Getting Closer to a New Machine Era

"Also it causes all, both small and great, both rich and poor, both free and slave, to be marked on the right hand or the forehead, so that no one can buy or sell unless he has the mark, that is, the name of the beast or the number of its name. This calls for wisdom: let the one who has understanding calculate the number of the beast, for it is the number of a man, and his number is 666."   -Revelations 13:16-18

A Word from the Blogger

We are emerging to a new phase.  As passwords are slowly becoming more obsolete because of its nature of being insecure and hard to remember, a new era is emerging which will have a lot of controversy.  Since biometric methods of authentication haven't delivered what they promised,  they also been proven to fail a lot of times in these few years and we have seen how it can be easily bypassed in the last few months, we are now to wonder:  how are we supposed to store our information and do our "private" actions through the Internet without having our account (which, by the way, now contains everything we do) compromised.

www.slate.com

Even though I really love technology and I enjoy experimenting with it, I am completely against the ideology of merging humans with robots.  I am completely against the ideology of having robotic parts embedded into our body to surpass our average capabilities and nature of being what we are... humans.  By merging embedded robotic parts with our  body to make ourselves "more efficient", is a mocking to God because of the arrogance and pride of wishing to be not only like Got but better than God.  If God wanted us to be robots, he would have created robotic parts in ourselves.  Also, it goes against the laws of nature which is also enforced, controlled and mediated by God. If the laws of nature are altered, an endless of domino reaction cataclysms would occur.

The Article

I have read some news which I could not let them slip.  In fact, I had other Blog entries in production and ready to push into live publishing, but I believe this is more important; so I started on this topic right away.  This event will the start of a huge dystopian life change in which the human race will long regret.

On Friday April 17, 2015 in the Wall Street Journal, came an article, one of the most ever life changing in history.  "A PayPal executive who works with engineers and developers of Paypal said that "to find and test new technologies, embeddable, injectable, and ingestible devices are the next wave in identification for mobile payments and other sensitive on-line interactions." Also, the head of PayPal's and Braintree's Global Development Advocacy Jonathan LeBlanc said that "The future of identification would not rely on passwords." As we know, PayPal has not only proven in the past to be a more secure than traditional forms of on-line payments but also has proven to have certain vulnerabilities which exposed its user's use-rnames and encrypted passwords but also two-factor authentication techniques were previously hacked.


The Problem - Fear to the Public

For these reasons as well as the fact that passwords (no matter how much encryption they have) are always eventually brekable, PayPal is turning its odds to a more "reliable", secure and easier to use:  Embeddable, Injectable and Ingestible Devices.

http://www.makeuseof.com

 As LeBlanc has stated on his presentations named "Kill All The Passwords" presented all over the U.S. and Europe, 91% of people use passwords listed in the top 1000 most used passwords list and 79% on the top 500 respectively.  He also added more fear the fire by stating that the already (relatevely) safe algorithms we know now such as MD5, SHA-1,2 and 3 have bad security. Additionally, he also stated how Biometric authentication has a lot of false positives and false negatives making the authentication process a real pain to use and it is not an integrity check in which we can easily trust. 

As the IoT (Internet of Things) are merging all our societal and private life facets to a more organized, transparent and traceable public domain, passwords are no longer trusted to "safeguard" our already-on-the-domain identities, therefore here comes his "solution".

LeBlanc Solution

http://www.slideshare.net/jcleblanc/kill-all-passwords

As any seasoned salesmen and social-engineer already know, in order to sell a product or convinced someone to do a certain thing (a thing he wants you to do), he first has to create the need for it. One of the techniques used to accomplish this is to create fear. Once the fear and need is established, the solution comes next.  LeBlanc states his solution to authentication by using:

  -Fingerpring Scanning
  -Vein Recognition
  -Heart rate monitoring

 By the following methods:

  -Ingestible Technology: Ingestible capsules will be used and powered by stomach acids to detect glucose, blood pressure,digestive health and other unique internal parameter patterns.

