Cyber Attack Or Electromagnetic Pulse Attack Assault Launched U.S. Own Government

1 year ago
7.77K

Cyber Attack Or Electromagnetic Pulse Attack And What are the odds of a worldwide power failure? This video will explain the real truth about the probability as presented by top people from government, military, science, the political arena, and the media. If you consider a 50% or better probability of this event occurring in the next few years with the fatality rate of 90% then maybe you should look at it in the context of the money you spend for car insurance, health insurance, term life etc. The probability of dying in a car crash is 1 in 50,000. Do the math.

A cyber attack is an assault launched by cybercriminals using one or more computers against a single or multiple computers or networks. A cyber attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks.

Executive Order Highlights Electromagnetic Pulse Threat

Executive Order 13865—Coordinating National Resilience to Electromagnetic Pulses By the authority vested in me as President by the Constitution and the laws of the United States of America, it is hereby ordered as follows:

Section 1. Purpose. An electromagnetic pulse (EMP) has the potential to disrupt, degrade, and damage technology and critical infrastructure systems. Human-made or naturally occurring EMPs can affect large geographic areas, disrupting elements critical to the Nation's security and economic prosperity, and could adversely affect global commerce and stability. The Federal Government must foster sustainable, efficient, and cost-effective approaches to improving the Nation's resilience to the effects of EMPs.

Sec. 2. Definitions. As used in this order:

(a) "Critical infrastructure" means systems and assets, whether physical or virtual, so vital to the United States that the incapacity or destruction of such systems and assets would have a debilitating impact on security, national economic security, national public health or safety, or any combination of those matters.

(b) "Electromagnetic pulse" is a burst of electromagnetic energy. EMPs have the potential to negatively affect technology systems on Earth and in space. A high-altitude EMP (HEMP) is a type of human-made EMP that occurs when a nuclear device is detonated at approximately 40 kilometers or more above the surface of Earth. A geomagnetic disturbance (GMD) is a type of natural EMP driven by a temporary disturbance of Earth's magnetic field resulting from interactions with solar eruptions. Both HEMPs and GMDs can affect large geographic areas.

(c) "National Critical Functions" means the functions of government and the private sector so vital to the United States that their disruption, corruption, or dysfunction would have a debilitating effect on security, national economic security, national public health or safety, or any combination thereof.

(d) "National Essential Functions" means the overarching responsibilities of the Federal Government to lead and sustain the Nation before, during, and in the aftermath of a catastrophic emergency, such as an EMP that adversely affects the performance of Government.

(e) "Prepare" and "preparedness" mean the actions taken to plan, organize, equip, train, and exercise to build and sustain the capabilities necessary to prevent, protect against, mitigate the effects of, respond to, and recover from those threats that pose the greatest risk to the security of the Nation. These terms include the prediction and notification of impending EMPs.

(f) A "Sector-Specific Agency" (SSA) is the Federal department or agency that is responsible for providing institutional knowledge and specialized expertise as well as leading, facilitating, or supporting the security and resilience programs and associated activities of its designated critical infrastructure sector in the all-hazards environment. The SSAs are those identified in Presidential Policy Directive 21 of February 12, 2013 (Critical Infrastructure Security and Resilience). Sec. 3. Policy. (a) It is the policy of the United States to prepare for the effects of EMPs through targeted approaches that coordinate whole-of-government activities and encourage private-sector engagement. The Federal Government must provide warning of an impending EMP; protect against, respond to, and recover from the effects of an EMP through public and private engagement, planning, and investment; and prevent adversarial events through deterrence, defense, and nuclear nonproliferation efforts. To achieve these goals, the Federal Government shall engage in risk-informed planning, prioritize research and development (R&D) to address the needs of critical infrastructure stakeholders, and, for adversarial threats, consult Intelligence Community assessments.

(b) To implement the actions directed in this order, the Federal Government shall promote collaboration and facilitate information sharing, including the sharing of threat and vulnerability assessments, among executive departments and agencies (agencies), the owners and operators of critical infrastructure, and other relevant stakeholders, as appropriate. The Federal Government shall also provide incentives, as appropriate, to private-sector partners to encourage innovation that strengthens critical infrastructure against the effects of EMPs through the development and implementation of best practices, regulations, and appropriate guidance.

Sec. 4. Coordination. (a) The Assistant to the President for National Security Affairs (APNSA), through National Security Council staff and in consultation with the Director of the Office of Science and Technology Policy (OSTP), shall coordinate the development and implementation of executive branch actions to assess, prioritize, and manage the risks of EMPs. The APNSA shall, on an annual basis, submit a report to the President summarizing progress on the implementation of this order, identifying gaps in capability, and recommending how to address those gaps.

(b) To further the Federal R&D necessary to prepare the Nation for the effects of EMPs, the Director of OSTP shall coordinate efforts of agencies through the National Science and Technology Council (NSTC). The Director of OSTP, through the NSTC, shall annually review and assess the R&D needs of agencies conducting preparedness activities for EMPs, consistent with this order.

Sec. 5. Roles and Responsibilities. (a) The Secretary of State shall:

(i) lead the coordination of diplomatic efforts with United States allies and international partners regarding enhancing resilience to the effects of EMPs; and

(ii) in coordination with the Secretary of Defense and the heads of other relevant agencies, strengthen nuclear nonproliferation and deterrence efforts, which would reduce the likelihood of an EMP attack on the United States or its allies and partners by limiting the availability of nuclear devices.

