(Survival Manual/1. Disaster/ War, Cyber attack)
(Further reading: Nuclear EMP and Long Term Power Outage
A. An All Out Cyber Attack on U.S. Grid Would Be Devastating; the Trojans, Malware & Trapdoors Already Exist
January 16th, 2011, SHTF, by Mac Slavo
Pasted from: http://www.shtfplan.com/headline-news/cyber-attack-on-us-grid-would-be-devastating-trojans-malware-trapdoors-already-exist_01162011
Computer expert, author and technical trend forecaster James Martin says what many others, including ourselves, have warned about for quite some time. The electric and utilities power grid of the United States is completely unsecured and vulnerable to attack via the internet:
“There is quite a lot of evidence that people have been hacking into the American grid, and probably the grids of other countries to. In the American grid they’ve found quite a large number of Trojan horses and trap doors, they’ve found quite a lot of hidden malware, not coming from the States but coming from somewhere outside the States,” he said.
“If you knocked out all the power in America, it would be devastating. Normally when you get a blackout it comes back very quickly, but there have been some that don’t. If it was a deliberate attack, then the people attacking it would try to do damage that could not be repaired quickly,” he said.
“If they caused the grid to crash it would be much worse than 2008. This is known today, but what I find rather alarming is that although it is known the authorities are not really trying to stop it by making it secure.
“Certainly an outside entity could have a capability today to send many different malware messages into the grid at the same time in such a way that you could take down most of the grid, and may be all of the grid,” he said.
“The grid is full of huge transformers and pumps that are one off, which means that if you knock them out you can’t go and buy them off the shelf. If you picked out the things that could not be bought or not replicated quickly, and there a lot of those, then that would be damage that you couldn’t repair quickly.
“You have a large amount of company-to-company automation and all of that could be put out of operation. If it was put out of operation it could do immense financial damage, enormously
greater than the 2008 crash,” he told The Independent.
Forget about financial damage – that would be the least of our worries if the power grid was attacked in any sort of meaningful way. A complete power grid failure, or one that took out large regions in unison would put a complete stop to commerce across the North American continent. Yes, there would be financial damage, but more importantly, there would be no way to re-supply our just-in-time inventory systems. That means there would be no gas, no food, and no way of getting those things delivered until the grid came back up.
As Mr. Martin points out, a coordinated attack focused on the ‘one-off’ elements of the grid would mean that once that hardware was destroyed there would be no way to replace it quickly. And that means not days or weeks, but potentially months, perhaps even years before things were back to normal.
When Hurricane Ike rampaged the Houston, TX area in 2008 it took down 95% of the metropolitan grid. This author was about 25 miles north-west of Houston at the time and can attest to the
difficulties utility workers had with restoring power. It took over 3 weeks to get power running to the outlying areas of the city – and it would have taken much longer had those repair workers not traveled from as far as Florida to assist Texas. Now, consider if a disaster that took out the grid included not
one, but several regional areas, where no workers would be able to come assist.
At the time of the Houston-area outage the first things to go were water, food and gas. Fights were literally breaking out at local gas stations. Those with home generators found them useless, as there was no fuel to keep them going. Grocery stores did not have reserve power, and those that did had it for maybe 12 hours, at which point all refrigeration came to a halt. City water filtration was non-existent, and “Boil Water” notices were posted all over the city – but there was no electricity available, so only those lucky enough to have fuel reserves for their generators or those with natural gas powered stoves were able to drink clean water. Luckily, this only affected a single major city and surrounding areas,
and within a week water and emergency rations became available.
Consider, for a moment, the ramifications of a full-out extended down-grid scenario affecting multiple regions. It would be much like an EMP attack, though some electronic systems may remain operational. Nonetheless, researchers have estimated that a worst-case EMP scenario could lead to 90% casualty rate over the course of a year. We would hope that a grid-attack could be resolved much quicker than an EMP attack, but there would likely still be mass casualties as food stocks ran low, emergency response personnel stayed home to care for their families and violent crime and looting ran rampant.
[Internet photographs: (left) A nuclear power plant’s control room, TVA. (right) A subterranean power grid control room in Newark, NJ. Imagine the complexity of the things that make our nation what it is, maintaining regional optimized power grids, ‘just-in-time’ retail and grocery delivery/inventories, instant money-credit-financil transaction system, self service electronic gasoline pumps, on-line brokers, cell phone communications, smart thermostats, transportation fleet controls, automated equipment and robotic workers, iPod- Ipad-microchips here- personal electronics there, conditions that a few decades ago would have almost been considered science fiction. We live in a modern society bathed and nourished by the flow of digital information, we all depend on the stable flow of energy and the smooth flow of logical, digital language sequences as the machines talk to one another.]
