Bruce Schneier - Click Here to Kill Everybody

Data and Goliath:

The Hidden Battles to Collect Your Data and Control Your World (2015)

Carry On:

Sound Advice from Schneier on Security (2013)

Liars and Outliers:

Enabling the Trust That Society Needs to Thrive (2012)

Schneier on Security (2008)

Beyond Fear:

Thinking Sensibly about Security in an Uncertain World (2003)

Secrets and Lies:

Digital Security in a Networked World (2000)

Applied Cryptography:

Protocols, Algorithms, and Source Code in C (1994 and 1996)

Bruce Schneier

W. W. NORTON & COMPANY

INDEPENDENT PUBLISHERS SINCE 1923

NEW YORK LONDON

Copyright 2018 by Bruce Schneier

All rights reserved

First Edition

For information about permission to reproduce selections from this book, write to Permissions, W. W. Norton & Company, Inc., 500 Fifth Avenue, New York, NY 10110

For information about special discounts for bulk purchases, please contact W. W. Norton Special Sales at specialsales@wwnorton.com or 800-233-4830

Book design by Daniel Lagin

Production manager: Julia Druskin

The Library of Congress has cataloged the printed edition as follows:

Names: Schneier, Bruce, 1963 author.

Title: Click here to kill everybody : security and survival in a hyper-connected world / Bruce Schneier.

Description: First edition. | New York : W.W. Norton & Company, [2018] | Includes bibliographical references and index.

Identifiers: LCCN 2018026844 | ISBN 9780393608885 (hardcover)

Subjects: LCSH: InternetSecurity measures. | InternetSafety measures. | InternetGovernment policy. | Computer crimes.

Classification: LCC TK5105.8855 .S36 2018 | DDC 005.8dc23

LC record available at https://lccn.loc.gov/2018026844

ISBN 978-0-393-60889-2 (eBook)

W. W. Norton & Company, Inc., 500 Fifth Avenue, New York, N.Y. 10110 www.wwnorton.com

W. W. Norton & Company Ltd., 15 Carlisle Street, London W1D 3BS

For Arlene, with best wishes

C onsider these three incidents, and their implications.

Scenario one: In 2015, two security researchers took over the controls of a Jeep Cherokee. They did it from ten miles away through the vehicles Internet-connected entertainment system. as hes driving on a highway, powerless while the hackers turn on the air-conditioning, change the radio station, turn on the wipers, and eventually kill the engine. Since this was a demonstration and not a murder attempt, the researchers did not take control of the brakes or the steering, but they could have.

This isnt a one-off trick. Hackers have demonstrated vulnerabilities in several automobile models..

Airplanes are vulnerable, too. Theres been nothing as vivid as the Jeep demonstration, but security researchers have been making claims that the avionics of commercial airplanes are vulnerable . No details were provided.

Scenario two: remotely detonated a cyberweapon named CrashOverride at the Pivnichna high-voltage power substation near Kiev in Ukraine, shutting it down.

a video of it happening.) CrashOverride, on the other hand, did it all automatically.

In the end, the people who received their power from the Pivnichna substation got lucky. Technicians there took the plant offline and manually restored power an hour or so later. Its unclear whether similar US plants have the same manual overrides, let alone staff with the skill to use them.

CrashOverride was a military weapon. It was modularly designed, and could easily be reconfigured for a variety of targets: gas pipelines, water treatment plants, and so on. more than 20 US power stations, often accessing critical systems but without causing damage; these were also tests of capability.

Scenario three: Over a weekend in 2017, someone hacked 150,000 printers around the world. , printers at several US universities were hacked to print anti-Semitic flyers.

We havent yet seen this kind of attack against 3D printers, but theres no reason to believe they are not similarly vulnerable. Hacking one would still only result in expense and annoyance, but the threat level changes dramatically when we consider bio-printers. , but the potential is that viruses customized to attack individual patients cancers or other illnesses could be synthesized and assembled by automated equipment.

Imagine a future where those bio-printers are common in hospitals, pharmacies, and doctors offices. A hacker with remote-access capabilities and the proper printing instructions could force a bio-printer to print a killer virus. He could force the printer to print lots of it, or force many printers to print smaller batches. If the virus could spread widely enough, infect enough people, and be persistent enough, we might have a worldwide pandemic on our hands.

Click here to kill everybody, indeed.

Why are these scenarios possible? A 1998 car wasnt vulnerable to people miles away taking over its controls. Neither was a 1998 power substation. The current models are vulnerable, and the future bio-printer will be vulnerable, because at their core they are computers. Everything is becoming vulnerable in this way because everything is becoming a computer. More specifically, a computer on the Internet.

Your oven is a computer that makes things hot. Your refrigerator is a computer that keeps things cold. Your camera is a computer with a lens and a shutter. An ATM is a computer with money inside. And modern light bulbs are computers that shine brightly when someoneor some other computerflips a power switch.

Your car used to be a mechanical device with some computers in it. Now, it is a 20-to 40-computer distributed system with four wheels and an engine. When you step on the brake, it might feel as if youre physically stopping the car, but in reality youre just sending an electronic signal to the brakes; theres no longer a mechanical connection between the pedal and the brake pads.

Your phone became a powerful computer in 2007, when the iPhone was introduced.

We carry those smartphones everywhere. And smart is the prefix we use for these newly computerized things that are on the Internet, meaning that they can collect, use, and communicate data to operate. A television is smart when it constantly collects data about your usage habits to optimize your experience.

Soon, smart devices will be embedded in our bodies. and increasingly capable of sensing our bodily states.

Objects are also getting smart. You can buy that will automatically call an ambulance and text your family if you have an accident.

Were already seeing the beginnings of smart homes. The virtual assistant Alexa and its cousins listen for your commands and respond. There are that senses your sleeping patterns and diagnoses your sleep disorders.

In workplaces, many of those same smart devices are networked together with surveillance cameras, sensors that detect customer movements, and everything else. Smart systems in buildings will provide more efficient lighting, elevator operation, climate control, and other services.