Asus' FREE Speech Money Club

[basserdan]

The day cars drove themselves into walls and the hospitals froze.

A scenario that could happen based on what already has.

THE BIG HACK

By Reeves Wiedeman
June 19, 2016 9:00 p.m.

On December 4, 2017, at a little before nine in the morning, an executive at Goldman Sachs was swiping through the day’s market report in the backseat of a hired SUV heading south on the West Side Highway when his car suddenly swerved to the left, throwing him against the window and pinning a sedan and its driver against the concrete median. A taxi ran into the SUV’s rear fender and spun into the next lane, forcing a school-bus driver to slam on his brakes. Within minutes, nothing was moving from the Intrepid to the Whitney. When the Goldman exec came to, his driver swore that the crash hadn’t been his fault: The car had done it.(1)

Moments later, on the George Washington Bridge, an SUV veered in front of an 18-wheeler, causing it to jackknife across all four lanes and block traffic heading into the city. The crashes were not a coincidence. Within minutes, there were pileups on 51st Street, the southbound BQE, as far north as the Merritt Parkway, and inside the Midtown Tunnel. By nine, Canal Street was paralyzed, as was the corner of 23rd and Broadway, and every tentacle of what used to be called the Triborough Bridge. At the center of each accident was an SUV of the same make and model, but as the calls came in to the city’s 911 centers in the Bronx and Brooklyn, the operators simply chalked them up to Monday-morning road rage. No one had yet realized that New York City had just been hit by a cyberattack — or that, with the city’s water system, mass transportation, banks, emergency services, and pretty much everything else now wired together in the name of technological progress, the worst was yet to come.(2)

A third-year resident in the emergency room at Columbia University Medical Center in Washington Heights walked through the hospital as a television was airing images from the accident on the George Washington Bridge; that meant several crash victims would soon be heading her way. When she got to her computer, she tried logging into the network to check on the patients who were already there, but she was greeted with an error message that read WE’RE NOT LOOKING FOR BITCOIN THIS TIME.

Columbia, like major institutions across the country, had spent the past few years fighting so-called ransomware attacks, in which hackers locked a hospital or city hall or police department out of its own network until a ransom was paid.(3) Hospital security teams had gotten wise to the problem, but every network’s defenses had the same vulnerability: the people who used it.(4) For weeks, a group of hackers had been sending LinkedIn messages to employees at Columbia pretending to be recruiters from Mount Sinai. When an employee opened an attachment featuring the recruiting pitch — as ten of them did — and enabled the macros as prompted onscreen — four of them did — they unknowingly unleashed malware onto their computer and gave the hackers a beachhead. After months of lurking(5), the hackers blocked Columbia’s doctors and nurses from accessing their network, including patient files. Doctors couldn’t access prescription records telling them which patients were scheduled to take which drugs when and resorted to improvised paper-record keeping(6), which many of the younger doctors had never done before. In nearly every corridor, they were consulting with one another in a panic, asking how much of their own expertise was really stored in the cloud and had just disappeared.

The crowd in the waiting room swelled and grew more tense as nurses ran by patients, unable to give updates on when they might be seen. Various procedures were taking longer than they should have — one man was kept on a powerful antibiotic for several hours, with serious side effects, before a delayed lab result came back reporting that he should go off the medication — and the staff was having trouble keeping track of patients. A little before noon, a man walked into the hospital looking for his wife, whom he had dropped off early that morning for a simple surgical procedure. A few minutes later, the nurse told him that it appeared his wife had been discharged.

Most New Yorkers were proceeding with their day unaware. But the city’s head of cybersecurity(7) had begun to connect the dots: Six hospitals had already informed him that their systems had been shut down, and the city had sent out warnings to all the others. One Police Plaza had just reported that it, too, was locked out of the programs it used to dispatch officers and emergency personnel(8), which made responding to the traffic accidents around the city that much harder.

After a few phone calls to friends in the private sector, the cybersecurity chief got more nervous. At the beginning of 2017, one friend told him, she had been called to investigate a mysterious occurrence at a water-treatment plant: The valves that controlled the amount of chlorine released into the water had been opening and closing with unexplained irregularity(9). An alarm had gone off, so none of the tainted water had reached consumers, and the company’s CEO brushed off the consultant’s request to make the news public so others could prepare for similar attacks.

At MetroTech, New York’s cybersecurity chief pulled out the Office of Emergency Management’s 42-page booklet on how the city should react to a cyberattack — a copy of which he had printed out and stashed in his desk drawer in case his department’s own network was compromised — and was flipping from page to page when he got a call from a reporter.

At 12:30 p.m., the Times published a story reporting that “government officials” believed that the city was being hit with a wave of cyberattacks that appeared to be ongoing. A tipster claimed the hackers had caused at least a dozen car crashes and debilitated multiple hospitals and agencies — with more to come. If they could crash a car, could they crash a subway? The Times report included a line from a nurse at New York–Presbyterian who said that the initial message announcing that the network was blocked had included a link to a web page that was displaying a timer ticking down to 1 p.m. and text that read MORE PATIENTS WILL BE ARRIVING SOON.

Click on the link below to continue reading the story and to view the footmarks.

http://nymag.com/daily/intelligencer/2016/06/the-hack-that-could-take-down-nyc.html