A Jujitsu Approach to Cybersecurity – How a Hacker Figures Out a Way to Manipulate the Force of the Internet to Defeat It.
We know already how scary it was for those Facebook addicts when their Monday morning ritual of “liking” their friends’ weekend pictures was suddenly halted. Even worse, the day of October 21st , 2013 was probably the least celebrated birthday morning ever. “What do you mean my friends can’t wish me Happy Birthday?!” screamed my daughter .
Many Facebook users switched to Twitter and immediately started threads about the Mayan apocalypse. That morning people were so outraged about not being able to post comments on Facebook that they even forgot about the Obamacare website’s first day fiasco, and brushed it aside as a lower priority problem that can be dealt with later. Luckily, the panic was short lived as Mark Zuckerberg’s team saved the world by fixing the issue. My daughter could finally watch her friends’ creative birthday posts show up on her page in a matter of seconds after the site started running properly. The rest of us went back to complaining about the troubled federal health care online system.
While radio hosts and TV commentators joked about the problem that we were faced with that Monday, the situation can be more serious than we think. When NATO invited Charlie Miller to discuss insights of security issues in the world, he came with some shocking observations. Miller, a world-class hacker who was recently hired by Twitter to fix its system vulnerabilities, said at that conference that he can crash the Internet in a matter of seconds.
Everyone who knows anything about Miller believes that he can. He has showed his unprecedented skills on many occasions. He was the first to fully compromise the iPhone through its web browser, he revealed a software glitch that would have allowed him to take control of every iPhone on the planet, and he won a prestigious hacking competition by compromising a MacBook Air in two minutes. He followed it by a series of never-before-done hacks that showed his genius but resulted in having his Apple developer license revoked for successfully cheating Apple’s safeguards. He is one of the most controversial figures of the Internet who now has been using his exceptional skills to make a living and advise the best. Before joining Twitter, he worked for five years for one of the largest US intelligence organizations, The National Security Agency. Miller’s regular presentations at the NATO Cooperative Cyber Defense Centre of Excellence’s annual conventions are always highly anticipated.
Miller’s presentation raised hair. He discussed an experiment that he had conducted. He explained that the experiment started out when he first imagined that the former North Korean leader Kim Jong-Il who forced Miller to crash the Internet and take control of some of the most protected computer systems in the world kidnapped him. In the scenario, Kim Jong-Il’s goal was to dominate cyberspace. Miller’s presentation continued with a detailed step-by-step account of what and how he would go about fulfilling Kim Jong-Il’s goal.
Miller calculated that it would only take about 600 people around the world and roughly $50 million dollars. His team would consist of specialists such as developers who would design necessary software, vulnerability analysts who would look for bugs in the code, exploit developers who would conduct research or botnet collectors whose role would be to take over the actual computers around the world. He then discussed the timeframe of every stage of the attack. Miller estimated that the attack would start being noticed after about two years of researching, planning, and implementing of the take-over but the final stage would need to happen in a matter of seconds. He thinks it is doable.
Miller pointed out many serious Internet flaws that need attention if we are to avoid a potential cyber attack. $50 million dollars is a hefty price tag but not when paying for control of the world. After all, this is about what any army pays for a single fighter jet. Even though it now sounds like a sci-fi movie, Miller’s imaginary scenario can someday be a reality. The bottom line is that the world needs more Millers and Zuckerbergs to remind us that the cyber world has taken over our lives and that the government is not doing enough to protect us. It appears that it is no longer a question of “if” but rather “who” and “when” decides to control us.