Wednesday, June 8, 2016

The Fatal Flaw In American IT Infrastructure

On a sleepy Sunday afternoon in 2012 I was in my office at AT&T monitoring communications when I received a quick text message from my site focal asking me if I wanted to make some extra cash. At first I thought it was just a message that had been sent the previous Friday that I’d somehow missed. I replied thinking nobody was going to answer after all it was Sunday, but to my surprise I got an immediate reply. I was told that there were about 10 computers down in the building across the street and I needed to locate them and apply a very specific fix that couldn’t be applied remotely because these computers were hard down. This was a 4 story building with 4 call centers so I realized that the task of locating these 10 computers would be too difficult for one person, so I called in my partner and had flash drives prepped with the fix in hand when he arrived. To our surprise there wasn’t just 10 computers down, there were in fact 300, and this was just the tip of the iceberg. The entire outage was spread across 5 or 6 states and involved a total of 30,000 computers. How did this happen, and why was it so dangerous?  A simple scripting error caused four key windows files to be deleted from every affected machine during a normal remote update operation. Once the affected machines were rebooted remotely every single one failed. In less than a minute over 30,000 computers were rendered completely inoperable, and remote support was totally useless. And this was considered to be a small outage. That was in 2012 when IBM had a legion of contractors to touch each machine and get it back up and running. Now nearly four years later the IBM support team is a ghost of what it was in 2012. All our jobs have been outsourced to India and when the next outage happens there will be total chaos. This is significant because AT&T is still the communications backbone of the country. When AT&T goes down its going to trigger a domino effect of infrastructure failures that will take down vital services from coast to coast, and there is no one left to mount a rescue.The most obviously affected services are going to be cellphone communications and internet access this is a given. You may think "Well I don't have AT&T as my cellphone carrier or my internet provider so how does that affect me ? Well that depends on where you are. If your in an area that isn't directly covered by your native cell carrier you are probably roaming onto the AT&T network and don't even know it. Okay, so that covers cellphone service, but what about internet ? And wasn't Ma Bell broken up back in the 80s ? Well Yes and No. Building a national communications network isn't easy and while AT&T was technically broken up over antitrust issues this just opened up the telecommunications market to a large group of re-sellers. The infrastructure didn't change. The exceptions are companies like Verizon who actually have their own networks.  Beyond internet and cellphone services, collateral services such as VOIP would be impacted. If your office uses Cisco phones you will likely have no phone services. This actually happened in 2015 when a major communications hub at AT&T went down triggering an outage that knocked out internet and phone services over several states. That outage took down T Mobile as well as a number of other cell carriers in one hit.  The point I'm trying to make here is that the infrastructure we rely on to provide our internet, cell phone service, office phone services, life saving emergency services such as in every major hospital in The U.S. is as fragile as an eggshell. It only takes a small scripting error to kill a million remotely serviced computers and its not a matter of if but when its going to happen. Controlling vast computer networks with SCCM or IBM Endpoint Manager is great but when individual clients are inoperable the system is fatally flawed.  In the case of a technical error a single tech running scripts on SCCM can kill several million computers in seconds.  But what if someone set out to cause an outage on purpose? That's not so far fetched. IBM has a call center in Hyderabad India and an attack could easily be launched from there with little effort. In fact the people working in Hyderabad are well placed to launch crippling attacks from within our infrastructure. Yes I said From Within. Such an operation isn't technically a hack its an inside job because IBM India controls AT&T.  We have no idea who these people are and there is no meaningful way to find out who they are. In a country whose population is set to be dominated by Muslims this is insane. All ISIS needs to do to make a decisive strike on American infrastructure is to infiltrate IBM in India. When that happens our worst enemies will be able to kill millions in a single strike.  Nearly everything we do every day depends on our IT infrastructure and to realize that an attacker can knock us out with a single line of code should scare you out of your mind. By infiltrating IBM India ISIS can easily take down our Power Grid, our Air Traffic Control System, our Water Treatment Facilities, our Mass Transit System. They can disrupt Police Communications, Television & Radio because both are now almost exclusively digital. And finally 911 Emergency Services.  And apparently corporate America doesn't care, because they have crippled our ability to respond to such a crises by deliberately and methodically firing millions of skilled American IT professionals guaranteeing the we wont have the ability to respond when the attack finally comes.

No comments:

Post a Comment