Schneier on Security
A blog covering security and security technology.
« Ricin as a Terrorist Tool |
| Friday Squid Blogging: Sperm Consumption in the Southern Bottletail Squid »
June 14, 2013
Sixth Annual Movie-Plot Threat Contest Semifinalists
On April 1, I announced the Sixth Annual Movie Plot Threat Contest:
I want a cyberwar movie-plot threat. (For those who don't know, a movie-plot threat is a scare story that would make a great movie plot, but is much too specific to build security policy around.) Not the Chinese attacking our power grid or shutting off 911 emergency services -- people are already scaring our legislators with that sort of stuff. I want something good, something no one has thought of before.
Submissions are in, and -- apologies that this is a month late, but I completely forgot about it -- here are the semifinalists.
- Crashing satellites, by Chris Battey.
- Attacking Dutch dams, by Russell Thomas.
- Attacking a drug dispensing system, by Dave.
- Attacking cars through their diagnostic ports, by RSaunders.
- Embedded kill switches in chips, by Shogun.
Cast your vote by number; voting closes at the end of the month.
Posted on June 14, 2013 at 12:20 PM
• 113 Comments
To receive these entries once a month by e-mail, sign up for the Crypto-Gram Newsletter.
I vote for 1 - definitely a bond film :)
I vote for #4. The statement by the auto manufacturers is genius, explaining how everyone on Earth except them is responsible for the disaster.
Suitably dramatic, very large scale. The over-reaction to counter it would cripple international communications worldwide.
I really liked the idea that some business would incentivize the use of some technology that would be part of the attack vector.
I like #4, the attack on cars -- though reparations would be new PCMs rather than new vehicles. But my vote is for #5 as the best. I love the layered attack; an exciting action movie plot requires ever increasing tension and hightening risk to the protagonist/hero.
Dang, they're all clever!
I vote #5 since it sounds like possibly the most compelling as a movie to me.
#2, love the back story. And just think of the special effects as giant tidal waves thunder down upon the palace in Amsterdam
I vote for 2 (attacking Dutch dams) as this scenario seems more plausible to me, with devastating consequences. I also liked 4 and 5. Scenario 1 is unlikely as most satellites would burn in re-entry.
#1. It would make the best movie with all of the explosions and special effects.
#1 feels the most Hollywood.
If they make the movie, Benedict Cumberbatch can play the villain.
#2. I think it is the best example of what Bruce is looking for. Others may be more "Hollywood" or make a better movie, but #2 seems to fit the movie-plot threat the best.
#4. And hope no one suggests a cheaper alternative of replacing the silicon instead of the whole car.
I vote 4 b/c automotive hacking is an up and coming big media issue and the scenario is well-done.
Mostly because it reminds me of Apollo 13, which is hands down the movie that has scared me the most in my entire life.
Although I must admit, I thought it was going to be something along the line of "re-positioning the GPS satellites so [important entity] ends up in [disastrously wrong place]."
Something similar to #5 was in David Gerrold's Cthorr series - a hardware backdoor in every chip that additionally had an explosive charge.
Idea of the attackers being unaffected because their culture (presumably) doesn't use the surface. Industry believing the diversion is the real attack - people think just the dispensers are faulty instead of the printers too. Rampant poor security already in that industry. All comes together quite well. It could end with Castro taking chemo medication that he knows could be any one one of thousands of solutions thanks to his intervention as euthanasia
Wasn't (a variant of) #2 the topic of Alistair MacLean's 1983 novel "Floodgate"?
I like 5 best.
#1 has the glaring hole that satellites will rarely if ever have debris hit the ground in any substantial quantity. #2 is quite good, and could be fleshed out easily. #3 is too subtle an effect, there's not enough work for a modern SFX house to do. Explosions are important here! #4 has the flaw of just replacing the chips instead of the cars, though I could see auto manufacturers profiteering and trying to get the governments to pay for all new cars. Also, eventual engine failure just isn't dramatic enough. The engines need to explode. #5 is very realistic seeming, possibly better than number 2. They could even be rolled together, as the control chips for the Dutch dam gates shut off just before the storm is to hit.... Also planes falling out of the sky, gas pumps unable to shut off, tons of opportunity for great pyrotechnics here.
for being the most likely to scare politicians into spending billions on countermeasures that would be easy to circumvent.
