Islamic State (ISIS) Attacks U.S. Power Grid!
Those of you who have been a part of the Null Byte community for even a short while know that I sincerely and firmly believe that hacking is the most important skill set of the future.
To further emphasize how important our skill set is, knowledgeable estimates put the potential impact of an attack on the U.S. power grid at over $1 trillion per year. Such an attack would cause severe damage to the U.S. and likely cripple the economy and stock markets with even greater impact than 9/11 (after 9/11, the stock markets dropped and the economy sank into recession).
In the last week, U.S. Homeland Security revealed that ISIS (the so called Islamic State) has been attempting to take down the U.S. power grid through cyber attacks.
These attempts have been clumsy and lacking in sophistication using only rudimentary tools (script kiddies?). Experts worry about what might have happened had they used more sophisticated tools and had a higher level of skills. (Obviously, they are not members of Null Byte). They might have been successful in knocking out parts of the U.S. electrical grid (all digitally-controlled) and wreaking havoc upon the U.S. economy.
I point this out not only because of its concern for national security, but also because SCADA (supervisory control and data acquisition) hacking will become the de facto hacking of open cyber warfare. As countries progress from the now quiet, slow-burn cyber warfare of today to open hostilities, they will assuredly attempt to take down each other's SCADA systems.
Presently, nearly every industrialized country on Earth has a cyber warfare effort and cyber warfare teams. Few countries would be able to withstand and sustain a war effort if their people are without electricity, water, sewage, and transportation. All of these systems are very vulnerable to being hacked.
SCADA systems tend to use old, legacy operating systems and are not well-protected. Not only are many of these systems using Windows XP (which is no longer supported, which means no security updates), some are even using Windows NT 4.0 (circa 1995).
These systems, if they can be reached, are all very vulnerable to being owned. When they are owned by attackers with malicious intent, they can be turned, misdirected, and forced to operate in ways that would physically damage other equipment (sending too much power through a transformer, for instance). Every country has these vulnerabilities, and it is those of us who understand these frailties who will be in demand from national governments and utilities around the world.
Null Byte is white hat hacker's educational playground—white hat as in the "good guys." Good, though, is a relative term. It can mean legal and it can mean ethical. The difference between white and black hat can depend upon your perspective.
For instance, to an American, these hackers trying to take down the electrical grid are black hats, but imagine a case where your nation has been invaded and overpowered by a militarily superior neighbor. In such a case, taking down their SCADA systems will be the goal of your national government to weaken this attacker. In that case, hacking the SCADA systems would make you a white hat hacker and a hero to your people.
So, although we are white hat hackers, it doesn't mean that we should ignore learning these techniques that could be critical to our nation's survival in the event of war.
Our skill set here is the most important and valuable skill set of the 21st century, so keep coming back and sharpening your hacking skills!