How susceptible are we?
This is a topic of debate. Most of those people who have the power to harden and secure our grids will take no action until after a wide-scale event were to occur – at which point it would be much too late to do anything.
A close friend works for a large power company in the north-east. It just so happened that we had this very discussion a couple of weeks ago. He is a higher level executive at the company and when I asked how secure his company’s grid was in the event of a solar flare, cyber attack or EMP attack he responded, “Officially, we’re prepared to handle whatever comes our way. Unofficially, it will be a complete and utter disaster and we are simply not equipped to handle a mass failure.”
It is common knowledge that many elements of the U.S. power grid are decades old. We hear about smart meters being installed, but according to the friend at the power company, the smart grid portion is less than 1% of the complete grid. That means 99% of the physical grid is essentially running on equipment that has been around since the 70’s and 80’s. All of that old equipment is plugged into computer systems, and all of the computer systems are plugged into and fully accessible via the internet.
According to James Martin and other computer experts, our systems have likely already been breached and there is a real and serious possibility that Trojans, malware and trapdoors have already compromised our systems. They may very well just be sitting there waiting to be activated, at which point they could launch a massive, coordinated cyber attack on essential parts of our power grid infrastructure.
We’re not just talking about software glitches that can be fixed with a quick reboot. We’re talking about cyber attacks that target the physical hardware.
Hard to believe that a computer program can destroy hardware? Think again.
Consider the Stuxnet worm that was recently used to take down 1/5 (or more?) of Iran’s nuclear facilities. According to the New York Times, the Stuxnet worm utilized advanced programming to remain dormant for a time, and once launched, attacked the physical centrifuges used to enrich uranium. While the worm spun centrifuges to the point they destroyed themselves, a portion of the program responsible for sensors and warnings sent human operators and monitoring systems the green light that everything was running like normal. Iran’s nuclear plants, much like the power grid of the United States, utilized old computer systems that were simply not equipped to handle advanced cyber-attacks that utilized 21st century cyber combat techniques.
There are plenty of enemies of the state who could bring down the US power grid infrastructure – China and Russia to name just a couple. And it’s no secret that the Chinese have been having their way with our networks for quite some time, so it is clearly a real and present danger. The US government regularly runs tests to Simulate Cyber Attacks on US the Internet Infrastructure.
In, 900 Seconds: Cyber Attack Wouldn’t Take Long to Bring Down the USA, [see the article, below] we previously outlined how a cyber attack might play out based on a report from Richard Clark, a one-time counter terrorist specialist with the US government.
In his warning, Mr. Clarke paints a doomsday scenario in which the problems start with the collapse of one of Pentagon’s computer networks.
Soon internet service providers are in meltdown. Reports come in of large refinery fires and explosions in Philadelphia and Houston. Chemical plants malfunction, releasing lethal clouds of chlorine.
Air traffic controllers report several mid-air collisions, while subway trains crash in New York, Washington and Los Angeles. More than 150 cities are suddenly blacked out. Tens of thousands of Americans die in an attack comparable to a nuclear bomb in its devastation.
[Internet photographs: (left) A server farm in San Jose, CA, holding some of the near 500bn GB data used on the internet. (right) Typical computer bank, storage, switching and automation controls for medium size business 50-150 employee. There would be many, many thousands of these in USA.]
Yet it would take no more than 15 minutes and involve not a single terrorist or soldier setting foot in the United States. The threat is real, and if it were to ever occur, it would likely come around the same time as an attack on our financial systems – which, as we saw in the May 2009 “fat finger” controversy that brought the stock market down 1000 points in a matter of minutes, is not so difficult to accomplish.
The biggest concern for the average American should be that there is really no emergency response ready to deal with the possibility of a wide-spread power grid cyber attack. The US government has specifically said, through FEMA, that they will not be able to help everyone in the event of a major emergency (think Hurricane Katrina). That means you need take responsibility for yourself and family now, and Be Prepared to Be Without The System – Make It A Policy. What will you do if there comes a time when there is no electricity, no gas, no clean water and no access to food for several weeks or months?
B. 900 Seconds: Cyber Attack Wouldn’t Take Long to Bring Down the USA
17 Sep 2011, James Martin (Computer expert, author and technical trend forecaster )
Pasted from: http://nieuwsanita.blogspot.com/2011/09/900-seconds-cyber-attack-wouldnt-take.html
“With our increasing dependence on the internet to transmit everything from emails and electronic payment information to air traffic control and transportation logistics, a properly targeted cyber attack could wreck havoc in the United States within minutes, says Richard Clark:
In his warning, Mr Clarke paints a doomsday scenario in which the problems start with the collapse of one of Pentagon’s computer networks.
