This Is What Cyberwarfare Looks Like

October 2018

On the morning on June 27, 2017, trucks were arriving as usual at the shipping terminal in Elizabeth, New Jersey – a major port on Newark Bay. The scale is almost unimaginable: thousands of shipping containers were stacked there, waiting to be placed onto freighters by 200-foot-high cranes.

As many as 3,000 trucks arrive at the terminal each day. When they arrive, a scanner reads the barcodes on the containers. A gate clerk talks to the drivers, who are then given passes that tell them where to park their load so that it can be put onto a ship.

Of course, computer software controls everything. It knows what's on each truck, where the load is going, which freighter it should go on.

But what happens if the computer goes down? Now we know. On that June morning, all the computers in the network of A.P. Moller-Maersk, a Danish shipping company, suddenly went dark and restarted, with all the data scrambled.

Without the computer, the gate clerks were clueless. They had no idea what should go where. Soon hundreds of 18-wheeled trucks were lined up for miles, with an angry driver in every one. Police realized that something big had gone wrong and began telling the drivers to leave.

What do you do if you're a trucker and can't leave your container, especially since you're scheduled to pick up another one? Some of the trucks had items that needed refrigeration, so the load couldn't simply be put in storage someplace. Others had manufacturing parts headed overseas – parts that the manufacturers urgently needed in order to continue production.

This same situation played out at the 76 Maersk shipping terminals worldwide.

What happened? Russian military had attacked Ukraine with a computer virus. It brought down computer networks in hospitals, airports, over 20 banks, ATMs, and card payments systems, and many federal agencies. People weren't able to use their credit cards; paychecks and pensions were on hold; prescriptions went unfilled.

It was so virulent that it could spread around a worldwide network like Maersk's in less than a minute. It encrypted each computer's "master boot records," which tells a computer where to find its operating systems.

It ended up going far beyond the boarders of Ukraine. Not only did it infect Maersk, but also, according to an excellent and detailed article in the September issue of Wired magazine, it also affected FedEx's European subsidiary TNT Express, French construction company Saint-Gobain, food producer Mondel?z, and manufacturer Reckitt Benckiser.

The Russian hackers likely didn't intend the virus to go beyond Ukraine, especially since it eventually made its way back into Russia and infected Rosneft, the state oil company.

It ended up causing an estimated $10 billion in total damages.

What did Maersk do? They convened a 200-person task force of experts in England along with about 400 Maersk employees. They began collecting backups from the previous 3–7 days, with the intention of reconstructing their database. But no backups of a key controller could be found. Without it, they were toast. They called to all their offices around the world and found that a computer in a remote office in Ghana was down when the virus struck because of a power blackout. It contained the necessary controller for rebuilding their database.

What can we learn? First, be sure to always keep your operating system up to date. Microsoft had released an update for Windows months earlier that would have protected Maersk and everyone else from the virus.

But we also learn just how vulnerable the modern world is, now that everything is so interconnected. In a flash, the world's banking system could do dark, the power grid could be hacked so that there's no electricity, the GPS satellites that we are utterly dependent on for location and extremely precise time could go haywire, or, heaven forbid, the internet could stop working.

In July media outlets reported that Russian hackers had infiltrated the control rooms in U.S. power plants, which could possibly let them remotely control parts of the U.S. power grid – as they did in Ukraine in 2015 and 2016.

Fortunately, the Russian military hackers are being closely watched by the National Security Agency and other American intelligence services. We just have to hope that the guys on our side are more savvy than the ones on their side.

An extraordinary irony is that a main component of the virus that infected Maersk and other entities around the world was actually developed by the NSA. It was one of a number of hacking tools that a rogue individual within the NSA uploaded to the internet and made available to everyone for downloading.

Let's hope the world's leaders realize the very serious danger of cyberwarfare and move toward detente.

© 2018 by Jim Karpen, Ph.D.

E-mail Jim Karpen