@Carl - Exploding cars, yes that would be good movie imagery. Alas, cars are a lot safer than that. Perhaps I didn't take enough artistic license.
To all the folks that suggested just replacing the PCMs, Cars are not like IT, the parts are not compatible or interoperable. Car makers only sell PCM spare parts because the government requires it. I don't see any mechanism to mandate that car companies design, build and sell replacement PCMs. It's not like you're going to switch back to a car brand that uses carburetors (there are EPA laws against that). Car designs are like DRM, you only buy the right to use the car, not the right to know it's design parameters. Black market re-engineering isn't something Soccer Mom Suzy is going to want in her garage.
Number 2. With the back story, it sounds most plausible to me.
I'm going with #1. I can picture the special effects of the satellites smashing into Times Square and killing thousands in a spectacular explosion. The special effects could be reminiscent of the asteroid (comet?) from Deep Impact.
I vote for #3.
I think it's a poignant variation on the "killer virus" plot.
As for the other plots, #1 reminds me of "asteroid hits earth" which is too cliche for my taste. #2 is actually real: Dutch dams were blown up all time during wars in the 17th – 19th century. #5 is appropriately megalomaniac, but a little too predictable. #4 works best as a parody, maybe some car manufacturers are unaffected and every rich person now drives a substandard car because it's immune.
My vote goes to #1.
Hollywood really should make a movie out of that. I can already imagine how the plot will include some scientist disgruntled for the public not wanting to heed his warning and a beautiful female aide to the president... On the other hand there is also potential for a real message beyond the cgi-animations: how people again learn to work together as human beings to overcome a threat to their society without having to rely on all the technology.
I just hope they don't make it into a James Bond movie because that would mean all eye-candy without any message...
love #1, especially the "crashing" part... just picture hundreds of satellites making a firey reentry towards every major city. makes for a beautiful movie scene. and for a fear-instilling one too; satellites could hit literally everywhere, causing "massive and widespread destruction". needs a backstory like #2, perhaps a disgruntled ex defense contractor having worked on some related project, only to then be sent pack to, say, pakistan due to toughened immigration / anti terror laws...? add a hero and love story, and here goes hollywood.
as for the communications blackout part of the story, AFAIK not too much (telephone / internet) communication runs over satellites because of the latency. but mention losing GPS and resulting air traffic disruptions, or planes crashing because they rely on GPS... losing military satellites would cripple the military's ability to defend the homeland. and, to add the "affects YOU" part, mention losing (satellite) TV
also #1 is really a great movie plot threat in that it definitely isn't something to worry about. it isn't even really possible: deorbiting geostationary satellites takes huge amounts of fuel and takes a while, so the most scary part, hundreds of satellites crashing simultaneously without warning, doesn't work. also, even satellites that wouldn't burn up completely would be extremely unlikely to cause significant damage.
hollywood, and government security policy, isn't constrained by that, of course. the high-tech aspect (space technology!) means the public believe what they are told. experts claiming that "this isn't how physics works" are ignored because their explanation is too technical for evening TV news. also, because the public doesn't understand the threat, they massively overestimate (misoverestimate?) the risk. the government is forced to address the problem; "something must be done" (and "this is something", of course)
the worst problem would actually be the space junk left behind by satellites that are shot down. shooting almost all satellites as a preemptive strike leaves enough junk that the relevant orbits just aren't usable any more at all, so even restoring the satellite infrastructure wouldn't really be possible. but that part doesn't make for a good scare story. too abstract, too technical
That sounds very scary. Please save us, government--you're our only hope.
I'm not going to be voting on this, simply because I'm biased as the author of #3. But I did want to point out that 999999999's claim that this plan is reality isn't really a match: His articles all talk about attacking devices that consumers are using, my plan is all about attacking a relatively small number of industrial systems to massively foul things up.
And I'm truly proud to be in such illustrious company. I just hope this helps my application to join the Evil League of Evil.
#3 for its inventiveness, with honourable mention to #4.