(b) The Secretary of Defense shall:

(i) in cooperation with the heads of relevant agencies and with United States allies, international partners, and private-sector entities as appropriate, improve and develop the ability to rapidly characterize, attribute, and provide warning of EMPs, including effects on space systems of interest to the United States;

(ii) provide timely operational observations, analyses, forecasts, and other products for naturally occurring EMPs to support the mission of the Department of Defense along with United States allies and international partners, including the provision of

alerts and warnings for natural EMPs that may affect weapons systems, military operations, or the defense of the United States;

(iii) conduct R&D and testing to understand the effects of EMPs on Department of Defense systems and infrastructure, improve capabilities to model and simulate the environments and effects of EMPs, and develop technologies to protect Department of Defense systems and infrastructure from the effects of EMPs to ensure the successful execution of Department of Defense missions;

(iv) review and update existing EMP-related standards for Department of Defense systems and infrastructure, as appropriate;

(v) share technical expertise and data regarding EMPs and their potential effects with other agencies and with the private sector, as appropriate;

(vi) incorporate attacks that include EMPs as a factor in defense planning scenarios; and

(vii) defend the Nation from adversarial EMPs originating outside of the United States through defense and deterrence, consistent with the mission and national security policy of the Department of Defense.

(c) The Secretary of the Interior shall support the research, development, deployment, and operation of capabilities that enhance understanding of variations of Earth's magnetic field associated with EMPs.

(d) The Secretary of Commerce shall:

(i) provide timely and accurate operational observations, analyses, forecasts, and other products for natural EMPs, exclusive of the responsibilities of the Secretary of Defense set forth in subsection (b)(ii) of this section; and

(ii) use the capabilities of the Department of Commerce, the private sector, academia, and nongovernmental organizations to continuously improve operational forecasting services and the development of standards for commercial EMP technology.

(e) The Secretary of Energy shall conduct early-stage R&D, develop pilot programs, and partner with other agencies and the private sector, as appropriate, to characterize sources of EMPs and their couplings to the electric power grid and its subcomponents, understand associated potential failure modes for the energy sector, and coordinate preparedness and mitigation measures with energy sector partners.

(f) The Secretary of Homeland Security shall:

(i) provide timely distribution of information on EMPs and credible associated threats to Federal, State, and local governments, critical infrastructure owners and operators, and other stakeholders;

(ii) in coordination with the heads of any relevant SSAs, use the results of risk assessments to better understand and enhance resilience to the effects of EMPs across all critical infrastructure sectors, including coordinating the identification of national critical functions and the prioritization of associated critical infrastructure at greatest risk to the effects of EMPs; (iii) coordinate response to and recovery from the effects of EMPs on critical infrastructure, in coordination with the heads of appropriate SSAs;

(iv) incorporate events that include EMPs as a factor in preparedness scenarios and exercises;

(v) in coordination with the heads of relevant SSAs, conduct R&D to better understand and more effectively model the effects of EMPs on national critical functions and associated critical infrastructure—excluding Department of Defense systems and infrastructure—and develop technologies and guidelines to enhance these functions and better protect this infrastructure;

(vi) maintain survivable means to provide necessary emergency information to the public during and after EMPs; and

(vii) in coordination with the Secretaries of Defense and Energy, and informed by intelligence-based threat assessments, develop quadrennial risk assessments on EMPs, with the first risk assessment delivered within 1 year of the date of this order.

(g) The Director of National Intelligence shall:

(i) coordinate the collection, analysis, and promulgation, as appropriate, of intelligence-based assessments on adversaries' capabilities to conduct an attack utilizing an EMP and the likelihood of such an attack; and

(ii) provide intelligence-based threat assessments to support the heads of relevant SSAs in the development of quadrennial risk assessments on EMPs.

(h) The heads of all SSAs, in coordination with the Secretary of Homeland Security, shall enhance and facilitate information sharing with private-sector counterparts, as appropriate, to enhance preparedness for the effects of EMPs, to identify and share vulnerabilities, and to work collaboratively to reduce vulnerabilities.

(i) The heads of all agencies that support National Essential Functions shall ensure that their allhazards preparedness planning sufficiently addresses EMPs, including through mitigation, response, and recovery, as directed by national preparedness policy.

Sec. 6. Implementation. (a) Identifying national critical functions and associated priority critical infrastructure at greatest risk.

(i) Within 90 days of the date of this order, the Secretary of Homeland Security, in coordination with the heads of SSAs and other agencies as appropriate, shall identify and list the national critical functions and associated priority critical infrastructure systems, networks, and assets, including space-based assets that, if disrupted, could reasonably result in catastrophic national or regional effects on public health or safety, economic security, or national security. The Secretary of Homeland Security shall update this list as necessary.

(ii) Within 1 year of the identification described in subsection (a)(i) of this section, the Secretary of Homeland Security, in coordination with the heads of other agencies as appropriate, shall, using appropriate government and private-sector standards for EMPs, assess which identified critical infrastructure systems, networks, and assets are most vulnerable to the effects of EMPs. The Secretary of Homeland Security shall provide this list to the President, through the APNSA. The Secretary of Homeland

Security shall update this list using the results produced pursuant to subsection (b) of this section, and as necessary thereafter.

(b) Improving understanding of the effects of EMPs.

(i) Within 180 days of the identification described in subsection (a)(ii) of this section, the Secretary of Homeland Security, in coordination with the heads of SSAs and in consultation with the Director of OSTP and the heads of other appropriate agencies, shall review test data—identifying any gaps in such data—regarding the effects of EMPs on critical infrastructure systems, networks, and assets representative of those throughout the Nation.

(ii) Within 180 days of identifying the gaps in existing test data, as directed by subsection (b)(i) of this section, the Secretary of Homeland Security, in coordination with the heads of SSAs and in consultation with the Director of OSTP and the heads of other appropriate agencies, shall use the sector partnership structure identified in the National Infrastructure Protection Plan to develop an integrated cross-sector plan to address the identified gaps. The heads of agencies identified in the plan shall implement the plan in collaboration with the private sector, as appropriate.

