At 7.15am on October 21, 2016, the staff at an obscure company called Dyn, Inc found themselves suddenly knocked off the internet.
You know the experience yourself.
You get an error message. The signal drops out. You attempt to restart everything.
But Dyn was no ordinary company.
Almost immediately, the phones throughout the building started ringing in concert.
There were anxious representatives on the line from all of their major clients: Twitter, Netflix, Reddit, CNN.
The staff at Dyn suddenly realised the scale of the disaster unfolding. A massive cyber attack was underway and thousands of internet sites were being rendered inaccessible.
At 11.52am, the second attack came.
Then another at 4pm.
By the time the attack was over, millions of internet users along the Eastern seaboard had been frozen out.
And the problems soon spread to the West coast and even Europe.
It was an unprecendented collapse of our digital infrastructure.
But the really interesting thing the Dyn attack was that it was the work of a few amateurs.
By flooding the servers at Dyn, a crucial internet domain service, this group of hackers had managed to set of a chain of events that crippled a big chunk of the internet for almost an entire day.
And they did it by using source code that they didn’t even write themselves.
As security analyst Brian Kreps explain: “At least one computer security firm has come out saying the attack involved Mirai”, the same malware strain that was used in a spate of recent attacks, and which was widely released in September 2016 by it’s creator, “effectively letting anyone build their own attack army using Mirai.”
“We Have Created Highways of Disaster”
I’ve been thinking about the Dyn attack again after reading Alex’s piece on Friday about escalating risks to the global economy.
In particular, he pointed to the threat of a significant cyberattack on US or European utilities or infrastructure by a hostile state.
“Brian Lord, former Deputy Director of GCHQ, warns that a successful attack on oil and gas industry infrastructure could cause “unprecedented damage” and “unrest across the world”.
“The primary cyber threat to oil and gas infrastructure comes from hostile states who are developing disruptive capabilities in order to deliver power projection for their own long term geo-political and politico-military ends,”Lord said.”
I think this is a credible threat.
But I would go further.
Because it’s not just the oil and gas infrastructure that is under threat.
Every network connected to the internet – oil, gas, the grid, aviation financial and economic systems – is vulnerable.
Well it was not supposed to be like this.
When the internet was originally developed by the US Army’s Darpa (Defence Advanced Research Projects Agency), it designed as a network for communication that could survive a nuclear war.
It was supposed to be secure.
Take out one part of the system, and it would have no overall effect on the overall network.
But as the internet was being built, we discovered that there were huge economic advantages to driving traffic through a few locations.
Ten years ago, more than 90% of internet traffic travels through undersea fibre-optic cables.
And these are all bunched up at a few choke points – notably New York, the Red Sea and the Luzon Strait in the Philippines.
We made it easy for the cybercriminals.
Today we rely on a few key companies, such as Dyn (now owned by Oracle), to keep the system online.
Meanwhile, the cost of conducting a hack — in terms of labour, the time it takes to achieve a goal and the risk of getting caught — is falling.
Meanwhile, the tools and methods for conducting attacks have become freely available in online clearing houses, and with so many devices connecting online, there is a now vast surface for launching an attack, with little chance of getting caught.
And the attack surface is getting larger.
With 5 billion more people connecting to the internet, there are 5 billion more points of attack for states, corporates or lone wolf hackers.
There is now a serious risk of a systemic event due to a cyber attack, with one network knocking out a number at once — the grid, banking, aviation — causing immense damage to the economy and our trust in the stability of the internet.
As systems scientist Dirk Helbing has pointed out, by connecting networks from vastly different domains, we have created “highways of disaster” in a financial and economic system that is increasingly beyond human control or comprehension.
And it gets stranger still…
In his recent and very disburbing book Overcomplicated, Sam Arbesman quotes engineers who keep seeing fragments of “dark code” in the system that nobody programmed, running applications in way that nobody expects.
This is the reason, he says, why Delta and American Airlines have had to ground their planes for significant periods of time in the last few years.
And it’s why we are seeing a spate of flash crashes in markets – many of them unexplained.
