Thursday, October 19, 2017

The internet of hacked things

The internet of hacked things

As the internet and the real world increasingly intersect, hackers are infiltrating critical infrastructure. We explore some of the most notorious cases.


Satellite communications

Newsat was once Australia’s biggest satellite company, with systems carrying sensitive communications for the Australian Defence Force and mining companies.
In a 2013 meeting called by the Australian Signals Directorate, former IT manager Daryl Peter was told the company had been seriously infiltrated by foreign hackers. Mr Peter believed the hack was from China.
Newsat’s former chief financial officer, Michael Hewins, said the company’s IT staff were told its computers had been compromised in one of the worst cases Australian intelligence had ever seen.
They were told Newsat would not be allowed to launch its flagship Jabiru 1 satellite until major changes were made.
Jabiru 1 was a five-tonne state-of-the-art satellite that NewSat promised to launch, but it never got off the ground as the company eventually collapsed and went into administration.

Bureau of Meteorology

In April, Prime Minister Malcolm Turnbull confirmed the Bureau of Meteorology had suffered a significant cyber intrusion that was first discovered in 2015.
It was the first time there was official acknowledgement that a critical Australian Government agency had been penetrated by a sophisticated cyber attack.
The Government did not say it publicly but Australian intelligence sources have confirmed to the ABC that China was behind the attack.
Four Corners has been told the Bureau of Meteorology was probably just a gateway for a more sinister attack.
China’s true targets may have been the Australian Geospatial Intelligence Organisation, which provides satellite imagery for sensitive defence operations, and a high-tech Royal Australian Air Force radar system called the Jindalee Operational Radar Network (JORN).
The JORN system is designed to detect planes and maritime vessels within a 3,000-kilometre radius of Australia’s northern and western shorelines.
Beijing continues to deny responsibility for the attack.

Nuclear facilities

Stuxnet is the first cyberweapon known to cause actual physical damage.
At the time of its 2010 discovery by security researchers, it was the most sophisticated malware identified in the public realm.
Stuxnet targeted devices that automate electro-mechanical processes to sabotage Iran’s uranium enrichment program in Natanz.
Since the nuclear facilities were not connected to the Internet, it is believed that the malware was deployed by infecting employees’ home computers, and carried unknowingly into the facility via a USB flash drive.
Once inside the facility, the malware proceeded to override the Iranian scientists’ internal network, forcing the centrifuges to spin at self-destructive speeds while making it appear that nothing abnormal was occurring.
It was not until loud noises were heard from the centrifuge chambers that Iran’s nuclear scientists became aware that their system was failing.
It took another five months before researchers discovered that the culprit: Stuxnet.
Stuxnet is believed to have resulted in the destruction of roughly one-fifth of Iran’s centrifuge stockpile.
It also represented an unprecedented moment in history, when cyber warfare finally spilled over into the physical domain

Power grids

The first publicly acknowledged successful cyber intrusion to knock a power grid offline occurred in Ukraine during December 2015.
Widespread service outages were reported and it was soon discovered that about 30 substations became disconnected from the grid, leaving more than 225,000 customers freezing in the Ukrainian winter chill.
The attackers are also believed to have spammed the Ukrainian utility’s customer-service centre with phone calls in order to prevent real customers from requesting assistance.
This was no opportunist act of hacktivism: those responsible were running a sophisticated and stealthy operation that would have required months of reconnaissance.
Although power was restored hours later, many functions had to be controlled manually for months to come; the firmware inside the control centres running the substations had been rendered inoperable by the attack.
Later, US security researchers found that the authors of the malware were writing in Russian. This malware was dubbed BlackEnergy.


In July 2015, American security researchers Charlie Miller and Chris Valasek demonstrated they could remotely hack a 2014 Jeep Cherokee, allowing them to control the car’s transmission and brakes.
The vulnerability they had discovered was exploited via the wi-fi in the car’s multimedia system; the number of affected vehicles ran into the millions.
They discovered they could crack a car’s password through a method known as brute-forcing: literally decoding it through automated guesswork.
Since then, a number of other vehicles have proved to be vulnerable to hacking, including models manufactured by Tesla, BMW, Nissan and Mercedes Benz.
In response to security concerns, Tesla and Fiat Chrysler have both announced the establishment of bug bounty programs.
Such programs allow independent security researchers to submit vulnerabilities they discover to the company and can be compensated thousands of dollars for their efforts.