Being a detective means investigating and solving crimes. President Donald Trump said about Russia’s cyber meddling in our voting process, “No one can really know who’s doing it.”
It’s not unusual for someone not familiar with the computer industry to make such a statement. Chances are most adults would come to that conclusion, but they would be wrong. Cyber detectives within government security agencies have the tools to know who's meddling.
A cyber-crime detective is no different than a burglary-crime detective; they consider motive, clues and evidence. The low-level, email-based cyber criminal tries to conceal themselves in the “From” line of an email. Those types are relatively easy to detect by looking at the hidden, detailed return address information.
However, when dealing with sophisticated cyber criminals, especially when they’re part of an elite group run by a foreign government, it requires the talents of cyber detectives.
It’s important to understand that computer code is just another language. How code is written is not that dissimilar from writing a letter. Each person has their own style: their use of certain words, where they’re placed in phrases. It’s their fingerprint.
People in different countries have distinct ways of expressing the same idea. In the United States, we say “Mom”; in the United Kingdom, it’s “Mum.” It’s tough to conceal who you are or where you’re from.
It’s unfortunate some people in our government cannot grasp this concept or just don’t want to. As such, multifaceted, complex attacks by a foreign government will go completely over their head, and that’s dangerous to our country.
Our society is run by computers and communication systems and, of course, requires power. An attack aimed at our power-generation infrastructure can be catastrophic. The Wall Street Journal reported that a federal analysis indicated that a coordinated terrorist strike on just nine key electric transmission substations could cause cascading power outages across the country in each of the nation’s three synchronized power networks.
To acquire additional information, I interviewed a security expert working at a major power generating system in the United States.
He indicated that cyber non-web attacks occurred on average 17,000 times a day, representing 50 percent of all attacks. Add to that 6,300, or 17 percent, blocked email web attacks, with the remaining 33 percent being crimeware and insider or third-party misuse. That’s a total of 34,000 attacks per day that a power system must deflect.
Surprisingly, most attacks are not through the Internet because that path is reasonably well protected. Internet hackers must bypass multiple layers of firewalls, a difficult job. However, a remote substation working through a supervisory system not connected through the Internet may have less physical or software security, and is often an entry point.
Whatever the attackers' intent, obviously, it was not to say hello, but rather to damage the network, to see if they could get in later or put in a “Trojan Horse” for future activation.
Hackers used several different techniques to compromise plant computers, including fake email personnel resumes that contained malicious code.
On the positive side, hacking in the United States is a more complex feat than in countries where grid systems are homogenous. Our power systems are diverse; no two substations are the same, and no two companies run their infrastructure the same.