Piecing Together the “Big Hack”

What would it take to debilitate a major American city?

NYC Power OutageA recent article in New York Magazine paints a gripping portrait of how a coordinated cyberattack on a major U.S. city – in this example, New York City – could quickly disable most of the infrastructure and systems that underpin contemporary life, with grim consequences.

While the article was quick to assure readers that “an attack of such scope is unlikely,” it went to some lengths to demonstrate that each of the components in the fictional mega-attack “is inspired by events that can, and in most cases have, happened.”

This article takes a closer look at the major elements of network attacks that contribute to this Hollywood-scale disaster, along with the real-life events that show their basis in fact.

Automotive: In the fictional scenario, multiple Internet-connected SUVs are remotely directed into collisions on major highways, blocking traffic and causing panic at ground level. In July 2015, hackers demonstrated the ability to take control of Jeep Cherokees in motion, shutting off ignition, turning off the brakes, and forcing the steering wheel to turn to the left.

Electric utilities: In the story, a breach of the regional power grid – taken over by malware that had lain dormant for months – damages generators and transformers, depriving the city of electrical power. In December 2015, hackers who had been inside a Ukrainian utility network for six months began shutting off electricity in western Ukraine, depriving some 230,000 people of power. 

Mass transit: The story also highlights how power outages cause hundreds of subway cars carrying thousands of passengers to be stuck between stations. In August 2003, the Northeast power blackout left 400,000 passengers trapped on 413 trains throughout the New York City subway system.

Water utilities: In the fictional scenario, water-treatment valves that control the amount of chlorine released into the water supply begin to open and close irregularly. In 2013, Iranian hackers infiltrated the control system of a small dam less than 20 miles from New York City, and gained enough control to potentially open its sluice gate. 

Emergency services: In the article, law enforcement is locked out of systems that dispatch police officers and emergency personnel. In April 2016, the Newark, New Jersey Police Department was unable to access several law-enforcement systems for three days, after a cyberattack locked down its servers.

Healthcare: In the fictional scenario, doctors and nurses in emergency rooms – locked out of their hospitals’ patient files and prescription records by malware – are ill-equipped to cope with the influx of patients created by the coordinated attacks. In March 2016, a D.C.-area hospital network was crippled by a virus that denied access to all of its records systems, and forced to fall back on paper record-keeping. 

Fact or fiction?
It may be tempting to think that a large-scale, well-coordinated cyberattack “can’t happen here.” It’s easy to take comfort in the thought that the real-life hacks and breaches cited above are too limited in scope, or too focused in their targets, or too remote in geography (e.g., western Ukraine) to be worth fretting about. But as the article suggests, it would be unwise to ignore the possibility that a seemingly disconnected series of small hacks could become the groundwork for the “Big Hack”:

It was possible to piece together a plan from various hacks that had been executed before, which, taken together, were a sort of open-source blueprint available to anyone with an interest in remote-control terrorism (and the time and manpower it required).

New York Magazine

Especially concerning, for anyone responsible for an organization’s IT systems and data, is the consistent theme that underlies many of the fictional, and real-life, threats described above: the rush to connect every possible device and data source to the Internet of Things is far out-pacing the effort to secure all of those devices and data, and keep them from becoming new “backdoors” for an adversary. 

After all, one way to keep pace with the new risks that interconnection creates is to understand, in real time and at a granular level, what’s on your network – whether you’re responsible for one location, or a major metropolis. 

Overcoming the big hack 

Even though this example is fictitious, it does raise the question of how such a citywide hack could be thwarted. To continue using a forward-thinking mindset, it is conceivable that organizations could take advantage of a notification system that could help identify a coordinated attack faster by quickly determining that multiple systems are dealing with a network threat at the same time. In this case, it is possible that these notifications could be triggered by identifying abnormal endpoint behavior using endpoint modeling. Observable’s Dynamic Endpoint Modeling solution is continuously evolving to help you ward off hacks of all sizes. 

Experience Dynamic Endpoint Modeling on Your Own Network

Getting better visibility into your network and improving your security couldn’t be easier. Sign up for a free, no-risk trial of Observable’s Endpoint Modeling solution, and change the way you see security.

Detect Threats Faster – Start Your Free, No-Risk Trial