Cyberattacks' New Dynamics March 2015
Subscribe to Insights in Brief to be notified about new Featured Content as it becomes available!
In February 2014, Iranian hackers attacked the information-technology (IT) systems of the Las Vegas Sands Corporation (Paradise, Nevada), which operates several casinos and resorts in the United States and Asia. The attack appears to be in retaliation for Sands CEO Sheldon Adelson's support of Israel and advocacy of a hard-line stance in nuclear talks with Iran. Perhaps most prominently, hackers conducted a naming-and-shaming attack on Sony (Tokyo, Japan) subsidiary Sony Pictures Entertainment (Culver City, California) in November 2014, leaking confidential company information online. US officials believe the North Korean government conducted the cyberattack, but North Korea denies responsibility. The cyberattacks on the Las Vegas Sands Corporation and Sony Pictures Entertainment potentially represent "the beginning of a geopolitically confusing, and potentially devastating, phase of digital conflict" characterized by "strikes that are serious enough to wound American companies but below the threshold that would trigger a forceful government response."
Attacks on internet-connected systems and devices will become more common as the Internet of Things develops. In 2008, officials blamed an oil-pipeline explosion in Turkey on an equipment malfunction. Recently, reporters uncovered that in fact a deliberate cyberattack caused the explosion. By leveraging flaws embedded in software running on remote security cameras, the attackers were able to assume control of the pipeline's wireless sensor network and the computer control systems at some valve stations along the pipeline. The attackers then manipulated valve controllers to cause a catastrophic pressure buildup in a section of the pipeline. They also used their control over the pipeline's sensor and camera network to conceal both the pressure buildup and the subsequent explosion from the pipeline's operators until a security guard called in a report of the fire.
More recently, hackers attacked Korea Hydro & Nuclear Power (Korea Electric Power Corporation; Seoul, South Korea), stealing personal information about workers, designs of and manuals for two reactors, and other similarly noncritical information. The hackers threatened to make the information public unless the government shut down three reactors.