The Shmoocon security conference was warned by Cris “SpaceRogue” Thomas that after 35 years of cyberwar, the squirrels were winning.
He presented data gathered by CyberSquirrel 1, a project that gathers information on animal-induced infrastructure outages collected from sources on the Internet.
Thomas said that there was a lot of “FUD” around cyber-attacks on critical infrastructure, citing dire predictions from many sources. Government officials such as the Federal Energy Regulatory Commission Chairman Cheryl LaFleur declaring that “one [successful cyber attack] is too many”.
Thomas likened the government’s posture to the Cheney Doctrine, also known as the “One-Percent Doctrine.” As Thomas explained, that doctrine is “if there’s a one percent chance of something occurring, we must employ 100 percent of our resources to prevent it. This is essentially [what happened with] Iraq, and we’re now applying it to cyber and equating cyber to nukes and [mutual assured destruction]. It really doesn’t work that way.”
Many of the cases where “cyber” has been attributed to incidents with energy infrastructure turned out to be false alarms. Even in the few cases where a network intrusion resulted in disruption of the electrical grid—specifically in Ukraine, where two attacks caused power outages—the impact was relatively brief and was comparable to outages caused by other factors, Thomas noted.
For this reason, he launched CyberSquirrel1. Which collected web data on successful squirrel attacks against the power grid in 2016. Of course, squirrels are not the only hackers working on the electricity grid there are birds, snakes, raccoons, and rats. In one case a jellyfish shut down a nuclear power plant in 2013.
CyberSquirrel1’s data so far has tracked “over 1,700 outages, affecting nearly 5 million people,” Thomas noted which is enough to take out the power for the San Francisco metropolitan area for two months.
There have been eight deaths attributed since the tracking began to follow animal attacks on infrastructure—six caused by squirrels downing power lines that struck people on the ground.
Basically frogs have been more successful than hackers in bringing down the US power grid (three attacks) but squirrels are the best cyberwar leaders carrying out 879 successful attacks against infrastructure.
Apparently there was a swan that performed the denial of service attack on a train in the UK which just goes to show the power of the animal kingdom.