Got two-and-a-half hours to spare?
Maybe instead of settling down to watch “Mission: Impossible – Dead Reckoning Part One”, you could check out this video where FBI director Christopher Wray warned the US Congress earlier this week of the risks posed by Chinese state-sponsored hackers.
As Wray described to the House select committee on the Chinese Communist party, a botnet operated by Volt Typhoon hacking group has been disrupted by law enforcement agencies.
The “vast majority” of affected routers are out-of-date NetGear and Cisco gear that are deemed to have reached their “end of life” and are no longer receiving security updates.
The routers were vulnerable to being recruited into Volt Typhoon’s so-called KV botnet if left unpatched. However, a court-approved US operation has deleted the malware from affected routers and took steps to prevent reinfection.
According to the FBI’s Wray, Volt Typhoon is compromising small businesses and home office routers to hide the origin of future Chinese-backed cyber attacks.
“China’s hackers are targeting American civilian critical infrastructure, pre-positioning to cause real-world harm to American citizens and communities in the event of conflict. Volt Typhoon malware enabled China to hide as they targeted our communications, energy, transportation, and water sectors.”
Committee chairman Mike Gallagher said the attacks were the “cyberspace equivalent of placing bombs on American bridges, water treatment facilities and power plants.”
Although it’s a headline-grabbing thing to say, there is some truth in it. We have seen cyber attacks by nation-states against water facilities and electricity grids in the past. If successful, such attacks could have a significant impact.
Russia, for instance, managed to cut off internet access for tens of millions of Ukrainians, and in a separate cyber attack disrupted the power grid in the war-torn country.
“There is no economic benefit for these actions. There is no intelligence-gathering rationale,” continued Gallagher. “The sole purpose is to be ready to destroy American infrastructure, which will inevitably result in mass American casualties.”
Another speaker at the hearing was Cybersecurity and Infrastructure Security Agency (CISA) director Jen Easterly:
“This is a world where a major crisis halfway across the planet could well endanger the lives of Americans here at home through the disruption of our pipelines, the severing of our telecommunications, the pollution of our water facilities, the crippling of our transportation modes – all to ensure that they can incite societal panic and chaos and to deter our ability [to marshal a sufficient response].”
Hmm.. maybe snacking on popcorn while Tom Cruise prats around on a motorbike makes for a less troubling watch after all.
It's madness to connect utilities installations to the Internet. What idiots run these businesses?
Perhaps they are controlled by the kind of idiots that ran, and still run, the Post Office. Managers are deluded that they are I.T. experts.