What Could Hackers Do?

My brother and I were having a conversation recently that I wanted to share parts of with you today.  We both work in computer related industries, industrial and government.  We got to thinking about what a group of dedicated hackers could achieve given a bit of luck and the right motivation.

You have to understand how deeply computers and internet have become embedded in most of the infrastructure we rely on. Did you hear about the Stuxnet computer worm?

Stuxnet is a computer worm discovered in June 2010 that is believed to have been created by the United States and Israel to attack Iran’s nuclear facilities. Stuxnet initially spreads via Microsoft Windows, and targets Siemens industrial software and equipment. While it is not the first time that hackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.

The worm initially spreads indiscriminately, but includes a highly specialized malware payload that is designed to target only Siemens supervisory control and data acquisition (SCADA) systems that are configured to control and monitor specific industrial processes.  –wiki

Let me help break this down. This worm only attacked nuclear facilities. But that PLC that it used, and the SCADA system it attacked, that is the exact kind of computing equipment that every factory and processing facility in this country uses.

Little  fertilizer facilities are often automated. Can you imagine every fertilizer plant surrounding the Dallas metro going up in flames at the same time? That would be hard to orchestrate, but even if a group managed to get a few in key locations, there would be large amounts of damage and hurt.

Waste water treatment plants are automated, run largely with computers. Untreated sewage releases along key drinking water rivers would be horrible.

Oil refineries and ethanol distillers are all run with automation. What would a busy harbor look like after an oil refinery explosion?

Power grids going down during extreme weather events, hot or cold, could cause a lot of pain for not much work.

It was quite the  conversation, and we managed to scare ourselves. What about you, do you ever worry about the poorly secured electrical grid and industrial landscape?

– Calamity Jane

24 comments… add one
  • j.r. guerra in s. tx. May 2, 2013, 8:38 am

    Yes, I’ve also wondered about catastrophes caused when simply losing electricty was their trigger. Heck, our office loses power and we completely shut down (Architects using CAD). Back in the 80’s, we simply kept on drawing on our tables using parallel bars, triangles and pens / pencils. It was slow but sure.

    Refrigeration and A/C – both major assets down here in south Texas. We are uncharacteristically cool this year, but have already seen century mark beat back in February (!). Couple that with high humidity – uggh!!

    Has anyone else noticed the extra work by utility workers during the past year ? Maybe my imagination, but I’ve noticed A LOT more utility projects and temporary shutdowns due to work being done.

    Reply
  • Fern May 2, 2013, 12:07 pm

    Or, on a much lesser scale – my business web site is hacked even as I type. My IT guy/husband was working on it, but now is on a marketing webinar….

    Reply
  • Wild Weasel May 2, 2013, 1:02 pm

    What about food distribution? All OTR trucking is down with computer systems, all distribution hubs are controlled by automation. Could imagine if the logistics of just getting food from point A to B disappeared? Pretty sure that software is not as protected as a nuclear facility.

    Reply
  • Jarhead Survivor May 2, 2013, 1:04 pm

    I think any time anybody gets hacked, or an identity stolen, or phones hacked, or any of that is a good example of what could happen and is happening.

    Did anybody see that Bruce Willis movie – I forget the name – where there’s a “fire sale”? Basically hackers bring down the grid and cause all kinds of havoc. Good action flick and I’m not sure how much of that was actually rooted in reality, but it does give an idea of how dependent on computers and computer networks we have become.

    Reply
    • Pineslayer May 2, 2013, 11:24 pm

      Jarhead, I think that was a Diehard movie, great series.

      We all just need to trust the powers that be, they really care about us :)

      Seriously this stuff is a bigger threat than NK or solar flares. The tech is already there and is barely being held off by the good guys.

      Reply
  • BM May 2, 2013, 5:31 pm

    An article I saw on Stuxnet estimated that it would have taken a team of 12 talented people at least 6 months full time to write stuxnet. So it is definitely not your average hacking attempt.
    That said, a water processing or fertilizer plant is a lot softer a target than the Iranian nuclear facilities. Accidents would probably be as harmful as deliberate mischief – if one tech can accidentally bring down the whole of southern california’s power grid, then deliberately doing it cant be much harder.