“Dark Dante”: here’s how you solve the cyber crisis
Still security, in itself, is a problem that we have faced before.
If we are wrestling with the threat of criminal and terrorist groups, “look to the age of sail and how the original pirates and privateers were chased from the seas through a mix of action against the marketplaces and creation of international laws,” notes political scientist Peter W. Singer.
If the problem is private hackers, we might even look for help from the hackers themselves…
Take the example of “Dark Dante”…
In the 1995, Kevin Poulsen became one of the first hackers to achieve a public profile when a judge ordered that he be banned from using the internet following his release from prison.
Operating under the handle Dark Dante, Poulsen had pulled off a string of notorious stunts before become a fugitive of the FBI.
His most famous was taking over the telephones of a Los Angeles radio station so that he could guarantee himself as the 102nd caller, collecting a Porsche 944 S2 as his prize.
When he was featured on NBC’s Unsolved Mysteries, the show’s 1-800 telephone lines crashed mysteriously.
In the intervening period, cybercrime has become a thriving criminal industry…
And Poulsen, now an editor at Wired magazine, has an interesting perspective on how we might begin to address this crisis.
As he puts it: “Information is secure when it costs more to get it than it’s worth”.
This is a useful idea because it acknowledges several realities about cybersecurity.
First, the cost of conducting a hack is extremely low.
Secondly, the attack surface is getting larger.
Let the machines take over
Thirdly, as valuable information continues to stockpile on corporate servers, providing lucrative targets for criminals and cyber states, there is little no or hope of actually preventing an attack.
A more realistic goal of cybersecurity, is not to make successful attacks impossible, but to make it more costly for cybercriminals.
This is not a job fit for humans.
That’s why for the past two years, the most advanced cybersecurity systems have been using artifical intellgience to spot and direct responses to suspected breaches.
I think this is a very promising use of AI – and one that could be very lucrative for investors.
Machine learning has already been used in the financial sector for some time to identify potential fraud.
The large datasets collected on credit card use, for example, have allowed algorithms to learn how to recognise normal behaviour, and in turn to highlight anomalies in the system.
BM researchers working with a large US bank claimed a 15% increase in fraud detection with a 50% reduction in false alarms and a total savings increase of 60%.
And anti-cyber algorithms are becoming ever more sophisticated.
Increasingly, they are learning to misdirect and frustrate random attacks on corporate networks, lifting the cost of conducting an attack, sometimes persuading the hacker to move on.
The most advanced systems have even been using machine learning to mimic the human immune system, first learning about the system itself, then spotting intruders by their actions.
The more they interact the smarter the algorithms become.
It won’t prevent the threat of a massive cyber attack.
But with cost of cyberattacks spirralling out of control, almost every major company – from airlines to utilities to banks – is investing heavily in sophisticated systems for fighting cyberattacks.
In 2016, IBM estimated that an average organization deals with over 200,000 security events per day.
There is huge scope for emerging cybersecurity companies who can help keep the wolf from the door.
Splunk looks an attractive prospect
There are several companies that investors can watch in this field.
Palantir is already at the forefront of the business of mining massive, dispersed datasets and offering AI protection.
Valued at $20 billion and funded by PayPal founder Peter Thiel, the CIA’s investment arm Q-tel and ex Soros partner Stanley Druckenmiller.
Darktrace, co-founded by Mike Lynch of Autonomy fame in 2013, has attracted over $100 million in funding from Lynch, KKR and Softbank and is valued at $400 million.
Its technology was built in part by former members of M15 and GCHQ and uses unsupervised machine learning algorithms to train themselves to find abnormalities on almost any network.
Or take a look at Splunk (Nasdaq: SPLK), which is widely perceived to be the leader in middleware that extracts intelligence from huge volumes of fast moving machine generated data.
The company has over 1000 customers ranging from BlackRock and CocaCola to Symantec and Vodafone.
Note Symantec — one of the big three cyber security companies — relies on Splunk to sharpen up its service offering. And among others Adobe, Autodesk and BlackRock are using Splunk middleware to sharpen up their cyber defences.
I’ll update on this story when the next big cyber event hits.