Hacking attacks on critical infrastructure are becoming more frequent

play

A vicious storm wipes out the nation’s largest gasoline pipeline, stretching from Texas to New York. Nearly 17,000 gas stations are running dry, turning pit stops into parking lots as panicked Americans scramble to fuel up before attendants pull out yet another empty pump.

It’s a familiar story of infrastructure failure in extreme weather, but this storm blew in from the east without a drop of water or a gust of wind when Russian hackers crippled the colonial gas pipeline.

The colonial attack of 2021, which affected nearly half of all fuel consumed on the East Coastwas just a taste of things to come, US cyberwarriors say, as foreign governments and gangs working under their protection steal into the nervous system of the US economy, ready to close it in case of a conflict.

“It’s a free-for-all,” said Colin P. Clarke, director of research at the Soufan Group, a global intelligence consultancy. “It’s a constant barrage and onslaught of various types of hacking attempts, offensive cyber operations and others trying to attack the public sector, the private sector and everything else.”

More: Tim Walz’s Russian expose hit the internet ahead of the US election

Earlier this year, Chinese hackers breached Verizon, AT&T and other telecoms in an effort to understand how companies cooperate with authorities to track down criminalsofficials suspect.

“It’s no secret that foreign adversaries — such as Communist China — seek to undermine our people and our nation through the use of sophisticated and dangerous cyber attacks,” said Rep. Bob Latta, R-Ohio, chairman of the House Subcommittee on Communications and Technology.

Recent months have seen a steady pace of high-profile cyber attacks. While most created only minor distractions, the forays have become more reckless, experts say.

They created adversaries like China and Russia an extensive network of hackers and software that infiltrated America’s infrastructure to be activated in the event of a significant geopolitical conflict.

More: JBS, Colonial Pipeline ransomware attacks are just a fraction of what US is facing, DOJ official warns CEOs

Although hacking is as old as the Internet itself, the contest has evolved on a key front, Clarke said. “It’s just another theater, that’s how I look at it,” he said. “There’s air, land, sea, space, and cyber.”

That cyber front is heating up.

As conflicts spread across the Middle East and Ukraine, there has been a surge in cyberspace attacks on critical infrastructuresaid Courtney Adante, President of Security Risk Consulting at Teneo.

“The reality is that a potential attack against water systems, dams, bridges, energy is a real threat, it’s a real risk,” Adante said. “My concern is that the public just isn’t paying enough attention.”

A constant game of cyber-brinkmanship

A campaign by a Chinese hacker group dubbed “Salt Typhoon” to infiltrate major US telecommunications companies has rocked Capitol Hill since it was revealed this month.

The hack, first of all reported by the Wall Street Journal, which reportedly targeted Verizon, AT&T and other telecommunications companies, although details were not disclosed.

After the Salt Typhoon hack was revealed, Energy and Commerce Committee leaders warned Verizon, AT&T and Lumen Technologies that “the integrity of your networks is paramount.”

“It is vital that cybersecurity protocols be improved to better protect Americans’ data against increasingly sophisticated attacks,” they wrote, “especially from our foreign adversaries.”

More: Cyber ​​attack targeting Georgia absentee voting website thwarted, state officials say

US officials said The Washington Post suspected that state-sponsored actors were probing how law enforcement and telecommunications companies associate to listen and track foreign targets – namely Chinese agents.

The Department of Homeland Security declined to comment.

Like other recent attacks, the Salt Typhoon campaign appears to have been thwarted without major disruption to consumers. But experts and officials warn that sowing immediate chaos is often not the game plan.

Rather, the goal of most cyber warfare is probing an adversary’s systems to cause disruption when neededsaid Craig Shue, who heads the computer science department at Worcester Polytechnic Institute.

Probing attacks, of which there are thousands each year, are virtual espionage missions that look for vulnerabilities to exploit when the time is right, Shue said.

FBI warning: Chinese hackers prepare to “wreak havoc” on infrastructure

“Some of these adversaries are embedded in the networks they attack for extended periods of time,” Shue said. “They’re going to do reconnaissance, they’re going to identify what the normal pattern of the network looks like.”

When hackers find their cover is blown, or if they sense the network is shutting down, they retreat, Shue said.

“If they see signs that the defenders have caught them, then they say, ‘There’s no more opportunity for subtlety, so let’s launch the attack and have our chaos,'” Shue said.

While attacks rarely come to public knowledge, The colonial pipeline the 2021 hack offers a taste of the real evil that cyberwarriors can cause.

More: A Russian invasion could reach further than Ukraine. How a cyber attack can affect you.

Russian hackers forced Colonial to shut down 5,500 miles of pipeline serving 50 million people for five days, causing shortages at 16,200 gas stations along the East Coast and widespread consumer anxiety before the company paid a $5 million ransom to regain access to its computers.

And for every hacking effort that is discovered and publicly scrutinized, there are more that remain undisclosed, Clarke and other experts said. The ultimate goal, Clarke said, is not simply to disrupt the lives of Americans, but to play a more serious role in possible future conflicts.

It’s an ever-evolving perspective between foreign hackers and those tasked with taking them down.

And it is not clear who wins.

Is America Prepared for a Worst-Case Hacking Scenario?

Cyber ​​warfare between the U.S. and its adversaries has reached a state similar to the doctrine of “mutually assured destruction” that the U.S. and Soviet Union first reached in the 1980s over the use of nuclear weapons, experts told USA TODAY.

Each side can say to the other, “‘Hey, we can make things pretty uncomfortable for your population if you go through with this,'” Clarke said.

Just like foreign countries have their cyber spies and software in America’s critical infrastructureAmerican hackers and security agencies have not been idle, said Jim Lewis, director of the Strategic Technologies Program at the Center for Strategic and International Studies.

“It’s fair to say the Chinese, the Russians think we do,” Lewis said. “So whether we do it or not, it doesn’t matter, because they think we do.”

Snapchat I understood: How the Feds Monitor Social Media and Other Communications

And the US certainly seems to be involved in its own cyber attacks. Last year, for example, more than a decade after a fugitive whistleblower Edward Snowden accused the National Security Agency of hacking the servers of the Chinese telecommunications firm Huawei, official Beijing admitted the violation.

Chinese hacking attacks they were more openly aggressivebut because these attacks take place in cyberspace, they are not considered open acts of war, Lewis said.

That line is increasingly blurred.

“If I were to go to the port of San Francisco and put naval mines there, it’s not like it’s going to explode — it’s not an attack — but everybody would consider it a hostile act,” Lewis said. “And that’s sort of the cyber equivalent of putting a mine in your opponent’s harbor.”

Attacks on utilities such as American Water Works Company, Verizon and other telecommunications companies are just the latest examples of a significant increase.

Hackers hit American Water in early Octoberaccording to Securities and Exchange Commission filing.

The utility had to stop billing millions of customers, drawing a warning from the Environmental Protection Agency. Water delivery systems were not affected.

“Cyberattacks are one of the most significant threats to our Nation’s water and wastewater utilities and to communities, businesses, hospitals and other critical infrastructure sectors,” EPA spokesman Dominique Joseph said after the breach of American Water.

An EPA review this year found 70% of US water companies were vulnerable to attacks.

Authorities have yet to identify who was behind the American Water breach, which comes as foreign hackers they are increasingly going after private rather than government targets.

An estimated 89 percent of critical infrastructure in the U.S. is controlled by private companies, said Adante, the security risk consultant.

“Why don’t we talk about this more?” Adante said. “I worry about the critical infrastructure event, where there’s an attack on power grids, water systems — where human lives are at stake.”