... mainly for my own convenience: ITNA - Individually Targeted National Attack.
Here's a good Forbes Magazine article about the most recent developments in what we used to call 'wardriving'.
Driveby Vulnerability story
And here's one of the latest things on the Huawei issues.
Huawei story
At the risk of repeating myself, I'll speculate on the global possibilities of such hyper-local matters. One of the exposures of the Imperial Japanese Navy in attempting to knock out the American Pacific fleet in 1941 was the possibility that they'd be discovered as they slogged their way from Japan to Midway. They got discovered, thereby failing in their efforts. What if that trip had been unnecessary?
The whole "digital Pearl Harbor" scenario posits the internet as a remote access point to sensitive areas that an enemy would wish to use as attack vectors. Put that idea together with such things as personal data leaks and you get the possibility of attacking an enemy nation via bypassing national defense infrastructure. The Russians have already approached this by trying a cyberattack on Ukraine's municipal power grid some time ago. If citizens can be attacked directly, then there's little need for near-Napoleonic Era infantry advances. Observe this list of aspects of an individual's digital life:
Phone GPS tracking and phone company cloud data backups/saves
Smart home connections from digital assistants to smart light bulbs with insecure protocols
Financial information in data leaks
Medical information in data leaks
Email accounts, particularly free webmail
Government (national, state and local) information in data leaks
Information publicly viewable from government or Google
Resume information posted to job sites or on personal pages
First, set up a data collection project to track every citizen in the target country - let's say around 100 million people. Every citizen has a file. That file would become a dossier to use to feed an attack script specific to the person. The script could have sections for dox-ing personal contact info, for shutting down phone numbers and accounts with a phony email claiming a move to a competitor, for making unauthorized purchases that could trigger auto-shutdowns of credit, for making false police calls... get the idea?
Add those custom measures to the obvious things like attacks on police dispatch communications, remote traffic control systems, computer-controlled telephone exchanges, food distribution networks, internet-accessible remote starting in recently built cars and trucks... and all the other new exposures or vulnerabilities that have arisen over the last ten to fifteen years. And the Stuxnet worm has shown everyone that (with access to certain programs and languages) it's possible to destroy industrial devices with instructions inserted into the control points from outside.
So Country A could attack the 100 million citizens of Country B after first building the citizen files, then getting the attack scripts finished, then populating the attack script with info on the target citizen. After that, it's an access question (perhaps constructing backdoors over time) and then one simply selects a time to pull the trigger. No armies or navies needed. It's a software development project with a very large database. That sort of thing is done every day; it's just been weaponized by someone in this example.
How to protect oneself? If I were the government, I'd pull back on commercial off-the-shelf solutions and use more home-grown ideas, plus put more people onto network monitoring jobs. Individuals would benefit from my "Go to the PUB" advice: maintain Passwords, Updates and Backups. And don't load gobs of free apps onto your phone without knowing who they talk to.