  -Brain-Chip Implants will be used (through built-in ECG sensors) to monitor the unique electrical activity of a person’s heart, and communicate via "wireless wearable computer tattoos."
 

http://www.slideshare.net/jcleblanc/kill-all-passwords

These methods, LeBlanc  states they will be "natural body identification", which we already know it will not be true, because the machine (bits and bytes) will be required to analyze body patterns, which does not make it 100% natural.  Think about false positives of our body reaction through the use of drugs, anomalies, sickness, and unexplained pattern behaviors.

FIDO Alliance

PayPal has partnered with FIDO Alliance to incorporate better authentication systems for their users.  One of their projects is the Universal 2 Factor (U2F) authentication. As FIDO Alliance states on one of its videos, U2F offers a more "open, secure and easy to use standard by using a public and private key pair." The Bluetooth USB-like adapter device will not require drivers and will be used as a second method of authentication (after inputting the password) and will be the intermediate between the browser and the user to prevent keylogging, phishing (the most weak link) and MitM (man-in-the-middle) attacks.  It will be also used with the mobile devices which, with the integral part of Duo Push will be used as a phone App.

https://fidoalliance.org/about/overview

In my opinion, this will be the bridge and the temporary solution for PayPal before they go full speed with the new and so radical change which will change our lives forever.


Final Thoughts

We are now living a very crucial time when the fight for privacy,  human rights, wars, terrorist attacks made through false flag operations and our form of communication as well as authentication will be playing a huge new role and change to a more dystopian reality which will be combined with our "own form of control" by using our own medical record, health situation and body parts to keep our private data, the data that never had to be released to the public domain, secure.  It is now the time to change our dormant state and fight for our human rights, which is the last thing we have left.  If we don't anything, one day our future grand children will look at the past (if not altered) and ask: what has happened with our humanity?
 

 Sources

WallStreet Journal Article:  http://blogs.wsj.com/digits/2015/04/17/paypal-wants-you-to-inject-your-username-and-eat-your-password

LeBlanc Presentation:  http://www.slideshare.net/jcleblanc/kill-all-passwords


FIDO Alliance: https://fidoalliance.org/news-more/videos/

PayPal FIDO:  https://www.paypal-pages.com/samsunggalaxys5/us/index-faq.html

The Evolution of Hacking: Advanced Persistent Threats (APT)

www.itbusinessedge.com

 Introduction

In the last couple of decades we had observe some of the most brilliant hacking techniques ever known. We also delved into a lot of sophisticated Malware which redefined the whole concept of security. As more and more simplicity are being worked on the tools and more people adapt to the whole security world, we have seen a substantial growth in not only sophistication but also security persistence.  Here is what becomes: APTs.

Nowadays, we are not only fighting against malicious and curious hungry people who want our data, identity and financial information but also against governments, mafias, and "terrorist" nations to gain trade and national secrets.  As this world might be coming to an imminent end (the end of humanity), it is logical to think that more and more havoc will be caused into our lives and in order to survive, we will have to accept a New World government, where everything will be monitored, judged, moderated and executed within one a World Organization in justification for total security and safety for all humanity.

As more havoc is being done in this society, so it happens in our digital world. Better autonomic, resillient and cognitive systems are also put into the market (and our society) and to the hands of the gifted ones (and malicious users) in order to provide this society with more advanced, smart ways to silently break into the most sophisticated and secure systems. Advanced Persistent Threats is defined as " a set of stealthy and continuous computer hacking processes, often orchestrated by human(s) targeting a specific entity." By disseminating each word, we have a better idea of what APT really is:

Advanced - Multi-vector 0 day attacks.

Persistent - Undetectable attacks over a long period of time.

Threat - Manace over sensitive information to a critical infrastructure and assets.

