As a kid, one of my fondest memories of spending time with my dad was watching Die Hard on TV with him. So when I went to watch Live Free or Die Hard, the sequel that came 19 years after the first one, I was very giddy—and that was even before I realized it was all about... the cyber!
I freaking loved Live Free or Die Hard. Bruce still had it, the villain was loathsome and charismatic at the same time, and the plot was gripping. Of course, now that I have spent most of the last 5 years of my life talking to security researchers, writing about exploits, cyberattacks, and learning about information security, I know that it’s incredibly unlikely that we’ll ever seen any computer intrusion that results in the damage that Timothy Olyphant causes in the movie.
For god’s sake, look at that video. The terrorists make computers explode with malware! As far as we know, this doesn’t happen in real life.
So I was a bit demoralized, if not depressed, when I saw last night that some people on Twitter were openly speculating about whether a series of deadly explosions in Massachusetts were caused by a cyberattack, with no evidence to back it up.
“Anyone else wondering if these dozens of gas explosions in MA might be some kinda of cyber attack targeting SCADA systems?” tweeted the The Jester, a hacktivist with 180,000 followers who has gotten way more attention than he deserves, in a thread that makes a lot of incredibly baseless assumptions. “Seems a bit much for coincidence.”.
Later, on Mastodon, he attempted to clarify what he meant, hinting that a cyberattack is still a plausible explanation (and again citing no evidence.): “I’m not saying this is a SCADA/Cyber attack, I’m saying this is how it would look if it was a dry run to observe our response gone awry.” This is even more reckless than his original tweet, as he’s speculating that perhaps more attacks are to come and that this was somehow some sort of “dry run.”
[A screenshot of The Jester’s Mastodon thread.]
Also citing no evidence, a Twitter account called @AwareMap went a step further, calling the incidents in Massachusetts a “Russian Cyber attack.”
To be clear, as of today, Friday, September 14, 2018, there is ZERO (zilch, nada) evidence these incidents have been caused by a cyberattack. That hasn’t stopped people from speculating about it, unfortunately. Some even posited that perhaps the hackers repurposed the famous American-Israeli malware Stuxnet, which crippled Iranian nuclear centrifuges in 2010.
As cybersecurity expert Mara Tam put it on Twitter, this kind of baseless speculation is not only wrong but dangerous.
“It does not matter if you are publicly speculating cybers or terrors,” she tweeted. “You are noise and you are making the lives of responders, investigators, and the affected population more difficult.”
Robert Lee, one of the most highly regarded experts in the country when it comes to the security of critical infrastructure, dismissed the rumors.
“Repurposing Stuxnet doesn’t make any sense,” he wrote. “It’s silly that folks are even invoking Stuxnet like attacks without any evidence. But I know some less technical folks might just be concerned. So FYI: anyone suggesting that scenario is less than qualified on the subject.”
Got a tip? You can contact this reporter securely on Signal at +1 917 257 1382, OTR chat at firstname.lastname@example.org, or email email@example.com
Another researcher who has studied ICS (industrial control systems) and SCADA (Supervisory control and data acquisition) wrote that “It is NOT ok to randomly speculate without evidence. If you see a tweet about the incident in MA that mentions Stuxnet you can immediately ignore it.”
The truth is we don’t know yet what happened in Massachusetts, and wildly guessing isn’t helping anyone.
Solve Motherboard’s weekly, internet-themed crossword puzzle: Solve the Internet.