White Hats to the Rescue

8977429489?profile=RESIZE_400xDr. Alireza Jolfaei is a Lecturer in the Department of Computing at Macquarie University and provides a great view of cyber security and the use of white hat hackers from an Australian perspective.  “Beneath our streets and above our heads, in the power lines and the satellite links that crisscross our cities, a constant war is being waged between the forces of malicious hacking and the cyber-security defense systems that must stay one step ahead to keep society running.  Targets everywhere: Australia and its cities are just as vulnerable as any developed nation to cyber-attacks that can shut them down, says Dr. Jolfaei.[1]

“Cyber-attacks like the one on Colonial Pipeline that brought half the US to a halt this month after shutting down petrol supplies for six days, are a constant threat to our digitized infrastructure – and Australia is just as vulnerable as any developed nation to these kinds of attacks, a Macquarie University cybersecurity expert warns.’

“Later this year, Dr. Alireza Jolfaei will set loose a new generation of ethical computer hackers known as ‘white-hat’ hackers, to cut city-wide power supplies, immobilize trainlines, freeze traffic light systems and even bring water and sewage works to a standstill.  These mock attack exercises will take place in the Department of Computing's lab-based model ‘smart city', where researchers will use scenarios to test system vulnerabilities within Australian infrastructure ranging from our rail networks, road networks and traffic signaling controls, to our electricity grid, our satellite communications, and even water automation and control systems.’

“It is likely that many of our water, power, rail and traffic systems currently harbor lurking hackers who are waiting for an opportunity to strike.  “Our smart city model within Macquarie University’s cybersecurity lab will let us explore not just how cyberattacks could happen in a smart city, but also what the physical impact of these cyberattacks would be,” he says.

8977429874?profile=RESIZE_400x

“These techniques are called ‘offensive security,’ he says, and they play an important role in our defense against malicious hackers.  “By testing these weaknesses, we will be better able to detect and mitigate attacks, lift our security and also bring in operational resilience, so we can keep running these essential services as we defend against these kinds of attacks,” he says.

“Research puts experts ahead of the hackers.  On 7 May 2021, a ransomware attack led to more than a week of shutdowns for the Colonial Pipeline, which transports fuel 8850 kilometers from the US states connecting Texas to New York.  The company paid attackers close to $5 million for a data decryption key.  Running on empty: Out of action bowsers in North Carolina in the US after hackers shut down the country's largest fuel pipeline.’

“Other major infrastructure attacks include the 2013 ‘Stuxnet worm’ which sabotaged nuclear centrifuges used in Iran’s uranium enrichment program; a 2014 attack which took control of the blast furnace of a German steel mill; and a 2015 attack on three energy companies in Ukraine which left most of the targeted city without power.’

“Cybersecurity experts are immersed in a constant round of breaches and patches, and Dr. Jolfaei has published more than a hundred peer-reviewed journal articles, chapters and manuscripts addressing these topics over the past decade.  His most recent research looks at how small spikes in energy use within networks can be used to detect hacker activity.’ 

“In many cyber-attacks, the hacker has been present within the system for a long time, sometimes years, slowly opening up different pathways before they act.  He says that it is likely that many of our water, power, rail and traffic systems currently harbor lurking hackers who are waiting for an opportunity to strike.  “In many cyberattacks, the hacker has been present within the system for a long time, sometimes years, slowly opening up different pathways before they act,” he says.   He is also working with the Department of Defense, CSIRO and a cyber security company Cybentus under the ‘D.Start’ program to develop security mechanisms for smart water systems to stop hackers from disrupting water supply and wastewater systems, as well as recovery programs that help water facilities return to normal operations as soon as possible following a breach.  “As we develop more complex and effective smart systems that allow us to remotely control large-scale infrastructure, we also become more vulnerable to cyber-attack because these industrial control systems rely on the power grid and communications networks to operate,” he explains.’

“Google dorking' is a hacker’s best friend.  Dr. Jolfaei says that many cyber-attacks are opportunistic and use unsophisticated techniques like ‘Google dorking’ – where a search query can find unprotected web servers with weak security, unrestricted live webcams, even usernames and passwords for sensitive sites.’

“Hackers can potentially use Google to find out the location of the server for an item of critical infrastructure, such as an electricity substation, then send information to that server and check what response they get,” he explains.  “Depending on how the firewall has been set up, they could get error codes that tell them about the operating system, and whether the latest security patch hasn’t been applied – they find these codes on a public site listing ‘common vulnerability exposures', which anyone can access.”  In the making: The 'smart city' model takes shape before it's pressed into action in the Department of Computing's cyber security lab later this year.’

“The next step will depend on the sophistication of the hacker; Dr. Jolfaei says that cyber-attacks can start with the subtle introduction of innocuous-looking code which leaves a door open for future attacks.  But simple attacks can still have devastating consequences; in 2016, an Iranian hacker used Google dorking to access a computer that controlled the sluice gates on a dam in the small town of Rye Brook in the US state of New York.  The gates were fortunately offline for maintenance at the time, but the breach could otherwise have caused major flooding and widespread damage.’

“Who commits cyber-attacks – and why?  Dr. Jolfaei says that many cyber-attackers are criminals who seek financial information, steal identities or who demand a ransom before restoring access to essential data or services.  In the shadows: Many cyber attackers are criminals who seek financial information, steal identities or demand a ransom, says Dr. Jolfaei.  Others are politically motivated groups (including ‘black ops’ groups within foreign governments) who seek to damage a government or organization they disagree with, to spread disinformation, or to commit acts of espionage or cause political upheaval including the disruption of elections.’

“For example, the Russian intelligence service APT29 is suspected of links to a serious hack into the US Treasury and other US and UK government agencies and businesses last year via Solar Winds security software.  Government-backed espionage hackers from various countries have stolen industrial secrets, political plans and even made attempts on coronavirus vaccine research, including the suspected theft of ASIO headquarter blueprints in 2013.  “Australia has not experienced the same level of threat as certain other nations such as the US or China, but we are still very vulnerable,” he says.

“Cyber security incidents are estimated to cost the Australian economy $29 billion each year.  Last June, Australia’s Cyber Security center reported a sustained cyber-attack targeting governments and companies in Australia by a ‘sophisticated state-based actor.'  Two months later, the government announced a 10-year, $1.66 billion cyber-security package to boost cybersecurity for critical infrastructure, strengthen police resources to shut down criminal activity and raise community awareness for business and households, along with additional funding to help the Australian Signals Directorate thwart foreign attacks.  Ultimately, Dr. Jolfaei says, we need to continue to support and train cybersecurity experts and make sure their skills are deployed widely.  “Being able to understand and predict the actions of our opponents and install self-defense mechanisms to guard against these, is the key to protecting our critical infrastructure.”

Red Sky Alliance is   a   Cyber   Threat   Analysis   and   Intelligence Service organization and has been helping companies since 2013 with proactive approaches to cyber security.  For questions, comments or assistance, please contact the lab directly at 1-844-492-7225, or feedback@wapacklabs.com

Weekly Cyber Intelligence Briefings:


Weekly Cyber Intelligence Briefings
:

REDSHORTS - Weekly Cyber Intelligence Briefings

https://attendee.gotowebinar.com/register/3702558539639477516

[1] https://lighthouse.mq.edu.au/article/may-2021/Hackers-could-bring-down-our-cities-heres-how-we-stop-them

E-mail me when people leave their comments –

You need to be a member of Red Sky Alliance to add comments!