Can a "big hack" strike an entire city?
Yahoo announced Thursday that its network was hacked back in 2014. It was a big one, with at least half a billion stolen user names, email addresses, telephone numbers, birthdates and passwords.
This latest revelation of a high-profile breach – linked to a “state-sponsored actor” – is unsettling enough, but what could happen if an entire city like New York was hacked?
That’s the dramatic premise laid out in Reeves Wiedeman’s recent article in the New York magazine.
The scenario starts with a single car on the West Side Highway taken over by hackers.
“So if someone hijacks a car, what could they do?” asked “CBS This Morning: Saturday” co-host Vinita Nair.
“A lot of things,” Wiedeman said. “If this SUV suddenly slammed on its brakes or suddenly veered to the left and hit another car, you could be talking about a pretty massive pileup.”
That
pileup brings traffic to halt, then the hackers get more aggressive on nearby
highways and bridges.
“It is possible to hack more than one car at one time. It’d be just as easy to make all the cars slam on the brakes as it would be
just one vehicle,” Wiedeman said.
As emergency crews respond to accidents, nearby hospitals prep for patients.
That’s when they realize they’re locked out of their systems too.
“An organization will attack a hospital and basically lock doctors, nurses, everyone out of the hospital’s network,” Wiedeman said.
The coordinated attacks set the stage for Wiedeman’s article in New York magazine called “The Big Hack.”
“How did you even think about writing it?” Nair asked.
“It’s a piece of sort of reported fiction,” Wiedeman said. “We wanted it to be based very much in reality.”
Last year, Wired showed how hackers could take control of a Jeep through its entertainment system while a driver is going 70 mph on a highway.
And this year, the hackers demonstrated how they could have taken over the steering wheel had Jeep not fixed the vulnerability.
Dozens of hospitals in the United States have also already been targeted.
“Most of these attacks happen because someone opened an email and clicked on a
link that they shouldn’t have and unleashed malware onto their computer,” Wiedeman said. “And from there, hackers were able to get to every part of the system.”
But Wiedeman’s doomsday scenario takes it one step further – the power grid is turned off, elevators connected to the web breached and subway service compromised.
“What is the incentive here for the hacker? Is it psychological?” Nair asked.
- FBI probing after hackers cripple computer systems at major hospital chain
- California hospital computer system taken "hostage"
- Hacking Your Phone
- FBI looking into reports of White House hack
“In the same way that, before an event like 9/11, people weren’t scared about people driving planes into buildings, or at least it wasn’t a serious thing. The psychological impact of an attack like this would be really significant,” Wiedeman said.
This past summer, President Obama issued a policy directive on Cyber Incident Coordination, which outlines how the public and private sectors can better respond to an attack.
“I think it’s an exaggeration of the sorts of scenarios that government officials have been planning for,” said CBS News senior national security analyst Fran Townsend, who was also a homeland security advisor for former President George W. Bush
“Are there constantly drills where experts are brought in in the hopes of hacking so they can see how the systems would intermingle and respond?” Nair asked.
“Yes.
Now, we need to do more of it,” Townsend said. “I think what happens is, you
plan to do more of that than you actually get to do when you’re in government because
you’ve got to deal with the crisis of the moment.”
“What is your estimate of when something like this could happen?” Nair asked.
“Doing attacks like taking out cars, taking out the power grid in particular, is something that would take months and would take expertise in a variety of things and would take a lot of trial and error and a lot of expense,” Wiedeman said. “This is something that isn’t gonna happen tomorrow. What’s certain is we’re going to see more attacks like this.”