Cyberwarfare

About 65 million years ago, an asteroid slammed into Earth in a cataclysmic impact that, among other things, wiped out the dinosaurs. But incredibly, scientists now know at what time of year this happened. PhD student Melanie During, from Uppsala University in Sweden, has found tiny balls of congealed glass made by the impact lodged in the gills of fish that died that day and were fossilised. And because fish grow at different rates at different times of the year, she was able to work out when they must have died, as she explains to Harry Lewis…

Melanie - When the meteorite hits, it's like throwing a bowling ball in a sandbox: molten rock immediately gets expelled into space, and in space they crystallise. But there's no gravity, it's a vacuum. So, the lightest elements, they stay in the centre which means you've got these balls that are often hollow in the centre, or glossy, and then they rain back down on earth. Those are tektites, and they have a fall back time of 15 to 30 minutes. The second thing is that, when the impact was made, you get this shock wave going through the earth. Of course, it's going to generate tsunamis in the ocean, but also, on the continental plate, the overlying bodies of water (lakes, rivers) are going to slosh back and forth like a pool during an earthquake. And so, this deposit with these fishes is caused by such a wave which went back and forth, meaning they alternate in the way that they are stacked up.

Harry - So, the fish are following this motion of the water? They're either pointed East or West - they're in polar opposites?

Melanie - Yep. It's East and West. Some of them are pointing in different directions when they've hit a tree or, if they're split open, it's a very violent deposit. But the majority of them are following the direction we expect.

Harry - We expect that these small spherical bits of meteorite that they...

Melanie - They're actually earth rock that's been ejected into space.

Harry - And they are penetrating actually into the bodies of the fish?

Melanie - No, they're not. They are actually taken up in their gills. They were still swimming and looking for food when the first impact hit, and they just sucked them up like they do with plankton and they choked on them.

Harry - Right. And so, through that, you are able to estimate what time of year these fish died?

Melanie - Yes. So these fish, they must have died on that particular day. The incoming wave and the impact both should have come within an hour. We know that they died on a particular day because these fishes have bones that grow like tree rings, registering a new year every year, but growth is not homogenous. It's not like growth, non-growth, growth, non-growth. No, we can actually tell that in spring growth gets started. You can tell that food uptake begins - but it's not as high as in summer, for instance. And then autumn is much lower, and in winter there's absolutely no growth. That's what we were looking for, and we've got multiple seasons in multiple fish. That what we were documenting and all of them clearly died at the same time and all of them clearly died when they were increasing their food intake again, after winter, but not yet at the summer maximum.

Harry - When this meteorite struck, we know roughly where it was as well, right? So, whereabouts was it?

Melanie - Yeah, it's a little town now called Chicxulub that is closest to the crater and that's in the Mexican peninsula. So if you have the Gulf of Mexico, it's on that arch on the bottom, which was in the Northern hemisphere when it struck. So, I would say it's roughly three and a half thousand kilometers south of the location that I studied.

Harry - What were the effects for the Northern hemisphere and the Southern hemisphere? Did they differ?

Melanie - In the North, it was spring and in the South, it was therefore autumn. So, when you look at the behavioral life cycles of the organisms - in the spring, plants were producing seeds, their first leaves, flowers, animals were looking for food, tending to offspring while, in the Southern hemisphere, they were preparing for winter; plants were shedding their leaves, making them a lot more robust, and many animals were seeking shelter and trying to prepare for winter. That latter category especially, those underground may have just been in the right place at the right time when the meteorite struck.

Harry - So, we know that there's been transition from what's around us today from the dinosaurs to a mainly mammal populated ecosystem and this could have been due to the time of year in which the meteorite struck?

Melanie - Yeah. Which is insane.

Harry - To be able to extrapolate that out as well, as a jigsaw puzzle not just for when it happened but for why our world looks the way it does, that's got to be pretty exciting for you to be able to connect these dots.

Melanie - It really is. And then you start looking up, "Okay. So, what was the recovery time?" And then you see that in the Southern hemisphere, it looks like they recovered twice as fast. Where did turtles survive? Turtles survived in the Southern hemisphere while any of the modern birds survived in the Southern hemisphere. I don't think that's a coincidence.

A strange new trend has been reported by psychiatrics around the world: an increase recently in the number of teenagers with new tic-like behaviours. This has become particularly marked since the pandemic kicked off, and it coincides with a surge in social media and online video consumption. So scientists suspect that some people susceptible to tic conditions, like Tourette's, when exposed to videos of others with tics, can develop them themselves. Julia Ravey reports...

