THE HAGUE, May 16, (Agencies): The world may be close to a “serious act of digital sabotage” which could trigger unrest, “chaos and disorder,” Dutch spy chief Rob Bertholee warned Tuesday. Sabotage of critical infrastructure “is the kind of thing that might keep you awake at night,” Bertholee told a timely cyber security conference in The Hague, as global experts grapple with the fallout of a massive cyberattack over the past days. Digital threats “are not imaginary, they are everywhere around us,” the head of the country’s intelligence services (AIVD) told the conference organised by the Dutch government.
“In my opinion, we might be closer to a serious act of digital sabotage than a lot of people can imagine,” he told hundreds of experts and officials. Bertholee highlighted how in 2012 the computers at Saudi Arabia’s largest oil company came under brief attack, or how three years later Ukrainian electricity companies were hacked causing a massive blackout lasting several hours. The world’s infrastructure was heavily interconnected, which had huge benefits, but also “vulnerabilities”. “Imagine what would happen if the entire banking system were sabotaged for a day, two days, for a week,” he asked.
“Or if there was a breakdown in our transportation network. Or if air traffic controllers faced cyberattacks while directing flights. The consequences could be catastrophic.” Added Bertholee: “Sabotage on one of these sectors could have major public repercussions, causing unrest, chaos and disorder.” The threat of “cyber terrorism” from terror groups such as the so-called Islamic State jihadist and al-Qaeda was still limited, he said, but “jihadistinspired terrorism is the number one priority” of the Dutch intelligence services.
“The level of technical expertise available to a jihadist group is still insufficient to inflict significant damage or personal injury through digital sabotage,” Bertholee said. “They may not yet have the capability but they definitely have the intent,” he warned. Countries must be prepared for future threats in the digital domain, with governments and private sector working closely together, as this is “where our societies have become most vulnerable,” he said. Security researchers investigating the massive cyberattack campaign over past days on Tuesday reported signs that it might be slowing, and suggested a possible North Korean link. In the first clues of the origin of the massive ransomware attacks, Google researcher Neel Mehta posted computer code that showed similarities between the “WannaCry” malware and a vast hacking effort widely attributed to Pyongyang.
Europol meanwhile said the number of affected IP addresses around the world was 163,745 — a 38 percent fall from the 226,000 reported on Sunday.
Meanwhile, security researchers investigating the massive cyberattack campaign that sparked havoc in computer systems worldwide have reported signs of a possible North Korean link, but Europe’s cross-border police agency said Tuesday it was “too early” to draw a connection. After days of disruptions affecting networks worldwide, a top US official said the number of computers affected had reached 300,000, but that infection rates had slowed.
The code used in the latest attack shared many similarities with past hacks blamed on the North, including the targeting of Sony Pictures, said Simon Choi, director of Seoul internet security firm Hauri. “I saw signs last year that the North was preparing ransomware attacks or even already beginning to do so, targeting some South Korean companies,” he told AFP. Isolated, nuclear-armed North Korea is known to operate an army of thousands of hackers operating in both the North, and apparently China, and has been blamed for a number of major cyberattacks. But police agency Europol said Tuesday the investigation is ongoing, warning against a rush to judgement. “We are open to investigate in all directions, but we don’t speculate and we cannot confirm this. It’s still too early to say anything,” said senior agency spokesman, Jan Op Gen Oorth. “It could come from everywhere, it could come from any country.”
In November 2014, Sony Pictures Entertainment became the target of the biggest cyberattack in US corporate history, linked to its release of North Korea satire “The Interview”. More attacks were possible, Choi said, “especially given that, unlike missile or nuclear tests, they can deny their involvement in attacks in cyberspace and get away with it”. Israeli-based security firm Intezer Labs said it agreed with the North Korea attribution. The group’s chief executive Itai Tevet said in a tweet: “@IntezerLabs confirms attribution to North Korea for #WannaCry, not only because of the function from Lazarus. More info to come.”
Europol said the situation was “stable” after attacks that struck computers in British hospital wards, European car factories and Russian banks. But according to Michel Van Den Berghe, director of telecom group Orange’s cyber security arm, a “second wave” is to be expected. Russia, China and India have blamed the United States government for developing the original code. Tom Bossert, President Donald Trump’s top cyber and homeland security adviser, brushed aside suggestions that the attack stemmed from a flaw discovered by the US National Security Agency and later leaked. “This was not a tool developed by the NSA to hold ransom data,” he said, noting that no US government systems had been hit. “This is a global attack,” he added. Russian President Vladimir Putin earlier had suggested the United States bore responsibility.