“This Is How They Tell Me the World Ends” is a book about cyber security. Or more about the lack of cyber security. A long time ago, I read “Future crimes“.
The dark side of technology
Already painting a very dark picture of what is possible on the dark side of technology. Criminal AI (Don Watson), hacking of genetics, tailor-made biological viruses, quantum computing, IoT, nano, etc. Basically, everything is hackable. There are only two types of companies—those that know they’ve been compromised and those that don’t know.
The book describes a journey through the world of hackers. It is not a pretty picture. A weird mix of private, enterprise and governments hacking each others’ systems. Cyberwarfare, with Ukraine as an example. But also interference in elections and referenda, stealing IP, hacking of infrastructure and utilities (including nuclear reactors) and cyber attacks.
Today, the Pentagon’s Joint Strike Fighter aircraft contains more than 8 million lines of onboard software code, while Microsoft’s Vista operating system contains an estimated 50 million lines. Each line of that code contains instructions that can potentially be subverted for any number of means. You should have zero confidence in an application that contains more than 100,000 lines of code.
Everything is infiltrated
Thermostats, printers, takeout menus, robots, coffee machines, charging stations, etc.. Nearly everything has a backdoor. Making your mobile phone (or any other device) a spying device even when it is offline or witched off. Everything, even the most secure system on earth can be compromised. Everything can be intercepted. Everything can be captured. Nothing is safe. The opportunities to sabotage the global supply chain are endless. To date, there is not a single online voting platform that security experts have not hacked.
Hundreds of billions
In 2018, terrorist attacks cost the global economy $33 billion. That same year, a study by RAND Corporation from more than 550 sources—the most comprehensive data analysis of its kind—concluded global losses from cyberattacks were likely on the order of hundreds of billions of dollars.
It is now arguably easier for a rogue actor or nation-state to sabotage the software embedded in the Boeing 737 Max than it is for terrorists to hijack planes and send them careening into buildings. Our hospitals, towns, cities, and, more recently, our gas pipelines have been held hostage with ransomware.
The world of potential war has moved from land to sea to air to the digital realm. Even countries you would never suspect are stockpiling exploits for a rainy day. Most do it to protect themselves. For example, secure army communications mean the difference between life and death. Read “Likewar“. Future conflicts will be won not by physical forces but by the availability and manipulation of information. Cyberwar would be accompanied by something else: “netwar.” Which means trying to disrupt, damage, or modify what a target population “knows” or thinks it knows about itself and the world around.
Zero-day exploit brokers, Microsoft journey to become a much more secure platform, Code Red, cyber nukes, NSA, unit 8200, KGB, TAO (tailored access operations) vaults, Genie, Surlyspawn, Dropoutjeep, hacking-mercenaries, CyberPoint, over the air stealth installation, Pegasus, hacking for good, side-channel attacks /sending malware via radio emissions to the copper in the chip itself), the hacking of Sony, Sandworm, Trump, EternalBlue, kompromat, Lazarus, MimiKatz are all terms you don’t want to know about. It is scary stuff.
Use long passwords
So use long passwords. Two-factor authentication—2FA for short—is still the best way to neutralise a hacker with a stolen password. The easiest way to protect yourself is to use different passwords across different sites and turn on multi-factor authentication whenever possible.
Cyberweapons can create as much havoc and destruction as 9/11, Pearl Harbor, or worse. But the analogy to Pearl Harbor is a deeply flawed one. America didn’t see that attack coming; you can see the cyber equivalent coming for a decade. American computers are attacked every thirty-nine seconds.
The safest countries are in Scandinavia—Norway, Denmark, Finland, Sweden—and more recently, Japan. Norway, the safest of them all, is the fifth most-digitised country in the world. They have a culture of cyber hygiene and have a cybersecurity master plan. You should have one too…..