81 comments

[ 0.31 ms ] story [ 139 ms ] thread
Some sustained attack against a core function worries me. DNS, BGP, etc.
Hitting DNS would probably take down credit card payments, but I think the worry about hitting electric/water grid is a step up in terms of how immediate the danger would be to actual lives.
I think electrical is all you'd really need to take out. If it were an attack like stuxnet, where it physically destroys the power generators, we will be in for a very long ride without electricity. Potentially years. The generators can get so hot they just melt/fuse internally, permanently destroying it. And, it can take many months to years to get a replacement. They're not just sitting on a shelf somewhere, and if dozens or hundreds are needed simultaneously... Seeing as how everything is centered around electricity, including water pumps, internet, financial systems, gas pumps (knocking out the whole supply system), etc., it would be game over and we'd be in a Lord of the Flies situation. Think about shutting off the failsafes on a nuclear power plant and ramping it up to run outside of normal parameters causing a meltdown.

PBS - NOVA (CyberWar Threat): https://www.youtube.com/watch?v=0EnTLju9_cE Watch the whole thing, but check around the 37min mark for demos with generators.

PBS - NOVA (Rise of the hacker: https://www.youtube.com/watch?v=-ZdasoAGMQs This gives a very good description of stuxnet, which is released out in the wild now for anyone to use. THAT, is downright scary.

Hacking some financial system or industrial control isn't really the big threat demanded of 'cyber warfare' that is just sensible information security, building systems to best practice, reviewing them and updating as per normal.

The real danger is an idea that gets all too popular.

For instance, the could be a new climate change type of group that comes along and gets too much mindshare. In fact there was a new group who closed five of London's bridges the other day. I doubt that they will be the group from which big ideas emanate from to take over the world but you never know.

So the case can be made for all of this extra spending on the basis that it is all there to do things that sound sensible - 'Internet Security' - but there is capability being built for the more nefarious 'cyber warfare', making sure ideas that threaten business as usual get taken out.

For those confused, the op is complaining because some protesters staged a protest on a few bridges in London last week over their view that the UK government is not doing enough to tackle climate change. Civil disobedience existed well before the internet, on a far larger scale.
Precisely. Mass surveillance under the pretext of some fuzzy cyber warfare remit has a chilling effect. This does not have to be mentioned, it is just a silent fear thing. So if people self censor themselves then they never group to that 'far larger scale'.

Conversely the 'cyber 9/11' is if some idea - an idea that isn't limited to civil disobedience comes in a message where people don't self censor themselves then they could 'group to a far larger scale'. The status quo can't be threatened even by common sense ideas. So an idea in a message that 'goes viral' is the 'cyber 9/11' most feared. There is an art to controlling information in a democracy.

I don't really understand much of what you are trying not so say. But I do think there is promise in your ideas of self-censorship and you should definitely think more about that concept.
I knew this was going to happen, because I read it on the internet. If the government had censored it, then as far as I know it didnt happen, never even existed. There could be people trying to organise similar things in Australia right now, and the message isn't getting through the censors. 1 passionate activist cant shut down a bridge. Governments inherintly fear any disruption to the status quo, but its how virtually all social progress is made.
> There could be people trying to organise similar things in Australia right now, and the message isn't getting through the censors

How on earth did Ghandi organize the Salt March without twitter.

China struggles to censor the internet, how on earth do you expect people to believe that Australia does.

Bricking every intel cpu,Using a likely 0 day in JunOS and ASR routers to make them all inoperable for a few days,similar wipe outs of cloud provider infrastructure come to mind.

But if I was the well resourced attacker I would use multiple teams and target a diverse variety of important services and infrastructure and coordinate an phased long term(weeks) attack. I would not cripple the internet as a whole,especially social media. In battle,hiding your location and intent is crucial to victory.

Social media would play a critical role in sowing confusion amidst the chaos. Isolate part of the country and spread a message that some internal political group (antifa or alt-right for example) launched a physical WMD attack,use access to fortune 500 company networks to send emails and other communication indicating internal collapse of the companies,one corp is going bankrupt,another has been lying about profits is under SEC investigation. Chaos after chaos. The goal of a "cyber 9/11" would not be to cripple the internet but (imho)rather to exploit it to acheive three independent goals:

1) Long term (multi?)National and Economical instability and possibly collapse.

2) Make the internet as it stands today a mortal threat to society.

3) As a precursor to a physical invasion. The kinetic attack would be only of the many rumors and reports being circulated. Any and all damage to your enemy's communications brings you one step closer to victory with minimal effort.

More on goal #2: The goal of 9/11 was not to kill some americans. The goal was to destabilize the west by attacking important symbols of economic and political prosperity. It worked,economy was only momentarily destabilized but 17 years later america and the west are grappling to keep their democracies and basic freedoms. The goal of terrorism is to terrorize not to merely kill(which is why mass shooters are not labeled terrorists,their intent is murder not change through terror). A Cyber 9/11 would have similar goals where the intent is to change and cause long term weakening of the adversary.