(iii) Within 1 year of the date of this order, and as appropriate thereafter, the Secretary of Energy, in consultation with the heads of other agencies and the private sector, as appropriate, shall review existing standards for EMPs and develop or update, as necessary, quantitative benchmarks that sufficiently describe the physical characteristics of EMPs, including waveform and intensity, in a form that is useful to and can be shared with owners and operators of critical infrastructure.

(iv) Within 4 years of the date of this order, the Secretary of the Interior shall complete a magnetotelluric survey of the contiguous United States to help critical infrastructure owners and operators conduct EMP vulnerability assessments.

(c) Evaluating approaches to mitigate the effects of EMPs.

(i) Within 1 year of the date of this order, and every 2 years thereafter, the Secretary of Homeland Security, in coordination with the Secretaries of Defense and Energy, and in consultation with the Director of OSTP, the heads of other appropriate agencies, and private-sector partners as appropriate, shall submit to the President, through the APNSA, a report that analyzes the technology options available to improve the resilience of critical infrastructure to the effects of EMPs. The Secretaries of Defense, Energy, and Homeland Security shall also identify gaps in available technologies and opportunities for future technological developments to inform R&D activities.

(ii) Within 180 days of the completion of the activities directed by subsections (b)(iii) and (c)(i) of this section, the Secretary of Homeland Security, in coordination with the heads of other agencies and in consultation with the private sector as appropriate, shall develop and implement a pilot test to evaluate available engineering approaches for mitigating the effects of EMPs on the most vulnerable critical infrastructure systems, networks, and assets, as identified in subsection (a)(ii) of this section.

(iii) Within 1 year of the date of this order, the Secretary of Homeland Security, in coordination with the heads of relevant SSAs, and in consultation with appropriate regulatory and utility commissions and other stakeholders, shall identify regulatory and non-regulatory mechanisms, including cost recovery measures, that can enhance private-sector engagement to address the effects of EMPs.

(d) Strengthening critical infrastructure to withstand the effects of EMPs.

(i) Within 90 days of completing the actions directed in subsection (c)(ii) of this section, the Secretary of Homeland Security, in coordination with the Secretaries of Defense and Energy and in consultation with the heads of other appropriate agencies and with the private sector as appropriate, shall develop a plan to mitigate the effects of EMPs on the vulnerable priority critical infrastructure systems, networks, and assets identified under subsection (a)(ii) of this section. The plan shall align with and build on actions identified in reports required by Executive Order 13800 of May 11, 2017 (Strengthening the Cybersecurity of Federal Networks and Critical Infrastructure). The Secretary of Homeland Security shall implement those elements of the plan that are consistent with Department of Homeland Security authorities and resources, and report to the APNSA regarding any additional authorities and resources needed to complete its implementation. The Secretary of Homeland Security, in coordination with the Secretaries of Defense and Energy, shall update the plan as necessary based on results from the actions directed in subsections (b) and (c) of this section.

(ii) Within 180 days of the completion of the actions identified in subsection (c)(i) of this section, the Secretary of Defense, in consultation with the Secretaries of Homeland Security and Energy, shall conduct a pilot test to evaluate engineering approaches used to harden a strategic military installation, including infrastructure that is critical to supporting that installation, against the effects of EMPs.

(iii) Within 180 days of completing the pilot test described in subsection (d)(ii) of this section, the Secretary of Defense shall report to the President, through the APNSA, regarding the cost and effectiveness of the evaluated approaches.

(e) Improving response to EMPs.

(i) Within 180 days of the date of this order, the Secretary of Homeland Security, through the Administrator of the Federal Emergency Management Agency, in coordination with the heads of appropriate SSAs, shall review and update Federal response plans, programs, and procedures to account for the effects of EMPs.

(ii) Within 180 days of the completion of actions directed by subsection (e)(i) of this section, agencies that support National Essential Functions shall update operational plans documenting their procedures and responsibilities to prepare for, protect against, and mitigate the effects of EMPs.

(iii) Within 180 days of identifying vulnerable priority critical infrastructure systems, networks, and assets as directed by subsection (a)(ii) of this section, the Secretary of Homeland Security, in consultation with the Secretaries of Defense and Commerce, and the Chairman of the Federal Communications Commission, shall provide the Deputy Assistant to the President for Homeland Security and Counterterrorism and the Director of OSTP with an assessment of the effects of EMPs on critical communications infrastructure, and recommend changes to operational plans to enhance national response and recovery efforts after an EMP. Sec. 7. General Provisions. (a) Nothing in this order shall be construed to impair or otherwise affect:

(i) the authority granted by law to an executive department or agency, or the head thereof; or

(ii) the functions of the Director of the Office of Management and Budget relating to budgetary, administrative, or legislative proposals.

(b) This order shall be implemented consistent with applicable law and subject to the availability of appropriations.

(c) This order is not intended to, and does not, create any right or benefit, substantive or procedural, enforceable at law or in equity by any party against the United States, its departments, agencies, or entities, its officers, employees, or agents, or any other person. Signed DONALD J. TRUMP - The White House, - March 26, 2019. - https://www.presidency.ucsb.edu/node/333398

Why an Electromagnetic Pulse Attack (EMP) Attack Is Just Fake News on Steroids
Key point: EMPs aren't powerful enough to cause a ton of damage, but the nukes that could cause them are a real problem.

