Tech apocalypse: Five doomsday scenarios for IT
- — 16 March, 2010 04:01
Technology drives just about everything we do, and not just at our jobs. From banks to hospitals to the systems that keep the juice flowing to our homes, we are almost entirely dependent on tech. More and more of these systems are interconnected, and many of them are vulnerable. We see it almost every day.
But what if instead of simply a denial-of-service attack against select Websites, the entire Internet suddenly stopped working -- or for that matter, Google could not be reached. What if instead of a mere data breach, our financial institutions were attacked by a weapon that could instantly neutralize all electronic transactions? Or if hackers wormed their way into the systems that control the power grid?
[ Think you're prepared for every IT contingency? Take the InfoWorld worst-case-scenario quiz to find out. | Every bit of your virtual existence is being monitored -- get scared accordingly with our Top 10 reasons to be paranoid. ]
Heck, what if God decided she'd had enough of us and decided to send a solar storm our way?
If you think these things can't happen, think again. Some already have occurred on a smaller scale. But we thought it might be fun to turn up the volume and see what might happen -- how likely a "tech doomsday" scenario might be, how long it would take us to recover, and how we might prevent it from coming to be.
What could possibly go wrong? Try these scenarios for starters.
Tech doomsday scenario No. 1: America goes darkNews flash: A coordinated hack attack on our nation's power grid caused massive blackouts across the United States, leaving more than 300 million people without electricity for days.
The Supervisory Control and Data Acquisition (SCADA) systems that run U.S. power plants were built some 40 years ago, when the Internet was just a handful of university computers connected via 300-baud modems.
"Back then every power grid system in the world was considered its own island," says Robert Sills, CEO of RealTime Interactive Systems, which provides security solutions for industrial control applications. "There wasn't technology available to connect them. Now there is."
And the downside of all this connectivity is that once a local grid gets overloaded, others connected to it may tumble like dominoes. That's what happened in August 2003, when overgrown trees and human error triggered a power outage at Ohio's FirstEnergy. That failure caused a cascade that ultimately left 55 million people in the United States and Canada without power.
It doesn't take an act of God or Homer Simpson at the controls to cause a cascading power failure. It could be a rogue employee seeking revenge -- like the software engineer who hacked into an Australian water treatment plant's SCADA system in 1991, releasing 264,000 gallons of raw sewage.
Or it could be an external attacker who gains entry into a SCADA system's maintenance ports via war-dialing, and then uses social-engineering or spear-phishing attacks to gain entry into the network.
Sills says the vast majority of power substations are vulnerable to such an attack. From there, the attacker simply needs to change a few settings and let the grid's automated fail-safe systems do the rest.
"Right now it's a system that's pretty wide open," says Sills. "There are any number of ways someone could make unauthorized transactions via routine maintenance. You could create an outage simply by pushing the wrong key."
What could happen: Like the grid itself, other failures tend to cascade when the lights go out. In 2003, landline and cellular phone systems still worked but were so overloaded with calls that they effectively shut down. Electric railways stopped in their tracks, flights were canceled, and gas pumps would no longer pump. Water supplies that relied on electric filtering systems got contaminated. Food and medicine got spoiled; looting occurred; people died. On the positive side, residents of large cities were able to see the stars for possibly the first time in their lives.
How long would it take to recover: From hours to days, depending on how many generators have been affected and how long it takes to restart them, says Sills. Nuclear facilities can take several days, gas- and coal-fired generators require around 24 hours, but plants that use hydroelectric power may be able to get back online almost immediately. If an adjacent grid is still operating, the dark one may also be able to tap into its reserves.
Likelihood: Low. Electricity is supplied to the United States and Canada by eight separate, regional entities, so for the United States to go entirely dark would require a coordinated attack of key substations in each grid, says Sills. That makes a worldwide blackout even less likely. Still, regional blackouts are well within the grasp of knowledgeable attackers.
How to avoid this: The technology to secure the power grid is readily available. Sills says his firm has installed protective measures for a utility serving a major metro area, but declined to name it, lest it become a target. The problem? The Federal Energy Regulatory Commission is still hammering out security guidelines for the diverse systems used by power plants, and no public utilities are reluctant to invest in costly retrofits until their solution gets Uncle Sam's stamp of approval.
Tech doomsday scenario No. 2: Wall Street gets e-bombedNews flash: In what authorities suspect was the aftermath of an electromagnetic pulse weapon, a rogue attacker took down much of lower Manhattan today -- causing equipment failures and power outages on a massive scale and shutting down financial markets across the country.