Soon internet service providers are in meltdown.
Reports come in of large refinery fires and explosions in Philadelphia and Houston.
Chemical plants malfunction, releasing lethal clouds of chlorine.
Air traffic controllers report several mid-air collisions, while subway trains crash in New York, Washington and Los Angeles.
More than 150 cities are suddenly blacked out.
Tens of thousands of Americans die in an attack comparable to a nuclear bomb in its devastation. Yet it would take no more than 15 minutes and involve not a single terrorist or soldier setting foot in the United States.
An enemy of the United States, whether foreign or domestic, wouldn’t need a nuclear bomb. They would simply need to take down the main computer networks. Many internet operations are centralized, especially in the private sector, so taking down something like the national DNS (Domain Name System) databases would put a stop to pretty much any communications used by the general public.
An attack on Defense Department networks would be even more serious, potentially leading to a cascading effect across the entire nation. Utilities, like water systems and electricity, are highly vulnerable, as they are built on very old technologies and are very dependent on each other due to old-style distribution systems. As an example, consider the massive black out that covered the entire north east for several days in 2003 while emergency crews worked to resolve the problems.
Roughly one fifth of our country was out of power not because local power stations were taken down, but, according to the official story, because one or two main plants experienced outages due to natural causes (trees on power lines). There is still no definitive confirmation on what happened here, and for all we know this could have been a cyber attack testing our networks. It’s no secret that hackers in countries like Russia, and especially China, have spent the last decade infiltrating and testing the stability and security of US networks – including the Pentagon and our satellite systems. At the first sign of potential international conflict, the initial wave of attacks will likely occur on the digital battlefield, resulting in downed communication systems, utilities, cable systems, GPS, cell phone networks, hardline networks and transaction processing systems. Another issue, not related directly to defense computer networks, is that the plans for US water utility, electrical utility, and internet networks are readily available on the internet for anyone to download and analyze for vulnerabilities. We’ve essentially given any potential enemies a road map for how to bring down the United States without even firing a shot.”
C. Combined computer attacks could have ‘catastrophic’ global effects
Pasted from: http://www.newkerala.com/news/world/fullnews-125659.html
ANI, London, Jan 17: A new study has found that coordinated computer attacks could have ‘catastrophic’ global effects.
The report by the Organization for Economic Co-operation and Development (OECD) said that multiple cyber attacks could “become a full-scale global shock” on a par with a pandemic and the collapse of the world financial system.
“What should concern policy-makers are combinations of events: two different cyber-events occurring at the same time, or a cyber-event taking place during some other form of disaster or attack,” the Scotsman quoted the report as saying.
One such example the report cited was “a very large-scale solar flare (bursts of energy from the sun), which physically destroys key communications components such as satellites, cellular base stations and switches.”
Another could involve “a hitherto unknown fundamental flaw” in the technical building blocks of the Internet “over which agreement for remedy could not be quickly reached”, it added.
According to the report’s co-author Professor Peter Sommer, of the London School of Economics, lurid language and poor analysis were blocking government planning for cyber protection.
D. Cyber attacks could create ‘perfect storm’
17 Jan, 2011, Reuters, By Michael Holden
Pasted from: http://www.theglobeandmail.com/news/technology/tech-news/oecd-cyber-attacks-could-create-perfect-storm/article1872682/
LONDON – Attacks on computer systems now have the potential to cause global catastrophe, but only in combination with another disaster, the Organization for Economic Cooperation and Development (OECD) said in a report.
The study, part of a wider OECD project examining possible “Future Global Shocks””such as a failure of the world’s financial system or a large-scale pandemic, said there were very few single “cyber events” that could cause a global shock.
Examples were a successful attack on one of the technical protocols on which the Internet depends, or a large solar flare that wiped out key communications components such as satellites. But it said a combination of events such as coordinated cyber attacks, or a cyber incident occurring during another form of disaster, should be a serious concern for policy makers. “In that eventuality, ‘perfect storm’ conditions could exist,” said the report, written by Professor Peter Sommer of the London School of Economics and Dr Ian Brown of Britain’s Oxford University.
Governments are increasingly emphasizing the importance of cyber security. The United States is preparing for cyber conflict and has launched its own military cyber command. Britain last October
rated cyber attacks as one of the top external threats, promising to spend an extra 650 million pounds ($1 billion) on the issue.
