Lessons From the Grave
Two years ago this month, the young and ambitious investigative journalist Michael Hastings died in a mysterious fiery car crash. Investigators and journalists have confirmed some startling revelations regarding the accident in the past two years, though the truth of what really happened to Hastings could have been buried with him.
Hastings was known for challenging conventional wisdom and investigating authority at the highest levels. With a Polk Award-winning article in Rolling Stone, he brought down General Stanley McChrystal, commander of NATO’s International Security Assistance Force and US Forces-Afghanistan.
At the time of his death, Hastings had been working on a story about CIA Director John Brennan. The president of Strategic Forecasting Inc. (“Stratfor”), a CIA contract global intelligence firm, has described Brennan in secret emails as someone on a “witch hunt” of investigative journalists. Brennan, of course, has denied these claims: a CIA spokesperson told reporter Kimberly Dvorak in an email that notwithstanding WikiLeaks, “any suggestion that Director Brennan has ever attempted to infringe on constitutionally-protected press freedoms is offensive and baseless.” In the months following the accident, WhoWhatWhy uncovered that Dvorak was less than reliable.
Is it possible that Brennan felt threatened by the content of Hastings’ would-be story? If yes, how would the CIA have responded to such an expose ?
Car Hacking—Reality, not Theory
At the time of Hastings’ death, counterterrorism expert Richard Clarke told The Huffington Post that it was possible that Hastings’ car had been hacked; that the known details of the crash were consistent with a car cyber attack.
“There is reason to believe that intelligence agencies for major powers”—including the United States—know how to remotely seize control of a car, Clarke said.
At the time, however, Clarke’s suggestion received little attention from the mainstream media. In the past two years, the issue of automobile cybersecurity has entered the mainstream arena.
Since 2013, scientists have proven the possibility of hacking a car, and lawmakers are revealing the lack of cybersecurity against these types of threats built into today’s digital cars.
“Your car may have as many as 30 separate electronic control units, some of them built for wireless access. Hackers have shown that they can disconnect brakes, kill acceleration and more—although most hacks currently require direct, wired access to the car’s systems. Even so, a lab technician turned off our test car while we were driving it—from a cell phone,” Chris Meyer, Vice President of Consumer Reports, said in an email to WhoWhatWhy.
At the annual hacker conference Defcon2013, just two months after Hastings’ death, computer security experts Christopher Valasek and Charlie Miller successfully hacked two cars, accessing almost all of the car’s electronic control units.
Video demos pre-recorded for the conference showed Miller and Valasek able to jerk the steering wheel, disable the car’s brakes, accelerate, manipulate the seat belt, turn off the engine, mess with both interior and exterior lights, honk the horn, and program the console to read that the car had a full tank of gas when it didn’t, according to CNET.
After this successful demonstration of a computer-generated car hack, lawmakers sent inquiries to car manufacturers about the cybersecurity of their automobiles. The results do not provide much of a sense of security—or cybersecurity—to drivers on the road today.
In February 2014, Sen. Ed Markey (D-MA) released the report Tracking & Hacking: Security & Privacy Gaps Put American Drivers at Risk. Sixteen major automobile manufacturers participated in the report, and four major trends are as follows:
Here are the four trends found in the report:
• Nearly 100 percent of vehicles on the market include wireless technologies that could pose vulnerabilities to hacking or privacy intrusions.
• Most automobile manufacturers were unaware of or unable to report on past hacking incidents.
• Security measures to prevent remote access to vehicle electronics are inconsistent and haphazard across the different manufacturers.
• Only two automobile manufacturers were able to describe any capabilities to diagnose or meaningfully respond to an infiltration in real-time; most of these manufacturers rely on technologies that cannot diagnose or respond to infiltration in real-time at all.
The information on the very real possibility of carhacking raises the question: was Michael Hastings’ car hacked? Is it possible that someone was trying to shut him up?
Leave a Reply