Few weapons are as scary as those that exist only in our minds. A few years ago when the Party released its platform to the public in the run-up to its national convention at the tail end of a section titled “America Resurgent,” GOP leaders detailed what they felt is a looming threat of America — electromagnetic pulses.

“A single nuclear weapon detonated at high altitude over this country would collapse our electrical grid and other critical infrastructures and endanger the lives of millions,” the platform stated. “With North Korea in possession of nuclear missiles and Iran close to having them, an EMP is no longer a theoretical concern — it is a real threat.”

But it’s not.

Recommended: America Has Military Options for North Korea (but They're All Bad)

Recommended: 1,700 Planes Ready for War: Everything You Need To Know About China's Air Force

Recommended: Stealth vs. North Korea’s Air Defenses: Who Wins?

The problem with fear over electromagnetic weapons is that it forgets two simple facts. First, generating enough juice to cause a significant amount of damage is really hard. Second, a country dealing with busted electronics after an EMP assault is a country fighting a nuclear war.

(This first appeared in WarIsBoring back in 2016.)

https://www.nationaldefensemagazine.org/articles/2019/6/4/executive-order-highlights-electromagnetic-pulse-threat

“EMP is the new test case of seriousness in national security,” cyber security expert Peter W. Singer tweeted after reading the platform. “But not in the way advocates not in on the joke think.”

I reached out to Singer and, after a brief pause to make sure I was serious, he pounced. “There’s this irony of the people who think it’s serious not realizing that they’re the joke,” he explained. “When you walk through the actual scenarios of use, it doesn’t pass the logic test.”

An electromagnetic pulse following a nuclear blast is a real thing. The problem is that the process of creating an EMP big enough without the devastation of a nuclear warhead is expensive, absurd and not worth the effort. That’s if it even works.

For that, we can’t recommend enough a 2010 series of articles in The Space Review by Yousaf M. Butt, a physicist currently serving as a foreign affairs officer in the State Department’s Space and Advanced Technology office.

“For a large device (greater than 100 kilotons) …. the whole region on the Earth’s surface which is within line-of-sight to the high-altitude explosion will experience the EMP pulse,” he wrote.

Which sounds scary, but there are several important caveats. The higher you detonate a nuclear device, the greater the blast radius. However, the effect of the EMP will be less. Likewise, the smaller the explosive yield, the smaller the EMP and the closer the blast will need to be to the ground to be effective.

Finding that detonation sweet-spot in the Earth’s atmosphere will take countless tests … which no one has done.

The blast Butt described above, one that knocks out the entire electrical system on roughly half the Earth’s surface, could only come from a high-yield thermonuclear warhead attached to an ICBM. So, engaging in the fantasist view, a nuke from Russia or China.

Setting aside the geopolitical gymnastics that must occur to lead to that kind of exchange, if a foreign power detonated a 100 or more kiloton in an electromagnetic attack on America, then the world is at war and there’s little strategic benefit for the aggressor to not just go ahead and nuke a city.

“It doesn’t mean it can’t happen,” Singer told me. “But if the other side is using EMPs we’re moving into thermonuclear war.”

“A weapon of mass destruction is preferable to a weapon of mass disruption,” Butt explained. “A state would be highly unlikely to launch an EMP strike from their own territory because the rocket could be traced to the country of origin and would probably result in nuclear or massive conventional retaliation by the U.S.”

Let’s say the EMP does go off in space above North America. According to the worst case scenario, the attack would fry the Pentagon’s electronics, leaving the U.S. military unable to retaliate.

However, we don’t know what the effects of an EMP might be. Studies conducted by both the Soviet Union and the United States during the Cold War produced dramatically different results every time.

An electromagnetic pulse is a highly unpredictable side effect of a predictably horrifying weapon. “It’s not a weapon we’ve seen past use of. Ever. Literally ever. Nor tests of,” Singer said.

Some countries have attempted to weaponize EMPs in fits and starts, but it remains a byproduct of other weapons systems, including cruise missiles as well as nukes. The idea of North Korea or Iran using a small-yield nuclear device in low atmosphere fails for the same reasons. North Korea can barely manage to cobble together a crude one-kiloton bomb, let alone a device large enough to do significant damage to U.S. infrastructure.

“Serious long-lasting consequences of a one-kiloton EMP strike would likely be limited to a state-sized region of the country,” Butt explained.

“Although grid outages in this region may have cascading knock-on effects in more distant parts of the country, the electronic devices in those further regions would not have suffered direct damage, and the associated power systems far from the EMP exposed region could be re-started.”

So nuclear state actors, both mighty and minor, are out. But what about terrorists? Isn’t it possible for the bad guys to get enough fissile material and construct a bomb?

“Any weapon produced by a terrorist cell would likely be a one of a kind and would have to remain untested. For a terrorist group to then mate this weapon to a ballistic missile and successfully carry out an EMP strike beggars belief,” Butt wrote.

Singer agrees. “But let’s just imagine terrorists somehow get them,” he said. “So, they’re sitting in their cave deciding on their attack. ‘We can either use our nuclear weapon in a completely untested manner, that we don’t know if it will even work, nor the exact damage it will cause, or we can just turn Washington D.C. into a molten mess.’”

“They finally get their dream of dreams, and that’s when they decide to use it in an untested manner that would kill less people … what?”

EMPs are laughable, but the threat of nuclear annihilation is not. It’s strange then that the Republican Party’s platform would pay such special attention to a looming threat of electromagnetic Armageddon.

But it’s not so surprising. In Washington, there is a constellation of right-leaning think tanks, political lobby groups and conferences that have — for a variety of reasons — promoted the EMP threat, often emphasizing the possibility that North Korea or Iran could wipe out America in a single blow.

