HACKING, SPOOFING AND CYBER-WARFARE
Cybercrime is on the way up, and it is becoming easier and easier for criminals to steal people’s data or alter it. Toolkits to create viruses, spyware, and other forms of malware which alter data are now readily available to anyone yearning to Hornswoggle and do damage. As a result, the integrity of the world’s information is under attack.
A slew of criminals, hackers, terrorists and governments are getting inside our data systems, and thieving our information or surreptitiously modifying or manipulating the underlying information without our knowledge. If you ponder a tad, you will realise that criminals hacking into our systems and swindling our data are much less dangerous when compared to hackers modifying our information without our knowledge.
For instance, in the 1995 American cyber-mystery thriller film “ The Net” directed by Irwin Winkler, in the opening scene, the US Under Secretary of Defense Mr Michael Bergstrom,is apprised by the doctor based on the information on the computer screen, that he has tested positive for AIDS virus. The shock and shame of the test is so huge that it drives the official to commit suicide .
It later turns out that the official was never HIV positive, but the hackers decided to alter his medical test result, due to the wrath incurred by him on account of his relentless pursuit of cyberterrorists.
Screens have become ubiquitous in our lives. We encounter them in our offices, homes, banks, hospitals and myriad other places. We tend to place immense trust on the screens without realising that they can be dumb and stupid.
Screens merely present to us the underlying information in the data systems, which are hackable. In today’s world, all that we see on screens can be faked and easily spoofed.
Those who control the computer codes control the computer screens as well. Which in turn creates overwhelming opportunities for tampering anything and everything that appears on the screens. How would we then know if the screens were lying ?
If a screen in the hospital says a patient is HIV-positive, the hospital will inform likewise to that patient. When a patient with an “O” positive blood group is taken into surgery, and a hacker or an enemy changes it into “A” positive in the system. The patient after the surgery would most likely be dead, due to the wrong blood group administered to him during the operation.
The same would hold if somebody intentionally effaces, the existence of an allergy to penicillin from a patients digital chart, causing a nurse to innocuously administer penicillin injection to a patient allergic to penicillin on doctors prescription. Hence, placing blind trust on the screens can have profound consequences, it can open the door to a whole bunch of new crimes, including novel ways to carry out a murder.
Here is a riveting real-life depiction of how the computer screens at the control room of Iranian Nuclear Facility in Natanz mislead the scientists grossly about the health of its uranium enrichment centrifuges which were being clandestinely destroyed by a computer worm planted by their foes.
We all know, that on August 6, 1945, the American bomber Enola Gay dropped the world’s first five-ton nuclear bomb over the Japanese city of Hiroshima, much in the same way the world’s first digital weapon or cyber-weapon was created around 2006. It was designed to hit only one particular, target: the Step7 software that controlled the Siemens centrifuges at Iran’s nuclear facility in Natanz, where Iran was working on its secret nuclear weapons program.
The covert and still unacknowledged operation code-named “Operation Olympic Games” came into being under President George Bush gathered rapid speed under President Obama. Bush believed that the strategy was the only way to prevent an Israeli conventional strike on Iranian nuclear facilities. The cyber-weapon used was called “Stuxnet”. It is a highly sophisticated computer worm that was discovered in 2010.
Stuxnet was developed by the American and Israeli governments to wreak havoc and cripple the Iranian nuclear facility. Stuxnet was programmed to make the uranium enrichment centrifuges spin faster than they were supposed to, causing them to get out of control to the point of damaging them.
Inside the secure operations control room at Natanz, thousands of centrifuges were represented on the computer screens by a light, but all of them displayed green, indicating perfect performance and no evidence of failure which would have meant red light. In actuality, the centrifuges were eroding and conking out, but the screens without reflecting reality lied through their teeth.
The malware was so well programmed that none of the staff had any clue as to what was happening. Nobody, even knew that the computer virus was causing the outages and disruptions. The attack was so well-executed that the virus worked undetected for months, and the scientists at the facility didn’t know about it until security companies around the world discovered it and started talking about it.