Though most commonly associated with nuclear explosions, you don't need a nuke to create an electromagnetic pulse strong enough to do serious damage. EMP devices emit extremely high-frequency signals that fry electronics to a crisp, rendering them useless. An EMP will also wipe out or corrupt any data not stored on magnetic or optical devices. Worse, EMPs are largely untraceable, because the weapon itself destroys any evidence of its use.
A van with an EMP device in the back could effectively shut down big chunks of the U.S. economy simply by driving down Wall Street with the signal turned up, says Gale Nordling, CEO of Emprimus, a company that helps enterprises protect against threats from non-nuclear EMP.
If you wanted to take out the entire continent, though, you'd need a nuke and a missile delivery system. "One bomb exploded 300 miles over Kansas could take out most of the electronics in the United States," says Nordling.
What could happen: Workstations? Dead. Data centers? Gone. Cell phones might still work, but the cell towers probably won't, rendering them useless. Your car won't start. A large enough attack will also shut down automated controls at power substations, leaving everyone in the dark. Think pre-industrial revolution days. In our scenario the New York Stock Exchange shuts down, causing shock waves to reverberate throughout worldwide markets.
How long to recover: How long it takes organizations to bounce back depends on how serious they were about disaster recovery before hell broke loose. Backup power generators, fuel supplies, alternative work facilities, redundant data centers in multiple locations, and a well-rehearsed plan for making it all work together are the key elements to disaster recovery, says Richard Rees, security solution director for disaster recovery and business continuity specialists
Fortunately for our scenario, the financial sector is better prepared than most, says Rees.
"The best recent example are the financial institutions after 9/11," he says. "They had solid disaster recovery plans, they'd invested in their infrastructure and rigorously tested it, they knew what to do. They were back and open for business within three days. Their results were dramatically different than other organizations who'd tested their plans maybe once or twice. They could be out of commission for up to six months. There aren't too many businesses who can really withstand that."
Likelihood: Higher than you might think. You can buy a small EMP device over the Internet or download plans for building your own, says Nordling, who says he's been approached by a number of companies who believe they've already suffered an attack.
"There's a tremendous proliferation of information about EMP devices and the barriers to entry are extremely low," he says. "It's not just a tool for terrorists -- it could be disgruntled employees, criminals, extremists, competitors, or college kids who want to build one simply for the heck of it. From talking with members of Congress, they believe an EMP attack will happen. It's not a question of if, but when."
How to avoid this: One option is to install welded-steel shielding on all six sides of any room containing critical electronics, and put filters on all power and communications lines to siphon off high-frequency radio signals. A less costly option is to put your critical systems into a modular data center that's protected against EMP attacks, which you can fail over to when needed. Emprimus Director of Security Jim Danburg adds that some, but not all, Wall Street institutions are already protected.
Tech doomsday scenario No. 3: Google is goneNews flash: Visitors to Google.com were stunned when the world's dominant Web site returned a "404 Not Found" error for tens of millions of Web searchers. All Google services -- Gmail, Google Docs, AdSense - were inaccessible for periods ranging from hours to days, depending on users' locations.
Google has so insinuated itself into our lives it seems almost unthinkable that we might have to live without it. Experts consulted for this story agreed that to take down a company as mighty and well fortified would require someone on the inside -- not necessarily a malicious Google employee, just a stupid one (if such beings exist) with the right admin privileges.
It's not entirely unfeasible. Last December, attackers tricked Google employees to visit a malicious Web site, which then exploited a vulnerability inside Internet Explorer to install an encrypted backdoor into the Google network. From there they accessed the Gmail accounts of Chinese dissidents.
In our doomsday scenario, a Google employee merely installs a rogue application on the network that allows external attackers -- say, an unfriendly nation state with a grudge -- to slip behind the company firewall.
"The main vector for getting inside most organizations today are rogue applications residing on the network," says Nir Zuk, founder and CTO of Palo Alto Networks, a network security company.
For example: An IT manager installs GoToMyPC on a machine in the data center so that he can fix problems in the middle of the night from his home. But it has a weak password and gets hacked. Or he installs a P2P app to download songs, unwittingly allowing outsiders to download confidential files from the company LAN -- including password sets and network configuration maps. Or he sets up WebEx to do a presentation, then foolishly tells the program to share his desktop across the Web.
