“The potential for the next Pearl Harbor could very well be a cyber-attack.” – Leon Panetta.
Maybe you’ve only slightly been inconvenienced by the higher fuel cost and higher prices for your Memorial Day barbeque meats. Ransomware attacks like the Colonial Pipeline and JBS meat processing plants are just the early shots fired in a much larger conflict that’s approaching on the horizon. This video is my warning to you that your minor inconveniences because of ransomware attacks are about to get very real and will soon have profound impacts on you. Future attacks could threaten your safety and even your survival.
I work in IT and when people ask me why I am a prepper, for me, this is easily on my top 3 items that I see as a very current, major threat. Unfortunately, most people are completely unaware of how devastating a coordinated cyber attack would be to our survival in this modern society that is increasingly reliant upon automation and systems working behind the scenes.
This video has four distinct parts. The first will examine how all of these systems are interconnected. The second will look at who is responsible for these attacks and address some fallacies of reasoning within our own community. I think this is important to address and while it will upset some, we need to discuss the issue of who is behind these attacks. The third part will look at the five ways cyberattacks will directly affect you. And, finally, the last part of the video will explain some of the things you can do today to protect yourself from the inevitable attack dawning on the horizon. This video is longer than my typical video, but there’s a lot of important things you need to hear and I encourage you to stick to the end as this video is both a warning and a call to action. Now is the time to get prepared for what is unavoidable and already happening.
HOUSE OF CARDS
Imagine your electrical system going out. You would call the providing company, right? Maybe you’d check the internet for outages. If the internet were down on your home computer and your phone, what would you do? Would you pull out your phone book and call someone assigned the job of answering the phone at your electric company? Do you have a phone book? Is your phone working? An automated system replaced the position that answered the phone at the electric company. That’s down. Even if you got through, there’s no one there who can manually look up your 16-digit account number. Besides, they have a slightly bigger problem than your residential need.
Grocery stores are about to lose all their expensive meat, poultry, fish, and eggs. The USDA has indicated that the food will only stay safe for 4 hours after a power outage. Most grocery stores have some short-term backup power and a plan for when the power goes out. Store employees will move cold dairy and meat into a large cooler in the back that will keep food cold for a while. The store can’t sell you anything anyways if all their transaction processing systems are powered off. In the recent Texas outage this last winter, grocery stores had to dump their food in some areas. Like a vision from a dystopian nightmare, the police were deployed to protect the disposed of product in the dumpsters.
Beyond your supply of food, there’s no gasoline because stations can’t pump or transact. Your water may become unsafe if water plants can’t regulate the treatment and flow of water and sewage. Deliveries to your area of any products or services almost entirely have to stop. Routers, computers, phones all require electricity. Communication stops.
How long do you think the unprepared average person of the masses will simply sit at home? Will the looting start almost immediately, or will it take a few hours or days? And this is just a slice of the possible systems that can be affected. If more than one even seemingly disconnected system is shut down simultaneously, imagine how devastating the effect could be. What if electrical systems are locked up on one coast of the country and air traffic on the other coast? How crippling would that be? How long could that last? How many other systems might have to stop as a result? Obviously, those air travelers would have to rent cars or take trains. Neither the rental companies nor the railway companies are prepared for that level of demand. I could go on and on. From catering services to travel to communication, thousands of industries can grind to a halt with one or more system failures.
These systems, too, haven’t kept pace with technology. The adage “if it ain’t broke, don’t fix it” doesn’t work well in the information technology industry. IT has to continually stay a step ahead of hackers with their security. They have to do more than have users update their passwords every 60 days. Still, many meat processing plants are using systems running Windows 98. That’s 98 as in 1998–23 years ago. To understand why this is a technology problem, try and remember the computer system or cell phone you had in 1998 compared to what you are using today.
Some recently hacked water plants were running Windows 7. That was released in 2009–12 years ago. From a security standpoint, any software that old is like having an open door and an open garage on your house when you’re not home. Software from 1998 is like handing known burglars a list of items in your house and the schedule of when you’ll be away. Microsoft doesn’t even support these old systems anymore. Nobody is spending their programming hours creating fixes and patches for these systems, but I guarantee you thousands of people have been trying to exploit and hack into these systems for many years and they’ve gotten quite good at it.
