Kinetic Cyber: When Hackers Reach into the Real-World

In 2017, Russian hackers plotted murder.

Their Triton attack, also known as Trisis or Hatman, was not the first malware aimed at industrial control systems. But it was the first to target safety systems in a manner that could kill people. Had it triggered successfully, it could have released toxic hydrogen sulfide gas and caused explosions at the Saudi Arabian petrochemical plant where it was discovered.

Fortunately, a flaw in the code flagged systems for review by an Australian researcher, who them discovered the malware’s effects on the Triconex safety controllers, made by Schneider Electric. Triton has since been found in other facilities. Its origin was traced back to a Russian lab, though it has elements in common with teams from Iran and North Korea.

The approach had even broader origins, drawing from early (non-lethal) attacks with real world effects.

Kinetic Cyber Arrives

Such real-world attacks, called ‘Kinetic Cyber’ in the cybersecurity industry, have been around for decades, despite receiving relatively little coverage in the news.

In 2000, a water-treatment plant in Australia rejected a job applicant who then hacked into municipal systems to direct 264,000 liters of raw sewage into local waterways, closing beaches and killing marine life in the area.

A pipeline explosion in Turkey in 2008 was initially blamed on separatist bombers. It was later traced to hacks originating in another Russian lab. Earlier that year, a teenage boy in Poland planned his own kinetic cyber attack.

He built a modified TV remote control to hack into the local train system, then “used it like a giant train set,” according to the Lodz police.

In the process, he derailed four trains, injuring twelve people in one of the incidents.

Progammable Cars, Power Grids, and Pacemakers

By 2010, the stakes increased.

The Stuxnet attack on Iranian centrifuges introduced new targets for malware. A remarkably sophisticated program attributed to US and Israeli sources, the Stuxnet virus seized control of cylinders in the Iranian nuclear program, directing them to spin out of control. The attack ‘weaponized’ digital attacks, enabling them to destroy physical objects.

A few months later, the CarShark packet injector proved that hackers could seize control of a moving vehicle, jamming the brakes at high speeds and suddenly disabling the engine. This is precisely the kind of attack PathGuard is designed to prevent. It secures critical functions against such remote control, while still enabling two-way communication for such useful features as navigation and entertainment.

In the following years, kinetic cyber attacks continued, with these highlights:

• In 2012, researcher Barnaby Jack, best known for his demonstration at the Black Hat conference where he forced ATM machines to dispense illicit cash, showed how a hacker could direct a pacemaker to deliver an 830 volt shock, enough to kill a victim.
• In 2015, the first known successful hack of a power grid disabled 30 substations in Ukraine, leaving hundreds of thousands of people without electricity.
• In 2017, hackers set off emergency warning sirens in Dallas, Texas, in the middle of the night. Residents flooded 911 with thousands of calls, and technicians had to shut down the entire system to regain control.

For more information on kinetic cyber, with an emphasis on AI elements and thoughts from PathGuard’s Dan Newman, please see the related article from the hedge fund advisor and machine learning experts at Rebellion Research.