The Boogey Man, Hide and Go Seek, and the Pursuit of World Domination

How to safely navigate an Internet of buried threats, endless connectivity, and cyberwar

For decades, we've been some of the billions of players in this online battleground. Our world, our everything, is under attack. And the worst part about all of this is that we cannot do anything to stop it.

You cannot control the Internet, but you can protect yourself.

So, we think we’re safe and secure. We have our home alarms, firearms, knives, and baseball bats. Our kids are learning boxing, jujitsu, and karate. We might have a bomb shelter or even a billionaire bunker with everything needed to survive when society comes crashing down. But none of that matters if we lose our connection.

We cannot live without the Internet.

We use the Internet for almost everything. We get our groceries from the Internet. We play online games with our Xbox Live, PlayStation®Plus, and Nintendo Switch™. We pay our bills and buy gas and food at restaurants with online gadgets. Every active app on our phone is online. Let’s not forget that instant emotional high we get from buying unnecessary stuff online. We probably even track our sleep online. Awake or asleep, we’re online.

Imagine a world offline.

Honestly, neither you nor I can begin to describe a disconnected world. We are just that dependent on the Internet. Everything is interconnected, the extent to which it is entirely unfathomable. Take a look at these graphics for comparison.

In the late 1970s, the precursor to the Internet, ARPANET, looked like the image above.

Today, the Internet looks something like the image below.

Nearly six billion people have access to the Internet. There is too much connectivity to comprehend, and it can be more likened to a neural map than a communication network. We use a network of extraordinarily confusing hops and immeasurable endpoints; it is ubiquitous connectivity. If a bad guy wanted to hide in this network, he could. If he wanted to blow something up, he could.

Big, mechanical, and dangerous devices exist in our mess of cyberspace.

Machines controlled by computers or industrial control systems, remotely with supervisory control and data acquisition (SCADA) systems, make our world operate. And the bad guys know that the largest, most sophisticated, and most dangerous machines in the world, are computerized and remote-controlled. These machines make up our critical infrastructure.

Critical infrastructure, like the electricity powering your home, is supplied through a power transmission network sourced by a natural gas power station. The power grid, the power plant, the gas pipeline, all of it! All of this can be accessed via the Internet if you know where to look.

I’ve assessed these facilities; they all have remote access for maintenance, monitoring, metering, or direct control.

A Cyber Bomb Exploded 40 Years Ago, and No One Knew It

Forty years ago, a gas line exploded because of a malicious software program, and we just found out about it.

On January 6, 1982, the Trans-Siberian pipeline detonated with the power of a three-kiloton bomb! The affected portion of the pipeline shut down the ten trillion cubic meters of gas supply from the Urengoy gas field, halting exports and crippling the USSR. The nearby city of Chelyabinsk, Russia, lost its gas supply in the harsh winter. Gas turbines that spun the generators, which in turn generated electricity, shut down. Try to grasp the magnitude of what happened to the Chelyabinsk civilians. They had no gas or electricity to heat their homes or cook their food during the winter month of January. The USSR suffered a significant economic setback, and innocent civilians were left to starve and freeze in the cold.

This was a war-like attack. It was the height of the Cold War, and the US used cyber tactics.

USSR operators lost control of computer-controlled pumps, turbines, and valves. Pressure built up in the pipeline, and there was a magnificent BOOM! A computer virus, a trojan, executed when the timing was right. The software used to control that portion of the Trans-Siberian pipeline was supplied by a Canadian company, and the trojan is believed to have been a product of the CIA.

That was the first time in history that one nation-state attacked another nation-state using cyber operations. No one believed a computer could be used to blow up a pipeline. No attribution was made because there was no evidence. It appeared to be a malfunction; it was an accident. Even USSR officials discredited the claim that the CIA was involved simply because they didn’t monitor software for criminal behavior. The perpetrator got away with it.

Those involved did whatever they wanted if they weren’t caught, and computer code provided an excellent hiding place. Since then, thousands of documented cyber incidents have impacted critical infrastructure and local civilians without proper attribution. These attacks have targeted governments, hospitals, energy, oil and gas, aerospace, transportation, maritime, communications, and defense organizations.

Society learned that the world was now at a global cyber war, but governments didn’t acknowledge it because that would mean admitting to war.

Global Thermonuclear War

No, we’re not playing a computer game with Matthew Broderick. With 12,705 nuclear warheads worldwide, global thermonuclear fallout is humankind's most well-crafted, self-imposed threat. But, when atomic explosions occur, civilians die. During WWII, the US dropped two nuclear bombs on targets in Hiroshima and Nagasaki, Japan, killing mostly civilians, not warfighters. But it stopped that war and began the arms race. Cyber warfare affects the public similarly, impacting civilians while ensuring results for the attackers.

In addition to warheads, there are 438 operable power reactors worldwide. These facilities are war targets. Since 1991, several viruses have impacted nuclear facilities, including the 1991 Computer Error at Sellafield Nuclear Plant, the 2003 Slammer virus on the Ohio Nuclear Plant, and the 2005 Japanese Nuclear Company virus attack. If any of these reactors had exploded, it could have been another Chernobyl, and the threat actors knew it. The Chernobyl reactor explosion is known as the worst nuclear disaster in history.

