The Next Cyberattack Is Already Under Way

from The New Yorker

In the nightmare, sirens caterwaul as ambulances career down ice-slicked, car-crashed streets whose traffic lights flash all three colors at once (they’ve been hacked by North Korea) during a climate-catastrophic blizzard, bringing pandemic patients to hospitals without water or electricity—pitch-black, all vaccinations and medications spoiled (the power grid has been hacked by Iran)—racing past apartment buildings where people are freezing to death in their beds, families huddled together under quilts, while, outside the darkened, besieged halls of government, men wearing fur hats and Kevlar vests (social media has been hacked by Russia), flashlights strapped to their rifles, chant, “Q is true! Q is true!”

“someone should do something,” reads the T-shirt worn by one of Nicole Perlroth’s sources, a hacker from New Zealand, in “This Is How They Tell Me the World Ends: The Cyberweapons Arms Race” (Bloomsbury). Someone should. But who? And do what? And about which of the Biblical plagues facing humankind? Perlroth is a longtime cybersecurity reporter for the Times, and her book makes a kind of Hollywood entrance, arriving when the end of the world is nigh, at least in the nightmare that, every night, gains on the day.

More here.

Posted in Technology and tagged , , , , , .

14 Comments

  1. I believe this article made a lot of good points, especially in regards to the huge issues that can occur when these cyber attacks occur, or the flaws in the company’s systems. These cyber-attacks can be very bad for many facilities if they take place, but it seems many facilities are still having this issue as time goes on, which includes the area of entry points for hackers to take advantage of. This also begs the question of how is this still relevant in today’s society, which can be concuded as company;s just not having the know-how to fix some of these issues/holes before they are used against the company. Furthermore, there is also the very relevant subject of how these attacks can effect a company long term. For many, the issue could cause their operations to either be halted or even overtaken due to the reason/type of attack and what is done. For example, the article mentions the amount of code that sites take, them more detailed, the more area for errors. By having this potential risk, you’d then have to constantly carefully monitor a company’s systems to see if there are any holes or access points. Therefore, these issues and attacks can be centrally related to causing many companies to have issues where they should really be on the offense to provent such situations.

    Comanies as a whole are only worried about their main goals, and deal with issues are they are relevant. Although, the issue that is really important here is the fact that many companies are very vulnerable to attacks. The issue stands that something needs to change or this issue will continue to happen to companies not constantly on the offense. Although, it seems many are not going that route due to either cutting expenses or just putting focus elsewhere. When analyzing the situation, it seems many are either unprepared to deal with this issue or simply do not care. Some may argue that this issue can wait since not every part of a company is affected, but that also allows the threats and possibilities to grow and linger by not solving the issue effectively and swiftly before others notice and try to attack. Overall, it breaks down to a copmany’s choice, some may not see it as valuable due to their low risk of getting attacked meanwhile others may decide this is a key focus area that will still prevalent throughout time due to the digital era.

  2. A large amount of technological improvements over the past few decades has led to a world that is increasingly online and increasingly comfortable with using internet-connected devices for everyday tasks and activities. The widespread adaptation of these new technologies has led to an infrastructure that is heavily reliant on different kinds of computer systems along with the internet. This does make a lot of things very convenient but it has also opened up new possibilities about what could potentially be hacked and manipulated for a whole number of different motives.
    The tradeoff of having something that was previously not reliant on the internet and then connecting it to the internet is that it opens up the possibility that it could be hacked, remotely accessed, or manipulated in ways that would have previously been impossible. The importance of cybersecurity and vulnerabilities in tech is what has led to the market for zero-day exploits which were mentioned in the article. These zero-day exploits are vulnerabilities in existing hardware or software which have not been patched yet, this means that the vulnerability is still present in every device of that kind or every device that uses that specific software. This makes zero-day exploits extremely valuable because the knowledge of them means that there is the potential to hack or affect an extremely large number of devices all ranging in many different degrees of importance. The extremely widespread vulnerability that can be caused by zero exploits is also the main reason why companies are willing to invest so much money in finding and fixing them, it is also the reason that other organizations such as foreign governments are also interested in them.
    Each one of these entities has its own desires and reasons for wanting to take advantage of these exploits. Countries are interested in them for reasons such as spying but tech companies are interested in them because they want to offer secure products. Microsoft, Google, and Apple were all mentioned in the article because they all sell devices and they all offer bounties for these zero-days. They pay a lot of money for them because once they have them they are able to eliminate that vulnerability for all of their customers. A million dollars might seem like a lot of money for Apple to pay, but if it allows them to fix tens of millions of iPhones and prevent billions in damages then it is a pretty good investment. This is why bounty programs for exploits will continue to expand and it will offer a new style of business. Ones where they use ethical hackers to prevent extremely devastating computer exploits.

