The growing threat of worldwide hackers
Why we believe greater vigilance is needed at every level
Could hackers be responsible for the recent London Ambulance meltdown?
No one knows for sure, but a major investigation is currently underway to determine why London Ambulance Service’s IT system failed on one of the busiest nights of the year.
The computer-aided dispatch system, which logs emergencies and allocates ambulances, failed just after midnight on 1 January as revellers celebrated the beginning of 2017. For five hours call-takers had to process every incident using pen and paper, with control room staff limited to using radios to track and assign response units.
At least one 999 patient is now known to have died during the period computers were down, although it has not been established that the system failure contributed to their death.
While we don’t know whether the crash was actually down to hackers, Amethyst’s M.D Steve Howe believes it’s entirely possible.
“It occurred to me that the failure of the London ambulance service IT system during the New Year celebrations could perhaps be the result of probing hack attack,” he says.
“If we couple this with the recent report that an American utility company had found ‘Russian’ code in its software, it’s a possible explanation.”
Just last month, it was reported that an electrical company in the US state of Vermont found malware code allegedly used by Russian hackers on one of its company laptops. This happened the same week that the US expelled 35 Russian diplomats over alleged Russian interference in November's presidential election.
Moscow has strenuously denied any involvement in the hacking of the Democratic party and Hillary Clinton's presidential campaign.
The U.S Government alerted the electrical company - Burlington Electric Department - to the "Grizzly Steppe" code and the company said that it took “immediate action to isolate” the computer, which was not connected to the electrical grid.
According to a BBC report, Burlington Electric Department has said it is now "working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems".
The Washington Post, citing unnamed U.S officials, claimed Russian hackers may have targeted the American National Grid in an attempt to disrupt the utility’s operations or as a test to see if they can successfully penetrate a portion of the grid.
U.S officials believe Russia was previously behind the hacking of Ukraine's electrical grid in December 2015 (https://www.amethystrisk.com/news/hackers-have-the-power-to-leave-us-in-the-dark), said to be the first known power outage caused by a cyber-attack.
The hack plunged parts of the country into darkness and left about 225,000 people without power. Ukraine is a post-Soviet state that has had troubled relations with Russia and is now in effect at war with its neighbour.
“I think it is safe to assume that UK utilities and essential services have either been compromised or are already under attack,” says Steve.
“Greater vigilance and inspection is undoubtedly needed.”
Cyber-attacks are by no means new. In summer 2008, several Georgian Government websites were hijacked in the run-up to, and during, the Russian-Georgian war. The Georgian foreign ministry then accused Russia of waging "a campaign of cyber warfare".
According to BBC report last year, suspected Russian cyber-attacks against political opponents abroad go back at least a decade, and usually coincide with times of particular tension in relations. These latest accusations are happening at a time when Russia's relationship with the West is at its lowest since the end of the Cold War over the conflicts in Ukraine and Syria.
Just last week Russia, which denies all hacking claims, stated that it views the arrival of more than 3,000 US soldiers in Poland as a threat to its own security.
The troops are part of President Barack Obama's response to reassure NATO allies concerned about a more aggressive Russia. It is the largest US military reinforcement of Europe in decades.
So, what if anything, can we do? Every UK company, large or small needs to prepared against cyber-attacks of any scale. Companies need to check their systems are technically secure and not susceptible to flaws that could make them vulnerable to attack and misuse.
Amethyst’s Ross Thomson says that just taking a few simples measures can make all the difference:
“If companies focus on getting the basics right, i.e. assessing the risks, updating and patching their systems, training their users and conducting technical security tests then they will have minimised the risk of an opportunistic attack,” he says.