Countries do whatever they can to neutralize the threat of nuclear strikes, including halting weapon development. The most famous cyber-attack related to a nuclear facility of all time was the 2007 Iran Uranian enrichment centrifuge attack. Stuxnet, as it came to be known, was a form of carefully crafted, malicious software created by Israel and backed by the US. Stuxnet was invisible, targeted, timed, destructive, and completely effective. From Iran’s perspective, their war-fighting efforts were severely halted by this, but they could not figure out who did it, and it wasn’t declared an act of war.

Threat actors could pull off sophisticated, covert military operations on nuclear facilities without the admission of war.

A Cyber Attack Impacted One-Third of the United States

The United States runs on oil and natural gas. We have the world's largest distribution network, with over three million miles of mainland gas pipelines. We depend on fossil fuels so extensively that our country would shut down without them, and our enemies know it.

In 2021 a ransomware attack took down the largest pipeline in the US for nearly a week. All of the east coast and southern states were impacted. The Colonial Pipeline cyber-attack affected the government, corporations, and civilians. There was a run on the pumps, and people were pumping gasoline into everything from gas cans to plastic bags. Gas stations gouged their customers in the short term. The US government declared a state of emergency and applied Jones Act exceptions for alternate fuel transport. Colonial Pipeline (CPL) and the government dedicated all cybersecurity resources to solving the problem.

This was a war-like attack at the height of European oil and gas embargos on Russia over the Ukrainian threat. It was more than a coincidence that a Russian threat group was responsible. But that’s not what we were told. The public saw a small ransomware operation requesting 4.4 million dollars in ransom. They said they didn’t mean to shut the pipeline down. We observed as CPL paid the ransom under the advice of their cybersecurity experts and the US government. This critical infrastructure attack caused multiple millions of more dollars of damage to the CPL in the long run. It forced other major pipeline companies to invest in cybersecurity, broadly dispersing the impact and scale of the damage nationwide.

The government intercepted 2.3 million of the ransom, but we don’t know what happened to that money. The money is gone, and there is no retribution for the losses incurred by corporations or the public during that state of emergency.

We were told that the CPL shutdown was accidental. Pipeline operators decided to shut down the pipeline to prevent the ransomware from spreading to the SCADA systems. That was the right decision, but if CPL had secured their SCADA, to begin with, they wouldn’t have had to shut down.

When it comes to international high crimes, it should be an equation of due diligence, jurisdiction, attribution, and criminal penalties. DarkSide, the ransomware gang responsible for the CPL shutdown, has collected over 90 million dollars in payouts.

They aren’t in jail, but if you committed those crimes, you would be!

Learn How Countries Protect Their Citizens from Cyber War

Never before have we seen as many cyber attacks on critical infrastructure as now. It’s a fundamental human right that each country’s citizen has to coexist peacefully and is protected from the wartime efforts of other nation-states. However, some world leaders do not share that sentiment, which adds to the problem. To practice safe Internet usage, there are four main concepts that everyone should know and understand in this age of ubiquitous connectivity and hybrid threats.

1. International Law applies to Cyberspace

Nation-states have the right to sovereignty, and each independent nation-state is responsible for governing and protecting its citizens’ rights. As a responsibility of sovereignty, countries must practice due diligence, exercise jurisdiction, and abide by international obligations to ensure they enact the authorities and accountabilities so entitled to protect their citizens. Beware that there are exceptions to international law and cyber operations, the complexities of which deal with crossing borders or are of the local jurisdiction.

Analyze your online activities, learn about your vulnerabilities to threats, and avoid causing possible impacts on critical infrastructure, water utilities, power production, gas supplies, etc., to stay out of trouble.

2. There are legal grey areas

Human rights exist in the cyber world, but not all countries have the same norms, beliefs, or values. We expect certain human rights, liberties, and freedoms in most countries. Beyond individual rights, corporations have rights too, but international corporations have to abide by another country’s laws when on their soil or invading their sovereignty. Many countries have diplomatic and consular entities to shelter when needed, while corporations have international policies that govern sea, air, and space travel. Still, specific nation-states decide to firewall or open their Internet boundaries.

Plan your online activities while traveling from state to state, country to country, and continent to continent, via land, air, or sea, and when in doubt, wait to surf your website until you get home.

3. Cybersecurity world peace and international security collectives

Countries should do their best to maintain peace while not interfering with other countries’ peaceful existence. During cyber operations, governments may use cyber threat force for self-defense or global cybersecurity operations to maintain peace. Unfortunately, we might not know if this is happening.

I encourage you to gain an understanding of the separate collective security organizations worldwide and avoid online activities involving those with opposing views. One example collective with opposing views to the US is the Shanghai Cooperation Organization.

4. Cyber-armed conflict

Cyber attacks are used during armed conflicts, much like terrorism. Using cyber or terrorism to support military objectives is called a hybrid attack. Terrorism is one tool that nation-states use to obscure the actual involvement in the attacks while conducting military operations. However, terrorists are often sacrificial, easily identified, caught, and punished. In contrast, cyber-armed conflict differs from terrorism because threat actors are rarely identified. Little recourse exists to define cyber-armed conflict, and cyber operations that cross geographical borders might fall into legal grey areas. In a cyber war, commanders and generals don’t wear battle fatigues for camouflage. Picture someone in their parent’s basement, eating microwavable pizzas and slurping energy drinks while collecting large sums of cryptocurrency from unnamed employers to run software that “enhances corporate websites.” That software is not enhancing websites; it’s causing a form of cyber attack known as a distributed denial of service!

Before you accept that six-figure remote job offer from a random recruiter, be aware that an ongoing and never-ending cyber war is occurring online, and nation-states are looking to recruit you.