Cyberattacks Causing Physical Harm

Written by Jason Simpkins
Posted September 20, 2018 at 8:00PM

There are many well-understood consequences of cybercrime.

Identities have been stolen. Tech companies and defense contractors have had trade secrets and patents exposed to competitors. And money has been stolen or extorted from banks and financial institutions.

But what about physical harm?

Because that’s the logical endpoint of all this.

Cybercrime, increasingly, poses a threat to people’s lives. It’s not all just about money or credit card info or Social Security numbers.

It’s about hurting people.

And, in fact, we’ve already seen several instances of cyberattacks resulting in physical harm.

In December 2015, Russian hackers wrested control of Ukraine’s power grid and cut off electricity at three different companies. Some 30 substations were switched off, and about 230,000 people were left without electricity for up to six hours.

They didn’t have lights, or, in many cases, heat.

Being left without heat in the dead of winter isn’t just an inconvenience, it’s a safety hazard.

In 2017, a breach of the UK’s National Health Service caused wide-reaching systems shutdowns. And a ransomware attack against pharmaceutical giant Merck disrupted the production of medicines and vaccines.

Again, the safety, well-being, and lives of innocent people were imperiled by cybercrime.

And it’s going to get worse.

Hospitals, power plants (nuclear or otherwise), water treatment plants, utilities, planes, cars and more are at risk. There's no question that our world is increasingly computer reliant, and thus, increasingly vulnerable.

Here’s another example…

A few months ago, I was driving my car across the Delaware Memorial Bridge. I was cruising at 65-70 mph, surrounded by heavy traffic, when my transmission slipped and my engine suddenly dropped into neutral.

I was flooring the accelerator but there was nothing I could do.

My car slowed as I frantically made my way to the far right lane and put my emergency lights on. Cars sped up behind me blaring their horns. I thought I’d get rear-ended as I came to a near stop at the crest of the bridge.

But then, mercifully, my car made it just over the hump and rolled down the other side. As I coasted down, I pulled off to the shoulder and came to a stop.

When I finally got the car to a mechanic, they told me the problem wasn’t, in fact, mechanical. My car’s computer had been mis-programmed and stopped sending the proper signals to the engine.

This is why a lot of auto shops don’t even call their mechanics “mechanics” anymore. They’re called “technicians.” You take a car in to get worked on today and the first thing they do is plug it into a computer to see what it says. A lot of cars these days even come with WiFi connections.

My particular situation had nothing to do with hacking per se, but now that we’re essentially driving computers — or in the case of self-driving cars, computers are driving themselves — you can see where this is going.

How long before a hacker seizes control of someone’s self-driving car and steals it? Or worse, how long before a hacker takes control of someone’s car mid-drive and crashes it?

This isn’t science fiction. It’s the 21st century.

In 2015, hackers gained access to a German steel mill and disrupted the control system to such a degree that the mill’s blast furnace could not be properly shut down.

Their goal was to cause an explosion. Thank God they were unsuccessful.

A decade ago, U.S. and Israeli hackers deployed Stuxnet, a virus that sabotaged centrifuges at a uranium enrichment plant.

In the years since, such attacks have gotten more sophisticated and more prevalent.

Germany recently accused Russia of planting “cyberbombs” in its infrastructure. These are latent viruses or malware that do nothing in the short term, but could later be detonated to shut down power networks or ISPs.

And back here at home, the Department of Homeland Security says that Russia’s military intelligence agency has repeatedly infiltrated the control rooms of power plants across the United States. These efforts could enable it to take control of parts of the grid by remote control.

Remember Fukushima Daiichi, the Japanese nuclear plant that suffered a meltdown when it was struck by an earthquake and tsunami?

Well, let’s just say you don’t need an act of God to cause a nuclear meltdown anymore.

That’s why I’ve been pounding the table for cybersecurity stocks for months now. I’ve released a full report on a company that I believe is in position to detect, prevent, and profit from these threats, as well as another report explaining how individuals and small business owners can protect themselves.

You can get access to both of those reports here.

Fight on,

Jason Simpkins Signature

Jason Simpkins

follow basic@OCSimpkins on Twitter

Jason Simpkins is Assistant Managing Editor of the Outsider Club and Investment Director of The Wealth Warrior, a financial advisory focused on security companies and defense contractors. For more on Jason, check out his editor's page. 

*Follow Outsider Club on Facebook and Twitter.


Investing in Marijuana Without Getting Burned