What makes the internet strong is not BGP,DNS and secure operating systems. It's the fact that people trust it for reliable and resilient communication and governments view it as a strength to their political and economical stability as opposed to a dangerous liability. The goal of terrorism is to change your beliefs so that fear resulting from the attack changes your policy and principles.

I accidentally stumbled on an interesting approach to sow discontent. There was a forum that was hotlinking a "words to images" script I had on one of my websites. They would post these images as their "text" instead of plain text.

It was hammering my server, so I changed up the script to return random inflammatory and/or inappropriate images if the referer was this forum site.

I was using the source IP as the rand() seed, so everyone on the forum had a different view of the images, but consistent in that it remained constant for any single user.

The resulting chaos and infighting was pretty funny until they figured it out.

> everyone on the forum had a different view of the images, but consistent

Reminds me of the endless fun with [you] tag on phpBB forums. That particular tag's function was to be replaced during rendering of a forum post with the username of the user viewing it. AFAIR it was retained in tag form in quotes, too. You'd post something like, "I think [you] is dumb in believing $something", and watch the hilarity ensue.

Some years ago, indie game developer Arthur "Mr. Podunkian" Lee released a short game via a thread on an indie game forum, to similar effect [1].

[1] https://forums.tigsource.com/index.php?topic=9284.0

I'm confused to how this is to a similar effect? Are the images of the game, not the same as the actual game?
You have to page through the discussion a bit. There's 11 pages.

The game play is different depending on the machine it's being played on. Some folks get stuck on an unwinnable screen right away, some later, some play to the end, etc. Also, the screen/level names vary.

This is what I consider/fear the next 'step' for 'fake news' and weaponised propaganda. Giving different audiences different content, and using those differences to turn them against each other.

Picture this:

You've got a story which is seemingly very controversial, and will rile up one side of the political spectrum.

However, this story is only shown for say, 10-20% of your readers/viewers, and the rest get an innoculous story, or one that says the complete opposite.

Now the ones affected by it will post it on social media sites and forums, saying that this is proof of how 'evil' the other side is.

But the others there can't see the same story, and will think said users are trolling them. After seeing them keep posting comments about how some minority group is evil with links to innocent stories about kittens and puppies, said users get banned.

This causes said users to think they're being targeted by the other side, and then every story they see on the site is designed to build off that. Make the forum/social media/news site owners out to be illuminati pawns or what not and their banning policies a way to stifle dissent.

Voila, the site has now basically weaponised A/B testing, and created a localised echo chamber to gaslight its readers into more and more extreme mindsets.

That's basically the nightmare scenario. Imagine an enemy state like Russia or China using it against the alt-right/antifa/whatever. Or activists using it to recruit followers.

Worse still, imagine it with compromised browser extensions as well. Imagine if a foreign government managed to do this in a way that could let them edit the text on fact checking sites like Snopes or major media outlets like the BBC or CNN or what not. Now that could have some worrying consequences.

Still, it wouldn't be impossible to fix/detect. Set up sites like Reddit/Hacker News to automatically archive pages linked to, and send users to the archive rather than the original unless they choose to click through. Avoid using any browser extensions at all, with hosts file blocking for things like ads rather than Adblock/uBlock/whatever. Ask others to double check what every page you see says to make sure it hasn't been compromised/doesn't show different things.

Do that and you can at least minimise this style of dissent sowing.

> This is what I consider/fear the next 'step' for 'fake news' and weaponised propaganda. Giving different audiences different content, and using those differences to turn them against each other.

That's not the “next step”, it's an established practice. Notably, the recent Russian propaganda effort directed at destabilizing the US via false flag social media accounts and other channels was noted for doing exactly this. (They didn't invent the general concepts either, it's much older.)

The actual mechanism in your example would be a bit novel, but it's also fairly easily accidentally penetrated, because real humans aren't 1:1 to online personalities.

This is literally how the Brexit vote was won.

Cambridge Analytica used personal profiles scraped from FB and (allegedly) from insurance company customer details to run ads that were precisely tailored - almost down to specific users.

It only took a small swing to push the vote over the line.

> It only took a small swing to push the vote over the line.

With modern elections results often come down to a tiny tipping point.

In the UK 2017 election, tipping the right 400 voters one way or another changes the makeup of government from a DUP backed coalition to a Tory majority[0]. Tipping the other way, and denying a DUP/Conservative coalition, would have taken the right 750 to flip.

Turnout was 32.2 million, and the entire election came down to 1200 voters, 1 in 27,000.

In 2016 if Clinton had flipped about 60,000 votes (the right ones), or about 1 in 2,300, she'd be president.

By comparrison, brexit required a massive swing - 1 in 26 voters.

[0] https://www.telegraph.co.uk/news/2017/06/12/theresa-may-just...

You really have no idea whether people voted a certain way because of those ads or in spite of those ads.
Marketing works, we've had 100+ years to tweak and it justify marketing's huge budgets. Tweaked ads work too.

