I’ve just finished reading The Edge of Madness by Michael Dobbs.
Chinese hardliners attempt to take over the world by hacking into the government computers of Britain, The USA and Russia and also of several other smaller countries.
They hack into the the puters that control the Thames flood barrier, the one that stores all records of citizens personal health details and also private info on Top Secret Govt. puters.
It’s quite a good read and I just wonder is it possible for another country or indeed even an individual to do this, causing havoc wherever they/he chose to hack into
You can be sure that cyber-war is something for which nations are already preparing, both on the offensive and defensive aspects. This will be an essential part of the wars of the future.
Of course servers owned by government agencies would be most desirable targets but also those of common corporations. Suppose massive attempts are detected to interfere with US servers. What do you do? Cut of all internet communications with the rest of the world? That would be disastrous.
In my view this also points out the reality that the world is becoming a smaller place and a different place. In a few generations war will not be one group of people here fighting a group of people over there. Our enemies will be among us and we will not be fighting for geographical territory but to model the society we want.
Let me just note that a lot of that sort of stuff isn’t even connected to the outside world. If you could get on the premises of the Thames flood barrier, you might be able to link in and take over, but if you’re already there you might as well just leave a bomb and split. It will probably take less time than it would to surgically link in and brute force the password of one of the administrators. A bomb would also be more costly in both time and money to fix.
This will definitely be more of an issue in future, as Sailor says. Certainly, it already exists on a smaller scale with the purpose of stealing information.
Currently, though, different systems are still quite separate and you’d have to hack into each one, usually using very different methods, to take any meaningful control. It’s not like you can hack into the magic Britain computer and type “exit missiles then open Tower Bridge (return)”
I could be wrong here, but I’m not sure the Thames barrier control systems would have any connection to the outside world, anyway. I’d imagine there is someone always there (or on call) to oversee things rather than people working remotely. That would mean you’d need to sneak someone in physically.
In the book, whenever a system is hacked into, like the Thames Barrier, what happens is that the barriers do not rise as they should at high tides/bores.
They stay down and the system is so hacked to not show that, they show as if the barriers have in fact been raised.
The same happens when other systems are hacked, things go wrong but as far as the system is concerned all is OK
Yeah, but the principal is still the same. Hacking is just gaining access to the system. Once inside you could steal information, run a program or “virus” that acts as you describe above, or fool the system into reporting whatever you like. Doesn’t matter what you do when you have control.
The point is that hacking into multiple systems to do these things on a mass-level is not easy as they mainly sit on different types of system, which are not vulnerable to the same hacking techniques. Once you’re into the Greater Manchester Police payroll system, you’re only into the Greater Manchester Police payroll system. If you want to hack into the criminal records system, that is separate, and almost certainly running on a completely different type of system. Then the fire brigage is a different system again, probably not vulnerable in the same ways. I’m simplifying hugely there, but you get what I mean.
Also, most sensitive systems will not even have access to the outside world to provide a path in. Why would you need Internet or remote access to/from the Thames barrier systems? Easiest way to protect it from remote attacks is not not connect it to the outside world.
I’m with **SageRat **here : “Hollywood style” sensational hacks are not happening. Not today, not tomorrow, not ever, because the systems that control our essentials (power stations, traffic lights, missile command, bank transactions etc…) are not linked to the outside world. They’re not hooked to telephone lines. Sometimes, they’re not hooked to anything at all, save for the machinery they control.
The only way one could hack into them would be to either physically access the machines themselves, or to somehow patch into the connecting cables (and I don’t know how anyone could do that without instantly being spotted by the network admin, assuming he’s not asleep at the wheel).
Of course, if you can access the machines physically, a tall guy with a gun to the admin’s head will get things done way faster than Kevin Mitnick…whose exploits have been greatly exaggerated anyway.
Hacking stories, ironically enough, are the exclusive domain of non-computer savvy people.
@**Projammer **: even should the story be true (which I doubt), it has nothing to do with hacking in the popular meaning of the word, which is the acception the OP is using. Nobody gained illegal entry into any network - it’s just spy games and providing the enemy poisoned, sabotagey gifts. Had the microchips in the story been, I dunno, dummy war maps or bogus engineering plans, would anyone have called the CIA spooks “hackers” ?
This isn’t necessarily true. I don’t know if, for example, the Thames barrier systems are hooked up to the internet but other semi critical systems are. Oil Refinery control rooms are, for one example, and I’m sure other similar facilities are as well.
The vast majority of the systems hacked into by the Chinese had chips which had been made by them and which held some kind of “thingy” that could be activated from afar thus causing havoc
Indeed. (Note that I said “a lot of” in my post, not “all.”)
But even though something might be going over the internet, it will likely be using proprietary software on top of TCP/IP. Getting access to it will still entail a very long process of reverse engineering how the whole thing works, which you have to do without being discovered.
Hacking, in real life, will just as likely involve some amount of social engineering.
The process of hacking/cracking isn’t in finding the mathematical secret that allows you to work back from an encrypted packet to its key, it’s in determining the weakest link in the chain and attacking that point. If the technological security in place is well made, it’s often cheaper and faster to knock a guy out and steal his pass card.
Yep, or just call the guy up claiming to be tech support and ask for his password. I’ve seen this done on a pen-test.
Of course, you’d hope people in sensitive facilities would take security more seriously, but if we are dealing with Doctor Who style thingys, all bets are off!!
I’m gonna have to second that… According to Wikipedia Mr. Dobbs was a Speechwriter, a “Deputy Advertising Chairman”, and a columnist. He also wrote several fiction…
Wait… I was going to write several fiction books as well as the books you’re reading… Until I looked up that book and realized its a book of fiction itself.
I had a few other points I was going to make about his lack of scientific background… but doesn’t look like I have to.
Christ… I thought you were reading something like commentary or technical analysis.
Sadly, the Chinese really are trying to hack into British systems, and have been for years. They were the number 1 electronic threat during my time at BAE.
I was specifically looking for a cite that says “Here’s that phone home chip! You know, the one where it sleeps until china lowjacks it and steals all your porn!” with it all pulled apart and unarmed.
I have no doubt that China is a threat in the potential cyberwar, I just thought this phone home chip was for real (cited by the author of the opening post of this Great Debate thread meant, I assumed, we were talking about debating the potential hazards of a non-fictional cyberweapon).
Not sure how much press this got (because my life was a whirlwind of activity at the time), but during the week before Thanksgiving this year, every IT person who worked with computers that handled classified data had to work 'round-the-clock to verify that the systems were “safe.”
There was some unsafe computing going on regarding thumb drives that arrived fresh from the manufacturer complete with viruses (or perhaps only one virus).
(A separate issue) I haven’t seen explicit mention of routers with backdoors in their firmware, but there were a bunch of counterfeit routers discovered in areas where classified information was processed. It scared people (a lot), because there were no procedures in place to verify firmware of “new” hardware.
The terrifying thing that I think is much more plausible: my 401K is going to have to provide me with about 2/3 of my retirement income, and it’s accessible to anyone on the internet who can log on with my username and password. I must rely on the safe computing habits of one financial services company, and this year, I (and the rest of the world) learned that people of character and intelligence are not in positions of power in many of these companies. As usual, we’re only as safe as the weakest link.