Thursday, 13 October 2016
2015 French TV Attack Highlights Network Vulnerability
Do you remember the April 2015 cyber-attack against France's TV5Monde? If so, you may remember the immediate speculation that the attack was linked to the Islamic State and an attempt to further rattle the nation, just months after the Charlie Hebdo attack. Well, investigators have learned a lot since then.
First, the attack was not the work of the so-called Cyber Caliphate as first reported. Investigators now have strong reason to believe the attackers were Russian hackers who used malicious software to destroy the broadcast systems at the TV5Monde network.
More importantly, we have learned just how vulnerable networks are to well-designed software. The attack on the French network was not particularly sophisticated, but it moved very quickly and effectively, once it got started. According to the BBC, TV5Monde was within hours of a complete collapse when one of the network's engineers located the computer where the attack originated and removed it from the system.
TV5Monde had begun broadcasting hours earlier when, for no apparent reason, all 12 channels went black. It wasn't long before network officials figured out they were experiencing a serious cyber-attack. TV5 director-general Yves Bigot credits his engineering staff for identifying the problem and intervening before it was too late.
The attack was successful because it was targeted and because it combined organisation and speed. Investigators discovered that the hackers carried out sophisticated recon against the TV network to figure out the station’s system before launching the attack. They then created software that attacked the network's hardware in a sequential manner, corrupting the systems responsible for transmitting television signals.
Interestingly enough, the hackers did not use a single point of entry. In fact, the BBC says there were seven points of entry. Even more interesting is the fact that not all of those points were in France or even a direct part of the TV5Monde network. One was a Dutch company that sold TV5 some of their studio cameras.
The attack on TV5 should be a reminder of the vulnerability of computer networks. Engineers could have completely shut down the system, wiped it clean and started over from scratch had it been necessary, but by that time the damage would have been done. As Mr Bigot explained to the BBC, any prolonged outage would likely have resulted in the cancelling of broadcast contracts en masse, leading to the collapse of the network under the financial strain.
In terms of cyber-attacks, this is where the real problem lies. A computer system can be repaired just like a building attacked in conventional warfare can be rebuilt. But any harm caused by a cyber-attack is capable of producing significant financial stress that could lead to a total collapse.
Disaster was averted in France last year. Next time, things might not go so well. Thus we need to be ever more diligent about protecting our networks at all costs.