The Iranian hack of the New York dam has been seen as a symptom of the weakness of the infrastructure that is in the United States. Authorities are afraid that public infrastructure such as dams, stadiums, traffic lights and power grids can be accessed by any person from anywhere using anything from a password and in some cases no passwords. Hostile countries and terrorists can use the information for their own good.
The New York U.S Attorney, Preet Bharara, mentioned that the hacking of the Bowman Avenue Dam located in Rye Brook, New York in 2013, was a frightening new territory of cyber crime that was too scary to think about. The Attorney, who was the lead investigator mentioned that the case was a game changing event. Officials believed that most hackers were looking for weaknesses in the U.S system so they could get a better chance at hitting bigger targets later on.
Adaptation of the private sector to secure their assets has been slow and authorities are worried that the threat of attack is growing exponentially. Approximately 6.4 billion devices and some of the control systems will be connected to the Internet, which is a high 30 percent spike from the number that was connected from 2015. A reported high of 21 billion is expected to connect by 2020.
The rise of the so called Internet of Things, a new way that objects are now connected to each other and the Internet and are now able to send and receive data has brought in a new wave of security vulnerabilities. If hackers get hold of one of the infrastructures they can get a whole spectrum of private and public controlled infrastructure. Most of the targets that hackers are interested in were built way before the common cybersecurity measures available now were there. They are run by the Industrial Control Systems.
The Iranian hacker who was convicted of hacking into the New York dam reportedly used a simple hacking technique that is available on Google. The system searches for and finds unguarded control systems online. Firoozi and seven other men were employees for a pair of Iranian cyber security companies. The pair worked initially for the Iranian government and the famed Islamic Revolution Guard Corps. The men also had financial hack charge pinned on them.
The worrying thing is that the water sector in the U.S which consists of dams, bridges and tunnels is the most vulnerable industry. If by any chance the Bowman dam had actually been hacked into, there would have been flooding in one of the areas that is supplied by the small dam. No casualties however would be expected from the flooding.
Researchers said that much of the infrastructure that is in the country was susceptible to attack. Through a process called Google Dorking, hackers could use search engines to identify flaws in a system or control set of infrastructure and exploit it. Many of the infrastructures require just default username and default password to access. The ease with which unguarded systems can be found now on Google has authorities worried that the practice might be here for a long time.
This stuff has been happening undetected for years, and now this is one of the first time that it’s surfaced publicly,” said former F.B.I. computer crime investigator Mike Bazzell. “We’re getting close to a threshold where something must be done,” he said. “The more this type of activity becomes popular and well-known, it will get worse before it gets better.”