Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Be paranoid: 10 terrifying extreme hacks

Roger A. Grimes | June 16, 2015
Any device with a computer chip can be hacked, but not all hacks are created equal. In fact, in a world where tens of millions of computers are compromised by malware every year and nearly every company's network is owned, truly innovative or thought-provoking hacks are few and far between.

If you have an RFID-enabled card, you can buy RFID-hack-defeating "shields" and wallets for about $25 to $50. Fortunately, RFID hacking thus far is mostly confined to white-hat hackers demonstrating how easy it can be. Security experts also expect that growing use of chip-enabled cards will make RFID hacking disappear right about the time that hackers improve their wireless hacking distances.

Extreme hack No. 5: BadUSB

Last year, researchers demonstrated that about half of the USB ports installed on computers can be compromised by a maliciously configured USB device. Simply plug in a USB thumb drive to an unsuspecting computer, and it will automatically execute any commands configured, bypassing any security controls, firewalls, or antimalware software you have activated.

There is no defense against the exploit, dubbed "BadUSB" by its public discoverers, beyond physically damaging the port or preventing all unauthorized physical access. (I say "public discoverers" because there is no way of knowing whether the NSA or a nation-state privately discovered this vulnerability earlier.) Worse, there is no way of knowing whether a USB device plugged into your computer contains BadUSB. There is also no way of knowing whether an infected USB key was intentionally spread by a friend or associate. Their USB key may have been infected without their knowledge, and it ended up infecting your computer by accident (or good planning).

Extreme hack No. 6: Stuxnet

Which brings us to the world's most advanced cyber war attack to date: Stuxnet. Easily the most advanced and flawless malware program ever written, Stuxnet did not use BadUSB, but it spread via USB keys and a previously publicly unknown USB execution method, along with three other zero-day attacks.

Publicly discovered in June 2010, Stuxnet forced the previously unacknowledged cyber war to be recognized as a real battle with the ability to cause physical damage. Stuxnet is said to have been a collaboration between Israel and the United States to thwart Iran's nuclear weapons program, though neither Israel nor the United States have publicly acknowledged this.

Getting malware into Iran's high-security, air-gapped, nuclear facilities was considered impossible by many computer experts. But Stuxnet's creators purportedly infected the USB keys of foreign nuclear consultants who worked on the Iranian centrifuges. Whether the foreign workers knew they were carrying infected USB keys or not is up for speculation.

The malware launched from the USB keys, making its way into the Windows-based reactor management computers, then to the programmable logic controllers of the centrifuges themselves. Once there, the malware recorded normal operational values and fraudulently played back those values while maliciously creating fatal operational conditions that destroyed many of the centrifuges and controlling equipment.

 

Previous Page  1  2  3  4  5  6  7  Next Page 

Sign up for CIO Asia eNewsletters.