  3. The development and progress of network technology have brought many benefits to our daily lives, but it has also brought some terrible harm. This article called “The Next Cyberattack Is Already Under Way” is warning people of the coming cyber crisis. We increasingly rely on the use of the Internet for daily activities, which does make many things very convenient, but when we use the Internet, we may bring cyber attacks, and cyber-attacks are a huge problem. If a cyber-attack occurs, it may be very bad for many announcement facilities and is not conducive to our daily lives.

    The zero-day vulnerabilities mentioned in this article; zero-day vulnerabilities are vulnerabilities that hackers can use to attack the system. When a hacker exploits a vulnerability before the developer resolves it, a zero-day attack occurs, causing damage or stealing data. Zero-day attacks are particularly dangerous because the only person who knows them is the attacker himself. Once infiltrated into the network, criminals can attack immediately or wait for the most favorable time. People who use zero-day vulnerabilities are generally cyber criminals and corporate spies; the targets of their attacks are web browsers, large enterprises and organizations, and government agencies; this poses a threat to people’s safety.

  4. The article “The Next Cyber Attack is already Under Way” displays the new ways that wars will be fought. With the constant development of technology, as firewalls and virtual security becomes stronger, hackers are becoming more and more advanced at their craft. The article starts out a by recalling a few examples of successful foreign hackers doing relatively small-scale but severe things. Two man made black outs, one from North Korea an the other from Iran, as well as a Russian social media hack. All three of these events are examples how wars will be fought from now on. War has gone from man driven, to machine driven, and now to internet driven. With the way that things have been going recently, a grid attack would cause immediate panic and chaos, exactly what the hacker would want. With the inability to track those who conducted the hack, there is almost always no one to blame. Recent history have put Russia in the spot light when it comes to hacking. The article describes how in 2012, Iranian hackers destroyed information used at a Saudi Arabian oil industry. Oil being the huge business as it is, led to this being a very costly set back. This event would lead to better cyber security measures at the industries. The scales of these hacks all show the same thing. Hackers are attacking on a front that no one expects them to. Online security at these places is very sophisticated. There is seemingly nothing a hacker could hack their way into. Not even our own presidential election is safe from hackers. As we all know, the presidential election is treated with a huge amount of safety and confidentiality. Something else that is feared of being hacked I the stock market. If the stock market was terminated, the damages would be unimaginable. The amount of money and trust that is put into the stock market make it a huge target for hackers. The amount of financial detriment from a successful attack would be almost impossible to cover when it comes to damages (lost money). The world definitely has their hands full.

