Slashdot Mirror

← Back to Stories (view on slashdot.org)

Four Threats For '09 You Haven't Heard of

Posted by ScuttleMonkey on from the fear-mongering dept.

ancientribe writes "Security experts are cautiously on the lookout for some lesser-known but potentially lethal threats that could be more difficult to prepare for and defend against in 2009. These aren't your typical enterprise hack attacks. They're mainly large-scale Internet threats — attacks that knock out sections of the Internet infrastructure, radical extremist hackers, Web attacks that adversely affect online ad revenue, and even the unthinkable: human casualties as a result of a cyberattack." Also known as the new group of things the fear mongers will use to make you do their bidding.

2 of 126 comments (clear)

  1. Re:"The Unthinkable" by betterunixthanunix · · Score: 4, Interesting

    People often forget that many real world, physical system have internet connections, and therefore many people cannot even fathom the idea of a cyberattack resulting in human death. I read about a hack a few years ago that nearly resulting in a man being shot and killed by a SWAT team: somebody had spoofed the phone system and issued a call to 911 indicating that he was holding a family hostage, and the SWAT team arrived and very nearly shot the father in that house. The kid who executed the hack never even considered the possibility that a SWAT team with automatic weapons might actually fire their guns during the confusion (or so he said when he was arrested by the FBI). TFA indicates that a malware attack hit a UK hospital and shut down the computer systems, forcing doctors and nurses to search for paper records.

    --
    Palm trees and 8
  2. Re:human casualties as a result of a cyberattack . by Gordo_1 · · Score: 3, Interesting

    It's not that simple. You forgot about embedded systems. For example, a few years ago as an employee of a security software company, I had a conversation with the head of IT at one of the largest healthcare providers in the U.S. The conversation went something like this (I'm paraphrasing):

    Him: We have a had a heck of a time dealing with systems ping-ponging the Blaster worm at each other. Rebooting them fixes the problem temporarily, but eventually they just get reinfected.

    Me: Sounds pretty straight forward, we can help you remove malware from infected systems.

    Him: Well, a lot of our "Windows systems" are actually portable medical devices like kidney dialysis, heart monitors and life support machines running embedded Windows NT. They are built by the manufacturer with a particular software load and certified by the Department of Health. I can't change so much as a registry key on them or they will no longer be certified for use in a hospital.

    Me: So let me get this straight, you're saying that you have life support systems that are infected with worms and you can't disinfect them because the procedure would make the life support system less safe than it is with active malware on it?

    Him: Beyond rebooting and using external firewalls to block worm packets, my hands are tied so long as the system continues to perform its primary function.

    Me: Have you considered just disconnecting them from the network?

    Him: No can do. We need to monitor status and administer remotely.

    Now, I'm not saying that this situation is still true today or even that it was representative of the state of the healthcare industry at the time, but I find it highly believable that a virus/malware/worm outbreak somewhere *has* had an impact on someone's life.