    Reply
  • Ray May 2, 2013, 10:08 pm

    “Ya know somthin’s gonna get ya'” That’s a sad truth, All we can do is look to our own, build our tribe, Work hard to make the next generation into solid people. We can do nothing about mad men fools and evil. We can do less about bad luck. What we can do is hope, love, pray and fight like hell to better our lives and the lives of our kids. The rest as they say is in Gods hands.

    Reply
    • Selkirk May 2, 2013, 10:39 pm

      Ray, I’m hearing ya.

      I want to build a goddamned tribe. To hell with the hackers. Isn’t that what this survivalist business is all about?

      I want a f#$%!ing tribe… with the long huts around a goddamned fire. And I want that fire to be the center of the goddamned universe. And I don’t want to worry about any goddamned hackers.

      That’s why we’re rooting for the apocalypse in the first place. The world as we know it sucks.

      Yeah, sure, I’m like a dozen sheets to the wind, but the principle is immutable. I’m just a bit more cavalier on the point at the moment is all.

      Let the WAWKI go down in flames. I just want my goddamned tribe, Ray. That’s all I’m sayin’.

      Reply
      • D'ja'c May 3, 2013, 9:25 am

        Friends don’t let friends blog drunk! Remember a few years ago some Russian teens hacked google or something. The thing I wonder about is The Cloud and online back up. Some one gets into that stuff, who knows the problems. Then there is wifi hackers and card swipe hackers.
        Also I’m not hoping for the apocalypse. But I am hoping to get off grid and self sufficient. I a low tech old fart (as I type on my smart phone). trying to keep a low digital profile except for this blog site.

        Reply
        • Selkirk May 3, 2013, 10:08 am

          Yeah, that was a poor decision, Djac. But hey, there’s a difference between stepping in shit and hanging around looking at it afterwards. I won’t dwell on it.

          I stand by this comment though. Rooting for the apocalypse is a bit cavalier, but for me that just represents a dramatic reordering of our priorities. At a certain point, complexity does more harm than good. I think we crossed that line some time ago.

          I’m not ancient, but I’m old enough to remember when hackers were science fiction and the worst thing that could happen through a telephone was a prank call. I miss that.

          Good luck getting off the grid.

          Reply
  • GoneWithTheWind May 2, 2013, 10:09 pm

    My 20 years in the military was spent in the computer specialties. Years ago secret and top secret systems were not connected over unsecure lines (this was before the internet). It would be incredibly stupid to today connect critical systems to the internet. What we have done is become very lax regarding security and embraced the internet. What we now need to do is disconnect critical systems from the internet. Power grids and water treatment plants can function just fine without being connected to the internet. I have two laptops and one is used online and one has never been online. My online computer has no personal or important data on it. The internet is a tool not a necessity.

    Reply
  • StukaPilot May 2, 2013, 10:38 pm

    Turns out that the fertilizer plant that blew up in Texas was involved in litigation against the Beast: Monsanto. Draw your own conclusions.

    Reply
  • Selkirk May 2, 2013, 10:58 pm

    And, Jane, you need to get a goddamned camera. You’re dogging it. It seems like you lost interest in this business a while ago.

    How can you tell a story about failed turkey hunting without a few pics of your shitty camo? Maybe a picture of a turkey outsmarting you? I looked at your last like six posts and you’ve got no pictures at all.

    And Road Warrior, you need to work on layout. Your posts have a place, clearly, but they’re the kind of thing that people will look up on The Google, not the things that people will discuss. Use your pictures better, tell a story, and regulars will flow along with you.

    Personally, I know how to zero a scope, and the difference between a semi-auto and a pump action, but I’d play along with the right presentation.

