Thu. Dec 12th, 2024

Could a ‘Leave the World Behind’ style cyberattack cause chaos in real life?<!-- wp:html --><p>(L-R) Mahershala Ali, Myha'la Herrold, Julia Roberts, and Ethan Hawke in "Leave the World Behind."</p> <p class="copyright">Netflix</p> <p>In Netflix's "Leave the World Behind," an unknown entity shuts down communications across the US.The cyberattack is later explained as part of a "cost-effective way to destabilize a country."A cyberwarfare expert told BI an attack like this would require an immense amount of coordination.</p> <p><em>Warning: spoilers ahead…</em></p> <p>What would the most cost-effective military campaign to destabilize a country look like?</p> <p>According to Netflix's "<a target="_blank" href="https://www.businessinsider.com/leave-the-world-behind-netflix-mystery-noise-weapons-2023-12" rel="noopener">Leave the World Behind</a>," which is based on Rumaan Alam's novel of the same name and executive produced by the Obamas, that program begins with "isolation."</p> <p>In the film, internet and cellular services are shut down, cable is cut off, and transportation such as oil tankers, airplanes, and <a target="_blank" href="https://www.businessinsider.com/elon-musk-tesla-leave-the-world-behind-netflix-2023-12" rel="noopener">Teslas</a> mysteriously go haywire quickly.</p> <p>The goal, according to <a target="_blank" href="https://www.businessinsider.com/mahershala-ali-wins-oscar-2017-2" rel="noopener">Mahershala Ali</a>'s character, George 'G.H.' Scott, would be to make the target nation "as deaf, dumb, and paralyzed as possible" to cause confusion and eventually topple an already-divided country's government from within by sparking a civil war.</p> <p>Could hackers or a foreign adversary pull off a <a target="_blank" href="https://www.businessinsider.com/guides/tech/what-is-a-cyber-attack" rel="noopener">cyberattack</a> like the one seen in "Leave the World Behind"?</p> <p>The movie proposes a chilling scenario, but it's highly unlikely, <a target="_blank" href="https://www.businessinsider.com/guides/tech/what-is-cyber-security" rel="noopener">cybersecurity</a> experts say.</p> <p>Chad Heitzenrater, a senior information scientist at RAND Corporation specializing in cyberwarfare and a former government employee, told Business Insider that an attack as sophisticated and large-scale as the one in the film would require nearly impossible coordination.</p> <p>Heitzenrater noted that the views he expressed to BI do not reflect the views of RAND.</p> <p>"The planning that goes into it, and many of these operations just like any military operation … they're not guaranteed," Heitzenrater said. "So to have that many things you're going to act on, be <em>that</em> assured they're all going to work, and execute them in a timeframe that makes them all look that coordinated such that everything is out all at once — that would be a really heavy lift for anybody, even for a nation-state."</p> <h2><strong>Large-scale vs. small-scale</strong></h2> <p>Take, for example, how the film suggests that cellphone service was disrupted across all networks in the US.</p> <p>While there have been cases when cell networks have been shut down, Heitzenrater said that taking down the entire network of just one provider, such as <a target="_blank" href="https://www.businessinsider.com/category/verizon" rel="noopener">Verizon</a>, which owns its telecommunications network, "would be hard to imagine."</p> <p>There could be some aspect of a provider in which a bad actor can take advantage of a vulnerability that can impact its entire network — in his field of work, Heitzenrater says he's not one to say anything is impossible — but a "far more likely" scenario would be a "more regional or limited" impact on one cellphone network.</p> <p>The same goes for the widespread impact of transportation. In the film, the navigation systems of ships, airplanes, and Teslas are somehow overridden. A more plausible plan would be a localized impact on planes since air travel is increasingly automated, Heitzenrater said.</p> <p>Jasson Casey, CEO of Beyond Identity, an authentication platform, told <a target="_blank" href="https://www.bloomberg.com/news/newsletters/2023-12-20/leave-the-world-behind-could-netflix-movie-s-cyberattack-actually-happen" rel="noopener">Bloomberg</a> that hacking boats and planes and sending "fake navigation signals" is possible, but "most of the planes and boats still have an ability for the crew to take over if something seems amiss."</p> <p>"I don't even think this would be likely," Heitzenrater said, adding that a more concerning scenario would be if someone were to disrupt the Federal Aviation Administration's computerized planning systems, in which case flights would have to stay grounded until the problem is solved.</p> <h2><strong>Is cyberwarfare cheap?</strong></h2> <p>Whether a cyberattack of this level is "cost-effective" is also hard to say.</p> <p>"If I could answer that question, I would have one of those papers that everybody references," Heitzenrater said.</p> <p>But an operation of this scale certainly wouldn't be cheap.</p> <p>What can make a cyberattack "cheap" is that vulnerabilities in a particular system can sometimes allow hackers to impact a lot of targets, and the bad actor can use that vulnerability repeatedly, he said. And in the case of one cybercriminal taking advantage of some vulnerability through, for example, ransomware, the operation would be fairly inexpensive.</p> <p>But on a larger scale, finding vulnerabilities across multiple sectors would require immense reconnaissance or intelligence gathering.</p> <p>"When you think about it in that aggregate, then it's not as cheap," Heitzenrater said.</p> <div class="read-original">Read the original article on <a href="https://www.businessinsider.com/netflix-leave-the-world-behind-movie-cyberattack-real-life-2023-12">Business Insider</a></div><!-- /wp:html -->

