People often ask us as a prepper, what is our biggest concern…what keeps us up at night. Most of the concerns we have we believe will play out over the next 5 to 10 years in our nation, but there’s one main 1 issue we truly see as very probable, very dangerous to our nation, and it just happened. America has been hacked in such a way that you really need to understand. Former US Secretary of Defense Donald Rumsfeld famously once said “there are known knowns; there are things we know we know. But there are also unknown unknowns—the ones we don’t know we don’t know.” Those unknown unknowns keep those in the defense, intelligence, and cyber defense forces up late at night. Right now, we don’t know much at all about how deeply and how many systems have been hacked and penetrated by foreign governments. We don’t know what backdoors and ports have been opened. We don’t know what information has been stolen or what critical infrastructure controls foreign adversaries might have access to. We don’t even know how long our systems, files, programs, operators, and detailed secrets have been quietly observed–usernames, passwords, and keystrokes all recorded, logged, and analyzed.
The recent hack revealed in the news wasn’t your everyday penetration of systems and the insertion of a denial of service code. It wasn’t overtly malicious on the surface. It traveled through a contractor’s service patch and lay dormant, but it gave unknown access to unknown foreign agents. You might not think that it will have any bearing on you but think again. This blog will go through the details of what happened and why you should be concerned. Let me warn you. Please don’t gloss over the details of what I’m about to share as the ramifications of this hack could impact you directly. If there was ever a time to make sure you have your affairs in order, now is that time.
1) The Hack
Did you ever get one of those update notifications, and there wasn’t anything you could do on your computer until you updated and restarted? So, imagine the update from six to nine months ago just silently also unlocked your dining room window. Nobody climbed through it. It’s only unlocked. You don’t know because you never even walk by that window, and it was locked a year ago when you checked it. Maybe, while you were sleeping, someone came through that unlocked window every night, raided your refrigerator, your file cabinet, made copies of all your documents, unlocked other doors and windows, hid in your closet and watched you throughout the day, rifled through the glove compartment of your car in the garage, and even hacked your personal computer with another program. That’s the hack we are dealing with here. It wasn’t meant to destroy. It was meant to access and observe.
This hack piggybacked on a patch from the company Solar Winds, a contractor whose primary clients are the United States government. It was launched way back in the Spring of this year and has been active and running, the consensus of intelligence says controlled by the Russian GRU, for all this time. The SolarWinds cyberespionage campaign targeted a dizzying number of government and private organizations. State-sponsored hackers breached SolarWinds and used their auto-update mechanism to deploy a backdoor onto clients’ systems. There were over 40 organizations victimized by the hack that we know of to date. This list should scare the hell out of anyone who understands computer networks and how we use computers to regulate and govern our world. The list includes Microsoft and multiple other tech companies, the cybersecurity firm FireEye, the National Institutes of Health, the US Treasury, US NTIA, US Department of Homeland Security, US Department of Commerce’s National Telecommunications and Information Administration (NTIA), US Department of State, US Department of Health’s National Institutes of Health (NIH), the Cybersecurity and Infrastructure Agency (CISA), the National Nuclear Security Administration (NNSA), and the US Department of Energy (DOE). Any one of those should worry the average citizen, but let’s look at why.
2) The Blast Potential
We have to think that something as critical as nuclear codes isn’t forward-facing on the network. Still, we have to remember the United States malicious worm Stuxnet where US operatives tricked the sensors on gas centrifuges to spin inappropriately. That worm attack installed on a closed system, presumably by someone inserting a thumb drive in a computer in Iran was enough to set back their program several years. Although no country has openly admitted responsibility, the worm is widely understood to be a cyberweapon built jointly by the United States and Israel in a collaborative effort known as the “Olympic Games.” We mean, yeah, that is something we would do.
We cannot clutch our pearls and feign shock when North Korea, Iran, Russia, or others attack us. No sanction is strong enough to stop them, and there are too many ways to hide state-sponsored terrorism. With this hack, we have a pretty good idea of the origin. Our knowledge of the extent of it is growing every day, and it isn’t just a one and done attack. We are very broadly exposed for an extended time. Think of it like the Y2K scare. We need to pull every system possibly affected offline, uninstall, reinstall, scrub them all. We can’t connect them back up to the servers because they will update with the corrupted patches. We can’t just reinstall patches on the servers because the computer clusters or computers could reject or ignore the patches, and we would never know. You can’t pour a solution over it all from the top. The only way is to treat each individual case.
So, just like a bomb, this hack’s blast potential is the largest we have ever seen in the history of computers. Our systems have been laid wide open and observed for the better part of this year from stolen passwords to recorded keystrokes to direct visual observation and the copying of classified and unclassified technology and intelligence. It isn’t as easy as setting up authentication and changing your password. It has to be scrubbed out from the ground to the top.