Past Examples

Below there are only a handful of APT examples:

PoisonIvy
Stuxnet
NightDragon
GhostNet
Lurid

Past Targets

Moonlight Maze (1998)
Titan Rain (2003)
US Congressmen (2006)
Oak Ridge National Laboratory (2007)
Los Alamos National Laboratory (2007)
US Department of Defense (2008)
Office of His Holiness the Dalai Lama (2008)
Operation Aurora (2009)
Australian Resource Sector (2010)
French Government (2010)
Canadian Government (2011)
Australian Government (2011)
Comodo Affiliated Root Authority (2011)
RSA (2011)
Oak Ridge National Laboratory (2011)
L-3 Communications (2011)
Lockheed Martin (2011)
Northrop Grumman (2011)
International Monetary Fund (2011)


How APT Works

First, it is important to identify the phases of a successful APT.  In order to successfully attack a system without being detected, a series of out of the radar sophisticated techniques must be used.

First Step - Advanced (Infection)

Attack is conducted by sending the RAT's Trojan (server file) by tricking the user to run it.


Methods can be used as attachments, visiting a website which a vulnerability was taken advantaged of the malicious user which can download the Trojan of the RAT.  An indirect and less suspecious method is being used by simply throwing a USB drive with the RAT's Trojan software to the target's backyard, car, or personal item such as his coat, or pant's pocket.  If he plugs it in thinking he luckily found a USB he can use, the malicious user can craft an autoexecutable which executes the RAT's Trojan software in the background.  He can put random school documents or home-made pictures (not his own) to make it less suspecious.  A more advanced alternative is if the malicious user crafted a malicious software which downloads the server file (RAT's Trojan) when innactivity is detected on the target's machine, so he doesn't notice system's performace or hints when the connection, download and auto-execution is taking place.

The attacker, once the victim is infected, can manages the victim's PC through the Remote Administration Tool (the RAT).
 
When the victim is infected, it simply notifies the malicious user who is running the RAT on his end.  Then, the malicious user can conduct a series of activities:

  -Keylogging (logs every single keystroke)
  -Uploads and downloads system's files
  -Unrestricted remote shell login
  -Uses proxy services to hide attacker's identity (through HTTP/SOCKS)
  -Kills, lists and starts system processes
  -Spies on victim's webcam
  -Screen Captures
  -Full administrative access to files and system's registry
  -Used to send SPAM from the victim's machine
  -Logs-off, restarts and shutdowns the victim's computer
  -Update the RAT's server (trojan) on the victim's machine
  -Uninstallation of RAT itself

Second Step - Persistent (Methods)

The persistent phase comes when the attacker conducts such stealthy activities, such as:

  -Updating the server file on the victim's machine so it doesn't get detected by anti-malwar
  -Inject the server file to a specific system process. i.e: winlogon.exe, iexplorer.exe or rundll32.exe.
  -The server file's shortcut image can be changed as well as the name of the file to avoid detection.
  -Auto-runs and connects to attacker if the server's injected service is killed

Third Step - (Exfiltration) Threats

This serious threat can be used to make nefarious exfiltration of mass data such as:

  -Network footprinting
  -Assets enumeration
  -Usernames and Passwords
  -Administrative domain account creation for further access
  -Plant backdoors for evasion
  -Secret data and company secrets' leak
  -Data and infrastructure corruption
  -Compromise other hosts
  -Privilege Escalation
  -Encrypt critical files and demand ramson to decrypt it
  -Etc,Etc,Etc

Final Thoughts

As we are going through a war phase, a lot of attacks are being made with digital weapons.  More instrusive controls such as better digital IDS/IPS signatures, more skilled people, Firewall rules and Anti-virus behavioral scans as well as signatures (come on, they do help a little) are getting behind exponentially with the emerge of more sophisticated APT malware.  With the evolution of cognitive systems, soon we won't have to enlist to fight wars because machines will be able to fight them for us.  The hacking techniques now being used as almost automatic and will soon be cognitive and conducted with the help of a more accurate AI (artificial intelligence).  In this information age, not only critical infrastructure but also the whole society's information is the target and at risk minute by minute.  That is why we need to be our own Firewall and not only be diligent about our activities and actions (they do cause an effect), but also about how we determine our future.