#2 for its weaving of historical grudges, modern commercial and technological interests into a credible scenario. The others all feel as though they have been previously done.
Perhaps hacking the food chain
Would be more effective. Of a cyber threat.
Because I have had a Professor (!) of IT Security spout almost exactly this nonsense and we then had real problems to get our customer to understand how unlikely it is and how likely something like this would be discovered beforehand.
#4 b/c I've already had to update transmission software...so they say.
#5, followed by #3.
#1 has the oversight that satellites can't be aimed that precisely when they are brought down. They'll land in a target area, if parts of them ever reach the ground instead of burning up. On the other hand, that kind of oversight would be very hollywoodian. #2, although amusing, would require that the other flood defences would also fail. Also, it would only affect part of the country. If you want mass-floods, it's probably more efficient to switch off pumping equipment during heavy rains... #4 lacks failures like unexpected emergency braking by interference with drive-by-wire systems.
It has the benefit of involving pervasive infrastructure and being wildly difficult to work around. Also the effects of it's implementation would wreak havoc on the economy since there would be little recourse other than replacing the hardware, all the while everyone is suffering from the economic damage of an economy at near standstill.
Number two, please. It seems plausible. Plus it is the best-written.
1 seems most possible, and grist for a blockbuster, so to speak. But all 5 need a creative spark to dodge around the obvious roadblocks.
#1 isn't realistic enough, most satellites would burn up in the atmosphere, #3 and #4 are today's reality even without putting hackers at the scene, and - if you're paranoid enough, at least - #5 already happened.
Factual error in #2: "Also like many Muslims, he became enraged and radicalized in 2005 when the Dutch newspaper Jyllands-Posten published cartoons of the Prophet."
That was a Danish paper.
Jylland is a part of Denmark, where the Danish Danes live.
Holland is a part of the Netherlands, where the Dutch Dutch live.
I vote #2, with honorable mention to #5.
I find it telling that almost every "cyber" threat could be rephrased with "terrorist hijackers" almost seamlessly
#2 is brilliant, just brilliant. I can really see it as a movie.
It's relatively complete from beginning to end and is just out there enough to not already be a current major concern to most people.
#3, I think it's the one with the best chance of getting lawmakers' attention and subsequent funding
Scenario 2, 3, 4, 1, 5
1. 6+ points
A bit meager for an an entire movie, and I'm missing the motive for the attacks. Using the potential energy of these satellites (as Robert Heinlein did in "The moon is a harsh mistress" for boulders being flung from the moon into the earth gravity well) is a nice touch.
2. 9 points
Nice plot, bringing in the Rawagede massacre (which has been in the Dutch news again over the past 3 years) gives it depth.
And as a Dutch citizen I must confess I don't *know* that the computer systems for these infrastucture systems are properly protected.
It's not a copy of Alistair MacLeans' "Floodgate", where terrorists blew up dykes with 'ordinary explosives'.
3. 8 points
Nice idea. Personally I would attack the composition of the pills, then there's no possibility to sort them visually, it would be even more threatening ('Do I take this pill today?') and the costs would be really astronomical.
Bringing in Cuba should make good movie propaganda in the US.
4. 7 points
Nicely worked out social reasons why we landed in this situation, but again the motive is weak. The threat is limited.
"causing them to overwork their output drivers" - Stuxnet inspired.
Rebuilding all the PCMs promises a movie sequel ;-)
5. 6 points
The plot needs a motive for the 4 phases as well as for the PRC to perform such an attack (unrealistic).
#1. Not Anonymous' comments sum it up well.
I like the gruesome comedy.
They are all very good topics and deserving such a movie - I choose #1.
Communications, military command & control, meteorology, trade, and so much more rely on satellites to relay our data. While a few satellites crashing on our cities is something, the effects of all satellites dying is long-lasting.
#4 gets my vote, although for movie plot value, I think crashing cars all at once would be a much more interesting scenario.
Hell knows no furly like the ghost of good old communism.
#3, would be a great build up in a film (think Tom Clancy style, lots of little events coming together), also a great fear mongering plot. Also quite plausible in that more people die from drug mistakes that auto accidents, at least in the US.
#1 - makes the best movie, especially the effects.