Over a few years, about 20 percent of Iran’s centrifuges had spun out of control and were destroyed. It was a brilliant, sophisticated attack. Stuxnet was the first malware that could physically destroy something in the physical world. Until now, malware could corrupt computers and data, but Stuxnet opened up the possibility of using hacking to overtake machines.
The legal precedent of attacking another country’s physical infrastructure by way of computer malware was now established.”Stuxnet was considered the first cyber-physical attack following which there have been other similar attacks that have targeted critical infrastructures the world over.
For example, in 2014, the German Government confirmed that the furnaces of a steel mill had been targeted and destroyed by hackers. In December 2015, a malware called “BlackEnergy” shut down 30 electricity sub-stations in Ukraine, plunging parts of the country into darkness during winter. Despite such attacks, there’s too much secrecy around cyber-warfare and no rules of engagement.
In December of 2011, embittered over the Stuxnet episode, Iran probably decided to hit back at the USA. An American Lockheed Martin RQ-170 Sentinel unmanned aerial vehicle (UAV) was captured by Iranian forces near the city of Kashmar in northeastern Iran.
The Iranian government announced that the UAV was brought down by its cyber warfare unit which had commandeered the aircraft and safely landed it after initial reports from Western news sources undisputedly claimed that it had been “shot down”.
The United States government initially denied the claims, but later President Obama acknowledged that the downed aircraft was a US drone and requested that Iran return it. An Iranian engineer later reported how his country had managed to ‘trick’ the US drone into landing in Iran by electronically hacking into its weak navigational spot and ‘spoofing’ its GPS.
The drone was captured by jamming both satellite and land-originated control signals to the UAV, followed up by a GPS spoofing attack that fed the UAV false GPS data to make it land in Iran.
Following this incident, in June 2012, US Homeland department wanting to know if a drone could be hijacked requested the graduate students from the University of Texas to study if a drone could be hijacked as was being claimed by Iranians.
The students, led by Daniel Shepard, built a piece of equipment at the cost of $1000 which could hijack the drones by spoofing GPS data. The students demonstrated the hijacking of a drone by feeding positioning data to their university-owned drone. When the signals from the students matched the messages the drone was receiving from a Global Positioning System satellite, the students were able to substitute their data for the satellite’s, thus taking complete control of the drone and landing it at a place of their choice.
Similarly, the police data systems all over the world are no different when it comes to hacking susceptibility. The police data systems have suffered hacking in different parts of the world such as Australia, the UK, Italy, the USA, Hong Kong etc.
To illustrate cases, a local criminal group in Philadelphia in the USA in 2013, hacked into a database of hundreds of violent crime witnesses. As a result, witness statements given to grand juries in Philadelphia with their full names and details of the crime included surfaced on an Instagram account titled “rats215”.
Following which, there was mass intimidation of witnesses, and one witness whose name got disclosed in the Instagram account got shot as well.
The Instagram account also accessed secret court documents, which were created by secret grand juries investigating violent crime. Similarly, in the same year, the Danish police national drivers registry was also broken into, and the data systems were modified.
A hacking group comprising of teenagers who called themselves “Crackas With Attitude (CWA)”, who had previously hacked into the personal email of the CIA director John Brennan claimed that they had hacked into Law Enforcement Portal of Federal Bureau of Investigation (FBI) through which one could access all the arrest records. Therefore, in the digital world, a hacker can try to steal your data or anyone can be attacked by malware. Without a doubt, the digital world may be a boon, but at the same time, vulnerabilities make it hazardous.
In the final analysis, human beings too are like computers. We have during our life, acquired programs from our parents and environment which have become embedded in our subconscious. If we find the programs we are running are not serving us, we too like the computer hackers, can hack into our subconscious or our souls to modify or substitute the programs which are not serving us, by doing so we can allow the best versions of ourselves to emerge.
Source from: epaper/deccanchronicle/chennai/dt:21.01.2019
Dr.K. Jayanth Murali is an IPS Officer belonging to 1991 batch. He is borne on Tamil Nadu cadre. He lives with his family in Chennai, India. He is currently serving the Government of Tamil Nadu as Additional Director General of Police, DVAC.
