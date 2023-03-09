Esther Paniagua is a Spanish journalist, born in Madrid, who has specialized in technology, innovation and science. Throughout the last year she has been presenting her book/essay Error 404 – Are you ready for a world without Internet? in which he shows us all the risks that the fact of depending almost completely on the network of networks implies for humanity. Esther shows us the weaknesses of various systems and the great technical or human threats that we could face, in addition to leading us to reflect on the catastrophic consequences that a collapse of the Internet would bring.

The absurdity of all this is that the network could collapse precisely because we have placed almost all aspects of our lives “in their hands”; transportation (from Uber to an airport control tower), food, energy, health (from inventory in a pharmacy to diagnostic imaging systems and a pacemaker), education, the economy in general… practically everything is there, at the mercy of a solar storm, a cyberattack, a radicalized government, a war, or simply a funny person with the right knowledge. We can think of that network from another perspective, not as thousands of digital connections, but as the safety net used by circus performers, but we have put all the elephants on it.

Esther Paniagua has been chosen by Forbes as one of the 100 most creative people in the business world, and as one of the leading women in her country, among many other recognitions for her work in science and technology journalism. She was recently invited to the Hay Festival that took place in Cartagena, in the Colombian Caribbean.

At this time, with a world still in the throes of war, with the threat of recession and constant political turmoil rocking us, your book is hardly an oasis of calm, but it does provide a much-needed warning; The virtual world in which we move most of the time today depends on a few servers, a bunch of cables and extremely vulnerable computers, and fourteen people who take care of them. Believe it or not.

This is a fragment of the third chapter of Error 404:

Crime

“In cyberspace, offense has the advantage”

William J. Lynn III, former United States Assistant Secretary of Defense

Even a child could do it. Literally. An epic cyberattack against Twitter, the largest of all time, was committed by a minor on July 15, 2020. The American Graham Ivan Clark managed to gain control of the accounts of one hundred and thirty people on the social network. Specifically, celebrities or recognized figures, such as Barack Obama, Joe Biden, Bill Gates, Elon Musk, Kanye West or Kim Kardashian. In return, he received $121,000 from over four hundred payments to three different Bitcoin addresses. Clark didn’t do it alone. The mastermind of the operation was helped by at least three other people. Among them, the British Joseph O’Connor, arrested in Estepona in July 2021. The other three had been arrested a year earlier, just two weeks after the cyberattack.

His youth caused surprise, even though it is not new for police to encounter extremely sophisticated young hackers. Teenagers who, like Clark, have spent their childhood submerged in the depths of the Internet, diving into its darkness. Many of these minors, like Clark, are Minecraft players, the best-selling video game in history. According to its followers, Minecraft is highly addictive. What initially hooks you are its infinite possibilities of construction and exploration of worlds, the perfect childhood fantasy. However, the players are not staying for that; or not just for that. What Minecraft offers, in addition to a game space, is a community, a place to find your best friends.

This ideal combination offers an alternate reality to users, who often turn to video games as an escape from family problems, a tough childhood or an unhappy adolescence. Sometimes the game crosses the borders of the virtual to the real. A group of students hooked on the game starred in the most notorious hacking story of 2016. They did it through the creation of Mirai: an unprecedented botnet. A botnet is a large network of computers connected and coordinated to perform a task. In this case, one with bad intentions that ended up affecting key Internet services around the world. It is the classic example of how to use good technology to do evil.

The strategy used was a distributed denial of service (DDoS) attack.* The objective of these attacks is to degrade the quality of service of a system so much that it is disabled. One of the companies attacked was DynDNS, a key pillar of the network of networks. Remember back in Chapter 1 we talked about how the Internet could go down through an attack on DNS, on Internet names? Balance! The assault resulted in the virtual paralysis of the Internet in almost all of the eastern United States. It was the largest offensive of its kind carried out to date.

