1(630)802-8605 Ravi.das@bn-inc.net

Well, good Thursday morning everybody!!  No blog post yesterday, as I was back in the ER again.  Everything is still OK, but need to continue on my meds and see my doctors as scheduled.  Anyways, I have written in the past about how Cyber attackers are moving away from targeting actual digital assets and now are now moving towards causing physical damage and mayhem.

Yes, physical damage is something that is on the mind of the Cyber attacker in general . . . such as the lockout of your computer via a Ransomware attack.  But what I have in mind in terms of this is causing actual physical destruction to public property, especially the Civil Defense systems of a town, location, or even a municipality.

I believe that there are actually a couple of posts I have written on this, one of them being messing up the security alarm system of a local government.  Also, there was some content written on how a Cyber attacker made a total chaos of the municipality systems in the state of Oregon.  Now today, we add yet another mix to this portfolio – the public EMS System.

This particular incident happened  in Genessee County, Michigan.  Just recently, Cyber attackers have been able to c overtly gain access to and infiltrate Genesee County’s 911 communications system, and from there, set off tornado warning sirens in different areas of this county.

This incident occurred on Tuesday of this week.  Apparently, the sires were blasted around the Mott Community College area in Flint, Michigan, at about 6:25 PM and a second time yet once again in both the Flint, Mundy, and Gaines Townships at 11:25 PM.

But the interesting thing is that, there were no imminent severe weather, tornadoes, or even any sign of any type of or kind of inclement weather conditions during this time frame. Because of this, it is believed that Cyber attackers are primarily responsible for this incident.  However, no particular group has claimed responsibility for this particular attack, or how even the system was hacked into.

The only working clue that investigators have that this was a Cyber attack is that based upon the pitch and the volume of the siren warning tones.  In the interim, the county is currently working with local, state and federal agencies including the FCC and FBI to investigate how the system was hacked.

According to Genesee County 911 Director Spring Tremaine, the county is currently in the process of upgrading the entire warning siren system.  But however, it is also interesting to note that this is not the first time that the county’s emergency sirens were falsely set off either. According to reliable sources, the warning sirens have been falsely activated at least five times during the spring and summer this year alone.

Once again, there were was no threat of inclement either during these time frames either.

My  thoughts?  It is really interesting for me to find out that that despite having these alarms going off on six different occasions, there is still no clue as to who the perpetrators are.  For instance, is this an attack that has been launched by a Cyber attack group on a foreign soil, or is this an inside attack?  In my opinion, given the lack of any evidence, I really think that this could be the work of an Inside Attacker, or even a different brand of  home grown terrorism.

Why do I think this?  Well, the Cyber attacker is more interested  in obtaining value for the threats  that they launch.  This  is best  exemplified by the Ransomware attacks (see the blog from Tuesday).  This is  just one form of obtaining some sort of gain.  The other type of gain to be achieved is to obtain the personal and confidential information of the victim.  This would obviously include obtaining the username and password combinations in order to get access to such items as online banking sites, brokerage firm accounts, social security numbers, etc.

In simply just setting off a series of alarms erroneously, there is no financial gain to be achieved.  The goal is just obviously to create confusion and mayhem, and get a kick out of it.  A sophisticated Cyber attacker would not be interested in launching this kind of attack.  Also, it would take a deep understanding of the county’s EMS system in order to launch off the sirens.

That is what makes me think this the work of an inside attacker.  If it was a “true” Cyber attacker in every sense of the word, they would not only just cause mass confusion, but they would also try to get some financial gain out of it  – such as the locking up the EMS in a  Ransomware style attack, or even trying to hijack the domain name of the county, like what happened with the incident in Oregon.

Keep in mind also that the “true” Cyber attacker is interested in high value targets, and also that they take a lot of time now to identify their victims and spend time researching their targets.  I don’t think that a Cyber attacker would  waste a lot of time with the EMS system of a few local municipalities, thus supporting my hypothesis that this is  the work of an insider attacker or a novice, domestic based Cyber attacker still trying to learn the ropes  in the hopes of one day using the experience gained here to launch much more sophisticated attacks.

But, even this kind of Cyber attack as described in this blog is nothing to  laugh at either.  Although it may be miniscule when compared to the SamSam malware attacks, the  mayhem and confusion could have caused real levels of panic which could have been even more disastrous  in the end.  Whatever, the level this type of Cyber attack is deemed to be at, this type of threat should be taken seriously.

After all, it is only  a matter of  time when a “real” Cyber attacker can launch a massive attack against the physical infrastructure of a city, and cause much, much more damage than what happened here in Genessee County, Michigan.