Even if a company’s IT is top-notch with the latest and greatest security protocols, hackers can find the one weak link. One employee visiting their Facebook page and clicking on a link could provide access to the company’s network. A hacker can just sit there and start documenting keystrokes until a new password and system are revealed. The most recent data breach of Facebook exposed the personal data of 533 million users. The data exposed included phone numbers, DOB, locations, past locations, full name, and in some cases, email addresses. All it takes is one employee to open that spoofed email from the CEO and click on the file as the CEO instructed and…poof…all those millions of dollars spent on security systems and IT personnel are suddenly as useless as the Maginot Line was for France against Germany’s armies. I have owned and operated a web-based company for many years. I have witnessed firsthand that companies often don’t want to spend the money to upgrade their systems when technology is changing quickly and a piece of software that is not properly maintained can be hacked in a short time.
Even systems wholly disconnected from the internet are vulnerable. Stuxnet, which was believed to be developed by the CIA, was deployed into the Iran uranium centrifuges through a thumb drive. It set the Iran nuclear program back for years by causing the centrifuges to spin at different rates. All systems, everywhere, are vulnerable. So, what happens when those systems are our military, satellite, or infrastructure systems? What happens when the attacks are combined and occur in clusters at the same time. What we have seen in 2021 with the Colonial Pipeline, Water Plants, JBS meat processing, and the 290-plus other enterprise attacks from just six ransomware groups should only be considered the tip of the sword. These attacks will occur with greater frequency and with greater magnitude. Multiple systems will be coordinated to fail at the same time.
One of the questions in the comments on a City Prepping video about the JSB meat processing attack asked, “How could this shutdown a whole plant. After all, isn’t it one guy with a knife and a slab of beef?” That one guy with the knife is part of the equation, and he probably doesn’t need a computer to tell him where to cut; however, the belt that moves those slabs along runs on a computer. Computers run the receiving part of the plant that takes in the live cattle. The billing, quantities, cuts, packaging, and orders are all run by computers. The shipping is all run by computers. We are far, far away from the rancher with a cow who does his butchering, and you pick it up in your truck. Do you say you don’t know a rancher, a butcher, or own a truck? Well, then, you understand the problem.
Our world is utterly dependent upon these automated and computerized systems. They are all interrelated like parts of one giant brain. Ransomware hackers seize up parts of that brain. If the parts of your brain that controlled your speech, left hand, and right leg suddenly stopped working, you’re not going to do too well. If you imagine our society as one big body, you may understand what a threat these ransomware attacks are.
WHO IS RESPONSIBLE?
Ransomware hackers are primarily about profit. Governments supporting them are primarily about disruption. Whether they are a small-time operation calling from India to guide you through an emergency repair to your system hoping to dupe you into revealing your username and password, or they are a Nairobi Prince trying to send you a secret inheritance outside the banking system to trick you into getting access to your bank account, these hackers have been around for a long time. Just one person falls for one of these low-level scams, and they make a considerable profit. One US Dollar is worth over seven thousand Indian Rupees at the time of this video. It’s easy to dismiss this level of scammer, though, because we take our own responsibility for our security. We may be smart enough to always remain out of their snares.
The next level up is the hackers who hack systems to get large chunks of data, but they may lack the means to further process or exploit the data. This group profits by selling the data, be it password and username combination, telephone numbers, bank account numbers, or other information, to hackers bent on using that information to get more information or enter systems to get more information.
Out of this desire for profit came the ransomware hacker. Ransomware hacks used to be just individuals. A computer user clicked the wrong link, and suddenly it will cost them a few hundred dollars to unlock their computer. In recent years, the ransomware attack has realized that the real money is in companies. Their reputations are on the line. Their services are vital. There’s a more significant pain inflicted on the captive, so more money will be paid.
