National Cellular Outage? GhostNet, etc.

For some in the inbox that I need a quick answer to….enjoy this from an earlier post on the KYPN BBS systems via 12m Robust Packet (RPR). Busy with finishing a work project so we can return home this weekend, so forgive any formatting issues from this quick cut-n-paste…

—–Original Message—–
From: WA4ZKO
To: NEWS
Sent: 02/22/2024 11:40
Subject: National Cellular Outage? GhostNet, etc.

Let me start with….

1. As of 1630 Eastern, zero evidence that this is a cyberattack.

2. Credible sources are saying AT&T had major issues starting around 3:40am Eastern. Cause = unknown at the point.

3. XYL’s biz data is over a Verizon PWN layer and links to both their USA gateway points have been up for days, not missing a beat. We use a mix of VZW, T-Mobile, and IP softphone/IP-RF systems (satphones as backup) and zero issues. Only one family member (on AT&T) reported no service this morning that quickly cleared up on its own.

4. Remember a lot of these “down” detection websites are very susceptible to misinterpreting incoming reports. Remember they depend upon the accuracy of user data (comments, complaints, etc) and that approach can easily lead to things “appearing” far worse than they are. Think GIGO 😉

5. Most eye opening thing I’ve read/heard is that FirstNet (AT&T) was impacted in some areas.

6. What probably happened? Bad software/configuration update deployed early this morning. To be clear that’s just a guess.

7. Some of the reaction across certain folks in ham radio ranges from LOL material to somewhat productive.

Below is from ####’s (GhostNet’s founder up in ###########) GhostNet feed around 1500z this morning:

Due to the national cellular outage, I will be monitoring GhostNet 40m throughout the day. Though it seems like cellular coverage has mostly been restored, real-world events are sometimes great opportunities for a bit of casual readiness testing. No one knows when or where a comms outage may strike, but what is certain is that it will usually occur at the most inopportune times.

I present his posting only to hopefully “get you thinking about your family’s preparedness plans…..including your backup comm plan” angle.

For a bit of humor…

Average Joe this morning….
“Russia, Russia, OMG it’s a Russian Cyberattack!”

Those of us in IT…
“After reviewing the outage charts we just enjoyed our coffee while asking “Did they hire Boeing’s QA/Change Management team?” or muttered “oh you poor bast@rd that hit enter on that deployment.” or one could almost hear the “Oh cr#$, ROLL IT BACK, ROLL IT BACK NOW!” LOL. #SuxToBeYou

Back to being serious….

I’m not sure how effective “GhostNet” would be in a “real world” grid down communications emergency. That aside, he is applying a “real world readiness test” angle to it and there is nothing wrong with that. Also makes a couple valid points.

The XYL likes to ask me why I bother with some of my recent postings on the packet systems (yes we have a few LOL) and sometimes crosspost to the blog. She’s correct in the “the lack of preparedness of others is not our problem anymore, especially if 2020 did not wake them up” comment often heard in my home LOL. I answer that with “we’ve both seen just how vulnerable so many families are right now – financially, food, water, medicine, job loss, disasters, etc. So if I can motivate just a few towards getting their family better prepared, I say “mission accomplished” 🙂

We are in the midst of a world slowly sleepwalking into a major credit/debt and severe inflation* crisis. Then tack on the increasing crime, societal decay, and political corruption to that and things could get even uglier. We have “kicked the can” to the edge of a cliff called consequences. We are one
real** major cyberattack, one EMP attack, one dirty bomb, or one missile launch away from pure chaos, panic, civil unrest, and rapidly spreading violence.

* Yes it can get worse, a lot worse. Ahem, think Argentina and several other countries.

** When the RU Cyber Warfare folks are done with UA they may well decide to turn their full attention our way (ahem payback)  and it’ll likely be obvious.

Hint – RU is not the only threat out there with the capability of delivering us a cyber Pearl Harbor. The wise will plan accordingly.

While I’m not advocating tin foil hats and underground bunkers, there are many real world scenarios facing us that you might wish to at least give some “what if?” thought to. Or…well you can stick your head in the sand and hope that it all works out hunky dory.

Personally, I prefer preparedness over luck.

73
Jeff
WA4ZKO via HF RPR into the KY BBS. No internet used nor needed 😉

Heads Up – Joint Cybersecurity Advisory AA24-038A, The Year Ahead

Source:  Joint Cybersecurity Advisory AA24-038A available here (PDF document).

“PRC State-Sponsored Actors Compromise and Maintain Persistent Access to U.S. Critical Infrastructure“

While portions raise some questions…for those that want a BLUF the following portion should get your attention.

“The U.S. authoring agencies have confirmed that Volt Typhoon has compromised the IT environments of multiple critical infrastructure organizations—primarily in Communications, Energy, Transportation Systems, and Water and Wastewater Systems Sectors—in the continental and non-continental United States and its territories, including Guam. Volt Typhoon’s choice of targets and pattern of behavior is not consistent with traditional cyber espionage or intelligence gathering operations, and the U.S. authoring agencies assess with high confidence that Volt Typhoon actors are pre-positioning themselves on IT networks to enable lateral movement to OT assets to disrupt functions. The U.S. authoring agencies are concerned about the potential for these actors to use their network access for disruptive effects in the event of potential geopolitical tensions and/or military conflicts. CCCS assesses that the direct threat to Canada’s critical infrastructure from PRC state-sponsored actors is likely lower than that to U.S. infrastructure, but should U.S. infrastructure be disrupted, Canada would likely be affected as well, due to cross-border integration. ASD’s ACSC and NCSC-NZ assess Australian and New Zealand critical infrastructure, respectively, could be vulnerable to similar activity from PRC state-sponsored actors.”