  5. Digitalization brings many advantages, but in return, it exposes companies and individuals to the great risk of hacker attacks. The importance of digital security, also known as cybersecurity, is growing more and more for companies. Not only companies and large concerns are highly targeted by hackers and cybercriminals, but also small businesses can quickly become a target. Spyware, phishing, ransomware: crime on the Internet is multifaceted and has long been a highly professional business. No wonder, considering that almost every company today uses an IT system connected to the network. A lot can be stolen digitally. From strictly confidential patient information to sensitive company data. Depending on the severity of the case and the data captured, a hacker attack can cause major problems for a company – even threatening its very existence. In addition to sabotage and espionage, cybercriminals are usually interested in demanding money for the release of the captured information. The attackers use a wide variety of methods to gain access to foreign networks and thus to the systems of companies. The goal of cyber-attacks is almost always to capture data, manipulate or delete it, or even destroy the entire information system. In most cases, this takes the form of malware. This is installed on the respective system and can then spread unnoticed without affecting running applications. The Corona situation has once again increased the threat of companies falling victim to cybercriminals. Remote workplaces and home offices, for example, mean that sensitive data is sometimes stored outside the company premises. The problem is also likely to become more serious in the long term. The data that is safest from cyber-attacks is still stored in analog form.

  6. Cyberattacks have risen to greater prominence over the past decade and the problem is only getting worse as our digital infrastructure continues to expand. As more and more systems and processes of our everyday lives become more digital, the risk of cyberattacks continues to increase. This problem also seems very difficult to manage. Cyberattacks are always coming from different locations and currently a cyberattack is being planned somewhere in the world. In this way, the next cyberattack is already on the way. Given the isolated and sporadic nature of these cyberattacks, it is difficult to predict when these attacks are carried out and come up with an effective solution to neutralize these threats. This problem is seen in the idea of “zero-days.” The idea behind this concept is that when new cybersecurity threats arise, governments essentially have zero days to come up with a defense. It is very difficult for governments to neutralize these threats and as they arise governments must be prepared to fight them 24/7/365. This is because any threat to encrypted data represents a possible catastrophe for data that is stored and can be accessed anywhere in the world. Government, financial and medical records among other types of information are at risk every day and it is very difficult to manage this risk. Governments will have to act swiftly to neutralize any threats that occur to keep information safe in this digital age.

    In terms of business law, this threat poses a significant challenge. This is because it can be difficult to legislate criminal activity as criminals and those who seek to carry out cybersecurity attacks will always be trying to circumvent the law. This means that the best way to protect data may be to create better systems for storing and encrypting data and building regulations around this premise. Governments and businesses alike will be best able to deal with cybersecurity attacks like these when the systems surrounding our data are strong. Laws that ramp up the protection of data and create better systems of storing data will likely be the most effective in the fight against cybersecurity threats. Another way to protect against these threats is to have a cybersecurity force. This is going on within the US government and will likely increase in the coming years. Having a cybersecurity military-style force to respond to these threats will be essential in helping neutralize these threats. The agility of such a team would help make sure that these threats can be responded to as quickly and efficiently as possible.

  7. This world has come a long way with technology ever since computers were first invented. Technology advances means both better security and more threats to people’s data. Cyberattacks are used in warfare by countries to help gain an advantage, but there are also people who start cyberattacks on individual companies. If a country is able to break down another country’s cybersecurity, then the attacking country could have access to a lot of data that is not meant to be seen by anyone except a select few people who work with that data. This could get bad, especially in a war, because the attacking country can possibly see what the defending country is either planning or things that they may be hiding. Cyberattacks on individual companies could include things like leaking information about customers of the company, or even stealing the identities of many customers. These types of attacks can cause major losses for big companies, and could have a huge cost to repair and improve their cybersecurity.

    Even with continuously improving security, no one is ever 100% safe from a cyberattack. Even the largest companies or most wealthy countries can fall victim to cyberattacks and have their security breached. It may not be easy, but it can definitely be done by a person or group with the right skillset, time, and assets to allow them to break down security.

