One week, two terrifying false alarms. Mistaken alerts sent from the state of Hawaii and from a Japanese television station’s social media account both delivered the same scary message to the public: North Korean ballistic missiles are inbound. Duck and cover. And where one such screw-up is strange, two in such close proximity will no doubt feed conspiracy theories.
So far, we have no reason to believe these are anything but dumb mistakes. The Hawaii incident has been diagnosed as a human error—an employee sent the wrong message. The Japanese incident is still early throes of its investigation. So any talk of foul play is merely a hypothetical about how somebody could hack the emergency alert systems.
But even if both these incidents prove to be innocent mistakes, they have shown the emergency system is flawed and could be spoofed. Such an obviously flawed system—easy to fool and time-consuming when it comes to announcing a mistake—will inevitably attract hackers. But why, and to what end? A look at previous alert message tampering provides some clarity on who and why this may occur, and how to best guard the public.
Inside Job
The first suspects are always those closest to a crime. When it comes to cybercrime, no one knows the vulnerabilities of a system like someone who works on the inside.
Not all industries face the same threats. An IBM study from 2017 found insiders carried out 60 percent of all attacks on utilities, but when it comes to information and communication, only 10 percent came from the inside. These “inside” attacks include employees who open infected emails or fall for other phishing schemes — in other words, unwittingly fall into an outsider’s scheme.
Truly malicious insider attacks are rare, but dangerous. “Malicious insiders who compromise sensitive data are often security-aware and able to act undetected,” IBM says. “Their legitimate access to the information makes it difficult to spot a breach: They could interact with that data every day as part of their job, and then one day decide to access it for nefarious ends.”
When it comes to motive, the insider threat could stem from something else: hacktivism. The security firm McAfee has a separate definition for this motivation: “Some hacker activists are motivated by politics or religion, while others may wish to expose wrongdoing, or exact revenge.”
Combine these trends and you have a theory. There could be a former employee hacktivist who knows how disseminate phony communication to drive home a point. He or she knows of backdoors into the system, such as knowing default passwords or other ways into a system that programmers use to do maintenance.
In our missile-warning scenario, someone concerned about tension in Korea could have engineered a fake threat. For example, the hacktivist group Anonymous in May 2017 released a video claiming WWIII would soon start in Korea. Not pointing fingers at Anonymous in this case. We're just saying that motives for this sort of thing exist. You could make the same case for someone who wants more funding for missile defense. A hacktivist will use whatever tools are available, and one who can access an emergency alert system could use that as a megaphone for their cause.
Watch the World Burn
It was just another day in February when viewers of KRTV channel 3 in Montana experienced an emergency broadcast alert. The dead were rising from their graves and attacking people. The zombie apocalypse was upon us.
Or not. The network later released a statement that “it has been determined that a ‘backdoor’ attack allowed the hacker to access the security of the Emergency Alert System equipment.” A couple other stations in Michigan fell victim to the prank as well. The FCC later sent word to television stations to change passwords frequently and to inspect messages before they are released to screen for "unauthorized alerts" scheduled for the future.
Or not. The network later released a statement that “it has been determined that a ‘backdoor’ attack allowed the hacker to access the security of the Emergency Alert System equipment.” A couple other stations in Michigan fell victim to the prank as well. The FCC later sent word to television stations to change passwords frequently and to inspect messages before they are released to screen for "unauthorized alerts" scheduled for the future.
Was this the ghost of Orson Welles at work? Marketers from The Walking Dead? Agents of a foreign power trying to instill panic? No. This is the work of goofballs out to have a little fun.
There are many upsides to the information revolution. Exchanging information quickly and without obstacle is a worthy goal. But hackers can use modern communication systems to spread chaos. “Now, there are lots of kids just out ‘joyriding’ on computer systems,” Sarah Gordon, a researcher with Symantec, told Frontline. “Joyriders often ditch their cars, sometimes they burn them. It's the same with some (not all) of today's kids who call themselves hackers.”
A hackivist will take credit or let the attack’s intentions be known. A reality hacker can be content with simply sowing the seeds of chaos and savoring the effect without taking overt credit. “This anonymity breeds feelings of invincibility, in many cases,” Gordon said. “Time and risk also have different values in virtual environments.”
A Foreign Power
At the center of this week's two false alarms is the fear of war with North Korea. The isolated nation has invested in cyberwarfare, which makes it a suspect for any hacking activities in Japan or Hawaii. Their program ranges from espionage to shakedowns for money—including a bank heist worth $1 billion. Would North Korea or any other foreign power want to spoof the emergency alert system?
Right now the U.S. government is applying maximum pressure on North Korea to give up its nuclear weapons program, but the rogue nation continues to make progress on its long-range nuclear missiles. In a dictatorship that wants to strike back without crossing the line into a shooting war, cyberattacks are a satisfying way of “reaching out.” Instilling fear and panic into the population of another country is classic geopolitics.
Again, we're speaking in the hypothetical here. But there could be more behind a state like North Korea spoofing the emergency alert system than just a desire to be nuisance or to demoralize a population. Hoaxes can tell you a lot about emergency preparedness of the victimized nation. A nation that may want to go to war with the U.S. someday might want to know how fast emergency alerts are issued and the public’s reaction to them. A cyberattack on the homeland might be the best way to distract and deter American military forces from taking action abroad. Feeding false information directly to the American public—and doing it through official channels—could confuse officials during times of critical decision-making.
These staged emergencies do happen. The planning behind them resembles what you'd see for military operations, and that includes conducting real-world dress rehearsals. The United States has already been victim to these. In 2016 there were a rash of fake emergencies filtering out to the public via social media. The best known of these attacks involved a chemical plant in Louisiana. Scores of fake accounts (bots masquerading as social media users) distributed doctored images from legitimate news outlets. They used the same hashtags. At the same time, residents received text messages claiming the emergency was underway. Combine that kind of campaign with phony Emergency Alert messages and you could realistically have a panic. All fingers pointed to Russia as the culprit behind that campaign.
Media is becoming a very active front line when it comes to the clash of global powers. That puts us all in the crosshairs of 21st century media weapons. The pair of false alerts in the Pacific this week, while seemingly innocuous, only reinforce that fact.
No comments:
Post a Comment
Comments always welcome!