Andy O. Heikkila

@andyoheikkila

Ransomware in Atlanta is a Red Flag, Fire Sale Cyberattacks Could Be Next

The best Christmas movie of all time isn’t really even a “Christmas movie” — or so says my wife.

I know, I know, we’re deep in the middle of summer, but as I was trying to describe to my better half exactly what happened to the city of Atlanta a couple of months ago, we — naturally, of course — began talking about Die Hard, and whether or not it’s a Christmas film.

We do this every time we talk about Die Hard. And every December it seems like the entire internet follows suit, and argues over whether or not Die Hard is indeed a Christmas film, and the only conclusion that both parties are able to come to is that whether it’s in the spirit of Noel cinema, it’s a damn good action film.

Unfortunately, the following films in the Die Hard series … well, they were alright. The second film was a bit too campy, and Samuel L. Jackson was a fantastic addition to the third, but the fourth installation in the series is the film I really want to focus on here.

In Live Free or Die Hard, John McClane is back once again to do battle with terrorists with a twist. This time, however, McClane’s enemies aren’t relying on bombs and machine guns. Instead, their nefarious plan kicks off with a “fire sale,” a cyberattack designed to shut down a nation’s computer infrastructure and networked systems.

According to the Die Hard Wiki, there are three stages of a fire sale:

  • Stage 1: Shutting down all transportation systems, such as traffic lights, railroad lines, subway system and airport systems.
  • Stage 2: Disable the financial systems, including Wall Street, banks and financial records.
  • Stage 3: Turning off public utility systems, such as electricity, gas lines, telecommunications and satellite systems.

When this movie came out, a couple of people wrote about the possibility of a fire sale, arguing that it could be done, though the potential scale of the attack was uncertain. That was 10 years ago

Fast forward a decade later, and the potential fire sale is no longer a question of “if,” but rather a matter of “when.”

The Rise of Cybercrime: The Fall of Atlanta

When it comes to cyberattacks in the real world, there are two types of threats you need to worry about: the state-sponsored attacker/terrorist deployed specifically to incite political change, and the cyber-criminal interested in making money via digital extortion or thievery. The latter is becoming just as big of a threat as state-sponsored actors due solely to the complete digitization of world, the distillation of nearly everything into “data.” The experts at the U of Cincinnati online criminal justice program write, in their piece “The Cyber-Criminal Revealed”:

“Each piece of data that a cyber-criminal, or more accurately a cybercrime network, can steal is worth a certain price point on the black market. The last four digits of your social security number are useful on their own, but when coupled with a bank account number or credit card it becomes a goldmine. Even seemingly benign data like your birthday, your hometown, and your mother’s maiden name is valuable on the black market.”

This is why the 2017 Equifax hack was such a big deal, with about 147.9 million Americans, as well as some Canadian and British nationals, affected by the breach. The problem is that Equifax lost what is called “lifetime data” — things like Social Security numbers that can’t just be changed like passwords can.

The amount of data out there is vast, and cybercriminals are many. CSO Online reports that by 2021, cybercrime damage costs will hit $6 trillion annually, while ransomware damage costs alone will rise to $11.5 billion in 2019. With that in mind, it should come as no surprise that criminal groups are becoming more bold and hitting higher value targets than ever before. Hospitals, due to the critical nature of their services, have become perhaps the juiciest targets for ransomware attacks — it was only a matter of time before criminals decided to branch out and target other critical services. Nobody thought they’d be so bold as to target an entire city. Nevertheless, in May, an extremely efficient ransomware group known as SamSam, did just that.

“In Atlanta, where officials said the ransom demand amounted to about $51,000, the group left parts of the city’s network tied in knots,” write Alan Blinder and Nicole Perlroth for the New York Times. “Some major systems were not affected, including those for 911 calls and control of wastewater treatment. But other arms of city government have been scrambled for days.”

Perhaps they should have coughed up the ransom — the cost to the city is reaching close to $9.5 million in IT bills alone, while a third of the 424 software programs used by the city are still offline or partially disabled, and nearly 30 percent of those applications are “mission critical,” as reported by Reuters.

This is bad news — and not just for the city of Atlanta, but for anybody living in city or town with connected infrastructure. Due to globalization, digitization, and competing world hegemonies, that includes just about everybody in the first world.

Fire Sale: Everything Must Go

Globalization is practically an unstoppable force, and one of Norwich University’s top issues involving national security today. This includes the digitization of practically everything in the world, such the connection of city infrastructures to the internet. The truth is that SamSam is likely not even a U.S.-based ransomware ring — and yet, from some dark corner of the world, they were able to bring down the IT systems of the one of largest cities in the U.S., home to the world’s largest airport, and we still have no idea who the perpetrator is.

This is terrifying, and there’s no clearer sign that we are in danger. Somebody looking for a little money shut down an entire American metropolitan region. Imagine if they were terrorists or nation-state hackers, looking simply to cause damage and casualties instead of reap financial gain. The worst part of all of this is that we truly only have ourselves to blame for the Atlanta breach, and likely for any breaches that occur in the future. Ilia Kolochenko, CEO at High-Tech Bridge, writes:

“In light of the shocking facts around the incident that virtually paralyzed the entire city, I think that the true problem is not ransomware. The problem is unreliable, overcomplicated and insecure-by-design IT architecture. Segregation of duties, data and network access control, proper segmentation, daily backup, desktop hardening, anomaly detection — are de facto a must-have in any modern company or governmental entity. Apparently none were in place.”

The above highlights a topic that people have written articles on for years now, which have obviously had no effect. Our technological capabilities and their links to our critical infrastructure are proliferating faster than we are securing them. This is unacceptable and will lead to death and destruction of innocent people.

I sincerely hope that this article is not able to be used in the future as “evidence that we knew an attack like this was possible,” but the way things are going, I’m not sure we’ll change our ways before we see some sort of firesale or cyber D-Day.

There’s only one thing I’m certain of: the Atlanta cyber attack is more than a red flag or a warning — it’s a promise that we will see terrible, horrible things if we don’t shore up our the cybersecurity of our critical systems soon.

More by Andy O. Heikkila

Topics of interest

More Related Stories