The Virtual 9/11

Point-of-Sale systems may be the ultimate IT Security vulnerability

Nearly everyone in the world today remembers what he or she was doing on September 11, 2001. I was on a flight from Chicago to Detroit, already in the air, when the first plane hit the towers. Our world changed channels that morning; it was as if we switched from Cartoon Network to the military channel in a blink of an eye.

In the last 10 years, I have traveled nearly 500,000 miles — from Europe to Asia to South America to Africa and back again. The increased security measures that once seemed like an incredible burden are now a normal, everyday occurrence. In an almost rhythmic cadence, I can undo my belt, remove my shoes, and extract my laptop from my bag, placing them all on the conveyor automatically.

Due to my role at Trustwave SpiderLabs, I have witnessed many cyber attacks and know firsthand what the most bleeding edge of cyber adversaries are capable of. To me, their motives, their tactics and even their core techniques have not changed in the last 20 years. These are just being applied towards newer, larger targets with greater impact. Could someone mount a devastating cyber attack against a nation or a group of nations? To fully understand how this could happen, we need to crank back the clock to understand how we got to the world we have today.


IRC Network Exploits

During my college years, I was an oper, or an administrator, of a chat server very much like the ones that the hacktivist groups call home in 2011. It was a text-based system, with private chat and file transfer capabilities. Back in the mid-nineties this system attracted nearly 10,000 people per day and was connected to a vast chat network known as Internet Relay Chat (IRC).

On this IRC network, early adopters of Internet technology explored situations that are very common for the general population to engage in today. Just as there were people who used IRC for positive motives, there were those who saw it as a way to engage in malicious activity. From time to time, virtual battles took place, typically consisting of people taking over the chat rooms of others, and kicking out all the individuals who legitimately wanted to be there. The attackers often planted bots in the rooms to maintain control. These wars eventually escalated to attacks against the systems that ran the IRC servers, the personal computers of the opers and the users of the chat network.

One morning, upon checking my inbox from my dorm room, I found hundreds of angry emails: someone had hacked into a system I used to maintain the IRC server and issued privileged commands to systematically disconnect all of the chat network servers from each other. The result was total disruption of communication between dozens of systems and hundreds of thousands of users from around the world. It took more than 24 hours to bring the entire network back online and stabilize it again.

The attacker did not exploit some zero-day vulnerability, rather, the attacker was someone known for only a short period of time and given access by someone I trusted to help maintain the IRC server.

In the 1990s, when the largest, most popular IRC network was taken out by a person with malicious intent, no one outside of the circle of opers who maintained the network knew about it. It didn’t make the news and no measurable monetary losses were measured or reported.

In today’s world, there are hundreds of thousands of networks used to communicate — all dependent on similar operating systems, applications and even network protocols. A catastrophic virtual 9/11 event might not be much more complicated than the story I just told, but we know the adversaries of today much better and an attack would not be that simple.

Simply shutting down a communication network for 12 hours may not have a lasting impact on targets. With a little imagination, they could devise a plan far more devastating. Below is just one example:


The Virtual 9/11 Stage One: The Quest for Data

This content continues onto the next page...