Keeping yourself off of the Radar of the NSA. Only fiction? Part 2

Our privacy deminishes every day, day by day and the facts stated on part 1 of "Keeping Yourself Off the Radar of the NSA" is only the tip of this huge iceberg.  The recommendation I gave for part 1 was to use Tails, even though it is not bullet-proof and the person who has the most knowledge wins in this cat and mouse game.  In part 2, we will go through more risks which increase everyday while getting more complex as well.

On this week, we not only found out about software surveillance but also hardware and network-based data mining through big and wealthy corporations as well as the net neutrality law which, by the way, temporarily won the battle but certainly not the war.

Last week, we found out about a vulnerability on Linux systems which are taking advantage from physical DRAM memory chips to gain kernel access to the system.  We also found out how Apple is sending the voice recordings consumers send to "Siri", the iPhone Intelligent Personal Assistant, to third party companies for advertisement and other undocumented purposes.

Further last week we have found out about certain phone brands such as Xiaomi Mi 4 is preloaded with malware by the manufacturer's customer ROM which then they denied and stated that those phones were fake replicas.  But don't worry, not all news are bad news in regards with surveillance.  Earlier this year, we have also found out about new ways to make it harder for governments and corporations to track our digital fingerprints.  The British multi-millionaire Kim dot Com did not only invented a secured end-to-end encrypted way to chat with your friends, but he is also now reinventing a new non-IP based "Internet" called "MegaNet" which, he states, will defy the whole surveillance essence.

But this is not the only attempt of defy tyranic global spies.  There are also other systems right now which are in Beta testing that will be used to form their own Internet and share information as free as people want it, because, after all, information should be free for the world to use it, manipulate it and see it however they would like as long there is no harm to others.

If you watched documentaries such as "Track me if you can" and "Terms of Conditions May Apply" (2003), you will realize that we have no or little control over our privacy. Even secret programs are out there that can track our identity by just finding our walking pattern. How are we then safe from the prying eyes?

From hardware, to software to global surveillance to secret programs to track people and break our privacy, we are in a dystopian world where our only weapon is knowledge.

Keeping yourself off of the Radar of the NSA. Only fiction? Part 1

What if I tell you that it is almost (if not) impossible to keep yourself out of the Big Brother's radar?  What if I told you that even though you take the most paranoid precautions, you are still caught on the net along with the other fishes? What if I told you that everything you have found out, everything you know about keeping yourself more secure is totally useless and you are hopeless when it comes to keep your data and digital prints safe? Well, let's dive into some facts....

I have published last year a Blog in how to keep yourself more secure on the net and in the physical ("real") life.  You should know that by the time I have published that Blog with solutions in how to better your privacy, more than a few Snowden's revelations have been surfaced even into the most naive people's eyes. The first thing you should know is that this is a mouse and cat game. This means that when the cat (the NSA for example) is trying to find new ways to push surveillance and autonomous systems to keep track of every single move we do, the mouse (freedom fighters and originalists) are sneakly moving forward finding new ways to keep their privacy a little more... private.

Edward Snowden who is now a refugee, along with the American journalist Glen Greenwald, had revealed some (not anymore) confidential U.S. Government files which pointed out the fact that we, as living beings in this world, are not free anymore.  Having a huge radar and a non-stoppable fierce, we have found out from the Citizenfour movie, that the U.S. is not the only "evil" on this game. Other countries, such as the U.K., Rusia, China, Germany, France, Sweden and Brazil (to name a few) are also joining this surveillance of humans' dystopia.

How everything got changed

In the last couple of years we have not only found out the "secret" surveillance programs and secret projects the NSA and its partners were (and still) using such as Carnivore, XKeyscore, PRISM, Muscular, Tempora and Project 6 (to only name a few).  We also now found out what I believe is the worse of the worst.

