We often hear about the devastating potential of cyber-terrorism, or the dangerous vulnerability of our interconnected world to natural events like solar flares. Cyber-terrorism is not just a theoretical bee in some think-tank’s bonnet: it’s already happening. We’ve just been incredibly lucky, so far.
For example, an October 2020 attack on India’s power grid caused blackouts in Bombay. Ransomware attacks have targeted businesses around the world.
The common image of cyber-terrorism is one of pasty Russian hackers clicking away in a Saint Petersburg basement, or China’s 50 Cent Army manning workstations in Shanghai. But the most potentially devastating cyber-terrorism is surprisingly low-tech.
One of the closest calls in cyber-terrorism that you’ve never heard of took place in 2013 and involved little more than flashlights and rifles.
On April 16 2013, a team of highly skilled gunmen opened fire on the Metcalf Power Substation in San Jose California. In just under 10 minutes, they disabled 17 transformers and caused $15m in damages.
Even today, who carried out the attack and why remains unknown. But if their motives are mysterious, their potential is clear. The substation targeted supplies power to most of the Santa Clara Valley, centre of Silicon Valley and home to Facebook, Intel and Nvidia.
For all that it was low-tech, the attack was incredibly professional.
Of the 100+ shell casings found– all had been wiped clean of fingerprints. There were also stacks of rocks found all over the site, commonly used to gage firing distance. They knew exactly where to attack– shooting directly at the cooling fans, the weakest part of the transformer. They knew where to dig to disable fiberoptic cables, and the location of every camera.
PG&E engineers were able to reroute power, but it was a struggle to keep the power on during the attack.
The assault lasted only 19 minutes, but it caused $15 million in damage. It also became a harsh wake-up call for energy providers, who have since become obsessed with the physical security of their remote power stations.
CNN Business
While this particular attack didn’t have immediate far-reaching consequences, it did prompt the US government to run a simulated atack on the electrical grid. The report found that a co-ordinated cyber-terror attack could affect large parts of critical US infrastructure for weeks.
But it’s far from the only such low-tech, high-impact cyber-terror attack. Just months ago, an attacker in France simply opened the lids on pits and cut through fibre optic cables, cutting off the internet infrastructure of several major French cities.
A telecom engineer indicates that “around 3:20 am, 3:40 am and 5:20 am, cables from several long-distance fiber networks were partially severed.” These would be cables “from Paris to Strasbourg, Lyon and Lille”. These “long-distance” fiber optic cables make it possible to connect major French cities to each other, especially for infrastructures, such as data centers. It is also through this network that fixed Internet access (ADSL and fiber) circulates, and some telephone lines.
The Paris-Lyon line would have been the first sectioned, followed by Paris-Strasbourg, both belonging to the operator SFR, and widely used by Free. A third Paris-Lille line has finally been cut off, it belongs to another foreign operator. And the impact goes far beyond these large metropolises to spread to the entire area.
L’Obs
Although the sites where the cables were cut were relatively remote, actually accessing them was ridiculously easy for the attackers.
Even un-coordinated idiocy can have devastating effects, as Tasmania found out a few months ago, when two separate contractors cut through each of the fibre-optic cables which supply the island-state with internet across Bass Strait. Even wireless internet was knocked out. Fortunately, services such as the 000 emergency network were carried on a third cable, but it was a close-run thing.