Julia - I'm just on TikTok and I'm looking up the # for Tourette’s. #Tourette’s has 5.5 billion views. Some of the top videos are an individual with Tourette’s, trying to do a COVID test. An individual, trying to drink a Coke. There's also a video here of a young girl with these jerk-like motor movements, who's asking, “Why is this happening to me?” This looks like an individual who has recently developed tic-like behaviours. There's no doubt that these videos are raising awareness of what it is like to live with tic-like behaviours, but are they having an impact beyond that? Jessica Frey from the University of Florida told me what they've been seeing in their clinics over the past year or so.

Jessica - Increased onset of tic-like behaviour and there is a concern that there is some social media influence involved in the onset of some of these tic-like disorders. One of the things we're seeing is a lot of the patients that come to us with these new onset tics, they're mimicking a lot of well known social media influencers. They have the same exact or very similar tics to the ones that they've seen in the videos.

Julia - That have been historical incidences of functional conditions spreading through populations.

Jessica - There was something called 'mass hysteria' where one person got some sort of thing and then everyone in the school got the same type of thing. That's on a much grander scale now with social media use because it's everywhere like viral content going worldwide.

Julia - Being exposed to this content with viral videos of tic-like behaviours could influence those who already have tic-like conditions or are susceptible to them.

Jessica - The tricky part of course, is that people who have Tourette syndrome or organic tics have a very common manifestation if they see people with tics that can actually be a trigger for their own tics and make them tic more.

Julia - Since the pandemic, with more teens being isolated and online, the occurrence of people coming across tic-like behaviour videos has no doubt increased, which could be a good or a bad thing. Jessica and colleagues are now trying to understand if social media is impacting tic-like behaviours, and have started with a small study, looking at the link between social media usage and tic severity.

Jessica - We did see some correlative data between the social media use as well as tic severity. There was no correlation between social media use and tic frequency. What was particularly interesting was only 5% of participants actually reported using social media to look up things related to tics and Tourette syndrome.

Julia - This was a surprise.

Jessica - Because our hypothesis going into this was that if you're going to be watching more videos on social media related to tics and Tourette syndrome, that may generate more severe or more frequent tics. We did see a correlation, but don't really have an explanation for the causation quite yet.

Julia - These results can be hard to untangle given that stress is a known influencer of increased tic-like behaviour.

Jessica - Given the pandemic and the increased social media use, which one is it? Which came first? The chicken or the egg? Is it the anxiety's driving the tics? Is it the social media use? Is it the pandemic? Is it one of those causing the other? We don't really know.

Julia - While larger studies go on to unpick this, Jessica and others have seen one technique, which has been found to help reduce tic-like behaviours in some instances.

Jessica - Anecdotally, we've seen that if we educate patients about where they're getting their information from and they stop and reduce their social media use, a lot of times the tics get better.

We’re going to hear from Ukrainian law student Solomiya; she’s part of Ukraine’s “sofa army” of keyboard warriors who are using the power of social media to counter misinformation and share the reality with people worldwide including, critically, in Russia so the Russian public can hear what Vladimir Putin is trying to stop them finding out. She spoke earlier this week with our own James Tytko…

James - Hi Solomiya, how are you?

Solomiya - Yeah, thank you. Hello, we are good. We are in a safe place now and everything's kind of alright.

James - I was wondering if, for the benefit of our listeners, you could tell us a bit about where you're from and how life has changed in the past week.

Solomiya - So, I'm originally from Kyiv. I'm studying law.

James - When the news first broke of the war starting, what were those first few days in Kyiv like?

Solomiya - Ever since it started at 4/5 AM, there were sirens, and it was the most terrifying moment. After two days, when we were in Kyiv, and there were explosions and bombs, we decided to leave the city. Now we are in a Western part of Ukraine with my grandmother. I'm worried for all those people who are in Kyiv right now - I have a lot of friends that decided to stay there. Also, my grandparents are still in Kyiv, and I'm really worried about them. Every night, I dream about something with war in it: it's either, "we need to go to the shelter" or just shootings but, every night, in my dreams, I see war.

James - How are you keeping up to date with the situation at the moment?

Solomiya - We're using TV, of course. Also, we have a lot of information going through Instagram and, I don't know if you know about this messenger called Telegram, but it's really popular in Ukraine and we have some channels on there, verified by our government. Some other verified news sources as well. We are trying to use all of these accounts because others can be fake or spread Russian misinformation.

James - Have you been given any particular instructions on how to act online since the start of the conflict?

Solomiya - Yes. Firstly, our government told us to only use our governmental sites and not to believe any other accounts. We need to check information to know that it's not some Russian propaganda. Also, our military officials, they asked us not take photos of any soldiers, any of our tanks, planes, anything, because it can be used by our enemy. Also, they asked us not to take photos of explosions and bombings, because the Russians can correct their distance and location according to these photos.

James - You talked about government websites. I was wondering if there's been any interference and how, if at all, this has affected you?