“You have this strange cottage industry that’s been trying to profit off of it,” Singer said. “The reason it has this cult around it is that it brings together these attractive scenarios that then they get to talk about,” Singer told me.

“It’s post war, the electronics are down — but the guns still work.”

The influence of the Beltway-oriented conferences has extended to popular culture. In 2011, video game publisher THQ released Homefront, a game where North Korea uses an EMP to weaken America and invade it. Players work with the resistance to drive out the invaders.

Novelist William Forstchen, described as a noted EMP expert, showed up at an event to help promote the game and talked to a reporter from The Escapist.

“Most Americans don’t realize EMP is real,” Forstchen began. “Ninety percent of all Americans would die a year after an EMP event. Because it blows out the power structure of the entire United States leaving us wide open for a reality like in the game Homefront.”

Frank Gaffney of the Center for Security Policy, who advised Texas Sen. Ted Cruz’s presidential campaign, made similar claims at the 2009 EMPACT America conference that 90 percent of Americans would die in an EMP attack

“That would be a world without America, as a practical matter,” Gaffney said. “And that is exactly what I believe the Iranians are working towards.”

Forstchen has also produced video game novelizations and the historical fiction novel Days of Infamy, co-authored with Newt Gingrich — the most prominent advocate of EMP awareness. “This could be the kind of catastrophe that ends civilization — and that’s not an exaggeration,” Gingrich said in 2013.

This is not to reject every concern about EMPs. It’s still a good idea to harden the electrical grid and stockpile transformers … because of the sun. In The Space Review, Butt noted that “it is virtually guaranteed that a powerful geomagnetic storm, capable of knocking out a significant section of the U.S. electrical grid, will occur within the next few decades.”

“Historically large storms have a potential to cause power grid blackouts and transformer damage of unprecedented proportions, long-term blackouts, and lengthy restoration times, and chronic shortages for multiple years are possible.” Vastly overblown.

But fretting about terrorists plunging America into a wasteland with a single doomsday weapon is best left to video games and potboiler novels. Here it’s most appealing as a fantasy. An EMP blast knocks out the electronic infrastructure that makes the modern world modern. Survivors fend for themselves, work the land and rebuild their communities as they see fit.

It’s all the supposed fun parts of all-out nuclear war without the flesh melting, radioactive consequences. It’s like sitting in a bar — this time in Washington, D.C. — and planning out the best ways to ride out the zombie apocalypse.

“There are many serious national security threats that merit investment and deep concern,” Singer said. “I would suggest [the Republicans] invest more time in educating their candidate about the threat of Russia to NATO than the fantasy of EMP.”

https://medium.com/war-is-boring/the-overrated-threat-from-electromagnetic-pulses-46e92c3efeb9

What is a cyber attack? Recent examples show disturbing trends From virtual bank heists to semi-open attacks from nation-states, the last couple of years has been rough on IT security. Here are some of the major recent cyber attacks and what we can learn from them.

Cyber attack definition
Simply put, a cyber attack is an attack launched from one or more computers against another computer, multiple computers or networks. Cyber attacks can be broken down into two broad types: attacks where the goal is to disable the target computer or knock it offline, or attacks where the goal is to get access to the target computer’s data and perhaps gain admin privileges on it.

8 types of cyber attack
To achieve those goals of gaining access or disabling operations, a number of different technical methods are deployed by cybercriminals. There are always new methods proliferating, and some of these categories overlap, but these are the terms that you’re most likely to hear discussed.

Malware - Phishing - Ransomware - Denial of service - Man in the middle
- Cryptojacking - SQL injection - Zero-day exploits

Malware -- Short for malicious software, malware can refer to any kind of software, no matter how it’s structured or operated, that “is a designed to cause damage to a single computer, server, or computer network,” as Microsoft puts it. Worms, viruses, and trojans are all varieties of malware, distinguished from one another by the means by which they reproduce and spread. These attacks may render the computer or network inoperable, or grant the attacker root access so they can control the system remotely.

Phishing -- Phishing is a technique by which cybercriminals craft emails to fool a target into taking some harmful action. The recipient might be tricked into downloading malware that’s disguised as an important document, for instance, or urged to click on a link that takes them to a fake website where they’ll be asked for sensitive information like bank usernames and passwords. Many phishing emails are relatively crude and emailed to thousands of potential victims, but some are specifically crafted for valuable target individuals to try to get them to part with useful information.

Denial of service -- A denial of service attack is a brute force method to try stop some online service from working properly. For instance, attackers might send so much traffic to a website or so many requests to a database that it overwhelms those systems ability to function, making them unavailable to anybody. A distributed denial of service (DDoS) attack uses an army of computers, usually compromised by malware and under the control of cybercriminals, to funnel the traffic towards the targets.

Man in the middle -- A man in the middle attack (MITM) is a method by which attackers manage to interpose themselves secretly between the user and a web service they’re trying to access. For instance, an attacker might set up a Wi-Fi network with a login screen designed to mimic a hotel network; once a user logs in, the attacker can harvest any information that user sends, including banking passwords.

Cryptojacking -- Cryptojacking is a specialized attack that involves getting someone else’s computer to do the work of generating cryptocurrency for you (a process called mining in crypto lingo). The attackers will either install malware on the victim’s computer to perform the necessary calculations, or sometimes run the code in JavaScript that executes in the victim’s browser.

SQL injection -- SQL injection is a means by which an attacker can exploit a vulnerability to take control of a victim’s database. Many databases are designed to obey commands written in the Structured Query Language (SQL), and many websites that take information from users send that data to SQL databases. In a SQL injection attack, a hacker will, for instance, write some SQL commands into a web form that’s asking for name and address information; if the web site and database aren’t programmed correctly, the database might try to execute those commands.

