The Great Hack: Part Two — FORENSICS

In the aftermath of ‘The Great Hack’ — as that fateful afternoon will forever be known to future generations — a few things immediately become clear. The hack had been around for years, penetrating a wide range of vehicles — almost anything manufactured within the last generation of cars, and a fair few models beyond that.

It was of course a computer virus, consciously copying the features of the notorious Stuxnet virus, crafted a more than a decade before, by hackers working in the shadowy depths of the national security sector. Stuxnet had enough self awareness to infect something, determine whether it had infected its intended target, and, if not, lay dormant, doing nothing more than infecting any other piece of computing that came into contact with it.

When Stuxnet found its intended target — high speed centrifuges used to enrich uranium — it issued new control signals that caused those centrifuges to self-destruct.

It took years for Stuxnet to make its way from its point of release to the target centrifuges in Iran’s nuclear program. The infection spread through the most innocent and unguarded of activities: a USB stick placed into a computer here, a download there, and so on. Slowly, invisibly, and patiently, Stuxnet found its target.

Once they knew what to look for, investigators learned Great Hack first appeared in the middle of 2018. Possibly, someone innocently plugged an infected USB thumb drive into the dashboard of a car, to play some music. That vehicle then became a vector for infection, and — like a carrier unaware they’re bringing sickness everywhere because they themselves have no symptoms of illness — infected nearly every device connecting to it, including automotive diagnostic computers, mobiles, tablets, and so on.

Smarter than Stuxnet, the Great Hack could ‘phone home’ — sending a message to an army of infected PCs spread throughout the Internet that would then respond with more specific instructions on how to infiltrate and control a range of devices.

Vehicles in particular were targets of the Great Hack, but they were not exclusively its victims. A new generation of connected kitchen ovens were singled out for infection. Although still relatively rare, those ovens flooded themselves with gas for twenty minutes, then sparked the pilot. The resulting explosions destroyed over a hundred homes.

The Great Hack had two years to pass from device to device and vehicle to vehicle, hiding underneath the systems meant to detect tampering, modifying those systems so they never gave any sign of alarm. Even when it was detected — and, in retrospect, it seems it had been spotted quite frequently — the Great Hack was dismissed as a ‘bug’, and ignored, because we’d grown so used to our devices acting unpredictably from time to time.

The Great Hack would have passed unnoticed — taking up some space in our devices and stealing a tiny bit of bandwidth — if it hadn’t had a timer counting down through sixty million seconds. When it timed out, The Great Hack activated in every infected device almost simultaneously.

Of the thirty-five billion connected devices in operation on that September Saturday in 2020, only one percent were infected by The Great Hack, and only one percent of those went rogue as the virus activated. Three and a half million devices — many of them automobiles — suddenly turned themselves into projectiles, weapons, and bombs.

The wonder of it is that it wasn’t worse. But then, there were some firewalls.

The Great Hack did not have an entirely free reign. Certain classes of vehicles had been designed from a ‘security first’ perspective, using multiple, reinforcing techniques to maintain their functional integrity. Post-Great Hack analysis showed one defense worked far better than any other, relying on ‘safety in numbers’.

One vehicle manufacturer recognised that their vehicles constituted a connected fleet of computers on wheels, and treated each of these vehicles as important contributors to the overall safety and integrity of the entire network of vehicles. When any program tried to change the operating software of any vehicle, it would check with its peers — other vehicles fabricated by the manufacturer, similar in make and model. Those tens of thousands of vehicles would need to agree in the aggregate — by majority vote — before the change could be made. Once any change had been made to any vehicle in that fleet, a record of that change — and its approval by the fleet — would be maintained in a public ledger of changes, a copy of which was maintained by every vehicle in the entire fleet.

Although this may sound a bit complex, the vehicles themselves were able to handle all of this invisibly and — from the human point of view — within a few tens of seconds. Software updates to vehicles are uncommon enough that a short wait to collectively validate the change was deemed acceptable — and, in retrospect, proved very wise. Those vehicles were not corrupted by the Great Hack.

The Great Hack drew a line under the end of the first age of networks, a time when we connected devices together without much thought for how increased connectivity correlates directly to increased vulnerability. We constructed a world with thirty-five billion attack surfaces, and the corruption of one percent of one percent of those devices resulted in chaos on a scale beyond any previously experienced.

That could not be allowed to happen again.

Within five years after the Great Hack, all of the G20 economies had passed laws mandating the immediate adoption of these new ‘consensus security’ systems in all connected products. Once burned, twice shy.

In the post-Great Hack era, connected devices use their connectedness as a way to reinforce their integrity. They’re constantly engaged in conversation with their peers, examining, assessing, and acting as a coherent whole. An attack on any one device can be defended collectively by all devices acting in concert. The whole is much more resilient than the sum of its parts, so attacks have — for the most part — fallen short.

Nothing is ever assured. That much we have been forced to accept in the world after the Great Hack. Yet we can use our intelligence and the connected intelligence of our devices to give us the best possible defense.

“The Great Hack” concludes in Part Three — DISRUPTIONS

One clap, two clap, three clap, forty?

By clapping more or less, you can signal to us which stories really stand out.