Uh-oh Cyber-News: Infected Nuclear Reactors, Cyber-Bank Robbers, and Cyber-Dam-Busters.

Just a quick read of the news these days and you can find yourself wanting to reach for… a Geiger counter. I mean, some of the news stories are just so alarming of late. Or am I overreacting? Let’s see…

Uh-oh News Item No. 1: Apocalypse Averted – for Now. 

Photo courtesy of Wikipedia

It was reported that the IT system of Unit B of the Gundremmingen Nuclear Power Plant in Swabia, Bavaria, southwestern Germany – right on the 30-year anniversary to-the-day of the Chernobyl disaster (!) – had been infected by some malware. However, it was also reported that there’s no reason to worry at all as no danger’s being posed whatsoever. All’s ok; we can all sleep soundly; everything’s under control; the danger level couldn’t be lower.

After sighing a ‘pheewwwww’ and mopping one’s brow, you read further…

… And as you do, you get a few more details of the incident. And it does indeed seem all is ok: the background radiation level, after all, didn’t go up – that’s the main thing, surely. Right? But then you read further still…

And you find out that the (Internet-isolated) system that was infected happens to be the one that controls the movement of nuclear fuel rods. It’s here you stop, rub the eyes, and read that again slowly…

WHAAAAT?

So, let me get this straight: this malware was able to saunter past a heavily guarded and protected perimeter, and get deep inside the object that perimeter was supposed to protect – either the reactor itself, or another object very near it. Yes, it turns out that is what happened, the news agency calmly reports, adding that the malware was found on 18 removable data drives, mostly USB sticks.

This is getting seriously scary. I need to calm my nerves. I go get some chamomile tea. Valerian might be better, maybe with a drop of something stronger in it too. No. I read on…

Apparently two malware samples were discovered – Win32.Ramnit (in our classification – Win32.Nimnul), first detected in 2010; and the rather sophisticated worm (for its time) Kido (our classification) / Conficker, first identified in 2008.

I agree that it’s most unlikely that these bad boys will cause any damage to an industrial facility without an Internet connection. So this time it looks like this was a false alarm. German nuclear power engineers, Swabians, Bavarians, Germans, Europeans… can count themselves very lucky that it was these so-so viruses that got through the barricades this time. But what would have happened, say, if it had been something a lot more… tenacious getting into the power plant’s networks, or – dare I say it – something targeted?

And here’s another question: what kind of security software permitted basic – primary school level – malware onto 18 memory sticks? Wait. A freeware program? Wait. None?

And another thing: this wasn’t some Internet café (remember them?) in some backwater in a developing country. It was a NUCLEAR REACTOR in the heart of Europe. HOW WAS THIS ALLOWED TO HAPPEN?

Uh-oh News Item No. 2: Bankladesh Break-in

Here’s a rather astonishing bit of news about some hacker-robbers pulling off a bank heist. And I don’t mean some high street branch in a suburb à la Dog Day Afternoon. No, they went for the central bank of Bangladesh!

Bangladesh Bank didn’t transfer the whole $900 million to the hackers. Just $81 million. Photo from here.

First, rewind: about banks. I often get asked how cybercrime will develop: where it will feature big in the future. I’ve always answered that cybercriminals will target banks, as that’s where the money is – lots of it. It’s already happening. And it’s only going to increase. But I have to admit I’ve always made one omission: I never imagined they’d start robbing central banks. That’s all changed now…

More rewinding: Die Hard 4, despite its inconsistencies, goofs and artistic license gone haywire, was the first film, as far as I’m aware, to portray the threat of cyber-terrorism targeting an industrial installation. Before it, in Die Hard 3, we saw the Federal Reserve Bank of New York having billions stolen from it. Today we’re seeing a central bank getting robbed not on the silver screen but for real. I wonder, have they a fortune teller or something at 20^th Century Fox? If so, er, maybe fire him or her? :)

Back to Bankladesh and its central bang… One thing it’s taught us, besides a lesson in audacity, is that it’s worth having a reasonable grasp of the English language, even if your chosen profession is… central-bank robber. Another thing it’s taught us: attention to detail is a quality that should never be undervalued – even especially if your chosen profession is central-bank robber. You’ll see why in a bit…

So, some hackers broke into the central bank’s system, and issued 35 transfer orders for a total of 951 million dollars. Quite a sum to a band of robbers, but nothing too big or out-of-the-ordinary for a central bank. Anyway, only four transfer orders went through – for a total of 81 million dollars. The fifth – to be transferred to a certain foundation in Sri Lanka – was blocked. Thing is, the hackers’ English was poor (and they, for some reason, didn’t use a spell-checker). Instead of ‘foundation’ typed into the order, they typed ‘fandation’. They might as well have written fandango – it’d have been no less inconspicuous :).

So they didn’t manage to get their 951 million dollars. Still, they’re now 81 million dollars richer – that should cover a good English teacher I think. I’d much prefer to see them learning the language in a prison. But so far no one’s been arrested, and the investigation is ongoing.

Uh-oh News Item No. 3: Cyber-Spy-Novel-Worthy.

This one’s also about hackers and critical infrastructure, in this case – hydraulic engineering works. It’s quite modest in scale after the central bank heist, but still…

Photo from here 

There’ve been various media reports about some Iranian hackers who broke into a small dam’s computer system in New York State.

In March of this year, the US government accused seven Iranians of conducting coordinated cyberattacks on dozens of US banks, financial companies and one of its largest telecoms operators. Among the victims of the attacks were titans of Wall Street and multinational monsters with 12-figure market capitalizations in dollars (x * 10¹¹).

The authorities state that from 2011 to 2013 these Iranian citizens conducted practically daily DDoS attacks on American banks, causing multi-million-dollar losses.

They also hacked into a… dam in the village of Rye Brook, some 20 miles north of New York City. Seizing control of it could have meant a lot of flooded homes downstream. And it seems the only thing that stopped this cyberattack was that all the dam’s computer systems happened to be turned off for repairs!

An odd mixture of targets: Wall Street titans + a tiny dam. And more oddly, it seems at first, is that it was the latter attack that was described as a game changer. Though small, the dam represents the potential great dangers of hacks on critical infrastructure. The powers that be are waking up to the fact that the things to be feared most in the world of computers are cyberweapons – malware that attacks critical infrastructure.

Our secure operating system and new industrial protection approach represent at least small steps toward making the world and mankind more protected from the very worst of cyberattacks. But the better we get at protecting, the better the bad guys get at attacking. So we’ve just got to keep getting better at protecting! And a good place to start continue with that is addressing all the badly protected hardware and software – including that used in critical infrastructure.

But for today folks, to finish on an optimistic note, I’ll leave you with a poignant video showing how important cyber-protection of industrial production lines are these days :).