant been probed by cyber-attackers, have they been able to infiltrate your facility and who are the perpetrators?”
He indicated that cyber non-web attacks occurred on average 17,000 times a day, representing 50 percent of all attacks. Add to that, 6,300, or 17 percent, blocked email web attacks, with the remaining 33 percent being crimeware and insider or third-party misuse. That’s a total of 34,000 attacks per day that a power system must deflect.
Surprisingly, most attacks are not through the internet, since that path is reasonably well protected. Internet hackers must bypass multiple layers of firewalls, a difficult job. However, a remote substation working through a supervisory system not connected through the internet may have less physical or software security, and is often an entry point.
Whatever are the attacker’s intent, obviously, it was not to say hello, but rather to damage the network, to see if they could get in later or put in a “Trojan Horse” for future activation? Since this interview was performed with a power plant selected at random, it can be assumed this probing was not an isolated case and was going on at numerous plants.
Hackers used several different techniques to compromise plant computers, including fake email personnel resumes that contained malicious code. Fortunately, administrative/corporate computer systems are kept separate from operational ones.
On the more positive side, hacking in the United States is a more complex feat than in countries where their grid system is homogenous. Our power systems are diverse; no two substations are the same, and no two companies run their infrastructure the same. In countries where systems are “state run,” if a hacker finds a mistake in one place, they can probably find the same mistake somewhere else.
According to Marcus Sachs, CSO with the North American Electric Reliability Corporation, squirrels, birds and snakes may be a bigger threat to local power grids than cyber adversaries.
So watch out, the little ones may inadvertently sacrifice themselves to kill your power!