For now, the before-mentioned projects and programs work on a infrastructure level of networks (through spying big junks of data from big pipes) helped by Google, Facebook, Youtube, America Online, etc.  We all know how BIG Google is and how they also have access to most of the residential wireless passwords of the whole world via Android phones.  Also, through the Muscular program, we found out how the NSA is able to launch an exploit to any computer they want (regardless of the Operating System) in a matter of seconds. So, they have control over everyone's email, potential visited sites, potential personal information, habits (good and bad ones), data, metadata and every single piece of your life via Internet infrastructure and software. But this is enough for the NSA and its partners to have a total and perfectly shaped profile about their citizens, right? .. WRONG!!


Early last month, we have found out that China was putting Adware (Superfish) to Lenovo laptops by breaking and impersonating HTTPS certificates and also China was blamed for placing backdoors and surveillance software to routers in the past. Whether Superfish was software, now we are facing a new model.  Not only the NSA but also other governments are using hardware to spy on users inadvertently.  Earlier this month another Snowden revelation made a lot of people's jaws drop. This time, hiding "special, deletion-proof" spying software on the most common hard-drive brands, such as: Hitachi, Western Digital, Seagate, Toshiba within others.  This poses a huge risk because now we do not and cannot trust not even our own brand new laptops.

Now that we know where we stand it is fair to ask ourselves: how can I protect myself? Is having a VPN, sitting behind 7 proxies or using TOR with a vast number of proxy-chains as well as using a live (read-only) USB drive running a live distro of Tails secure enough?

The Solution?


One thing we know. We know that this is a cat-mouse game and whoever knows more wins.  But this is not quite enough. Whoever is faster by staying up to date, develop the most (cryptographically) secure software as well as having a paranoid (security concious) attitude might be ahead of the game.


What about phones? As we know in the recent news, Gemalto encryption keys were stolen by the NSA and British Intelligence Communities and as we know cloning SIM cards in order to evade some tracking is illegal in most countries such as the U.S. and the U.K.  How can we protect against not only the big monsters of the digital information such as Google, Yahoo, Facebook, etc? What about the exploits blindly launched by the NSA to our devices? We could have the best Firewalls and IDS/IPS but are they really enough against any Government which has the top cryptographic and evading software in the world?  What about defending against the spying hardware chipsets, hidden backdoors in our communication media such as routers and perhaps also Firewalls?  How can we also be safe against phone surveillance now that we know our SIM card data (or metadata) is being watched, analyzed and profiled?

The only thing I can think of is to be abstinent, and run a live copy of Tails. Remove your hard-drive, disable services (hardware and software) you don't need,  use and maintain your Firewalls, IDS and IPS, use TOR with Proxychains and of course, avoid doing anything stupid online.

Sources:

https://en.wikipedia.org/wiki/Global_surveillance_disclosures_%282013%E2%80%93present%29

www.huffingtonpost.com/2015/02/16/nsa-computer-spying_n_6694736.html

http://www.zdnet.com/article/nsa-gemalto-sim-card-encryption-hack-key-questions/

North Korea, SONY and SCADA Flaws

In these couple of months I have found some patterns and anomalies in the news as well as the not so traditional ones about the North Korea, SONY and SCADA insecurity. How does all relate to each other? Is it really North Korea's fault? Was this already planned to have justified means to attack North Korea or all of this happened to boost viewers on the not-so-cool movie: The Interview? What about the new Hollywood movie: Blackhat which is about SCADA attacks to North Korea? Well, here are some facts:

On November 24, 2014 a mystical image appeared on every SONY employee's computer at the same time warning them of an imminent demise.