  8. The cyberattack described at the beginning of the article, “The Next Cyberattack is Already Under Way” by Jill Lepore on the New Yorker, is frightening to imagine. Nicole Pelroth is a hacker from New Zealand who is the author of a book called This is How They Tell Me the World Ends: The Cyberweapons Arms Race. Pelroth’s main concern is the possibility of governments using hacking as a war weapon and in her book, she questions whether that is the root of other evils.
    In the ‘60s, computers which were originally used to store and process data earned a new function: communication. In ’68, the Pentagon’s Defense Science Board Task Force on Computer Security came to the conclusion that technology existing at the present time cannot provide a secure system in an open environment. In ’72, a report made some scary claims that communication by computers offered an opportunity for espionage, that computers were an attractive target for hostile action, and that a single attack could be detramental to a whole network was delivered.
    In the ‘90s, antivirus software became popular and a service that entailed white-hat hackers that are paid to find vulnerabilities in a system so that the owner of the system can better prevent those vulnerabilities from being exposed by cyber threats was implemented.
    The fear of the world going to war via cyberattacks is real since the amount of information that can be accessed online has been and still is on an exponential increase that isn’t stopping anytime soon. Pelroth says that the N.S.A. has a hundred analysts working on cyber offense for every analyst working on cyber defense. Whether or not this statement is an exaggeration, the point is there are many more analysts that work on offense as opposed to defense. Quite frankly, there should be more analysts working on defense than offense since the threat of a cyberattack is bigger than it’s ever been. Without a strong infrastructure, there is a great risk of being attacked. Once an attacker has access to the network, they can manipulate pretty much anything they want. Therefore, instead of tasking most analysts with developing cyber offense, minimizing the risk of being attacked should be the main concern.

  9. This article describes the digital landscape as the setting for a new type of warfare in a concerningly accurate manner. Among the most essential assets driving this cyber warfare are that of “zero-day” exploits, in which hackers rapidly cling to new software and hardware in an effort to determine vulnerabilities not detected by the creators. While I was aware that everyday hackers engaged in these efforts and may sit on zero day exploits for years to attack companies at the right moment, this article does well to express the significant scope of zero-day bounties. Such bounties for hacking technologies and relaying the relevant vulnerabilities to companies extend into millions of dollars. Governments are often among the most prevalent clients in this zero day bounty system, whether to secure their own systems or maintain knowledge of vulnerabilities in foreign systems. The trend maintained by the latter could potentially fuel cyberwarfare activities driven by governments.

    Cyberwarfare tactics can attack distant regions or foreign countries in a manner unparalleled by traditional warfare. The article notes that North Korean hackers who had illegally acquired zero day related information from the NSA was quickly able to compromise computer systems associated with banking, transport, hospitals, law enforcement and more across the world. While this was simply a ransom attack (which still amounted to a collective ten billion dollar loss), this attack, dubbed WannaCry, clearly expresses the scope of cyber warfare. Hackers that are much more malicious in nature, which could even be associated with foreign governments, could compromise these significant facilities and not give up control. This could generate harm on a great scale, placing hospital patients and public transport users at risk, stealing large sums of cash from banks, and more. The scope of cyber warfare is constantly increasing in size proportionate to the advancement of the digital age and integration of smart technology. With many large technology companies, as well as governments, aiming to integrate smart on both home and city-wide levels, more and more services and systems will be opened to be hacked. Smart city initiatives will extend to lighting, electrical systems, transportation, and more on a citywide scale (https://www.mckinsey.com/business-functions/operations/our-insights/smart-cities-digital-solutions-for-a-more-livable-future). The article linked by the blog specifically notes a situation in which Ukraine maintained relatively minimal damage from a Russian hacking attempt simply because many of Ukraine’s systems are offline. Though such a shift to smart cities can fuel efficiency and convenience, we must maintain great consideration towards the new threats and vulnerabilities that will arise in the context of cyber warfare.

