Stephen Norman's first novel is based on personal observation of the terrifying potential of cyber crime
Saturday, 25 February, 2003. Before dawn. My Blackberry is ringing. Groggy, I answer. It's Liz, head of the bank's disaster recovery team, to tell me that our networks are down. "They think it's a virus, but they don't know. We can't see anything. The datacentres, desktops. The phones in Jersey don't work. I can't even get to the internet."
Four stress-filled hours later, we knew that we - and the Internet - had been attacked by SQL Slammer. Slammer was a vicious creature, a tiny worm that fitted inside a single network packet and infected Microsoft SQL Server databases. Each infection would spawn random broadcasts, looking for other nodes on the network in such horrendous volumes that the network routers themselves couldn't keep up and traffic stopped. Not just data traffic. We had recently installed an IP-based phone system. So guess what? Even the phones didn't work.
Most of the malware back then was created by young techies, pitting their technical ingenuity against Microsoft and the establishment. The creator of Slammer was probably a member of 29A, an elite group of young coders. Times have changed. The teenage mischief makers have been replaced by two new and more sinister groups, with new motives. They want money, and they want power.
The first group are well organised criminal gangs whose motive is financial. They mount elaborate schemes to steal from your bank account or demand a ransom for leaving you alone (like the WannaCry virus that devastated the NHS), or they steal personal data that can be used later for identity theft. The attack on the Equifax credit reporting agency in May this year led to the theft of credit card details of 149 million Americans and 700,000 Britons. The attackers will probably benefit by selling this data to others in murky corners of the web.
The second group are nation states. We can only guess at their motives, but one presumes they include commercial espionage and preparation for war. The poster child for military cybercrime was the Stuxnet worm, which attacked the Iranian nuclear processing plant at Natanz and instructed the uranium centrifuges to spin faster than they were designed to, thereby blowing them up. Of course, no nation has claimed responsibility for Stuxnet, but no one doubts that it resides somewhere between Washington and Tel Aviv.
Stuxnet was not just an early example of cyber warfare, but also a harbinger of a new kind of danger: digital attacks that destroy through their physical effects. (You might say SQL Slammer was also in this category: Slammer took out Merrill Lynch's network routers as effectively as pulling out the power cable.) The Internet of Things (IoT) is arriving with extraordinary speed. The internet is no longer a network of computers but a network of physical devices that can be controlled through it.
The IoT presents a target-rich environment, both for professional criminals and for nation states. In Trading Down, my novel about cyberterrorism, a bank is threatened with destruction when someone shuts down the cooling to a datacentre by reprogramming the software that manages the chillers. What need does a terrorist or a hostile power have of explosives if they can shut down the engines of a jet, or turn off the power to New York, or spoof the GPS system so that everything GPS-controlled thinks it is 20 miles east from where it actually is?
You might think this last item is fantasy, but last summer the New Scientist (10/8/17) published an article entitled "Ships fooled in GPS spoofing attack suggest Russian cyberweapon". The master of a ship off the Russian port of Novorossiysk discovered his GPS had put him in the wrong spot - more than 32 kilometres inland, at Gelendzhik Airport! He checked with nearby ships, and their GPS systems placed them all in the same airport. At least 20 ships were affected.
The IoT is the new Wild West for cybercrime, and especially for the new players, the criminal gangs and the nation states. But it is not the only frontier. The other is DATA.
We all know - or think we know - what data is. We are beginning to be uncomfortably aware of just how much Facebook or Google knows about us. What we don't think about is the catastrophic consequences that would result from destruction or - more insidiously - manipulation of the information that drives almost every aspect of our lives, from our cars, our phones, our suppliers, our financial system and our governments. In the climax of Trading Down, a large bank is threatened by a rogue software program that corrupts its thousands of databases. As I wrote it, I was forced to reflect more deeply on the consequences. I decided that the bank would be destroyed as swiftly and as comprehensively as Lehman Brothers, and with more disastrous consequences for the rest of the financial system.
In short, the new hostile forces in cyber - both criminals and nation states - will exploit the Internet of Things, and your dependence on data, to steal and destroy. The Cold War is over. Welcome to cyber wars.
Stephen Norman spent 20 years at the forefront of investment banking IT in a range of roles including chief technology officer at Merrill Lynch and cio of RBS Global Markets. In 2012, he left the world of finance to focus on his writing. Trading Down, his first novel, is published by Endeavour Press today (9 November).