The bad news appeared on the media by 10:50 AM, after SONY's phone systems, workstations, and e-mail servers were paralyzed across SONY's headquarters including all locations.  The attackers threatened SONY by saying it is "only the beginning" and that they also have compromised their network and will release "internal data" they gathered.  They also blackmailed them by releasing their "top secrets" if they do not "obey" with their demands.  Whether these statements are true or not, it  was released to the mass media. By obtaining 100 TB of information, the "Guardians of Peace" (as they called themselves) got some pre-released movies which they were going to be aired by early next month. I am not going further with the description of this attack but you can find more information here:

http://deadline.com/2014/12/sony-hack-timeline-any-pascal-the-interview-north-korea-1201325501

On November 27, 2014, as SONY systems were still inaccessible, five movies were released to the public from these cyber criminals. One that caught the mass media's eyes and people's attention was "The Interview".  This movie in which the dictator of North Korea: Kim Jong-un is killed by some U.S. unofficial agents. This, caused a plethora of commotions, catastrophic and suspicious events unleashed to North Korea. A North Korean website called this movie a "provocative evil act."

Suspiciously, by the next day: November 28, 2014, North Korea already got the blamed for SONY's breach by the FBI which started conducting an in-depth research on the breach on December 1, 2015. After that week, the Associated Press blames North Korea for the attack just because some "cyber-security experts" stated that they have found “striking similarities" between the code used in the hack of Sony Pictures Entertainment and the one on South Korean companies and government agencies last year. Even though this seems like a blatant accusation, it wasn't until Thursday December 18 that the U.S. government publicly accused North Korea for such attacks.  By this time, huge amount of critical sensitive and private data have being pulled from Sony Entertainment; including but not limited to future and past movie scripts and personal e-mail messages putting in hot water various Sony's personnel involving Angelina Jolie, journalists (blamed for aiding the cyber-criminals) and U.S. President Barack Obama who were all key ingredients to a very horrifying and unpredictable turmoil.

After a series of threats from the cyber-criminals stating they were going to blow up theaters and the white-house, President Obama stepped up for Sony and gave a speech about the consequences for "not stepping up" on this threat. President Obama also said he was going to take a "proportional response". Days after his speech, SONY complied and they aired the movie. The funny thing is that mysteriously, on late December (December 22, 2014) , North Korea suffered a severe Internet outage which lasted nearly 10 hours and a 24 hour sustained instability on their networks. Not only that, North Korea had a blackout (yes, a power outage) after the Internet outage and yesterday (January 26, 2015), North Korea's power lines are starting to have problems again.

Picture from: Dyn Research

Whether this is a government to government attack or not, let's take a little look at SCADA systems.  SCADA (Supervisory Control and Data Acquisition) are systems which operates through an operational channel through a series of commands to a centralized control panel. These systems include (but are not limited to) water purifiers, oil refineries, nuclear plants, laboratory gadgets, traffic lights, PLC (Programmable Logic Circuits) peripherals and devices, backbone infrastructure of continents. The very bad idea of this is that all of these critical infrastructure components can be accessed and managed from the Internet.  Even though SCADA systems have been around for longer than the Israeli and CIA's creation of the worm Stuxnet (2004), it got really popular after Stuxnet's attack on Iran's nuclear plant.

Nowadays, people can benefit from SCADA beautifulness (and abused by cyber-criminals) by using a very popular search engine called SHODAN (www.shodanhq.com which retrieves, scans, indexes and displays the login banner of the hosts through results via services (TELNET, FTP, SMB, HTTP, HTTPS, etc) for any device connected to the Internet. This not only includes SCADA infrastructure devices, but also a plethora of other devices; such as baby monitors, CCTVs, digital refrigerators and toasters, backbone routers, gas stations and anything that contains a silicon-based micro-chip connected to the Internet.

Despite the protocol, a user is able to see the banner information which might prompt credential information, which increases the odds of a curious or malicious user by at least 50% of brute-forcing and get into the system.  This is a serious risk. So serious, one member of the U.S. Homeland Security described SHODAN as a national threat.