  10. The massive technological evolution that occurred has led to technology being an integral part of everyone’s daily lives. While the advancement of technology brings a multitude of enormous benefits, it also leaves the door open for potential cyberattacks. Due to the world being so reliant on technology in this day and age, cyberattacks become a bigger deal than they have ever been before. This article essentially discusses how foreign hackers attempt these cyberattacks on us and gives a few examples of small scale instances. One thing that I found very interesting was how the article talks about using hacking as a weapon of war. Nicole Pelroth, a longtime cybersecurity reporter, investigates the market in “zero-days”. ‘“A zero-day is a software or hardware flaw for which there is no existing patch,” she explains. Zero-days “got their name because, as with Patient Zero in an epidemic, when a zero-day flaw is discovered, software and hardware companies have had zero days to come up with a defense.” A flaw can be harmless, but zero-days represent vulnerabilities that can be turned into weapons.”’ Later, Pelroth says that governments have been buying them and storing them in vaults. I find the fact that governments are buying and storing them to be a little concerning. This article also discusses how in the 1960’s people started to use computers, which had been used to store and process information, as communication devices. Back then, technology was seen as a glowing positive and a massive revelation. However, a man named J.C.R. Licklider foresaw the negative side effects of technology. I find it crazy how so far back, someone could foresee the possible evils that could be present because of technology. During a time where everyone was probably overwhelmed with excitement about new technologies, Licklider took a step back and saw what could happen in the future. All in all, I think that this article was very interesting and provided great insight on hackers and evils that come with technology. I believe that we need to take a hold of technology because right now, there are too many negative effects that come with it. If we do not control it, the cyberattacks will get out of hand.

  11. As technology continues to get more and more advanced, like any other technology, it’ll also become more and more impactful to our individual lives. Technology is currently at a point where it has essentially become one of the most important aspect of our day to day living. More specifically, computer technology is now more integral than ever. Just about every person, bar maybe the homeless or very poor, just about every person in modern America owns something with a computer in it. Just about 90% of the US population has some access to the internet, and as this technology becomes more easily producible, cheaper, and more efficient, we will likely see that percentage rise (1).
    The big caveat here is that, while the internet and global connectivity has given us the powers of mass-communication and international data-sharing, it has also created a whole new set of safety concerns. As the article goes on to detail, there are genuine security risks with implementation of these data technologies, and as global society becomes more and more reliant on these technologies, governments will start to run the risk of terrorists as well as international opponents messing with their systems. The threat of cybercrime is already a real threat for the general population, but it has been a long standing idea in pop-culture that the government is the end all be all of security. Being able to get into government databases or hacking government officials has long been seen as the ultimate hacking job. Nowadays, technology is becoming so sophisticated that it’ll eventually become nigh-untraceable when malicious individuals decide to use their cyber knowledge to breach high-level databases. We are already seeing hacks of major social media platforms and websites, leaking thousands of emails, bits of personal data, log-in information, and more. As with all methods of weaponization, we may soon see the advent of international cyber-warfare. Governments around the world, especially the most powerful, are always looking for ways to subtly and discreetly gain information on their opponents. Cyber attacks on world governments have been becoming increasingly common, and that trend isn’t likely to end any time soon. If anything, governments will do anything in their power to try and use these cyber attack methods to do digging and attacking of their own. The big thing with cyber attacks is that it isn’t something easy to combat. The American government, as always, is especially interested in harvesting this technology and using it for its own military benefit. It wouldn’t be the first time we grossly over indulged military research to one-up the rest of the planet, and it certainly won’t be the last. At this point, it is only a matter of time before wars are fought with hacking. Communications systems, shut down; navigation system, scrambled; drones and surveillance systems, fooled. Whatever it is, our military is already implementing large amounts of AI and computer tech into its military systems. Obviously, the best way to combat them outside of pure fire power, would be sneaky attacks on the chipsets, the software, and system integrity.

    1. Johnson, Joseph. “U.S. Internet User Reach 2025.” Statista, 4 Aug. 2021, https://www.statista.com/statistics/590800/internet-usage-reach-usa/.