Zero-day exploits -- Zero-days are vulnerabilities in software that have yet to be fixed. The name arises because once a patch is released, each day represents fewer and fewer computers open to attack as users download their security updates. Techniques for exploiting such vulnerabilites are often bought and sold on the dark web -- and are sometimes discovered by government agencies that controversially may use them for their own hacking purposes, rather than releasing information about them for the common benefit.

Recent cyber attacks
Deciding which cyber attacks were the worst is, arguably, somewhat subjective. Those that made our list did so because they got a lot of notice for various reasons -- because they were widespread, perhaps, or because they were signals of a larger, scary trend.

Without further ado, here are some of the most notable cyber attacks in recent history and what we can learn from them:

Capitol One breach - The Weather Channel ransomware - U.S. Customs and Border Protection/Perceptics - Citrix breach - Texas ransomware attacks
- WannaCry - NotPetya - Ethereum - Equifax - Yahoo - GitHub - Capitol One breach

In July of 2019, online banking giant Capitol One realized that its data had been hacked. Hundreds of thousands of credit card applications, which included personally identifying information like birthdates and Social Security numbers, were exposed. No bank account numbers were stolen, but the sheer scale was extremely worrying. Things followed the usual script, with Capitol One making shamefaced amends and offering credit monitoring to those affected.

But then things took a turn for the unusual. The stolen data never appeared on the dark web, nor did the hack look like a Chinese espionage operation like the Equifax and Marriott breaches. In fact, the attack was perpetrated by an American named Paige Thompson, aka Erratic. Thompson had previously worked for Amazon, which gave her the background necessary to recognize that Capitol One’s AWS server had been badly misconfigured in such a way to leave it quite vulnerable. It initially seemed that Thompson’s theft of the data was in the tradition of freelance white-hat hacking and security research: she made little attempt to hide what she was doing, never tried to profit from the data, and in fact was caught because she posted a list of Capitol One’s breached directories -- but no actual data -- on her GitHub page. But attempts to understand her motivation in the wake of her arrest were increasingly difficult, and it’s possible that she was, true to her chosen nickname, erratic, if not undergoing a serious mental health crisis.

The Weather Channel ransomware
The Weather Channel may not seem like a crucial piece of infrastructure, but for many people it’s a lifeline -- and in April 2019, during a stretch of tornado strikes across the American south, many people were tuning in. But one Thursday morning the channel ceased live broadcasting for nearly 90 minutes, something almost unheard of in the world of broadcast television.

It turns out The Weather Channel had fallen victim to a ransomware attack, and while there’s been no confirmation of the attack vector, rumors are that it was via phishing attack, one of the most common causes of ransomware infection. The attack demonstrated that the boundary between “television” and “the internet” has more or less been erased, as any TV operation like The Weather Channel would be entirely reliant on internet-based services to operate. It also demonstrated one way to beat ransomware. The Weather Channel didn’t fork over any bitcoin; rather, they had good backups of the affected servers and were able to get back online in less than two hours.

U.S. Customs and Border Protection/Perceptics
The sequence was sadly not that unusual: a hacker breaches a company’s servers, gets access to sensitive data, and then demands a ransom. When the executives fail to pay up, the material begins to find its way to the dark web for sale, where the scope of its importance become recognized.

The data turned out to be very important indeed: it was stolen from the U.S. Customs and Border Protection agency (CBP), and the irony that the agency dedicated to protecting the U.S. borders couldn’t protect its own data wasn’t lost on anyone. In fact, much of the blame lay on Perceptics, a contractor that provides all the license plate scanners for the border agency, as well as to a host of other U.S. and Canadian government departments. The stolen photos of cars and drivers had actually been copied from CBP’s computers to Perceptics’ own servers, in violation of government policy; Perceptics was then hacked, and the data publicized by the attacker “Boris Bullet-Dodger” when ransom negotiations with execs broke down. The case brought up questions about government-contractor relations and the wisdom of allowing the collection of biometric data. While Perceptics’ relationship with CBP was suspended in the wake of the attack, the government eventually agreed to keep doing business with the company.

Citrix breach
When an organization being breached is itself in the cybersecurity business, that’s enough to make everyone nervous -- but it’s also a cautionary tale about how even security vendors can have a hard time establishing a security mindset internally.

Take Citrix, for example. The company makes VPNs, which help secure millions of internet connections, and has extensive dealings with the U.S. government. But it still fell victim to a “password spraying” attack in March of 2019 -- essentially, an attack where a hacker attempts to gain access to a system via brute force, by rapidly attempting to login with simple and frequently used passwords (think “password123” and the like). In all likelihood, the attack came from a group associated with the Iranian government. Fortunately, the attackers didn’t get very far into Citrix’s systems -- but the company still promised a revamp of its internal security culture.

Texas ransomware attacks
In August of 2019, computer systems in 22 small Texas towns were rendered useless by ransomware, leaving their governments unable to provide basic services like issuing birth or death certificates. How did a single attacker, using the REvil/Sodinokibi ransomware, manage to hit so many different towns? There was a single point of weakness: an IT vendor who provided services to all of these municipalities, all of which were too small to support a full-time IT staff.

But if that sort of collective action opened a weakness, there was a power in collaboration as well. Rather than giving in and paying the $2.5 million ransom demanded, the towns teamed up with the Texas state government’s Department of Information Resources. The agency led a remediation effort that had the cities back on their feet within weeks, in contrast with places like Baltimore, where systems were offline for months.

WannaCry
WannaCry was a ransomware attack that spread rapidly in May of 2017. Like all ransomware, it took over infected computers and encrypted the contents of their hard drives, then demanded a payment in Bitcoin in order to decrypt them. The malware took particular root in computers at facilities run by the United Kingdom’s NHS.