Not all ransomware hackers are state-sponsored, supported by Langley, Moscow, Pyongyang, London, or Beijing, but to assume that Putin doesn’t know what happens within his borders when a ransom gets paid to the tune of several million would be naive at the least. To think that Kim Jong-un doesn’t know what computer clusters are working in North Korea would be naive. To think Washington, Langley, and the CIA don’t know who here in America is using international systems to hack foreign entities would be naive. The fact is that when a government finds a person or group responsible for a significant exploit or ransom within their borders, they arrest, interrogate, and then either hire the individual or group to help them defend their systems, to exploit other countries, or allow them to work unabated at specific countries or targets. In many cases, they supply them with better equipment and resources. In some cases, governments may take a cut of the profits.
One baseless theory that has gained some internet traction despite having no evidence to support it is that governments are doing this to create desperation in the people. The theory posits that people will become so desperate that they will then allow governments, communists, socialists, corporations, or insert a villain of your choice into allowing ourselves to be subjugated and regulated. I find this humorous, and I’m shocked at how much traction this theory gets in the prepping community. Ardent supporters of this theory are only playing out a fundamental error in reasoning and accepting a logical fallacy as truth. To take this theory as truth, you have to accept these truths as well: First, the villainous corporation, government, or unorganized political philosophy thinks it is better to profit off you when they already are profiting off you. And 2) you aren’t already willingly being regulated, controlled, and tracked by a system when you swipe your card, accept a call, place a call, get in your car, search on the internet, make an online purchase, buy a movie ticket, and so on and on and on. Here are two facts for people who believe that governments are self-inflicting these attacks on their people versus weaponizing these attacks to strike other countries. First, they don’t need to corral or cajole willing participants. Your consumerism already makes you a willing participant. Second, and this one is hard for many people to understand, you aren’t that important. These more conspiratorial fringes that buy wholeheartedly into some of these theories despite there being zero actual evidence are not some organized, uncontrollable, and completely free people. There isn’t any hacker interested in your small bank account enough to sit out in front of your house, stakeout-style, until you log in to pay your bills online that month. It would be far more profitable to pursue the easier mark who willingly believes that the social security administration just locked their benefits and requires them to log in immediately. At the same time, that other person watches them on their computer. In the big scheme of things, you’re not so important that massive, unprovable theories have to be invented to subjugate and enslave you. They just need you dependent, underpaid, and persuadable by their marketing. If a person can’t see it or doesn’t understand it, it isn’t automatically the most outlandish conspiracy they can seize upon.
But, let’s return to the core question here: Who is responsible? People interested in profits and disruption. If governments don’t directly support these ransomware hackers, they are often indirectly supported by governments knowingly allowing them to operate within their countries. Do you really think Putin, who is known to have ordered the poisoning, imprisonment, and assassination of political rivals, isn’t wholly aware of a 4.8 million dollar ransom being paid to hackers hailing from an Eastern Bloc country he controls? That’s how much Colonial Pipeline company paid. JBS paid $11 million to ransomware hackers in Eastern Bloc countries to get their plants open again. When oil demand surges, so do Russian oil profits. When ransoms are paid, maybe some of that flows up to the big bosses. It may prove similarly challenging to shut down a criminal software industry that’s also making its perpetrators millionaires. When America suffers, it does drive the people to seek solutions to a destabilized country and a faltering infrastructure. If one of those solutions is for the American government to step in and begin controlling utilities and infrastructures, that’s the very definition of communism– state-controlled utilities and the means of production. So, Kruschev wins the long game. SunTzu said it best, “The supreme art of war is to subdue your enemy without fighting.”
The fact is, through Internet Protocol (IP) addresses, server addresses, logins, and a country’s internet structures, any action online can be traced back to a general area. Complete deletion isn’t possible. Even spoofing the systems by going from one country to another can eventually be tracked to the point of origin. Digital forensics is time-consuming, but it is nothing like the old movie scenes where you have to keep the bad guy on the line long enough for the trace of the phone. Every action online or through a computer system leaves some type of digital fingerprint. When enough fingerprints are collected, you tend to have enough to point a singular finger of blame.
