Earlier this year, a game called 'Watchdogs' was released for Playstation 3, PC, and Xbox 360. At the center of this game's concept was that normal people could harness the power of technology to manipulate weaknesses within computer systems. Notably, the game depicts the protagonist hacking into, and altering traffic light signals in the city of Chicago, IL.
At this year's hacker conference in Las Vegas, DefCon, a group of European hackers replicated exactly this activity: they had found that the system to change traffic lights sent all its information completely clean and un-encrypted. Now, in the hacking community (especially one as large as the DefCon network) this is potentially a terrible thing: if such vulnerabilities are common among the systems used in metropolitan cities then anybody with some transmission equipment and a little knowledge of software could have total control over the systems managing infrastructure in a city. DefCon itself is essentially a network of hackers, dedicated to pioneering new skills, teaching people with an interest in hacking, and finding security flaws to exploit in websites and systems across the globe.
The clever hacker behind this stunt, "Cesar Cerrudo" a CTO at IOActive Labs, has said "I'm just pointing out the problem, I'm not creating it" - which is entirely correct, in that he made no effort to breach the security of the Las Vegas traffic control's systems, but instead made them aware of the problem so it may be fixed more quickly. It is notable that Cerrudo has also published the hacking technique publicly, perhaps in a move to drive cities across the world to be more diligent in the face of such simple, yet pivotal system security.
This display is reminiscent of the 'SHODAN' search engine, which, rather than aggressively trying to punch holes in security systems and encryptions, simply takes advantage of existing flaws within the systems in place.
The people of DefCon are of the opinion that the way to make the world's systems safer is to expose potential flaws and threats before they can be exploited with harmful intentions. Hence, this somewhat ostentatious hack attack by the hackers of DefCon is less an boasting show of force, but more a white hat hacker's way of telling Las Vegas city management to tighten up their security on basic, but fundamental systems in the city.
7 Comments - Add comment