Once inside, attackers could root around the network until they locate the command and control centers for Google's many data centers. And then they can turn out the lights, leave behind a logic bomb that corrupts Google's databases, or simply have their way.
"I'm not familiar with the structure of Google's network, but they must have a command and control app that lets them shut down their data centers," says Zuk. "Everyone does."
What could happen: Yahoo and Bing become swamped with search traffic, and might collapse under the weight. Organizations that rely on Gmail and Google Docs for their day-to-day operations will find themselves unable to get much done (though, given how many outages Gmail had over the last year, they might be used to it). YouTube fans may discover there are approximately 7,834 other free video sites out there. Web entrepreneurs who rely on Google ads will find themselves bereft of income for an unknown period of time.
Other consequences, according to Google Blogoscoped author Philipp Lenssen: "People may not be able to post an update about their life, leading others to believe they've disappeared (because Blogspot is down); conspiracy theorists will be able to sell more books on 'why Google went down (and what the NSA had to do with it)'; and people who want to search for 'why Google is down' realize that, well, Google is down so they can't search for that."
How long it would take to recover: From hours to days, depending on what measures Google already has in place. A Google spokesperson contacted for this story says, "We are always planning for different threat scenarios, but we aren't going to discuss specific defense measures."
Likelihood: Zuk says it's more likely than most big companies are willing to admit.
"In a big company like Google or Yahoo, which have tens of thousands of employees, there will always be unaware employees who do something stupid like sharing their desktop via WebEx," he says. "It only takes one to do it, and from there the route to the data center is a quick one."
How to avoid this fate: To avoid getting nailed by rogue apps, companies need greater visibility into their networks to expose any apps that are running and what ports they are using, and to map all of their other dependencies as well, says Steve Cotton, CEO of FireScope, a developer of IT service management solutions.
To avoid being compromised by insiders, companies should get real-time notifications of the activities of privileged users, block specific unauthorized activities, and split the responsibility for monitoring among multiple users, says Slavik Markovich, CTO at database security firm Sentrigo.
"This last point is critical, as the very privileges needed to properly manage the systems and databases makes it very easy for malicious users to defeat whatever controls may be in place, or to cover their tracks," he says. "There is a dramatic difference in the likelihood of a breach when it can be accomplished by a single rogue insider, as compared to one that requires co-conspirators across multiple functions."
Tech doomsday scenario No. 4: The Net goes downNews flash: The Internet melted down today as millions of Web surfers found themselves redirected to the wrong sites, thanks to problems with the domain name server system.
Can the Internet be taken offline? Many experts scoff at the idea, citing too many diverse communications channels, too many redundancies, and an architecture designed to route around failures.
"I think it would be very difficult to take down the whole Internet, unless you had a worldwide EMP event that takes everything else down as well," says Dr. Ken Calvert, chair of the University of Kentucky's Department of Computer Science. "At all levels you have diversity of technology carrying the bits, whether it's satellite, fiber, or wireless. There's a lot of redundancy there."
Yet even if the Net can't be entirely shut off, short of an act of God (see Tech doomsday scenario No. 5), attackers can create havoc by attacking it at one of its weakest points: the domain name system. By hijacking traffic meant for different domains, attackers can drive unsuspecting surfers to malicious sites, effectively take down any site by flooding it with traffic, or simply send everyone looking for Google.com or Yahoo.com into the ether -- making the Net largely useless for a great many people.
"Everybody trusts the DNS, but it's not really trustworthy," says Rod Rasmussen, president and CTO for anti-phishing services firm Internet Identity. "The system itself isn't well protected. And all you need are a name and a password to take out a DNS server or a particular domain."
Attackers don't even need to attack DNS servers or poison their caches; they can achieve the same effects by taking over large domain registrars. A successful infiltration of Network Solutions, for example, could put attackers in charge of more than half the domains for all U.S. financial institutions, says Rasmussen. From there, attackers could redirect surfers to bogus sites and later use their credentials to log in and drain their accounts. Or they could simply target large domains with huge amounts of traffic, or create havoc by messing with the Net's time servers.
What could happen: The Internet appears to be down, even though it's not. Millions of Web surfers can't reach the sites they need, or worse, they're misdirected to malicious sites that steal their credentials or their identities. Attackers reset the servers that keep time on the Net, bringing billions of financial transactions that rely on accurate timestamps to a screeching halt.
How long would it take to recover: Two days or longer, in most cases, says Rasmussen.
