#9/2017

Cyberattacks and cybersecurity

Chief editor - Vladimir Krylov, PhD
Deputy chief editor - Michael Nikulichev, PhD

Hacked Cardiff City digital billboard Hacked Cardiff City digital billboard

Judging by the number of cyberattacks, the year 2017 is the most troubled year for the whole sphere of the world information security. It all started with public announcement of technical details about the worst vulnerability of the decade in Intel Management Engine (ME). It turned out that for the past seven years, millions of Intel chips have harbored a security flaw that can be potentially exploited to remotely infect other systems with spyware.

The vulnerability shows that Intel ME's out-of-bound functionality, such as installing software remotely on PCs, could pose serious dangers to systems, as some independent software experts have already warned. The ME has access to network, memory, and the cryptography engine even if your computer is switched off but is still plugged in the electrical mains. This is the first time the in-built vulnerability in the chipset was identified, though whistleblowers have long warned of the back doors in modern electronics (for example, disclosures of Edward Snowden).

The next revelation affected Microsoft. The experts found a relatively easy way to remotely access the OS so that the user remains unaware of the breach. The company responded that it patched a severe code-execution vulnerability in the malware protection engine that is used in almost every recent version of Windows (7, 8, 8.1, 10) just three days after it came to public attention. However, the company failed to give explanation to the fact that this critical vulnerability was intentionally built into the system.

Liverpool shopping mall hacked LED screen Liverpool shopping mall hacked LED screen

Later a specialist from Swiss modzero AG discovered a keylogger Conexant audio driver for headphones preinstalled on HP computers. The program records the user's keystrokes to a file on disk that can be read by any malware running on or anyone logged into the system. And again HP’s apologetic statements left unclear the point of whether the bug was the result of software errors or an intentional backdoor in the security system.

HP acknowledged the issue and said that a software fix would soon be available. However the anti-keylogger patch that appeared soon after did not delete the malware program from the computer but made its initiation more complex. The program still remained to be activated via OS Windows registry. The reason for HP to leave the malware bug on computers even after the scandal remains a mystery. It may not make sense as a separate incident but as an event within a chain of similar discoveries this makes us think of intentional agreement between computer manufacturers and special security agencies to allow unauthorized access to the users’ resources.

Soon after the revelations about backdoors the tide shifted to hacking. One of the most dangerous cyberattacks happened in Texas in April 2017. Hackers managed to breach the entire public warning system. This resulted in an hour-and-a-half of nearly 200 blaring sirens in Dallas meant to sound the alarm for danger. Multiple calls from citizens to police and mass media overloaded the communication channels and added to the spreading crisis. The alarms were finally switched off but it took city engineers another two full days to reset the alert system.

Porn site on hacked information digital signage in Telford, UK Porn site on hacked information digital signage in Telford, UK

Dallas was not the first cyberattack on informational systems. But never before the attacks were so widespread and comprehensive. The journalists conducted their own research and concluded that the attack resulted not from the system malfunction but from the outside attack. Such attacks are nothing funny but an intentional case of aggression and terrorism capable of scaring people, creating panic and chaos, as well as causing people’s loss of faith in their police and emergency services.

On the 15th May 2017, the global WannaCry ransomware epidemics infected more than 100 thousand computers around the world. The virus takes advantage of a vulnerability that became known due to tools developed by the NSA (National Security Agency) that were included in a dump by The Shadow Brokers in April this of year. The Group published several leaks containing hacking tools from the NSA, including several zero-day exploits. Specifically, these exploits and vulnerabilities targeted enterprise firewalls, anti-virus products, and Microsoft products. By the time WannaCry started spreading, Microsoft had announced the patch to close the backdoor for all OS Windows versions.

The virus hurt corporation networks the most. The fact is that companies working with various secrets and confidential information (banking data, proprietary information etc.) are used to switch off automatic Windows OS upgrades to make their internal systems more secure and exclude uncontrolled downloads during computer upgrades. The result was horrifying: systems failed and stopped, investigations were initiated, expensive systems upgrades were implemented. Russia was hit hard. The number of affected computers reached the record high. But in fact it could have been worse. Specialists warn us that future cyberattacks will be more extensive and sophisticated.

One more result of the events described: we start getting used to viruses in the virtual space. Almost every week starts with news about another similar cyberattack:

  • 27th June – Computers of large Russian oil extraction companies “Rosneft” and “Bashneft” are affected by a virus similar to WannaCry;
  • 16th August – Unknown hackers attacked postal servers of the Scottish Parliament;
  • 8th September - the news became mainstream that one of the three main credit reporting firms, Equifax, had been compromised in a successful cyber-attack. The estimated size of the breach - which contained social security numbers, birth dates, driver’s license numbers, credit card numbers and address information - could include 40% of the population of the USA. In pure numbers, this translates to 143 million of the 324 million residents in the USA, and around 209 thousand credit card codes stolen.

And all this is happening at the background of the explosive growth in the number of digital devices included in the Internet-of-things. Companies that profit from selling smart digital gadgets and even Regulators of national markets who certify those devices seem to forget that they are setting up the time bomb under all our global community.

Here is a plausible scenario: “Smart” TV set (i.e. connected to the Internet) becomes the object of a cyberattack. The software algorithms are changed and this smart device starts sending out viruses via the wide network of similarly connected devices, even gets access to the controlling system of your smart apartment. Naturally, companies working in the digital security sphere are preparing for such future potential threats. However the experience of the 2017 clearly demonstrates that these preparations are far too slow.

Several Russian companies, including SRC “NAO-Pro Ltd.” That specializes on civic cybersafety, are working on creating stable methods for protecting “smart things”. But all these attempts remain on the periphery of the public awareness. Time has come to be practical. Standard and familiar antivirus programs are not going to help much. The real protection must include software and hardware solutions using open cryptographic protocols of cybersecurity.