Hacking the planet
Global cyberattacks explained in engaging, user-friendly account
Advertisement
Read this article for free:
or
Already have an account? Log in here »
To continue reading, please subscribe:
Monthly Digital Subscription
$1 per week for 24 weeks*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*Billed as $4.00 plus GST every four weeks. After 24 weeks, price increases to the regular rate of $19.00 plus GST every four weeks. Offer available to new and qualified returning subscribers only. Cancel any time.
Monthly Digital Subscription
$4.75/week*
- Enjoy unlimited reading on winnipegfreepress.com
- Read the E-Edition, our digital replica newspaper
- Access News Break, our award-winning app
- Play interactive puzzles
*Billed as $19 plus GST every four weeks. Cancel any time.
To continue reading, please subscribe:
Add Winnipeg Free Press access to your Brandon Sun subscription for only
$1 for the first 4 weeks*
*$1 will be added to your next bill. After your 4 weeks access is complete your rate will increase by $0.00 a X percent off the regular rate.
Read unlimited articles for free today:
or
Already have an account? Log in here »
Hey there, time traveller!
This article was published 08/05/2021 (1606 days ago), so information in it may no longer be current.
Nicole Perlroth is an award-winning cyber-security journalist for the New York Times. Her mission is to explain to the general public the existential dangers arising from the highly secretive cyberwar being waged not only by those stereotypical outlaw geniuses in basements, but also by powerful nation states.
Employing a user-friendly style that sometimes leaves grammar floundering in its wake, she takes a highly technical subject and turns it into a thriller that will give very bad dreams to what she refers to as “the lay audience.”
A computer program is created by writing millions of lines of code; Microsoft Windows, for example, has about 50 million lines of code. Whichever tech company gets a new program into the market first usually makes the most profit. In their haste, programmers inadvertently write bugs into their codes.
After the program is released, many of these bugs become apparent and the company patches them via security updates. But some are overlooked and individual hackers and governments are constantly on the lookout for them. Finding a bug that the tech company is unaware of allows the hacker to remotely break into, and control, that program — whether it is running a home computer, a health-care system, a power grid or a nuclear plant.
Because it does not know about it, the tech company has no time to patch the flaw — hence it is called a zero-day bug. A hacker who discovers a zero-day bug can sometimes sell it for millions of dollars on the black market. The buyers may be criminals, terrorists or governments.
In one way or another, this has been going on for decades. However, in 2010, it reached a new level when the United States and Israel unleashed what Perlroth calls “the world’s first digital cyberweapon of mass destruction.” They created a worm (later known as Stuxnet) that used a Microsoft zero-day vulnerability to sabotage Iran’s nuclear centrifuges and delay its nuclear weapons program.
Somehow, Stuxnet “escaped” from the Iranian computers and began showing up in computers all over the world. While it was programmed specifically to only destroy Iran’s centrifuges, there was nothing in its code to prevent others from tailoring it to attack the staggering number of Microsoft programs controlling the world’s infrastructure, banks and factories.
Like a spaghetti western, cyberwarfare now pits America, Russia, China, North Korea and any other countries and gangsters with enough money to buy zero-day vulnerabilities against each other.
If they knew about them, the tech companies could possibly fix these flaws, but none of the agencies secretly hoarding them want to risk giving up their own terrifying weapons. Like the Cold War doctrine of mutually assured destruction, they hope to deter the most destructive attacks by the fear of greater retaliation.
Unfortunately, unlike the Cold War, these weapons of mass destruction are available not to only a few nations, but to most countries and countless hackers.
Since 2010, more than 200,000 organizations in more than 150 countries — including America’s National Security Agency, Britain’s National Health Service, Germany’s railways, Ukraine’s power grid and even Sony Pictures — have been attacked. Hackers have interfered with Britain’s Brexit referendum and America’s presidential elections.
Perlroth’s book is a real page-turner, with a cast of fascinating heroes and villains, real-life cliff-hangers and plenty of suggestions as to how an informed public might help prevent disaster.
As early as 1967, a Pentagon report on computer security concluded: “Contemporary technology cannot provide a secure system in an open environment.” Nevertheless, 50 years later, we continue to plug more and more private residences, air traffic controls, banks, hospitals, electricity grids, hydro dams, cars and pipelines into the internet, heedless of its perilous vulnerability.
Readers will really appreciate Perlroth’s cry of alarm when it’s -30 C in Winnipeg and the lights go out.
John K. Collins’s survival plan is an old-school desk under which he can duck and cover. He hopes it’s not obsolete.