"Because this is the DNS, it's not hard to undo anything," he says. "The problem is how long the bad guys tell the DNS system to maintain the records; 48 hours is pretty typical."
The other option: After you discover your domain's been hijacked, get on the speed dial with major ISPs and tell them to update their records. Even then, you'll still miss smaller ISPs or large enterprises that maintain their own DNS tables.
"It usually takes a pretty big disaster to get people to respond," says Rasmussen. "That's the problem with a distributed system; when it goes bad it stays bad for a while."
Likelihood: More likely than you think. This has already happened several times on a smaller scale. In December 2008, Ukranian-based attackers used a phishing attack to gain log-on credentials for Checkfree, an online bill payment system used by more than 70 percent of U.S. banks. In April 2009, an SQL injection exploit at registrar Domainz.net allowed Turkish attackers to take over the New Zealand sites for Microsoft, Sony, Coca-Cola, HSBC, and Xerox, among others. The same hackers also took over all of Puerto Rico's domains. This past January the domain for Baidu, the largest Chinese search site, was taken over by a group calling itself the "Iranian Cyber Army." In that case, Baidu filed suit against its U.S. registrar, Register.com, claiming it was slow to respond to the site's plea for help.
How to avoid this fate: "Eternal vigilance?" asks Rasmussen. "You want to monitor the hell out of what you and other people are doing with your domains and theirs, so you can turn off the system and anything that connects to it if you or someone you trust has a problem."
Some registrars are hardening their defenses against hijacking and making it tougher to change DNS records, but mostly it's up to domain owners themselves to police their own records and respond quickly when they've been compromised.
Tech doomsday scenario No. 5: God strikes backNews flash: This report is being brought to you via word of mouth, because nothing else is working. Scientists believe an enormous solar flare has struck the earth's atmosphere, causing a worldwide failure of the electrical power grid and communications systems. We are also receiving scattered reports of earthquakes, typhoons, and swarms of locusts, though they cannot be verified at this time.
Think of it as the mother of all power surges. The sun spits out an enormous cloud of superheated plasma several times larger than the earth, which slams into our atmosphere. Supercharged particles travel through the earth's crust, frying all the power transformers it touches -- instant worldwide blackout.
Sound like a cheesy Hollywood plot? This precise thing happened on a smaller scale in Quebec in 1989, when a solar storm caused 6 million people to lose power.
"The chances of the Internet totally crashing are slim to none, but if anything could cause the Net to go down it would be a solar flare," says security consultant Robert Siciliano. "A plasma ball hitting the earth's magnetic fields that it can't deal with. The step-up and step-down transformers that manage our power grid would fry. It would literally be the perfect storm of cataclysmic power surges that knock out the power grid and the Internet at the same time."
Also: We predict this will occur just as the Chicago Cubs are about to win the World Series.
What could happen: Everything that would happen in the previous four scenarios, and then some. Forget clean water. Forget health care. Wipe out the last 20 years of recorded history, because most of it was stored digitally.
"We'd feel it first in the economy and our financial institutions, where everything is digital. Markets will collapse," says Siciliano. "Where's everything backed up -- in a filing cabinet? The economy would collapse, the banks would lock their doors and keep whatever money they had in the vault, because the rest has evaporated into thin air. Once the money's gone, we're resetting the clock."
How long to recover: Unknown. According to a January 2009 report by the National Academy of Sciences, the effects of a severe geomagnetic storm would be felt for years, most acutely in societies that are the most dependent on technology. The U.S. could take from four to 10 years to bounce back, according to the NAS -- if it bounces back at all.
"It will take a tremendous amount of manpower to clean up the mess," adds Siciliano. "Something that catastrophic, the gas pumps won't be operating, so a guy who's supposed to take a part to repair a facility can't get there because he has no gas. It could literally throw us back to 1840. Suddenly we're a third-world country again."
How likely is this to occur: Lord only knows. But consider this, says Irv Schlanger, an assistant professor in Drexel University's Computing and Security Technology program.
"We are all familiar with the 11-year solar flare cycle," says Schlanger. "What most people are not aware of is the 110-year solar flare cycle. The 110-year cycle is massive when compared to the 11-year cycle. The affects of the 110-year cycle would be very similar to that of a nuclear EMP. We are currently due for the 110-year solar flare."
How to avoid this fate: Silent prayer to the deity of your choice.
"Manmade terrorist activity is bad, but as we've seen lately, Mother Nature is a bitch," says Siciliano. "She doesn't give a damn about you or me."