The nightmare defeat of fleets disabled by computer viruses, a premise of the popular TV show Battlestar Galactica, is haunting some in the US Navy. Air gap jumping malware may undermine one of the pillars of America’s military might.
The concern over potential vulnerability of US warship was voiced last week by retired Capt. Mark Hagerott at the Defense One conference. He cited reports of a new type of computer virus, which may be able to spread using ultrasonic waves emitted by built-in speakers.
If true, it would be the next practical step for malware as compared to jumping from computer to computer through portable USB drives, which was the vector of infection for Stuxnet, the virus that the US and Israel allegedly made to disable Iranian uranium enrichment centrifuges.
"If you take a cybernetic view of what's happening [in the Navy], right now our approach is unplug it or don't use a thumb drive," Hagerott, who is now deputy director of cyber security for the US Naval Academy, told the conference in Washington. But if hackers "are able to jump the air gap, we are talking about fleets coming to a stop."
He was referring to the received wisdom that said that if a computer network is not connected to internet – separated from it by an air gap – it was better protected from hacker attacks. Iran’s experience with Stuxnet showed that a determined attacker has ways to circumvent it, but the new type of virus Hagerott was referring to would not require an intermediary.
"That would disrupt the world balance of power if you could begin to jump the air gap," he said.
The virus in question is nicknamed ‘badBIOS’ by cyber security expert Dragos Ruiu, who has been studding it for the last three years. It infects computer firmware and shows unusual behavior, including an apparent ability to jump the air gap, Ruiu says.
He cites an experiment he conducted in which an infected computer could exchange encrypted packets of information with another infected computer, even after it had its WiFi and Bluetooth cards removed and mains unplugged.
"The air-gapped machine is acting like it's connected to the internet," Ruiu said as cited by an Ars Technica report. "Most of the problems we were having is [sic] we were slightly disabling bits of the components of the system. It would not let us disable some things. Things kept getting fixed automatically as soon as we tried to break them. It was weird."
The exchange however stopped when Ruiu removed the internal speaker and microphone connected to the air-gapped machine. This would indicate that high frequency airwaves were crucial for communication, although it doesn’t prove that infection of a clean computer is possible in this manner.
In Battlestar Galactica, a humanity-hating robotic race of Cylons had a decisive advantage over humanity because they could infect any kind of computer networks no matter how they were protected. The titular warship managed to survive a surprise Cylon attack because it was obsolete and didn’t have any networks to infect.
The same scenario is possible in real life, Hagerott speculates. US fleets may be forced to go back to instrumentation used in the early 1900s in response to a crippling hacker exploit, which could shut down or even hijack its software.
This kind of cyber-attack "gives you a nonlethal warfare capacity at sea," Peter Singer, a Brookings Institution national security analyst, said in an interview after speaking at the Defense One Summit. Commanders could order something like, “Don't let this enemy fleet seize these island chains, but also don't let it turn into a shooting war.”
Singer however was viewing the US as the power holding the fleet killer switch in the speculative scenario.
Using high-frequency sound for communication has a historic record. For instance the very first TV remote controls utilized it rather than infrared light. Currently however ultrasound communication is restricted to underwater environment, due to range restrictions and available alternatives using radio waves.