In the case of the 4.8 million paid to free the Colonial Pipeline, the FBI obtained access to the crypto wallet because the company in charge of the wallet was under U.S. jurisdiction so the Feds were able to retrieve it. If the wallet hadn’t been held in the United States, which the perpetrators probably assumed would be the last place U.S. forces would look, and it was held in another country, you wouldn’t have heard about it in the news. No court order would have been sought, but the CIA would have seized the money and funded some other operation somewhere. Governments are all over these attacks and on both sides. The new cold war is digital. It’s just the motivations some people don’t have right. They aren’t out to subjugate you by attacking your infrastructure. They are looking to profit monetarily from your loss and destabilize your economy and country in the process.
So while some operations are small-time, many are big-time. All the big-time operations are state-sponsored, directly or indirectly, in some way. Ransomeware attackers must select targets big enough to pay up but not so big that governments intervene to shut the ransomware operation down. They have to choose ransom amounts carefully. They want a big payoff, but they also don’t want to demand so much that victims just throw up their hands and decide to take the data loss. And supporting governments benefit in big and small ways from the chaos inflicted on their enemies and competing markets.
5 WAYS CYBERATTACKS WILL IMPACT YOU
How bad can it get? Put the words large-scale in front of anything to acquire an understanding of how bad it could get. Large-scale industries have enormous infrastructure, raw materials, high workforce requirements, and significant capital requirements. It’s everything from the large-scale computer, communication, and data networks to large-scale manufacturing and commercial farming operations. Any operation or system that is consolidated and large in scope can have dramatic failures and a lasting impact on how we live our lives.
The first way cyberattacks will impact you is the most obvious– prices. Even if no shortage occurs, but there is a stoppage in the flow or a threat of a bottleneck in the flow, prices will go up. When prices go up, they rarely, if ever, go back down. We aren’t short of gasoline, yet the price soared on perceived supply line threats. We weren’t short of toilet paper until people panicked and bought enough in a day to last them a year. A shortage that is either actual or perceived drives prices up and increases market volatility. One price increase in large-scale operation ripples to other, seemingly non-related, price increases. A gasoline increase results in higher costs for trucking and shipping. That ripples over to price increases on everything you buy. I assure you, the captains of industry will not just absorb those costs and hope prices drop again. Those costs will be passed on to we consumers. And watch for greedy and under-handed captains of industries to orchestrate attacks on their own systems to pull revenue out of the company’s pockets and into their personal offshore, untraceable accounts. Insurance fraud is a real thing. Logically, the same fraud is possible here.
Service interruptions are not just your utilities. If your health insurer’s computer systems are locked up by ransomware, your doctor isn’t likely to see you. Your surgeon isn’t expected to do that operation you need. If ADP gets locked by ransomware, millions will go unpaid. It’s not likely the grocery store is just going to lend these poor victims the food they need to get by until systems are restored. Even if something as seemingly innocuous as a cloud computing company is victimized by ransomware, it could cause 1000s of service interruptions from social media to your news feed to your ability to do a transaction at the convenience store to your digital credentials. Even the most isolated of ransomware incidents can have far-reaching service interruptions in your life.
When a ransomware attack is big enough, we suddenly become aware of how incredibly interlaced these systems are. The failure of one results in another having to stop as well. Sure, you could hand process all that beef because it is, after all, a person with a knife. But, the system is built on computerized conveyors, computerized packing, computerized shipping, computerized safety inspections, computerized reporting, computerized receiving, computerized invoicing, and accounting. When the flow of beef stops, the truckers are sidelined. 1000’s of people are suddenly without work. That means 1000’s of people are not making money the days or weeks after a ransomware attack. That means fewer dollars circulating in the economy and more people clutching their purses and adopting a “let’s wait and see what happens” attitude. Even one successful ransomware attack is like a solid punch in the gut to a nation’s economy.
As these attacks become more frequent and with greater magnitude, so too will the public demand for the government to step in and fix the problem. This, as I mentioned earlier, is the very definition of communism: “the major means of production, such as mines and factories, are owned and controlled by the public”– the public being the government of the people. 80% of our grid is owned and operated by private companies. When those companies fail to harden off and defend themselves from cyberattacks properly, the people will demand the government step in with meaningful consequences and solutions. Again, here is where some of the thinking derails, and people suggest governments and big businesses are self-inflicting these attacks on themselves to gain control over you. As pointed out earlier, the flaw in that thinking denies two proofs. One is that profits outweigh people. It’s not in a corporation’s best interest to jeopardize its revenue and reputation in exchange for government control. And, second, you and every other consumer is already a willing revenue-generating participant who voluntarily allows yourself to be tracked and regulated.