3) What’s the Big Deal?
To use a similar analogy to understand this hack compared to other hacks. Other hacks are like you waking up in the morning and seeing you and your neighbor’s cars were egged at night. Maybe a person went in your glove compartment and stole your registration or the change out of your center console. This happened to just you and your neighbor, and it’s a big deal, but just to you and your neighbor. In this recent hack, it would be like that open dining room window, but when you realize someone has been in your house for 6 to 9 months, you also realize that the same person has been in every house in your neighborhood at some point and unlocked doors throughout. You can chase them out of one house, but they have a thousand other doors and windows throughout the neighborhood they have unlocked. Did you give your garage door code to a neighbor one time so they could borrow your weed whacker? Guess what, the bad guy made a copy of the paper your neighbor wrote that code on so many months ago. Close one door, and they open the other.
The STUXNET program that set Iranian nuclear enrichment programs back years was just a dabbling with a sensor on a centrifuge machine. It was reading that everything was steady and fine when things were really spinning out of control and overheating. Imagine if all at the same moment these things happened: traffic lights all turned green, nuclear power plant sensors all read normal while water pumps stopped operation. Imagine you wake up one morning and you and everyone you know bank’s accounts have been drained. Imagine if the systems we rely on every day to direct our trains and planes all showed as wide open or all clear, railway guards didn’t come down. Imagine our sewer pumps not working or our dams set to wide open, or drawbridges raised and locked. And once all that machinery is set to its most malicious settings with the sensors reading all is fine, imagine the software running it all just melting down. How long would it take us to rebuild? How much damage would be caused by even one of those events?
Imagine just the traffic lights all set to green in your city. Once the accidents were cleared, every car and truck would have to stop at the intersection’s flashing lights. That means deliveries of food are dramatically slowed down. Imagine just the sewer pumps stop working and that raw sewage backs into the rivers and freshwater supplies. How long until that gets cleared and boil orders are lifted? Imagine that more destructive systems like dams, electrical, nuclear, or natural gas have a significant problem. Failure in one system is a tragedy. Failure in multiple systems is a catastrophe, and how penetrating this recent hack is remains a big unknown. We are finding that it is more profound and longer every day. We have considerable cause for concern, as our entire infrastructure of electricity, water, natural gas, hospitals, police, Homeland Security, have all been potentially compromised for months.
Even if it never impacts you and your identity or bank account directly. However, that is very probable as well with the hack of the treasury, our foreign intelligence agents throughout the world may have been extensively compromised. Our ability to discover and intercept attacks on US soil may be compromised as we scramble to secure our government’s compromised agents around the globe. This hack is a very, very big deal. Indeed, it is likely so much information has been quietly stolen from our collective computer systems that it will take Russian analysts months just to go through it all. Do you remember what you paid in taxes or received as a refund in 2018? Ask Putin, because the treasury was hacked as well.
4) What Can You Do?
At the highest levels, there isn’t much you can do. We are all exposed and have to counter how we can when we can. As a nation, we can stop trying to push for or expect normal relations with Russia, Iran, North Korea, even China. Putin’s only interest is to destroy America.
On a personal level, you can change every single one of your passwords to something complex and new. While that may not stop any large-scale hacking, it is like walking through your private dining room and seeing your window is unlocked. It adds a layer of difficulty and forces hackers to move to easier targets. You could consider closing bank accounts and opening new ones, but this may not do anything either, as they may have long ago opened a port on that bank’s servers and are monitoring new transactions. You could set up multi-layer authentication. Any hurdle you can throw in the way will help a little.
As a country, we need to invest in technology infrastructure solidly. We need to pull all critical systems offline, close them to outside intrusion, scrub them, delete them, and reinstall them. This particular hack could lie dormant for years to come until an operative awakens it, enters through an obscure port, and tampers with files and systems. It’s not malicious code we can just write a sort of antigen or antibody code to counter.
Most importantly, to the prepper, this is just further reason to shake your dependence on the systems that will fail. Store the proper supplies to carry you through the longest of disasters. Be as prepared as you can be for a prolonged grid down situation. It isn’t a question of when anymore. It will happen in your lifetime in your area. It will be as commonplace, at some point, as brownouts or blackouts. We are so technologically dependent that it only takes a bit of a push, the right sensor reading all okay when it really isn’t, for the whole fragile system to collapse.
The extent of this hack isn’t fully understood yet. It’s an unknown unknown, and it will keep a great many people up very late at night worrying. So many systems have been compromised and copied off for so long that we may be dealing with the fallout for years and years to come. Prepare as if several systems could go haywire simultaneously in the future. What could that look like in your community or state? How could you insulate yourself from being directly impacted? What’s the most vulnerable computer system in your area?
As always, stay safe out there.