AFP, Hanover :
Somewhere on Earth a computer hacker types a malicious command and hits enter. Half a world away, an urban commuter train speeds out of control, derails and crashes into a building.
Happily the kind of scenario that makes for Hollywood blockbusters and keeps public security officials awake at night would, in this case, only damage a model train set at a German IT industry fair.
Internet security experts have set up “Project Honey Train” with an online railway control system as bait, hoping to “get inside the heads of cyber criminals”-but without the real-life casualties.
“The goal is to provide an environment where we can study how people may try to attack public infrastructure projects where they could put public safety at risk,” said Chester Wisniewski, of security company Sophos.
“I suspect that this is a pretty good copy of some of the worst of public security that we see in real life… systems that were designed in a simpler time when people weren’t trying to attack them, which is what makes them vulnerable.”
Their miniature rail system at the CeBIT IT business fair in Hanover is built on a scale of 1:87 and set in a fictitious German city, with street names chosen from the board game Monopoly.
To an online attacker it’s all meant to look real, with original software components and inbuilt vulnerabilities which are advertised in known hackers’ chatrooms.
Online users have long been exposed to risks from ID theft, “phishing” and scams by mafia groups, to mass data collection by social media giants and snooping by secret services.
But some fear we haven’t seen the worst of it yet, in an age when urban transport systems, chemical plants and power stations are considered potentially vulnerable to digital sabotage.
“I’m surprised that not more has happened already,” said Christoph Meinel, head of German IT university the Hasso Plattner Institute.
“It’s urgently necessary to do something about this. Some say ‘don’t worry, it won’t happen’, but that’s the wrong approach. Once someone has done it successfully, you can quickly expect to see copycats.”
Somewhere on Earth a computer hacker types a malicious command and hits enter. Half a world away, an urban commuter train speeds out of control, derails and crashes into a building.
Happily the kind of scenario that makes for Hollywood blockbusters and keeps public security officials awake at night would, in this case, only damage a model train set at a German IT industry fair.
Internet security experts have set up “Project Honey Train” with an online railway control system as bait, hoping to “get inside the heads of cyber criminals”-but without the real-life casualties.
“The goal is to provide an environment where we can study how people may try to attack public infrastructure projects where they could put public safety at risk,” said Chester Wisniewski, of security company Sophos.
“I suspect that this is a pretty good copy of some of the worst of public security that we see in real life… systems that were designed in a simpler time when people weren’t trying to attack them, which is what makes them vulnerable.”
Their miniature rail system at the CeBIT IT business fair in Hanover is built on a scale of 1:87 and set in a fictitious German city, with street names chosen from the board game Monopoly.
To an online attacker it’s all meant to look real, with original software components and inbuilt vulnerabilities which are advertised in known hackers’ chatrooms.
Online users have long been exposed to risks from ID theft, “phishing” and scams by mafia groups, to mass data collection by social media giants and snooping by secret services.
But some fear we haven’t seen the worst of it yet, in an age when urban transport systems, chemical plants and power stations are considered potentially vulnerable to digital sabotage.
“I’m surprised that not more has happened already,” said Christoph Meinel, head of German IT university the Hasso Plattner Institute.
“It’s urgently necessary to do something about this. Some say ‘don’t worry, it won’t happen’, but that’s the wrong approach. Once someone has done it successfully, you can quickly expect to see copycats.”