  12. The article talks about how the next cyber attack that is underway. In my opinion, our nations cyber security is going to have to advance. Similar to our army we need to have a defense and attack team for our data and information online.
    Cyber attacks are a new threat that our nation is facing. This is different than any attack we have ever seen before. The article states governments are using hacking as a weapon of war. Not too long ago we had the attack on the US gas pipelines. This cyber attack was to hold corporate data for ransom. https://www.nytimes.com/2021/05/14/us/politics/pipeline-hack.html
    It is pretty crazy how much information we have online. When you think about how much we use our phone, we bring them with us everywhere. We take photos on it, write notes on it, have our password saved on it, have our credit cards saved on it, and much more. This valuable information can be targeted and stolen from us. The point I’m trying to make is that there are a lot very important things we have saved on our phones and computers. A stronger defense will have to be made for it to protect our information, identity, and money.

  13. Technology has benefited human life in various ways, from advancements in healthcare, jobs, and communication. With the growth of technology also comes the risks associated with it, one of them being cyberattacks that pose an immense threat to the individual on the receiving end. A cyber attack is meant to cause harm through technology in various types of ways. After reading the article, “The Next Cyberattack is Already Underway” reinforced what I knew about cyberattacks and gave me more insight into the topic. Reading that traffic lights were hacked by North Korea and caused accidents that affected ill pandemic patients is a reason why countries should not belittle cybersecurity. Investing in cybersecurity will bring safety to valuable information (personal, health, and government). Reading this article also reminded me of when I was on the receiving end of a cyberattack, specifically a DDoS attack. I investigated how this attack transpired, and it amazed me how easily my attacker was able to do this. The technology and software to perform a low-level attack like this one are accessible to almost anyone who desires to do this. It’s done by pulling a person’s IP address and sending it through a botnet which overloads traffic on the victim’s internet. When I was a victim of this My brothers and I was in the middle of an online zoom class when suddenly our internet stopped working and we were forced to go on a hotspot until the internet came back on. What infuriated me was that the website, Xresolver, has every Xbox user’s IP address in their database at the disposal of attackers to use. I ended up investing in a nighthawk router that hides my IP address so this wouldn’t happen again. I invested in myself but countries should invest in themselves for the sake of their citizens so they don’t fall victim to these cyberattacks.

  14. Governments using hacking as a form of war is simply just a civilization adapting to the technological advancements that this time period has to offer. We have switched from old school battlefield fought wars and drastically became technology gurus. The things that we can do with a computer is absolutely mind blowing. Drones are controlled from thousands of miles away by men behind a computer screen, they can deliver attacks with the push of a key and destroy villages and terrorist compounds with ease. Governments also have found ways to hack other countries and damage things such as gas, meat production, and etc. Governments can easily ruin a country’s infrastructure with also a click of a few buttons, which is extremely alarming. With ease somebody can hack into your iCloud or android cell phone, they just have to know a little about basic hacking. Hackers can ruin websites of prominent companies or act as they are operating on behalf of the company. The danger that these hackers have potential to cause is very worrying, and the government needs to pay extremely close attentions to these attacks, no matter how little they are these need to be addressed with full force. Hacking should be no petty crime; it should be a felony. With a few clicks someone can have their livelihoods ruined because a selfish money hungry hacker. Governments have been exploited and blackmailed by men with mask behind computer screens, the talent of these men or women hasn’t gone unnoticed by these governments. Often times the Government would recruit hackers to join them, how else can you find the best hackers in the world? In my honest Governments probably set up fake channels to lure in potential hackers, they filter them out and sees who is the best fit for them. If a government official is reading this, he or she should really take my hypothesis into consideration. Truthfully how else could you recruit special talented hackers without trying to trap them, many of these hackers are not hacking for the common good but for their own personal interest. They do not care about helping others when they are taking social security cards and etc. So you have to play their game.

Leave a Reply

Your email address will not be published.