Whether it is a threat or not, I strongly believe the people who has to take the blame are the ones who "secure" these so critical systems so poorly and making them accessible in the Internet for all praying eyes. By making it easy for attackers by using default passwords, for example, anyone researching that manufacturer's or simply by looking at the user guide, can have instantly access and actually has the control of an entire city or continent. Also, there are weak passwords implemented to these systems which is based on lazy and ignorant system administrators. A very good example on this is the product manufacturer's flaw on SIEMENS products.

SIEMENS provide an autonomic way of managing electrical, medical, energy, financial, consumer, etc.  Some of their products are very critical to global infrastructure, so they play a big role to SCADA systems.  In 2011, during the BlackHat - Las Vegas event, a security researcher showed the highly critical flaw in SIEMENS control systems. The flaw: hard-coded administrator password in the firmware. Login information could be obtained by reverse engineering the code of their software which could be available anywhere on the net. It is highly hard to believe that a company with such reputation and responsibility makes a mistake of this high degree.  Not only the attacker could exploit this vulnerability, but also could lock down the administrator having total access to the system and prevent anyone from interfering with his evil plans and actions.

Siemens PLC hidden Easter egg in the firmware from Germany hackers. (Courtesy NSS Labs)

Above, it is a message left by some German "hackers" just to prove that their system could be exploited.

So, where is all this heading to? Are SCADA systems really that insecure? How can they avoid getting their products compromised? Are they liable if a city "goes down"? Is a hack able to actually kill city's residents by infecting the water or make a thermonuclear plant?

This is where the new movie, Blackhat (http://www.imdb.com/title/tt2717822) comes into place. We all know Hollywood for being very involved with everyone's lives because the most of us love movies. Also, we all know the impact Hollywood has in our lives. For one thing we know, that Hollywood has "predicted" so many events with hidden messages, symbolisms and even movie scripts. It might seem like they have the "magical crystal ball" in their hands. Even though Hollywood recreates an imminent dystopia for all of us to see and wonder about our future, their movies are a little far from reality. Though, the concept we have to really look at. They are always right about the main point and theme of their movies. Disseminating the facts from fiction and you will notice that one of Hollywood's new movies: Blackhat is not very far from the truth. This movie is about a hacker being hired by the U.S. government to defeat a black hat hacker (cracker or bad hacker) from causing a lot of chaos by affecting SCADA critical infrastructure points of North Korea and the WHOLE WORLD!  

Apart of Stuxnet, nothing like this has ever been done, which proves that it can be possible and it is an option. Also there exist SCADA Trojans who are right now being improved to affect SCADA's systems.  But whatever we have looked at might have been limited to the audience eyes. Whatever we see and hear is already being filtered. There is, in fact, a cyber war going on right now and I would like to share this link with you. http://map.ipviking.com/

It shows (in real time) which country is attacking who, their IP addresses (real or spoofed), destination, number of hits taken, etc.  It is not a simulation, nor a game. It is taken from the Norse Live Attack Intelligence database.


With this graph in mind, North Korea's situation, knowing about SCADA and the movie Blackhat, I should ask these questions:  Are we all heading to an imminent disaster? Will it be a dystopian future as shown as in Hollywood movies? What about war involving citizens? Will wars be fought with guns, drones and tanks or by attacking critical SCADA infrastructures?  Will only governments do this or hacktivists will step up too to show their point of view?  I guess, the future is very near and the only way of knowing is giving it time.  Only time will tell...

Please, feel free to post your responses in the comments section below.



Sources:

http://deadline.com/2014/12/sony-hack-timeline-any-pascal-the-interview-north-korea-1201325501

http://www.cnbc.com/id/102289459

http://www.theguardian.com/world/2014/dec/22/north-korea-suffers-internet-blackout

 https://www.northkoreatech.org/2015/01/27/more-internet-problems-hit-north-korea/

 http://www.trendmicro.com/vinfo/us/threat-encyclopedia/web-attack/54/stuxnet-malware-targets-scada-systems

http://www.wired.com/2011/08/siemens-hardcoded-password/

http://www.imdb.com/title/tt2717822/

http://map.ipviking.com/