Still, the possibility of government overreach overshadowing our everyday lives is very, very real as it struggles to stay on top of a technological world seemingly out of control with cryptocurrency, information, and automation. The FBI recently attempted to subpoena records from USA TODAY to identify readers of a February story about a southern Florida shootout that killed two agents and wounded three others. The request was rightfully denied, and USA Today stood its ground. Still, the government sometimes formally asks and sometimes just takes what it wants clandestinely, as was the case with the operation PRISM surveillance program exposed in 2007. Expect as these ransomware attacks continue and the government struggles to stay ahead of them, and on top of the tech explosion, your rights will, at some point, be trampled over.
As large and harmful as these attacks may have seemed to many, what we have seen today is just the beginning. Like in any industry (and ransomware is an industry), there will be a coming consolidation of attacks. Don’t be surprised if both the water company and the phone service go out simultaneously, or rideshare companies and your local electricity provider, or multiple utilities at the same time, or an automaker and a steel company. As is the nature of all things, the attacks will start to combine to increase the more significant effect and increase the pain and pressure on would-be ransom payers. In a way, we have been lucky with these smaller tests of the systems. Governments will weaponize the minor weaknesses their ransomware hackers have discovered and will launch a more significant, all-out, retaliatory strike at some point. That’s when things will get very bad, very fast. These early attacks are unsophisticated tests of our systems compared to the coming orchestrated Cyber Pearl Harbor of attacks still to come. Then-Secretary of Defense Leon Panetta warned of a large-scale coordinated attack on critical infrastructure that “would cause physical destruction and the loss of life, an attack that would paralyze and shock the nation and create a profound new sense of vulnerability.” That was nearly ten years ago, and here we are now at dawn on the day of that battle.
WHAT YOU NEED TO DO TODAY
You need to examine the fundamental aspects of your survival. Today, take steps to reduce your complete dependence on water, food, power, sewage, fuel, medicine, police, fire, and all of the just-in-time systems that provide all these. Make a checklist of these systems and determine your level of dependence and determine your Plan B. If the sewer system fails, what’s your plan. It’s less than desirable, but what plan can you implement to get by while maintaining your health and safety. If the water system fails or a boil order is given simultaneously as the gas or electricity is off, what’s your short-term Plan B to keep yourself in the essential life-giving element of water? If more than one just-in-time delivery of food stops along with any other ransomware attack, do you have enough food to survive for 3-weeks, 3-months, or longer? Are any of your plans dependent on a quick run to the store like a million other desperate people? You might want to rethink your plan if it does.
Your medical, police, and fire services might not be available. What’s your Plan B to get the help you need? Could you extinguish a fire burning towards your house or in your home? Could you treat someone or yourself if you had the flu, a dislocated joint, a broken bone, or a damaged tooth? Could you defend your home against an invasion of the desperate and unprepared? Get a Plan B for each of the critical systems. If you never have to implement your plan, you will be assured that you can survive better than the general masses.
You can look at some of the other videos on this channel to understand how things will unravel rather quickly after a cyber-disaster of more than 90-days. I will link to other videos at the end of this one. Once people run low on their own supplies and see little hope of the government restoring systems, things will descend into chaos rather rapidly. You will want a Plan B ready for when it does.
These ransomware attacks are just the early few shots in a much larger cyber-cold war. We can either be the innocent casualties of that war, or we can take steps today to insulate ourselves from utter dependence on systems that will be brought down. There isn’t a piece of antivirus software or a quick patch IT can put on our country’s infrastructure. When these attacks start attacking more than one system simultaneously, our barely functional just-in-time systems will fail in a stunning collapse. Your best hope is to prep today for this genuine threat.
What do you think? What’s the most vulnerable system you see, and what effect will it have on us when it fails? Let us know in the comments below.
As always, please stay safe out there.