Dr. Tommy Morris says Redstone Arsenal, businesses in the Huntsville area and even home networks are high-value targets.
Michael Mercier / UAH
Could Russian hackers make the lights go out in Huntsville?
That鈥檚 just one cybersecurity question that鈥檚 top of mind in this national defense-oriented city, the home of Redstone Arsenal, following the Russian invasion of Ukraine and the imposition of United States sanctions.
Huntsville is used to being one of Moscow鈥檚 top nuclear warfare targets since the Cold War. In the current conflict it鈥檚 possible Huntsville could be a direct Russian target, says a local expert who has been tracking Russia鈥檚 cyberattacks against Ukraine, but not probable.
鈥淩ussia attacking U.S. critical infrastructure in a way that affects our society seems unlikely to me because we would know where the attack came from and we might respond in kind,鈥 says Dr. Tommy Morris, interim chair of the Department of Electrical and Computer Engineering and director of the Center for Cybersecurity Research and Education at 糖心原创出品 (UAH), a part of the University of Alabama System.
鈥淐yberattacks are not governed by mutually assured destruction like nuclear bombs. Nations use cybersecurity attacks because they are inexpensive and generally nobody dies,鈥 he says. 鈥淚f a nation attacks critical infrastructure and causes loss of life, directly or indirectly, that would hopefully not be tolerated.鈥
Yet Russia has the power to cyberattack, or more commonly those working independently with Russian encouragement do.
鈥淗ackers can make the lights go off,鈥 says Dr. Morris.
鈥淩edstone Arsenal is a Federal Center of Excellence with a great deal of research and development, logistics and supply, intelligence and law enforcement activity,鈥 he says. 鈥淭his makes Redstone Arsenal, businesses in the area and even our home networks high-value targets. Our home networks are targets because our family members work at Redstone or at local companies involved in the high-value target areas.鈥
Suspected Russian hackers have been tied to some of the largest attacks in the U.S. since 2020. The SolarWinds attack in 2020, for example, hit federal government agencies. Ransomware attacks shut down a major fuel pipeline and caused disruptions at JBS, one of the country鈥檚 largest meat plant operators.
Usually the hackers can't be openly linked聽to the Russian government because聽it could compromise intelligence聽sources, but they operate with its consent and perhaps even its encouragement, and they seem to have an affinity for large U.S. systems.
The electrical grid isn鈥檛 the only way Russian linked hackers might be able to play havoc, Dr. Morris says.
鈥淥ne attack that has grown in recent years is attacks on money transfers. Banks send money electronically with systems developed a relatively long time ago,鈥 he says.
鈥淭hese systems are vulnerable and criminals have been able to steal large amounts of money. Since many of the recent sanctions are financial in nature, Russia and their proxies could attempt to steal money by attacking these financial transfer systems.鈥
Ransomware is the type of attack most likely to affect small business and individuals.
鈥淐riminals run ransomware operations to encrypt any computer鈥檚 data they can find,鈥 Dr. Morris says. 鈥淭hey charge ransom to give you your data back. Sometimes they have no intention of giving your data back.鈥
Such attacks are disruptive at a minimum, he says, and could be a way for a country to attack another nation鈥檚 individuals.
鈥淎nother threat that is growing is attacks on cryptocurrency like Bitcoin, Ethereum, Dogecoin, etc. wallets,鈥 he says. Wallets are the electronic storage areas for cryptocurrency owners.
鈥淚f you are dabbling in cryptocurrency, be careful,鈥 Dr. Morris says. 鈥淭his theft is extremely hard to trace and there are no protections such as you might get from a credit card company or from the Federal Deposit Insurance Corporation for a bank account.鈥
Protecting yourself from cyberattack is mostly about using good cyber hygiene and not being an easy target, he says. Start off by using complex passwords and changing your passwords regularly. Don鈥檛 use the same password for all accounts, and install a virus scanner on your computer and make sure it runs.聽Don鈥檛 click on links in emails.
A tremendous amount of work and money has been directed at defending critical U.S. infrastructure from attack, Dr. Morris says. Those efforts include development of cybersecurity standards, deployment of solutions in many places and development a robust cybersecurity industry, as well as a robust incident response capability.
鈥淗owever, we have far more computers than cybersecurity professionals to bring cybersecurity best practices to all corners of our networks,鈥 he says. 鈥淏ecause of a shortage of cybersecurity professionals many systems remain vulnerable to attack even though we know how to defend them.鈥
Hackers penetrate systems in attacks like SolarWinds, or they use email attacks or social media attacks.聽Lower-level Supervisory Control and Data Acquisition (SCADA) systems can make easy targets, though much has been done to strengthen the security in the last five years.
鈥淪CADA systems are computers and networks that control electric power, water treatment and distribution, gas pipelines, factory automation and other critical infrastructure,鈥 Dr. Morris says. 鈥淪olarWinds, email attacks and other penetrations allow attackers to look around and pivot to access high value targets they find inside networks. Once they are in, they can install back doors and come back with later attacks.鈥
One example is an attack attributed to Russia against Ukraine at Christmas in 2015.
鈥淎ttackers sent an email with a MS Word document attached. The Word document included malware that installed a back door,鈥 says Dr. Morris. 鈥淎 spear phishing attack was used to send this bad email to employees of a Ukrainian electric utility.聽When that email attachment was opened, it installed the back door. Attackers used the back door to turn off power to hundreds of thousands of customers over Christmas.鈥
In the U.S., what other countries want to do inside SCADA systems is implant back doors and logic bombs.
鈥淭hey don鈥檛 necessarily want to take out our critical infrastructure now,鈥 Dr. Morris says. 鈥淏ut, if we go to war or if they want to send us a message, they want to be able to attack later.鈥
U.S. technical advancement also makes the country vulnerable to cyberattacks.
鈥淩ussia has in the last 10 years launched many cyberattacks of many types against Ukraine,鈥 Dr. Morris says. 鈥淯kraine has developed good cybersecurity response capabilities, in cooperation with cyber defenders worldwide.鈥
Generally, Ukraine has bounced back from the worst attacks in a few days.
鈥淭his is at least partially because their society is not as dependent on the internet as we are,鈥 Dr. Morris says. 鈥淭he United States may not be so lucky.鈥