We all know something about cybercrime and cyber attacks, right? Many experienced some kind of virus and/or had one of our accounts violated by some unknown wannabe hacker (the definition of hacker is something different, see below).
The goal of such crimes is about information and money, right? Grab some password, divert money to cryptocurrency account located in another country and so on. End of the story.
No. There’s more than that. Much more.
Think about big systems and think about all the automated process that control 24/7 vital aspects of such systems. Power plants, petrochemicals companies, manufactures and so on. Think about kilometers of pipes, thousands of valves and switches, picture in your mind endless sensors and actuators. So far, everything went fine. No hostile cyber activity. Today the NYT published this piece (LINK) about a suspected cyber attack occurred in Saudia Arabia last August.
The bottom line is that we are supposed to have big systems under lock and key, with physical intervention on site needed to cause major damage. All the automation we have in place is supposed to be sure. The sad truth is that no system, no matter how good, is safe at 100%.
Every system is based on a set of rules and if you are able to figure what rules are in place, you also may understand how to attack that system. What happened a few months ago in Saudi Arabia was a massive violation of a security system deployed worldwide. If any group of organized hostiles gathered an attack strategy and/or a set of programs to perform such attack, then we are on the brink of a wave of a new kind of cyber attack.
I don’t know who’s to blame for the previously cited attack, this is not the focal point of this post. The real threat is about the immaterial nature of the tools needed for such attacks.
There’s almost nothing that can be done to prevent the diffusion of such dangerous material and there’s plenty of criminal groups that will be more than happy to add this kind of weapon to their arsenal.
To be clear, this is not some kind of cyberpunk scenario. This is a call for a major revision of our IT infrastructures, for a surge in the investments needed for elevating the protection level.
Hacker definition: HERE
Cracker definition: HERE