Malware isn’t anything new, though. What made WannaCry significant and scary was the means it used to propagate: it exploited a vulnerability in Microsoft Windows using code that had been secretly developed by the United States National Security Agency. Called EternalBlue, the exploit had been stolen and leaked by a hacking group called the Shadow Brokers. Microsoft had already patched the vulnerability a few weeks before, but many systems hadn’t upgraded. Microsoft was furious that the U.S. government had built a weapon to exploit the vulnerability rather than share information about the hole with the infosec community.

NotPetya
Petya was just another piece of ransomware when it started circulating via phishing spam in 2016; its main claim to fame was that it encrypted the master boot record of infected machines, making it devilishly difficult for users to get access to their files.

Then, abruptly in June of 2017, a much more virulent version of the malware started spreading. It was different enough from the original that it was dubbed NotPetya; it originally propagated via compromised Ukrainian accounting software and spread via the same EternalBlue exploit that WannaCry used. NotPetya is widely believed to be a cyberattack from Russia against Ukraine, though Russia denies it, opening up a possible era of states using weaponized malware.

Ethereum
While this one might not have been as high-profile as some of the others on this list, it deserves a spot here due to the sheer amount of money involved. Ether is a Bitcoin-style cryptocurrency, and $7.4 million in Ether was stolen from the Ethereum app platform in a manner of minutes in July. Then, just weeks later came a $32 million heist. The whole incident raised questions about the security of blockchain-based currencies.

Equifax
The massive credit rating agency announced in July of 2017 that “criminals exploited a U.S. website application vulnerability to gain access to certain files,” getting personal information for nearly 150 million people. The subsequent fallout enraged people further, especially when the site Equifax set up where people could see if their information had been compromised seemed primarily designed to sell Equifax services.

Ed Szofer, CEO of SenecaGlobal, says the Equifax breach is particularly bad “because they had already been told about the fix -- it needed to be implemented in a tool called Apache Struts that they use -- well before the breach even happened. And yet they failed to do so fully in a timely manner. To prevent such breaches from happening requires a shift in culture and resources; this was not a technical issue, as the technical fix was already known. Equifax certainly had the resources, but it clearly did not have the right culture to ensure the right processes were in place and followed.”

Yahoo (revised)
This massive hack of Yahoo’s email system gets an honorable mention because it actually happened way back in 2013 -- but the severity of it, with all 3 billion Yahoo email addresses affected, only became clear in October 2017. Stolen information included passwords and backup email addresses, encrypted using outdated, easy-to-crack techniques, which is the sort of information attackers can use to breach other accounts. In addition to the effect on the account owners, the breach could spawn a revisiting of the deal by which Verizon bought Yahoo, even though that deal had already closed.

The truly scary thing about this breach is that the culture of secrecy that kept it under wraps means that there’s more like it out there. “No one is excited to share a breach, for obvious PR reasons,” says Mitch Lieberman, director of research at G2 Crowd. “But the truth eventually comes out. What else do we not know?”

GitHub
On February 28, 2018, the version control hosting service GitHub was hit with a massive denial of service attack, with 1.35 TB per second of traffic hitting the popular site. Although GitHub was only knocked offline intermittently and managed to beat the attack back entirely after less than 20 minutes, the sheer scale of the assault was worrying; it outpaced the huge attack on Dyn in late 2016, which peaked at 1.2 TB per second.

More troubling still was the infrastructure that drove the attack. While the Dyn attack was the product of the Mirai botnet, which required malware to infest thousands of IoT devices, the GitHub attack exploited servers running the Memcached memory caching system, which can return very large chunks of data in response to simple requests.

Memcached is meant to be used only on protected servers running on internal networks, and generally has little by way of security to prevent malicious attackers from spoofing IP addresses and sending huge amounts of data at unsuspecting victims. Unfortunately, thousands of Memcached servers are sitting on the open internet, and there has been a huge upsurge in their use in DDoS attacks. Saying that the servers are “hijacked” is barely fair, as they’ll cheerfully send packets wherever they’re told without asking questions.

Just days after the GitHub attack, another Memecached-based DDoS assault slammed into an unnamed U.S. service provider with 1.7 TB per second of data.

Cyber attack statistics
If you want to understand just what’s going on in the murky world of cybercrime, diving into the numbers can give you a real sense of what’s going on out there. For instance, we’ve grown rather numb to constant tales of breaches of personally identifying information, but in the aggregate the amounts are truly staggering: in the first half of 2019 alone, 4.1 billion records were exposed.

Verizon, which issues a detailed report on data breaches every year, helped break down who the victims and perpetrators were in 2019. By their estimation, a full 34 percent of breaches were inside jobs, 39 percent were perpetrated by organized crime, and 23 percent by state actors. And when it came to the victims, by far the biggest category were small businesses, who bore the brunt of 43 percent of attacks.

The costs are staggering as well. Ransomware alone cost $8 billion dollars in 2018; interestingly, only $1 billion of that consists of ransom payments, while the rest takes the form of lost revenue and damages to company reputation from downtime. Other types of cybercrimes also take their toll. Radware estimated that a cyberattack on a large enterprise would end up costing $1.7 million in 2019. For small businesses the cost is lower -- just $86,000 -- but that can still be devastating to a company without much by way of reserves.

Cyber attack maps
It can take a lot of effort to comb through all those numbers (and really, we’re just scratching the surface and providing a few nuggets here--by all means follow the links for more details). So you can see the why someone might prefer all that info presented in an easy-to-grasp visual medium like a cyber attack map. These futuristic displays show what attacks are emerging from what countries and focusing on what targets, and give the impression of offering a bird’s-eye view of the current internet threat landscape.