    I’m not trying to pick nits. I love SHTFBlog, and have followed it for a few years now. Just making a couple of observations is all.

    In vino veritas, people. That’s all I’ve got to say about that.

    Reply
    • Jarhead Survivor May 3, 2013, 8:05 am

      Selkirk – while I appreciate the feedback I’d like it if you could direct it right to me at jarheadsurvivor@gmail.com.

      TRW is doing exactly what I asked him to do, which is write some entry level posts for people who are just getting into prepping and/or guns.

      CJ has a couple of young kids to deal with and taking pictures and editing them just doesn’t fit into her schedule right now. When she gets a little more time on her hands she’ll get back to it.

      Reply
      • Selkirk May 3, 2013, 9:26 am

        Hey Jar,

        I shouldn’t have eaten that rum. Apologies to all concerned.

        I wasn’t lying, but I should have been much more tactful if I was going to bring these things up at all.

        It’s also none of my damned business really. Hindsight being clearer this morning, I was a bit out of line.

        Feel free to yank that down ASAP.

        Reply
        • irishdutchuncle May 3, 2013, 10:44 am

          I feel your pain. however I’m sure you’re feeling it yourself this morning.

          Reply
          • Selkirk May 3, 2013, 11:03 am

            Nah, I’m resilient. Up and at em, 6 am. Good to go.

            I just don’t want Jar, Jane, and Road to be offended. That’s the only thing that bothers me.

          • Calamity Jane May 3, 2013, 11:15 am

            Selkirk, we’ve all been there. :-)
            I’m certainly not offended.
            I think highly of you for coming back this morning with a clearer head and apologies.

          • Selkirk May 3, 2013, 11:22 am

            Cool.

            Onward and upward then.

    • Calamity Jane May 3, 2013, 10:17 am

      Thanks for the feedback Selkirk.
      I’m actually aware I need “a goddamned camera.” I even had the shitty piece of junk we call a camera with me on the turkey hunt, and couldn’t get it to take a decent picture. It has decided to only take pictures of perfectly still objects less than 5 feet away. *sigh* Now, maybe you have sufficient capital that you can just go buy such a thing, but sadly, I don’t. Which means it’s on The List. The list of things that would be nice to upgrade. Things being the way they are, shoes and coats for everyone were on that list this spring, so those took precedence over a digital camera.
      I’ll try to comb through some of my old pictures next week to find ones that won’t break opsec by posting them on an internet site. You’ll understand if I’m more than a little cautious, women have enough to worry about on the internet without posting pictures that break opsec. I worry about using internet pictures that are in the creative commons, because this is a for profit blog, and I don’t want to bring trouble down on Jarhead’s… head.
      This is an extra paycheck month for me, (5 fridays) so I’m hopeful that the camera situation can be resolved this month. Sorry you noticed the lack of pictures.
      I can send you a comic book to ease your pain if you like.
      You’re also free to send us in pictures and guest posts!
      Have a great day!
      -Calamity Jane

      Reply
      • Selkirk May 3, 2013, 10:58 am

        Hey Jane,

        I’m sorry about the tone of that. It’s none of my business in the first place.

        My camera is about ten years old too. It was an aesthetic observation and I wasn’t trying to set your priorities for you. I was only thinking that some visuals would help out a lot.

        I wasn’t saying you should plaster your face all over the site either. I get that for sure. I was picturing turkey camo and thinking that any actual people would be obscured anyway. I was thinking that a picture of your garden (like when Ranger built that raised garden) would be nice some time ago. No anonymity issues with those kinds of shots.

        In any case, point taken. I didn’t intend to be a dick there, but I just kind of stumbled into it in the moment. Didn’t mean any offense.

        I should probably find more constructive ways to spend my time anyhow.

        I’ll politely decline on the comic book and leave it at that.

        Reply
  • irishdutchuncle May 5, 2013, 8:45 am

    the question should be: Why are we still so vulnerable? What can’t a determined hacker do to a system if it’s still connected to the internet?

    Reply

Leave a Comment