Meanwhile, emerging nations such as China and Russia are believed to see it as an arena in which they can challenge the United States’ conventional military dominance.
The Stuxnet computer worm — which targets industrial systems and was widely believed to be a state attack on Iran’s nuclear program — is seen as a sign of the increasing militarization of cyberspace.
The New York Times reported on Saturday that the worm was a joint U.S.-Israeli effort and had been tested at Israel’s Dimona nuclear plant.
The OECD study concluded that cyber attacks would be ubiquitous in future wars, and that cyber weaponry would be “increasingly deployed and with increasing effect by ideological activists of all persuasions and interests”. But it concluded that a true “cyberwar”, fought almost entirely through computer systems, was unlikely as many critical systems were well protected and the effects of attacks were difficult to predict, and so could backfire on the assailants.
Adopting a largely military approach to cyber security is a mistake, as most targets in the critical national infrastructure, such as communications, energy, finance and transport, are in the private sector.
The US has already experienced two major cyber warning shots. Hackers from Russia or China or both successfully planted software in the US electricity grid that left behind software that could be used to sabotage the system at a later date.
The North Koreans may not be able to feed their people but in 2009 they succeeded in bringing down the servers of the Department of Homeland Security, the US Treasury and several other government departments, along with regular internet providers, by flooding them with requests for data. Most dramatically, it saturated the internet connections of a Pentagon server that the military would rely for
logistical communications in an armed conflict.
“There are significant and growing risks of localized misery and loss as a result of compromise of computer and telecommunications services,” the report said.
Protecting your computer and data
Five steps that every computer user should implement to prevent cyber crime attacks. These days the cyber world is becoming bigger and bigger with rapidly growing number of businesses and individuals using internet as a business place. Naturally, cyber criminals target computers with low antivirus internet security and commit their criminal activities.
However, there are guidelines that need to be followed in order to secure your computer from internet security attacks:
1. Back-up Data – Savvy computer users are aware of the importance of keeping their data safe and away from internet security attacks and regularly perform backups. You can back up your data on an external data storage device such is CD, memory stick or external hard drive. The device you use will depend on the data size. The overall idea is that if anything happens to your primary data, you can always retrieve them from somewhere.
[Mr Larry: Consider backing up your files in one or more of the ways discussed below:
a) Seagate Freeagent Go, 250GB or larger, USB external hard drive. Portable storage solution makes it easy to take your photos, music, videos, ‘historic e-mail’, pdf files, other Internet downloads, and documents everywhere; now they have 1 Terrabyte models. :-)
b) Amazon Jungle Disk and S3 olr other “Cloud storage”. The Jungle Disk software is your computer’s interface with Amazon’s cloud drive file servers. Amazon S3 (Simple Storage Service) is basically an infinite hard drive you can buy on a pay per usage basis, and Jungle Disk is a utility that allows you to mount S3 as a hard drive on any OS. Jungle Disk has a backup tool built in. I use the S3 only for back up so have been paying about 25¢ – 30¢ a month for the service. See also, https://www.amazon.com/clouddrive/learnmore/ref=sa_menu_acd_lrn2
c) Kingston Data Traveler 32GB, USB flash drive. Supports Windows 7, Vista, XP & Mac. Compatible with Windows 7 Available in multiple colors by capacity.
I’ve included images of these items/services below; they should be thought of simply as examples of the many products ‘out there’ that used together will give a depth to your data bases, documents, spreadsheets, photograph, music, MP3, video and podcast files, etc.]
Images above include (L>R): Left) Seagate Freeagent Go, external, drive, Middle) A web cloud service, Right) Portable USB flash drive that is never left connected to the system.
2. File sharing– Another very important thing to be avoided is sharing files with strangers. This makes your computer internet security vulnerable as the files from other computer users may contain malicious infections that without a good anti-virus internet security can potentially destroy your computer or steal sensitive information. Make sure you turn off and disable file-sharing if it is not needed.
3. Disconnecting from the Internet– It is additional prevention so whenever you internet is not in use just simply disconnect form internet. It lessens the possibility of cyber criminals passing your internet security.
4. Update security patches– Computer programs sometimes contain bugs that can be an entrance to your computer for any malicious person to attack and potentially harm your computer. Therefore, it is very important to regularly update your security patches and increase.
5. Maintain up to date antivirus software firewall– Good antivirus software and firewall are crucial components of your arsenal to increase internet security that will protect your computer from attacks. Make sure to keep your anti-virus program and firewall up to date.