The problem is that an impression is all they really have to offer. Most of the data they display isn’t live, and it certainly isn’t comprehensive. But they can be useful in starting conversations about security, getting students interested in cyber security, and serving as sales tools for cyber security tool companies. (Many security experts dismissively refer to them as “pew pew” maps.)

How Dangerous Are Cyber Attacks? It’s common to think about how dangerous something is in terms of what physical damage it could do. A tornado is dangerous because it can destroy property. A tiger is dangerous because it could assault a person. But what about an attack where nothing physical is touched, let alone destroyed?

Cybersecurity breaches can result in hackers making their way into bank accounts, medical records, social media accounts, and more. Without even meeting you, a hacker could leak your private details, fill prescriptions in your name, steal money from your accounts, or even demand payment not to do any of the previous crimes mentioned. When it comes to how dangerous a cyber attack is, the answer is potentially devastating. And the problem is only growing.

Do I Need to Worry about a Cyber Attack?
Everyone needs to be concerned with cyber attacks these days. It’s a myth that only large corporations need to be concerned about hackers trying to get information or credit cards from them. After all, the records and credit cards they’re looking for all belong to individuals, whether corporate employees or clients.

Bloomberg Technology reports that cyber extortion is on the rise with hackers now demanding the digital currency, Bitcoin, to unlock computers and return files to their regular state. Due to the fact it requires very little personal information to send and receive funds, Bitcoin is growing in popularity with hackers. This eliminates the hacker’s need for banks and the safety procedures they require.

What are the Risks of Cyber Attacks?
As mentioned above, there are various ways a hacker can use your personal information or data to their benefit. A company of any size could lose their reputation and valued customers if they are hacked. After all, who wants to do business with someone who can’t keep your credit card information safe?

Many people have heard the story of a person who went to get a mortgage to buy their first home and was shocked to learn someone had stolen their identity online and had already taken out a massive mortgage in their name. Similar stories happen all the time, with information obtained through hacking and cyber attacks. A cyber attack might not physically impact a person, but the damage it can do to their life can be just as devastating.

How Can I Help Fight Against Hackers and Cyber Attacks?
For some, it’s not enough to sit by and watch cyber attacks happen. Some people want to stop hackers in their tracks and ensure they can’t get into computer systems and cause mayhem. For those people, there’s the field of cybersecurity. With formal education available, as well as certifications, an individual could go from computer enthusiast to cybersecurity expert in a few short years.

Welcome To Secrets United States Surveillance Industrial Spy Complex 9/11 Politics

https://rumble.com/v2yeikc-welcome-to-secrets-united-states-surveillance-industrial-spy-complex-911-po.html

Central Intelligence Agency has been carrying out a mass surveillance program on American soil and in the U.S. with minimal oversight and the program’s uncovering is bad news for Big Tech according to documents declassified at the request of two U.S. senators. A Chinese Foreign Ministry spokesman appeared to claim the 9/11 attacks on America were an “inside job” by the US government in a tweet on Tuesday. Washington Examiner report that the Chinese Embassy did not respond to requests asking what the Chinese position is toward possible U.S. government involvement in the 9/11 attacks.

Lies, Lies, Lies Top CIA, FBI, DOJ Officials Grilled Abuse Section 702’s Mass Surveillance

https://rumble.com/v2u1w5w-lies-lies-lies-top-cia-fbi-doj-officials-grilled-abuse-section-702s-mass-su.html

Arrests Along U.S.-Mexico Border Top 2 million a year for the first time Federal authorities are on pace to make more than 2.3 million arrests during the 2022 fiscal year, which ends Sept. 30. That will far exceed last year’s record of more than 1.7 million arrests. The law, Section 1325 of Title 8 of the U.S. Code, makes entering the United States “at any time or place other than as designated by immigration officers” a federal crime. Total U.S.-Mexico border for last 50 years is 46 million+ people and got-a-ways not counted Why the hell should we trust anything they say unless they do what’s right for Lies, Lies, Lies To The People Of American Again, I never would’ve thought my home would have to deal with so many corrupt people, dishonest, disgusting people should be removed from their posts, there is some small piece of mind knowing and seeing true American patriots fight this extremely hard fight. The Senate Judiciary Committee holds a hearing on Section 702 of the Foreign Intelligence Surveillance Acts.

Why Country All Over The World Hate U.S.A. Intelligence CIA-DOJ-FBI Killing Agencies

https://rumble.com/v2nb6gg-why-country-all-over-the-world-hate-u.s.a.-intelligence-cia-doj-fbi-killing.html

Do You Trust the FBI, CIA, DOJ, ATF, IRS and Other Government in general after all the recent evidence of conspiracy being exposed ? Spies, Informants and New Enemies Intelligence agencies are influencing governments and spying on countries with no regard for the law. And they are able to remain nearly invisible, in the process. Are they the new superpowers ?

Tyrannical Foreign Intelligence Surveillance Court Act and Propaganda Administration

https://rumble.com/v2fpmoy-tyrannical-foreign-intelligence-surveillance-court-act-and-propaganda-admin.html

Secret Courts History of Intrigue and Abuse and over 800s of million dollars in pay off to Foreign Intelligence Surveillance Court Judges so far. The Foreign Intelligence Surveillance Court, which approved the National Security Agency's collection of U.S. citizens' telephone records, is just one of history's many secret courts. The fundamental premise behind secret courts like the FISC is that some decisions cannot be made in public without jeopardizing a critical national interest, such as security, defense or government administration.

Loading 3 comments...