A smart hacker with some amount of funding or support can get away with anything. There would be no way to find who they were. Hackers have probably turned themselves into millionaires without the story ever receiving public attention, we will never know the worst thing.
This post was edited by ITpro at November 6, 2016 5:35 AM MST
Internet traffic is traceable - even I've used the "properties" facility" to prove I was right to suspect some e-posts as fraud attempts because it revealed the originating country - but even if you discover the source computer you won't necessarily find the culprit unless he or she had launched the attack from the family home or some other private computer.
I do not know if at attack can be transmitted from any public computer such as in an internet-café or public-library by using a USB memory, but if so it would probably be impossible to find the attacker.
It seems we are all potential targets Durdle. I heard a day or so ago that one of the fears about the Tuesday, November 8 American Presidential election is that our power grid could be attacked or some other kind of attack could take place specifically to disrupt the voting process. What happens if the power grid goes down? I don't know how massive an attack it would take to do that but wouldn't it affect airline flights, the internet, everything? How serious an attack would that be and how long would it take to get things back up and running and how deep could the damage/destruction go? I'm very ignorant about such things so I worry a lot. Maybe you worry more because you know more but I worry plenty. I don't know if knowing less or knowing more is worse?Thank you for your reply and Happy Sunday! :)
I don't know, in fact no-one except select teams of its own managers should know, how vulnerable the American (or indeed British) power supplies are to such attack - but all the most important services should have their own protection from power-cuts anyway.
Large IT services such as the Internet servers and their equivalents within companies, are fitted with "Uninterruptable Power Supplies". These are big battery-packs with electronic controls that keep the batteries charged and can switch demand to them extremely rapidly. These might not allow full service but are enough to keep the system ticking over without major data loss until the mains power is restored. Such systems only guard against power-failure, not digital attack, but if the organisation's system is being looked after properly it should be extremely difficult to hack, and protect itself against the first signs of an attack.
Most hackers succeed because their victims have not protected their computers sufficiently well. A common fault is weak passwords, including surprisingly, people keeping the default password which may indeed be "Password".
Most major organisations and facilities such as large telephone-exchanges, hospitals and very likely airports have stand-by generators. These might not supply everything normally available, but in an airport the shops, cafes and so on do not matter as long as the air-traffic control, runway lights and other important areas are kept running.
Could a major IT attack disrupt the US election? I have no idea, partly because I do not know how it is carried out. A straightforward loss of power would simply make it hard to complete the process universally and post the results in a timely and efficient manner. Any on-line voting system it would have to be an extremely secure indeed, with software guarding against all sorts of malware including any designed specifically to manipulate vote-numbers without actually stopping the voting.
I would guess any such attack would be from a hostile foreign government rather than "ordinary" criminals; but one has to ask how safe your country's national IT systems are? Presently, an autistic man in his 30s is the subject of an extradition application from America for entering US Govt. systems merely from his computer at home in Britain. I believe this is not the first such incident, and if an amateur home PC user could do it then someone like the Russian or Chinese security-services would find it child's (or teenager's?) play. One must wonder who is the genuinely culpable party in such cases. I don't know whom China or Russia wants to win your Presidential Election, but they are not the only foreigners interested in the result, and the idea that a foreign country could interfere in your election is very alarming for everyone...
The UK's elections are by ballots in which you mark your choice in pencil on a slip of paper, and the slips are put into secure boxes for subsequent manual counting by teams of tellers. The most an IT attack or power-cut would do there is delay completion of the election and results announcement temporarily: annoying for everyone, especially the politicians and the vast numbers of prattling News pundits, but hardly world-ending!
A last thought here on your nation's politics and US and UK reporting on them.... Why do I have a growing suspicion about the e-mails said to been written by Hillary Clinton all by herself? The number allegedly found seems to keep rising. I neither support nor oppose either her or Donald Trump, and know little or nothing of their genuine political skills, credentials and aims, but both sides need fair treatment and I've a niggling doubt that she even found the time to send as many as sometimes apparently reported.
There are a few that have never been identified and/or caught. Some are known to be hackers but are good enough to leave no usable trace. Jester has been making plays and remained mostly unscathed for example.
It's hard if the authorities want to find you. It takes a lot of discipline and vigilance. It only takes one mistake. Small mistake to put your identifiable trace on a hack. I mean Sabu got caught because he logged onto IRC one time for about 5min and had the FBI at his door. His getting popped brought down a whole collective.
An example of tracing occurred in the UK a few years ago, when an innocent man was caught up in a massive but not-ever-so-well-run Police operation to catch a paedophile ring. He was able to do something the Police failed to do: engage an expert in IT security to trace the routes of his supposed purchases of material by credit-card. The criminals had hacked his computer and bank account to deflect surveillance, but careful analysis revealed he had simply been used, entirely unknown to him.
It's a frightening thought that this could even occur, but it's possible his own PC's security software was weak or flawed.
A common fraud or money-laundering attempt is to send what might look like genuine responses to private 'For Sale' ads in fora dedicated to particular hobbies that need fairly expensive equipment. Usually, ropey English, strange offers well (e.g., well above the sale value) and requests to pay in odd ways give them away. In an effort to guard against this, Model Engineer magazine's web-site now accepts advertisements only from people who have actively posted a minimum number of proper contributions to the site.
The difficulty is that even if the source computer is traced you don't necessarily have the individual, and proof may be hard to find, especially if the criminal is in a far-away country with a very different law-enforcement systems with which your own Police force and diplomatic service has only tenuous links.
I received a suspicious e-mail lonely yesterday. It purported to be from a friend according to the sending address, but the copy was not quite correct, and the message line not merely gibberish, but merely a complicated link. "Properties" told me nothing of its source and nature, and I deleted it. Recently I looked at a cafe's web-site so I could book a table, and found some cheapskate pornographer was trying to parasitise on it. Google helpfully told me this - though it was obvious from the name!
Timely discussion, given that the supermarket company Tesco has just had the bank it owns attacked sufficiently comprehensively for the thieves to syphon money from thousands of individual customers' accounts. The hackers must have discovered a basic weakness in the bank's security.
Durdle 