The students who orchestrated such an assault did not, it seems, intend to bring down the Internet. They were just trying to get extra points in Minecraft by perpetrating DDoS attacks against their rivals. “They didn’t realize the power they were unleashing,” said an FBI agent who had investigated the case at the time. Like the Manhattan project, which resulted in the creation of the atomic bomb, it began as a challenge and ended up getting out of hand (saving the distance, of course).

The danger of botnets was popularized by another young man, a Canadian known as MafiaBoy. In the year 2000, this fifteen-year-old named Michael Calce attacked websites like Amazon, CNN, Dell, eBay, and Yahoo (which, at the time, was the world’s largest search engine). The strategy: overload their networks to make them collapse. It was one of the first recorded DDoS attacks. The prank highlighted the threat that this type of offensive poses to the integrity and stability of the Internet. Even without intention, even coming from children.

As cryptographer Bruce Schneier says, in the online world attack is easier than defense. The complexity of computerized systems translates into less security: more people and interactions involved, more errors in the design and development process. Attackers have a first-mover advantage, are often unconcerned with conventional law or ethics, and typically have more resources to access the latest technologies. This, together with the difficult attribution of online crimes and the prosecution of cybercriminals, added to the jurisdictional problems caused by the international nature of the network of networks.

We have gone from living in an intrinsically safe world to an intrinsically insecure one. Hundreds of years had to elapse between the invention of armor and the creation, much later, of the crossbow capable of penetrating it. Now, between security measures and countermeasures, it takes minutes or days or, at most, a few weeks. It is not possible to have a guarantee of absolute protection, and the attacks do not stop. One of the most cited studies on the frequency of online crime says that there is a cyber attack every thirty-nine seconds. The study is from 2007. Imagine how many attacks per minute there are today, more than fourteen years later and with a whole new arsenal of tools available to multiply cybercrime.

The possibilities of crime or crime online are also multiplied due to hyperconnectivity. We already said it before: practically everything is connected to the Internet, and what is not yet is on its way to being. Analog refrigerators, coffee makers or any type of appliance are in danger of being outdated because they are not online. Whether it makes sense or not doesn’t seem to matter much. We are in the age of smart objects: mobiles, speakers, sneakers, watches, T-shirts, bracelets, rings, sex toys and even fish tanks. Fishbowls! In fact, a fish tank connected to the Internet allowed a Finnish cybercriminal to steal data from the casino where it was installed.

This anecdote, which happened in the United States in 2016, illustrates how in the IoT (Internet of Things), the Internet of connected objects, even the most bland and supposedly stupid devices can serve as a gateway for cybercriminals who could cause significant damage. . There are already, and there will be more and more, objects of all kinds connected to the Internet, almost as far as the imagination reaches.

Little more than a decade ago, a radio or a truck were not susceptible to a computer attack. Now yes, because everything is becoming a computer: objects (including money), infrastructures, factories… People have also become connected entities, through pacemakers and other implants, insulin pumps or even microchips that the self-styled “cyborgs” ” are implanted voluntarily. The genius and figure of Elon Musk (among many others) wants to connect even our brain.

The Internet of things and the Internet of humans are added to the dry-cut Internet; an augmented Internet in which even things that don’t directly interact influence each other. The interconnections make it difficult to understand which system is failing. It may even be that neither is malfunctioning and that the cause is an insecure interaction of two systems that are separately secure. One hundred systems that interact with each other suppose five thousand interactions and, therefore, five thousand weak points. If a thousand systems interact, we are talking about half a million interactions. And so on. The increasing connectivity of all things and their interactions has another consequence: the field we now call “computer security” will end up being – as Schneier says – the security of everything. This opens two possibilities. One: that everything can be used against us. Two: that critical global infrastructure can be attacked. Both can lead to terrifying scenarios, as we have already seen.

* A distributed denial of service attack or DDoS (Distributed Denial of Service) is what its acronym indicates: an attack aimed at “denying” the service (or collapsing, or disabling) a server or an infrastructure. It is “distributed” because it is performed from multiple sources that send such a high number of requests to the target system that it becomes overloaded.