WHY THIS MATTERS IN BRIEF
One thing about the future is certain, all of our digital and physical systems are going to come under increasing attack, and it’ll be a war without end.
Hacks that can jump between and steal data from ultra-secure air gapped systems, fileless malware that doesn’t need to be physically installed on machines any longer, and new classes of “next generation” autonomous Robo-hackers, and malware infused with AI, are just some of the nasties that have been taking cyber security analysts aback recently, but now cyber security experts fear that hackers who seized control of a Saudi Arabian petrochemical site using malicious software labelled as ‘Triton’ and ‘Trisis’ could be being used by Iran, Russia and North Korea, and mark yet another “new” era of cybercrime.
As if we all didn’t have enough on our plates already… but perhaps there is some hope in the future in the forms of new “hackproof” computer systems, like Morpheus, new chip level encryption solutions, new quantum encryption systems, such as the one shown off recently that relies on “quantum weirdness,” hack proof code, robo-hacker defenders, self-exploding algorithms and many more other up and coming countermeasures. Perhaps…
Earlier this year hackers seized command of the petrochemical plant’s computerised control-and-safety system, and it is believed they had the power to blow up the plant.
The cybercriminals used a piece of malware dubbed both ‘Triton’ and ‘Trisis’ by security experts, which was a malicious software program.
Brigadier General Danny Bren, the former commander of Israel’s cyber defence unit, who now advises major corporations said: “The creators of this attack created a weapon that can kill people. With something like that, you can create great danger to an oil rig, a refinery, a power station. In effect, you have built a bomb.”
The hackers infiltrated the safety system’s firmware and inserted a ‘Remote Access Trojan’ (RAT) which allowed them to go inside the computer system and issue instructions via a hidden, electronic “back door”.
The Triton malware was, however, detected because of a tiny flaw which caused part of the system to crash. But despite this, the hackers are still out there, learning from their mistake according to Mr Bren.
He said: “Triton represents the next generation of the cyber revolution. It’s going to have a big effect.”
Ongoing investigations have revealed that state-sponsored hacking is growing rapidly. Mr Bren believes the sophistication of the attack suggests Triton was built by a state, possibly Iran, who are enemies of Saudi Arabia. And experts believe RATs may already have infiltrated UK networks.
Ciaran Martin, director of the £1.9billion National Cyber Security Centre (NCSC), which was founded 15 months ago as an offshoot of GCHQ, warned that enemies of Britain are attempting to “preposition on critical national infrastructure so they can act with menace against us in times of tension”.
An NCSC official confirmed: “The Triton attack, while rare, is likely to be an example of attempted prepositioning.
“A key part of the NCSC’s mission is to ensure the UK is not susceptible to such attacks.”
Jeff Bardin, chief intelligence officer of US security firm Treadstone 71, which monitors state-sponsored hacking, said: “Triton is a combination of espionage and sabotage, and this kind of activity is widespread.
“It could lead to explosions, oil spills and other environmental disasters, and the problem is, we’re not geared up to look for it.
“The UK is using the same hardware and software as everyone else. Your nuclear plants are probably safe because their systems are built to a more secure standard. All other critical infrastructure is vulnerable,” he added.
In 2010, the ‘Stuxnet’ attack, reportedly by Israel, immobilised Iran’s nuclear programme by destroying the sensitive centrifuges it used to improve uranium. In 2012, a single employee clicking on an internet link triggered the collapse of Saudi oil giant Saudi Aramco’s entire IT network. The hack, which like Triton was blamed on Iran, wiped data from 35,000 computers, which forced the firm to revert to typewriters and faxes for five months. In December 2016, the Russian ‘Crash Override’ hack cut power to 100,000 Ukrainian homes.
Last year, the NCSC revealed that the “WannaCry” hack, which forced vital operations to be cancelled, was the work of North Korea.
Speaking to the Daily Mail recently the NCSC’s Ciaran Martin said: “The Government recognises the impact of cyber attacks as a major threat to the UK’s economic and national security. We defend ourselves as necessary, using whichever capability is most appropriate.”
Robert Hannigan, who stepped down as head of GCHQ last year, told the MoS: “Countries that mean us harm are co-operating with each other, sharing expertise, and using wider criminal groups.
“The overlap of crime and state actors is one of the most alarming developments of the past few years.”
He added: “The UK is better protected than most countries, but we are not invulnerable to these kinds of attacks.
“We have observed attempts by states to get into our national infrastructure for years.”