Solomiya - The first few days we had some problems with a few of our sites. There were some problems with banks, also with a few of our governmental sites - I think it was the Ministry of Foreign Affairs - but it was only a problem with the working websites; there was no problem inside these banks and ministries. They were working alright.

James - This war's different to any other in the amount of information available online to people on all sides. I was wondering if you felt like you've contributed in any way to the Ukrainian resistance because of the online aspect of this war.

Solomiya - A lot of people my age, they're doing some work online. For example, I was reporting channels and accounts on different social media. There is a problem with accounts that are filming our military and saying where it is located, so we are trying to block these channels. Also, I was reporting some Russian Instagram celebrities because they were spreading lies about the war. They were saying that everything's alright. It's all lies because we've seen all the pictures from Kyiv and there's what I've seen myself. One Russian singer, he wrote something about the whole situation, like saying that Russia hasn't invaded anyone, and now, when you go to his Instagram and you see this post, Instagram is saying that this information is false. Also, I know a lot of people are going to some Russian websites, Russian groups, and they have started messaging them. They are sending them photos of our cities, of what's going on. The same is going on in Google maps. I've seen a lot of my friends, they just go to, for example, some really luxurious Moscow restaurant and in reviews of the restaurant, they are writing what's going on in Ukraine and sending pictures there.

James - Was there anything else about the cyber aspect of this conflict? Anything that has you particularly worried that might happen or has already happened?

Solomiya - We spread some information about the situation in our cities with people we know. So, if you go to someone's Instagram story, it's really likely that you'll see something like, "We've seen some, saboteurs here", or some information like, "We need help. There is a mother and a two month old child, and we need to take them from this city. Who is going there?" If someone needs some medicine or food, we're trying to help each other. We already took some people from a dangerous region and now they're in a safe place.

James - I'm truly in awe of your bravery and the way you've spoken today, and I think you've done something really great. Thank you so much for that.

Solomiya - Yeah. Thank you for asking.

To find out about the intricacies of attacking someone in cyber space, we spoke to two experts from digital specialists ANS, pitting the two of them against each other in a mock scenario. We talked about how you would commence or defend from a cyber attack on a system…

Robert - Between our two experts is our battleground: a fictional online store called Mrs. Miggins' violin shop. Chris Folkerd will be trying to attack it and Steven Crow will be trying to thwart him and protect Mrs. Miggins and her stringed instruments. I'll be your commentator, but it's Chris who has the first move.

Chris - There's something called the cyber kill chain, which is a step by step approach that people will take when they're doing a planned attack. The first thing to do is a little bit of reconnaissance, like you would do in any other operation, so I can get a good idea of what I'm going to try and attack. The next step is trying to gain entry. Normally, as much as the movies like to portray that it's always the technology you attack first, humans are often the weakest link when it comes to the security chain. So, what you'll try and do around that is first look at some social engineering, and that can take the form of me phoning in and pretending to be IT support or their service provider, or me sending them a phishing email.

Robert - Already, Stephen has his work cut out for him. How does one protect the system from the humans up?

Stephen - The best way to try and defend against social engineering and attacks against a human is through rigorous amounts of security training. What might be a "phishy" email? What is a dodgy application that you shouldn't be downloading from the internet?

Robert - But in our fictional scenario, perhaps this hasn't worked and Mrs. Miggins has clicked on a link and revealed her passwords or credentials. What does Chris do with the foothold?

Chris - It depends what's happened. If it has worked, I can move on. If it doesn't, then I need to go into a technological scanning section, and that's where we start looking for vulnerabilities in the system.

Robert - Most often, these vulnerabilities come in the form of bugs in the code; pieces of software that aren't working quite as they're supposed to. The databases are long lists of these bugs found by other people. They're given serial numbers like CVE-2014-0160, more commonly known by the moniker "heartbleed."

Chris - There's databases of thousands and thousands of known vulnerabilities. If I can't find one of those, if I have a big enough development team, you can go in with one known as a zero-day. It's called zero-day because it's been used before, it's been declared to the wider internet, which is one that you found you own, and you can go in without as much risk of being detected.

Robert - So, Stephen has his work cut out, not only against these vulnerabilities published on the internet, but also against the zero-day attacks.

Stephen - Unfortunately, against zero-days, you're completely on the back foot from a defensive point of view, and there's not much you can do about that. But, from a vulnerable application point of view, having a vigorous vulnerability management program in place is the best way to stop that.

Robert - Both sides now watching those lists like hawks, either to exploit the vulnerabilities or patch them up as fast as they can. But, often the defence is a step behind, as with zero-days. What happens when the line is broken?

