Warning Over 'Panic' Hacks on Cities

Security flaws have been found in major city infrastructure such as flood defences, radiation detection and traffic monitoring systems. A team of researchers found 17 vulnerabilities, eight of which it described as "critical." From a report: The researchers warned of so-called "panic attacks," where an attacker could manipulate emergency systems to create chaos in communities. The specific flaws uncovered by the team have been patched. "If someone, supervillain or not, were to abuse vulnerabilities like the ones we documented in smart city systems, the effects could range from inconvenient to catastrophic," wrote Daniel Crowley, from IBM's cyber research division, X-Force Red. "While no evidence exists that such attacks have taken place, we have found vulnerable systems in major cities in the US, Europe and elsewhere." The team plans to explain the vulnerabilities at Black Hat -- a cyber-security conference -- on Thursday.

the 2013 zombie eas hack

[Joe_Dragon]

https://www.huffingtonpost.com... [huffingtonpost.com]

Re:

[Mr D from 63]

The main stream media does a good enough job creating panic as it is. More so I might add than any one man with a twitter account.

No kidding. They just claim vulnerabilities exist, then say there haven't been any successful hacks yet, and the only example they provide was a human error event, not a hack at all.

Re:

[Narcocide]

Your poetry sucks.

Re:

[K. S. Kyosuke]

I love daisy duck!

We both quack together during a leisurely fuck.

balls deep in feathers and it feels so right!

...something tells me you're not quite so bright?

"supervillain or not"

[KiloByte]

If making a series of false-flag terrorist attacks against your own citizens just to get elected doesn't make you a supervillain, I don't know what would.

And that one has been pretty widely proven, not just by Litvinenko but even by ordinary police, identifying the FSB as a culprit.

Thus, if doing so on own soil is "ok", you can expect anything in a rival country.

Re:

[TheRealQuestor]

If making a series of false-flag terrorist attacks against your own citizens just to get elected doesn't make you a supervillain, I don't know what would.

And that one has been pretty widely proven, not just by Litvinenko but even by ordinary police, identifying the FSB as a culprit.

Thus, if doing so on own soil is "ok", you can expect anything in a rival country.

And let me guess, the earth is flat, contrails are spreading mind control agent, the moon landings were staged, am I missing anything else that nutjobs and whackos believe too?

Re:

[KiloByte]

Uhm, what? Please tell me what's the connection between Putin repeatedly using such tactics, and often even intentionally going out of his way to sign them (Litvinenko could have been knifed during a "robbery", so could Skripal) -- and random nutjobs?

If you have doubts about Russian involvement, please for example check IPs of shitposters: there's a remarkable lack of bots from Russia, except of a rare operator error when the connection was directly from Petersburg (but no other part of the country). Or,

Found evidence:

[Narcocide]

https://news.slashdot.org/story/18/01/30/181234/false-hawaii-missile-alert-sent-after-drill-recording-said-this-is-not-a-drill [slashdot.org]

People are stupid, "leaders" are no exception

[gweihir]

Almost all IT security these days is "cheaper than possible" because the people in charge are not able to do risk management. Until there are "reference catastrophes" of sufficient magnitude, they will mistakenly believe they are safe and do nothing. Then they will find out that decades of mismanagement are not easy to fix. It is always the same story. It is always utterly stupid. It is always completely obvious to actual experts what is going on, but nobody listens to them.

The leadership we have on all levels is not modern, educated, enlightened. It is cave men (and the occasional cave-woman) dressed in suits, full of themselves, greedy, corrupt and utterly incompetent and unsuitable to fill their core responsibilities.

Re:

[ole_timer]

...a "sophisticated" hack...

Re:

[gweihir]

And if it is large enough, blame "terrorists" or "traitors". Also a very old strategy that works time and again.

Re:

[ole_timer]

;) ...or it was "allowable espionage" or "...it was no one's fault..."

Re:

[Thud457]

And even when we do learn our lesson from hard experience, latter generations ignore the perfectly unmistakable warnings their forefathers left behind [atlasobscura.com]. Apply this wisdom to current events as you see fit.

Re:

[gweihir]

Indeed. Most of these "leaders" will repeat history because they are unable to learn from it. The thing that really makes me angry is the sheer stupidity involved.

Re:

[gweihir]

True, the incentives are utterly perverted.

Re:

[gweihir]

I pretty much expect what we have. That does not mean I have to be happy about it.

Re:

[tlhIngan]

Almost all IT security these days is "cheaper than possible" because the people in charge are not able to do risk management. Until there are "reference catastrophes" of sufficient magnitude, they will mistakenly believe they are safe and do nothing. Then they will find out that decades of mismanagement are not easy to fix. It is always the same story. It is always utterly stupid. It is always completely obvious to actual experts what is going on, but nobody listens to them.

The leadership we have on all lev

Re:

[gweihir]

A few problems.

First, you cannot tell the difference between good security and bad security.

I disagree. The people who can are out there and you can hire them. Not cheap and they will tell you things you will not want to hear. But you can get them to look at your situation, tell you were you stand, and what you need to do to keep that standing or to improve it.

I do agree (basically summarizing the rest of your points, my apologies), that it also takes real insight to recognize these experts and that hiring them and doing what they recommend is often politically problematic and often actually impos

Steps for panic including profit

[Anonymous Coward]

1: Flash something to Teslas and other "always-on" vehicles. A lot of vehicles use interference engine designs, so by having those mistime, cylinders will smash into valves, and that is the end of that.
2: Wait for a natural disaster like a hurricane, or something requiring an evacuation.
3: Trigger the vehicles to destroy their engines, or just erase their ECM firmware.
4: ????
5: Profit.

It only takes a few vehicles to be disabled from remote as a percentage to render all highways out of a city impassibl

Every building fire alarm has a security flaw

[mea2214]

Anyone is authorized to pull it even if there isn't a fire.

Re:

[Anonymous Coward]

Anyone is authorized to pull it even if there isn't a fire.

The fire alarm is open to anyone in the building.

The flaws discussed here are open to anyone on the Internet.

Wasn't this one of the Die Hard movies?

[taustin]

And about a dozen episodes of CSI?

Critical infrastructure connected to the Internet

[najajomo]

"Security flaws have been found in major city infrastructure such as flood defences, radiation detection and traffic monitoring systems."

What retard connected their city infrastructure directly to the Internet.

Re:

[wyHunter]

Almost all of them. Believe it or not.

Put my tax money toward storm defense please

[Lije Baley]

How many people have actually been seriously harmed or killed by something like what is described in these over-hyped "oh noes we need more security!" (read: give us more money) scenarios? Whatever number you come up with, it will be nothing compared to the damage cause by natural causes - storms, heat, cold, animals, not to mention the stupid things that humans do. I'll put my money towards limiting damage from those things, thank you. I wan't my power company to trim the trees and bury the power lines