US NAVY: Hackers 'Jumping The Air Gap' Would 'Disrupt The World Balance Of Power'
Michael C. Nutter via U.S. NavyThe next generation hackers may be taking to sound waves, and the Navy is understandably spooked.
Citing the cutting-edge new destroyer U.S.S. Zumwalt, retired Capt. Mark Hagerott, deputy director of cybersecurity for the U.S. Naval Academy, said that the ship is heavily protected against common hacking techniques.
"If you take a cybernetic view of what's happening [in the Navy], right now our approach is unplug it or don't use a thumb drive," said Hagerott.
But if hackers "are able to jump the air gap, we are talking about fleets coming to a stop," Hagerott said at the Defense One Summit last week.
An air gap, in cyber security terms, simply means that a network is not connected to the public Internet, wired or wifi. For a long time the thought was that an air gap rendered networks pretty much impenetrable.
Then the Stuxnet virus happened - an Iranian nuclear scientist with an infected thumb drive walked a virus through the air gap and unknowingly uploaded a destructive virus onto a network controlling nuclear centrifuges. This attack not only damaged Iran's nuclear facilities, but it also signaled the dawn of kinetic cyber attacks (the kind that cause physical damage) and the revealed the vulnerability of air gaps.
It's not just thumb drives though. Hagerott cited recent reporting by Arstechnica that has Navy thinkers in a stir.
Security consultant Dragos Ruiu noticed malware on a new computer he hadn't connected to the Internet. He eventually theorized that it communicated encrypted Internet packets via high-frequency sound waves, reports Arstechnica's Dan Goodin.
Goodin called the malware "the advanced persistent threat equivalent of a Bigfoot sighting."
Ruiu said he arrived at the theory about badBIOS's high-frequency networking capability after observing encrypted data packets being sent to and from an infected laptop that had no obvious network connection with-but was in close proximity to-another badBIOS-infected computer.
The packets were transmitted even when the laptop had its Wi-Fi and Bluetooth cards removed. Ruiu also disconnected the machine's power cord so it ran only on battery to rule out the possibility that it was receiving signals over the electrical connection. Even then, forensic tools showed the packets continued to flow over the airgapped machine.
Then, when Ruiu removed the internal speaker and microphone connected to the airgapped machine, the packets suddenly stopped.
There are a few analysts out there who say this type of BIOS hack of a computer's speakers is impossible, but nonetheless, the military applications of such a hack would be astonishing.
Exploiting and remotely shutting down a Navy ship's software "gives you a nonlethal warfare capacity at sea," Peter Singer, a Brookings Institution national security analyst, said in an interview after speaking at the Defense One Summit. Commanders could give an order like, "Don't let this enemy fleet seize these island chains, but also don't let it turn into a shooting war."
Ships would find their targeting software exploited and shut down, possibly even hijacked.
"The ships are floating SCADA systems," Hagerott said, making reference to the same highly vulnerable Supervisory Control And Data Acquisition networks that run utilities in America.
"If you could jump the air gap" on America's Navy, largely the backbone of the U.S. military's projection of power abroad, "that would disrupt the world balance of power," Hagerott said, adding that Navy might even have to go back to instrumentation used in the early 1900s as a response to the exploit.
Of course, the ships aren't exactly sitting ducks. Singer said serious security consultants look at air gaps "like the balloons nuns use to keep students from touching each other at a dance," implying that other safe guards are always employed as a safety.
No network is impenetrable, Singer said, and right now the focus should be on resiliency, a technical term which assumes that an attack will slip through, and puts emphasis on survivability.
Still, "I'm sure there are a lot of people in room somewhere thinking about this [type of sonic exploit]" Hagerott said.