Chris - It depends really on what the person attacking your website is trying to do. If I'm there to take the website offline, you will have an immediate, very observable cause that something's gone offline. If I'm there because I'm wanting to steal people's bank details, or I want to get day to day intelligence on what's going on in the business, I may have installed my own software inside there to make the system behave differently or ship information out to me very subtly in the background.

Robert - Two very different situations there. What happens in the first case when the site is taken down?

Stephen - The alarm bells go off. What we do there is, if it was due to an exploit that we knew about, we'd have to work out how that's been taken down, work out how we can fix the exploit, and then bring the website back up in a secure manner. If a malicious actor has gained access to our infrastructure, this is where we rely heavily on our technology. We rely on the software to say, hang on a minute, something fishys happening over here.

Chris - That's really where it turns into a game of cat and mouse, especially when you're moving outside of say, Mrs. Miggins' violin shop and into a large corporate network. A lot of the aims behind those sort of attacks it's looking at, can you navigate around the network? Can you start looking at other systems you can get into now you've got this initial foothold into the network, or is there an end goal that you're looking for a bigger target somewhere inside the network? So, it becomes a cat and mouse game there of trying to lay low whilst they're looking for you. There's a number of techniques that you can take to do that, and there's a number of behavioural traits you can do as well around disguising the mass transit of data that Stephen was talking about. Do you reduce it to a trickle and extricate it over a long period of time? Do you disguise that traffic to look like routine traffic inside the organisation?

Robert - So, now we have a game of spy vs spy. Attackers trying to sneak in and around stealing secrets while the defence team have to notice, find and neutralise them. But, if the attackers are being subtle, is there anything the defenders can do?

Stephen - Yes, definitely. This comes back to the term that we use in the industry of defence in depth and thinking of cybersecurity as a bit like an onion; you need to have a lot of layers in there, architecting your infrastructure in a secure manner.

Robert - Much like medieval castles, which had walls within walls to protect your computers, you set up firewalls between them, layering your defences one over the other.

Stephen - You should really put in some blocking or firewalls in between each of those devices to make sure that, if one of them's compromised, there's no lateral movement in your network to stop an actor getting from one to the other.

Chris - It's always one team being on the back foot and then there's always new vulnerabilities being discovered. I don't think there will ever be a point where software is perfect but, equally, as part of that arms race, there's always better and better detection technologies coming out as well.

Stephen - From my perspective, we go by the philosophy of it's not "if" it's going to happen, it's "when" it's going to happen.

Robert - And it's happening, right now, all around the world, in every data centre and server farm. No clear winner and a continual game of cat and mouse. The verdict: so far, a draw, and the audience goes... well, the audience doesn't even know the fight has started.

We've seen how cyberwarfare is changing the nature of modern conflicts, from information wars dictating how we follow the narrative, to hacking and interfering with the weapons and tactics of the enemy. But what does the future hold in store? We spoke to James Lyne...

Chris - James, do you think this kind of vigilante information war and also cyber warfare is something we're going to see more of in the future because it's certainly been something people are commenting on as being almost like a first. That we haven't really seen a war where this has been so prominent in the past.

James - I think there's an inevitable trajectory towards more use of cyber warfare tactics or cyber crime with aligned interests just because we're placing more and more technology around us at every moment. That just makes it rife for opportunities. Now, this has been building for some time. There have been attacks as far back as the early 2000s against industrial control systems and power stations but, of course, this is starting to put it into a new level of light to the public, in light of the horrific events in Ukraine. I would certainly say this is something we are going to see more of, and we need to remember that, as throughout this program we've talked about military actions and intelligence, we've also talked about how individual businesses can be targeted. Whilst the Russians are probably not taking time out right now to target Mrs Miggins' violin shop, that doesn't mean that they couldn't be part of a campaign of cyber criminals, or used as part of a more substantial nefarious attack. It's important we're all following cybersecurity safety practices. This isn't just a government thing.

Chris - I know that this is obviously prominent right now, but have many of these actors already been preparing the ground for many years? For instance, we are buying wholesale bits of equipment from other countries. Is it possible that there are lots of back doors that we are unaware of and they could be then activated to call up an army of devices that we've all got in our homes and all around us, or they can access those back doors when they want them.?

James - Without wanting to cause people to start ripping technology out of their homes left, right and centre, yes, supply chain attacks have occurred on significant scale, attributed to nation states as well as cyber criminals, multiple times over the past few years. Sourcing technology, particularly to put into sensitive places like power, water utilities, and telecoms is something that has to be done very carefully. It is very much an active risk as we depend on technology more and more. It is crucial that, as individuals, we're constantly looking at our use of technology and thinking about the validity of information we're accessing, thinking about how technology may be manipulating us, and then of course governments and businesses have huge responsibilities in securing and sourcing these very crucial pieces of infrastructure, like 5g, like power and water, that have demonstrably been attacked by nation states in the past.