(L-R) Mahershala Ali, Myha’la Herrold, Julia Roberts, and Ethan Hawke in “Leave the World Behind.”

In Netflix’s “Leave the World Behind,” an unknown entity shuts down communications across the US.The cyberattack is later explained as part of a “cost-effective way to destabilize a country.”A cyberwarfare expert told BI an attack like this would require an immense amount of coordination.

Warning: spoilers ahead…

What would the most cost-effective military campaign to destabilize a country look like?

According to Netflix’s “Leave the World Behind,” which is based on Rumaan Alam’s novel of the same name and executive produced by the Obamas, that program begins with “isolation.”

In the film, internet and cellular services are shut down, cable is cut off, and transportation such as oil tankers, airplanes, and Teslas mysteriously go haywire quickly.

The goal, according to Mahershala Ali‘s character, George ‘G.H.’ Scott, would be to make the target nation “as deaf, dumb, and paralyzed as possible” to cause confusion and eventually topple an already-divided country’s government from within by sparking a civil war.

Could hackers or a foreign adversary pull off a cyberattack like the one seen in “Leave the World Behind”?

The movie proposes a chilling scenario, but it’s highly unlikely, cybersecurity experts say.

Chad Heitzenrater, a senior information scientist at RAND Corporation specializing in cyberwarfare and a former government employee, told Business Insider that an attack as sophisticated and large-scale as the one in the film would require nearly impossible coordination.

Heitzenrater noted that the views he expressed to BI do not reflect the views of RAND.

“The planning that goes into it, and many of these operations just like any military operation … they’re not guaranteed,” Heitzenrater said. “So to have that many things you’re going to act on, be that assured they’re all going to work, and execute them in a timeframe that makes them all look that coordinated such that everything is out all at once — that would be a really heavy lift for anybody, even for a nation-state.”

Large-scale vs. small-scale

Take, for example, how the film suggests that cellphone service was disrupted across all networks in the US.

While there have been cases when cell networks have been shut down, Heitzenrater said that taking down the entire network of just one provider, such as Verizon, which owns its telecommunications network, “would be hard to imagine.”

There could be some aspect of a provider in which a bad actor can take advantage of a vulnerability that can impact its entire network — in his field of work, Heitzenrater says he’s not one to say anything is impossible — but a “far more likely” scenario would be a “more regional or limited” impact on one cellphone network.

The same goes for the widespread impact of transportation. In the film, the navigation systems of ships, airplanes, and Teslas are somehow overridden. A more plausible plan would be a localized impact on planes since air travel is increasingly automated, Heitzenrater said.

Jasson Casey, CEO of Beyond Identity, an authentication platform, told Bloomberg that hacking boats and planes and sending “fake navigation signals” is possible, but “most of the planes and boats still have an ability for the crew to take over if something seems amiss.”

“I don’t even think this would be likely,” Heitzenrater said, adding that a more concerning scenario would be if someone were to disrupt the Federal Aviation Administration’s computerized planning systems, in which case flights would have to stay grounded until the problem is solved.

Is cyberwarfare cheap?

Whether a cyberattack of this level is “cost-effective” is also hard to say.

“If I could answer that question, I would have one of those papers that everybody references,” Heitzenrater said.

But an operation of this scale certainly wouldn’t be cheap.

What can make a cyberattack “cheap” is that vulnerabilities in a particular system can sometimes allow hackers to impact a lot of targets, and the bad actor can use that vulnerability repeatedly, he said. And in the case of one cybercriminal taking advantage of some vulnerability through, for example, ransomware, the operation would be fairly inexpensive.

But on a larger scale, finding vulnerabilities across multiple sectors would require immense reconnaissance or intelligence gathering.

“When you think about it in that aggregate, then it’s not as cheap,” Heitzenrater said.

Read the original article on Business Insider

By