Hacking the News

10France-web-superJumboAttackers took control of the French TV network “TV5 Monde” this week. Claiming allegiance to the Islamic terrorists known as ISIS, they blacked out 11 channels for several hours and displayed an ISIS banner on the station’s website. The French government has started a terrorism investigation. [1]

While this is not the first time that a broadcast has been interrupted by cyber attack, it is in my view the most serious disruption to date of a major media outlet. I have two key points for you.

First, let’s note that it could well have been much worse. The day a terrorist group takes control a major media outlet to broadcast realistic fake news reports cannot be far away. And to get a sense of the scale of that calamity, consider what one single tweet using stolen Associated Press credentials did to the S&P 500 stock index, for example, on the day of the so-called “Hash Crash”, April 23, 2013. (The Syrian Electronic Army managed to send a false tweet about a hoaxed explosion at the White House. I happened to be in the control room of the Nasdaq at that moment, and watched as Wall Street lost $136B in value in the next two minutes, before stocks recovered. [2])

zombies

Second, let’s consider carefully what TV5 Monde’s director, Yves Bigot, said about the attack. “It was an extremely powerful attack. It had to be, because our [systems] are very well protected.” [3]

No technical details are available yet about today’s attack, but I am inclined to believe him. And that’s the point. No private company –  and few if any nation states – can prevent a disruption of its critical operations indefinitely. So while good preventive measures remain very important, resilience should be the new watchword. Recover quickly, with assurance that there’s no malware left behind in your systems, and keep your customers informed. Then soldier on.

Buckle your seatbelts. It’s going to be a bumpy ride.

Sources and Resources
[1] Fox News, French television network hacked by group claiming ties to ISIS, http://www.foxnews.com/world/2015/04/09/french-tv-network-hacked-by-group-claiming-ties-to-isis/?intcmp=latestnews
[2] Deutsche Welle, Twitter’s hash crash: social media and the financial markets, http://www.dw.de/twitters-hash-crash-social-media-and-the-financial-markets/a-16838715
[3] CNN, French TV Network hit by ‘powerful’ cyberattack, http://www.cnn.com/2015/04/08/europe/french-tv-network-cyberattack/

###

Mark Graff

Mark Graff is cyber security practitioner and thought leader for over 25 years, and is the Founder and CEO at Tellagraff, LLC.

Graff is a seasoned Chief Information Security Officer, having filled that role for NASDAQ for three years and Lawrence Livermore National Laboratory for nine. While at NASDAQ, Graff founded and chaired for the World Federation of Exchanges the first international organization of executives responsible for the cyber safety of the world’s stock exchanges. He was named Internet Security Executive of the Year for the Northeast United States in 2014.

Graff’s latest book, Enterprise Software Security: A Confluence of Disciplines (Addison-Wesley Software Security Series) explains how to work with software developers and security practitioners to produce integrated security solutions for business. His 2003 work, “Secure Coding: Principles and Practices”, has been used at dozens of universities around the world to teach how to design and build secure software-based systems.

Graff holds a B.S. in Computer Science from the University of Southern Mississippi. His base of operations is New York City.