When thinking of cyber security, it’s easy to associate hacking with stealing passwords, personal data and fraudulent activity. However, have you ever wondered how far hacking can go? Turns out, hacking can go to extremes you could never imagine – as black hat hackers are now using their skill sets to cause disruption that could be deadly.
To demonstrate the complexity of cyber security and hacking, here are deadly hacks that you didn’t know existed.
Malware, or “malicious software” is an umbrella term that describes any malicious program or code that is harmful to systems – It seeks to invade, damage or disable computers, computer systems, networks, tablets and mobile devices, often by taking partial control over a device’s operations. So how can it be deadly?
In 2017, Australian Security Consultant Julian Gutmanis was summoned to a petrochemical plant in Saudi Arabia to help deal with an expected cyber-attack and what he found made his blood run cold.
Gutmanis had found that hackers had deployed malware that allowed them to take over the plant’s safety instrumented systems which were the plant’s last line of defence against life-threatening disasters. These systems are designed to kick in if they detect dangerous conditions, returning processes to safe levels or shutting them down altogether by triggering actions such as shutoff valves and pressure-release mechanisms. In this instance, it was the first time the cyber security world had seen code that was deliberately designed to put lives at risk.
Fortunately, a flaw in the code exposed the hackers before they could do any harm. It triggered a response from a safety system in June 2017, which brought the plant to a halt. Then in August, several more systems were tripped, causing another shutdown. Had the intruders successfully disabled or tampered with the safety systems, the results could have been catastrophic. In a worst-case scenario, the rogue code could have led to the release of toxic hydrogen sulphide gas or caused explosions, putting lives at risk both at the facility and the surrounding areas.
To read more about this story, click here.
Whilst triggering industrial accidents is a major threat to entire communities, hackers are also able to target individuals in deadly ways. Recent news has surfaced that hackers are able to manipulate cancer scans, allowing them to add or remove images of malignant tumours, therefore placing patients at risk of misdiagnoses.
A new study titled ‘CT-GAN: Malicious Tampering of 3D Medical Imagery using Deep Learning’ showed that the altered scans successfully deceived both radiologists and artificial intelligence algorithms used to aid diagnosis. Beyond placing patients at risk of misdiagnosis, deliberately tampering with scans could aid insurance fraud, ransomware, cyberterrorism and even murder. Furthermore, attackers can even automate the entire process through malicious software which can infect the hospitals network.
“Our research shows how an attacker can realistically add or remove medical conditions from CT and MRI scans," says Dr. Yisroel Mirsky, lead researcher in BGU’s Department of Software and Information Systems Engineering (SISE), project manager and cybersecurity researcher at BGU's National Cyber Security Research Center. “In particular, we show how easily an attacker can access a hospital's network, and then inject or remove (images of) lung cancer from a patient's CT scan."
To demonstrate the feasibility of the attack, with permission, the researchers broke into the network of an actual hospital and intercepted every scan taken by a CT scanner. “The scans were not encrypted because the internal network is usually not connected to the internet. However, determined intruders can still gain access via the hospital's Wi-Fi or physical access to the infrastructure," Dr. Mirsky says. “However, these networks are now being connected to the internet as well, which enables attackers to perform remote attacks."
To read more about this story, click here.
Would you ever expect that a hacker could control your vehicle remotely?
A hacker has recently broke into thousands of accounts belonging to users of two GPS tracker apps, allowing them to monitor the locations of tens of thousands of vehicles and in some cases, allowing them to turn a vehicle's engine off whilst they were still in motion.
The hacker reportedly hacked into more than 7,000 iTrack accounts and more than 20,000 ProTrack accounts, two apps that companies use to monitor and manage fleets of vehicles through GPS tracking devices. The hacker was able to track vehicles in a handful of countries around the world, including South Africa, Morocco, India, and the Philippines. On some cars, the software has the capability of remotely turning off the engines of vehicles that are stopped or are traveling 12 miles per hour or slower, according to the manufacturer of certain GPS tracking devices.
By doing this, the hacker could cause a lot of disruption and could furthermore cause accidents. However, the hacker reported that they did not kill any car engines as it would have been too dangerous. The hacker further stated that he performed the exercise to highlight the dangers to the customer in a bid for the tracking devices to become more secure.
As part of a series by WIRED in 2015, Hackers were able to hack into a Jeep Cherokee remotely via the Internet. The hackers were able to distract the driver by playing loud music, turning the air conditioning on full and by messing with the windscreen wipers. The hackers furthermore were able to kill the car’s engine, showing how dangerous the future of hacking can possibly be.