Part 1 (hacking into the TT&C) is also quite realistic, part 2 (crashing the satellites into cities) not as much (they would probably not survive reentry)
I absolutely cannot vote for #3, because it describes a pharmaceutical manufacturing environment unlike any of the three where I've had direct experience. It also confuses dispensary systems with manufacturing systems. Finally, it shows a completely false conception of how pills or capsules are manufactured. I could never muster a single iota of fear for this scenario because I'd be too busy laughing and yelling at how implausible it is.
Anything but #3.
#5 - add in the failure of a bioweapons faciliity and the loosing of a zombie plague, and we've got the prequel for world war Z.
To those saying plots that may be occurring as we speak and thus aren't true movie plots; doesn't the phrase "this film is based on real events" make it a little more chilling?
Rather than pure comical nonsense like a zombie apocalypse.
#2 as the attack vector seems plausible, and it still gives the hero some space to create the obligatory Hollywood ending.
Honorable mention to #4 especially if the terrorists are eventually run down by a pack of patriotic NYC bicycle messengers, even tho their their vehicles still worked.
#4 is the most attractive in terms of its distributed scale -- millions of vehicles. Its fault, however is that the virus does not have more catastrophic visual effects. Revising it to randomly engage/disable breaks (if possible) would be much more effective in this regard.
#2 is the best "as is" solution, but outside of movie-land one could probably fix it with a crack fly-away forensics team.
With regards your comment about current events and,
Rather than pure comical nonsense like a zombie apocalypse.
Have you seen TV footage of UK politicos like The Right Honorable Sir Malcom Rifkind KCMG QC MP, incumbent Chairman of the Intelligence and Security Committee, trying to defend not only GCHQ but the "Special relationship" and NSA?
He not only looks like a vodo zombie, he sounds like one, and thus makes most people beleive the opposit of the "all's well in the rose garden" fairy tale he's telling.
He's so awfal as an individual that even his home town in Scotland would not vote for him again so he got "shoe horned" into a safe Tory seat in London.
The constituency was considerd safe because previous local government politicians had Gerrymandered any non Tory voters out of the constituancy (resulting in a landslide Tory victory). The local government politicos involved were tried and found guilty and ordered to pay very large fines (27million+costs), however the leader of the cabul Dame Shirely Porter skipped off to Israel "to retire" and redistributed her estimated 70million wealth so she could claim she only had 300,000... She later kicked back 12.3million to setlte the case.
--Ok, good one. No I've seen enough 'zombie' footage here and spend my time on much more pleasurable electronic projects/reading/math in the hopes that I can make a positive new contribution. As tempting as the British equivalent of CSPAN is..I'll pass. BUT, a google image search for "boris johnson" is quite the hoot.
#1 is the best movie plot because it has action: stuff falling out of the sky and blowing up.
Twenty-first century chicken little.
#1 for the special effects! And the "noone is safe anywhere" threat.
I vote for #1. It's, IMHO, the most spectacular yet truly ineffective plot. :-)
I vote #4.
Although the 'device attached to cars from insurance companies' seems odd. Why not just infect auto mechanic's computers, and then upload through the diagnostic port?
I suspect the real solution would be 'replace the computers', but I wonder if anyone even has the specs for a car computer built in 1995 and can alter them and make more?
Also, there's no real reason they couldn't _almost immediately_ destroy the car's engine. Not exactly sure how, I'm not a mechanic...perhaps wait until the car is driving down the highway, and then giving every other cylinder way too much gas in the fuel-air mixture, and the other cylinders almost none? I'm sure that would start warping enginey things quickly, while still allowing people to keep driving without realizing what's going on. I'm not sure if the computer can actually do that, but something like that.
Letting people go several months without blowing up their engine gives people time enough to fix the problem. Give them a few days, at best. Although a really clever twist would have the problems not take effect for X miles, so that no one can connect them with the mechanic. Assuming that is possible, which it might not be.
#5 - why do you think Chinese telecom equipment is so cheap?? :)
#4 - attacking cars through their diagnostic ports: I love the externalisation of responsibility!
Schneier.com is a personal website. Opinions expressed are not necessarily those of Co3 Systems, Inc.