The alert is a good read for those with any involvement in Civ/Govt Preparedness, EmComm, EMA, FD/EMS, LE, Nat’l Guard, etc.

FYI for the hams, you best be careful what services/ports you are directly exposing to the internet. For those that think “ah they don’t care about the hams?” Well I hate to break it to you, these are pros and they are well aware of ham radio’s potential “backup” role in disaster response communications. Are we a huge concern for them? No, especially given the current state of ham radio EmComm (LOL), but these threats are well aware of ham radio. Now how many of you are exposing ham systems directly to the wide open internet with “reachable” software/services that have seen little if any security testing/auditing for buffer overflows etc?

Preparedness Tip – Consider the Fall to be one of the high risk times for such potential conflicts to break out. The weather around that time frame is the most conducive to traditional military operations in that part of the world. That said, nothing says this would be a traditional conflict.

“We are paying attention {to world events} and adjusting because we could go to war tonight, this weekend.”   General Randy George, US Army Chief of Staff

Those in preparedness with half a clue about how these types of CI attacks could play out with their immediate and long term impacts…..should know what to do. As far as the impacts for the average unprepared citizen? Well just remember the early weeks of the Toilet Paper Pandemic. Now picture a scene of exponentially higher panic. It is fine to be concerned, but don’t be a part of the panic crowd.

The last few years should serve as an education in the need for preparedness for all of us. Heck, I felt my family was well prepared. We made some “adjustments” after witnessing how both the public and govt handled the last few years. We asked that unsettling question of “What if this had been an order of magnitude worse?”

For those creative entrepreneurs out there… To keep it family friendly, we need a version with Clusterfudge vs Cluster$#@  No worries, most everyone will get it LOL.

While it’s impossible to prepare for every possible scenario, focus on having your family well prepared for the most likely scenarios. Have a Plan B. Then have a backup Plan for your Plan B. Remember if things go seriously sideways, right then is a really poor time to be winging it on your decision making amidst widespread panic and confusion. In many scenarios the tough choices you make early on in the incident will have major impacts on if or how well your family survives what is playing out.  The time to plan is now, not after the smelly stuff is hitting the rapidly oscillating blades. Leave the panic and poor decision making to the many millions that sadly didn’t learn a thing from the last few years.

As one of my favorite WYNG leaders likes to “bomb drop” during tabletop exercises…Pop Quiz time.

Pop Quiz #1:  For the reader, pretend right now, right where you are at, your local power grid has failed without any obvious explanation. Within the hour you learn that it is widespread, rumors are most or all of the country is impacted. The hours drag by, something has gone very wrong. Some radio/cell/internet is up, but much of it (batteries only last for so long, generators need fuel…sometimes do not start) is already slowly failing or overloaded to the point of being useless. Rumors are going wild and confusion reigns. Traffic control systems are down and there are traffic accidents galore. Fire/EMS and LE are overloaded and trying to function with overloaded/down/failing voice and data communications. Before long the criminals will start doing what they do. Your kids are in school. Your spouse is at work. Whatcha gonna do?

Pop Quiz #2:  Same as above, but it’s clearly a massive coordinated critical infrastructure cyberattack. Power, telco/cell, and internet is all out. Maybe even your municipal water smells horrid or pressure = zero. You may have full bars on your cell, but you are not able to call or text anyone. Even hardwired landlines are just fast busy signals.. Whatcha gonna do?

Pop Quiz #3:  Same as above, but nearly everything electronic goes dead as if the mother of all master power switches just got flipped to the off position.  You look at your phone, it’s either malfunctioning or dead in your hand. It’s like the world around you was instantly knocked back to the stone ages. Some will recognize this as an HEMP attack, but most will have no idea what is going on for awhile. Given the hell on earth that will quickly develop in the coming days, this is definitely one of those scenarios where being prepared and making good initial decisions will impact your family’s survival chances. The clock is ticking. So again, whatcha gonna do? Sorry, but just standing there fouling your underwear is not an acceptable answer.

Yeah there is a lot more that could be covered here, but this is getting long enough. Not trying to scare you, but only to nudge you towards giving these low-probability, high-impact scenarios some thought.

For those that have yet to read the memo, the world changed in 2020 and not for the better. While I have faith that better times are ahead, it may be several years getting there. Things may well get worse before they get better.

“So next year we will likely see the climax to a number of current dangerous ideas, events, and forces, which finally will either overwhelm us or be addressed and remedied. We live in a Neronian age but can recover if we first understand how we got here and the nature of the suicide we are committing.”    Victor David Hanson, December 2023

IMHO, we face very interesting times ahead for the next 12-36 months. Buckle up, be safe, be prepared, and be vigilant. Let me leave you with the snippet below from a holiday season posting on the KYPN BBS systems. Opinions will vary, but I think the title and item #8 applies well….

For some of the hams in my hobby inbox lately…  I may cover some of the FAQ in there as time allows, but outside of the winter months don’t expect much on this blog. For now I’ll leave it at if you are just lurking on the sidelines of public blogs and the many “apparently dead” mailing lists, then let’s just say you are definitely out of the loop on some things. Ham radio is a participation hobby. Not everything is nor should it be on the public internet in today’s world.

2023 was a busy year and there will be plenty to talk/blog about when saner times return.

ZKO