Last Friday night, a cacophony of 156 public warning system sirens sounded in Dallas, Texas. The sirens weren’t responding to a danger, such as tornados or other similar threats. Instead, these sirens were hacked, sounding off maximum volume well into the early hours of Saturday morning. This may see
m like a prank similar to something out of a modern-day “Animal House,” or a badly-scripted Hollywood treatment of hacking culture. But the reality is that attacks on physical infrastructure represent a potential threat that pales the scope and effect of traditional hacks.
Most of us are familiar with the types successful hacks that we see in the headlines every week: data breaches, digital representations of currency compromised and other types of attacks where the victims are the bits and bytes of data. However, an emerging type of threat that has seen some real-world success is the kinetic hack, which affects real-world, tangible assets. Everything from energy distribution systems, to modern cars and anything that is part of the vast “Internet of Things” (IoT) including appliances, “smart” home energy meters and – as demonstrated last week – public warning systems are proving to be eminently hackable. Unlike traditional hacks where the result is a loss of data, kinetic attacks can actually cause physical, real-world damage to assets… and sometimes, the people around them.
In the past several years, there have been several of these kinetic attacks that have damaged real-world assets, and we’re going to list the top three ones here. We’ve limited our list to only actual kinetic attacks “in the wild,” not theoretical or lab-based experiments such as Project Aurora, CarShark, or many of the wonderful demonstrations provided at Black Hat, DEFCON and other industry events each year:
- Stuxnet. By far the most well-known kinetic attack, Stuxnet was a highly malicious piece of incredibly complex malware that surfaced in 2010, and utilized a combination of zero-day Windows exploits coupled with self-propagation via USB removable storage, network shares, remote procedure call (RPC) vulnerabilities and other methods. The attack payload of Stuxnet targeted Siemens S7-300 programmable logic controllers (PLCs), frequently used within energy systems. The end result was over 1,000 damaged centrifuges at a fuel enrichment plant in Natanz, Iran. Stuxnet remains the only known piece of weaponized malware designed specifically for kinetic attacks – so far.
- Tramways. In early 2008, the city tram system of Lodz, Poland, suffered a derailment of four vehicles, in which over a dozen persons suffered minor injuries. The accident was later determined to be a result of the actions of a 14-year-old teenager in the city, who had been able to determine that the city’s tram system operated on the same frequency as a television remote control. The Tramways incident was the first known kinetic attack that resulted in physical harm to people.
- Maroochy Water Services. Perhaps the first documented, real-world kinetic attack, this hack occurred way back in 2000. Vivek Boden, a disgruntled man who had been rejected for a job with Maroochy Water Services (which provided water utility service in Queensland, Australia), began a three-month campaign of hacking attacks on Maroochy’s water control systems. The result was that Boden was able to release a total of 264,000 liters of raw sewage across multiple locations. The results included dead marine life and unsafe drinking water for thousands of residents. Boden was eventually caught, convicted and sentenced to two years in jail.
Mitigating the threats of kinetic hacks is not easy. Unlike general-purpose hardware and systems, much technology that is susceptible to kinetic attacks is not based on traditional hardware, operating systems and software. These systems are largely proprietary, but still connect to networks using standard protocols such as the TCP/IP suite. While vendors of these products are focused on functionality and performance – which is always given priority over security – the increase in recognition of potential kinetic attacks against these systems and devices is starting to grow. Let’s just hope that they respond with effective security updates before a tsunami of kinetic attacks takes hold.