Further more, why can't it be both, because of AND in spite of those ads? Successful propaganda often uses false images from another perspective to generate scorn, e.g. obviously idiotic comments from tumblr SJWs (r/tumblrinaction, for example) who are likely sockpuppets.

Regardless, marketing is about numbers on the whole, not whether Bob or Sheela specifically voted -- and on the whole it worked for Brexit.

Hacking into one or more of the big CDN services would make this scale pretty broadly.
Buzzfeed already does that, though I presume that their objective is to damage control as quickly as possible if an article generates a lot of negative responses rather than cause chaos.

See https://en.wikipedia.org/wiki/Wikipedia:Identifying_reliable...

> BuzzFeed may use A/B testing for new articles, which may cause article content to change

This is actually one of the reasons that make things like git repos (given a certain commit hash), torrents, and ipfs (except IPNS/MFS) extremely attractive - nobody will be able to silently change things afterwards.

Now you understand why the internet is censored and sanitized in countries that already don't believe in democracy as a viable form of government. The experiment on democracy is entering its most serious test. Can it survive?
Please, democracy has barely, barely survived the cold war all the world 'round, it's a dead horse to beat.
I think people will catch on faster than you think. People are (somehow) already in the habit of screenshotting tweets and sharing the image. Person A will quote pieces of the article to rip it, person B will post a screenshot of the article saying something different, person A will post their own screenshot, and it will unravel.
Encrypted Media Extensions will ‘fix’ that.
> Bricking every intel cpu,Using a likely 0 day in JunOS and ASR routers to make them all inoperable for a few days,similar wipe outs of cloud provider infrastructure come to mind.

The packet flow ASICs and fabric on an example router like an MX960 or an ASR9006 are quite separated from the control plane routing engine. Just passing packets with the "zero day" through the router wouldn't do it, somebody would have to compromise the engineering/admin interface to the routing engine(s). If you have the equivalent of root, configure or enable on a Cisco IOS-XR or modern JunOS system you could run a script to brick it anyways, by overwriting the boot OS image and then reloading the router.

I personally would be much more worried about a "brick yourself" magic packet that is hidden, hardcoded into the ASICs of Huawei or ZTE routers sold into the networks of major carriers in NATO countries.

I worked with those devices. Things like icmp responses and ttl expired packet make it to the control plane cpu iirc. I was thinking more of a worm that would gain access to everything via internet exchanges ,propagatig through bgp sessions and such. Also, didn't know those backdoors in zte/huawei were a thing. But they do tend to have hardcoded creds "for support".
If you have a router that exposes its admin/control plane/routing engine interface to IX and BGP peer facing addresses, that's another fundamental network architecture problem to address before worrying about anything else. Management VRFs, ACLs, etc. There should be absolutely no way to get the routing engine/control OS to listen on any interface facing anything public...
Yeah,one provider does that to the net,exposing their network which includes their IX router which connects to your IX router which connects to the IX lan. Heck,a well resourced attacker can peer with you on the IX lan just so he can attack you.
(comment deleted)
It's only a matter of time before foreign hackers have the power to turn off the United State's electrical grid. Look how Russia did it in Ukraine.
Decentralizing the attack surfaces would go a long way to mitigating 'turning off the grid'. The US arguably has the advantage of their grids being lots of different grids patched together and run by 500+ companies. https://en.wikipedia.org/wiki/Continental_U.S._power_transmi... Against that there are probably lots of backdoors and security lapses amongst all these daisy chained systems...
When a foreign adversarial state launches 'cyber 9/11' it would imply a few things:

1) The offending country is willing to escalate/desires to provoke skirmishes that may lead to major battles with or without conventional military.

2) The offending country is so desperate, the only way to reboot their economy is to start a losing battle so it can be rebuilt.

3) the economy of the offending country is so skewed at the top of the leadership, they are willing to thin the herd using foreign intervention, and build up a zealous supporter base who is out for blood for vengeance.

TLDR: The adversarial state will launch a 'cyber nuclear' attack when it thinks is fully ready to take the brunt of 12 American carrier groups armed with manned and unmanned stealth fighters.

What if you can't figure out who the offending country is? The USA like any other nation is just some people who have emotions and psychology that can be tinkered with. How about six American Carrier groups against the other six??
>What if you can't figure out who the offending country is?

Sounds like a great excuse to take out all the "usual suspects" at once.

Theorotically, in a world without consequences the USA can take out multiple powers very easily.

Practically (and without usage of nuclear weopons), the USA can barely handle attrition. Also the USA have not fought a conventional war with another competent regional power since World War 2 and that too was with many allies.

Even something like vietnam would be very difficult now with all the internal division and the prelude strife they'll cause.
If the CIA can trace a journalists killing to a crown prince I think the three letter agencies can paint a decently decisive target.
> How about six American Carrier groups against the other six??

How will you divide them equally and pit them against each other?

I get your point, but the regular US military is a culture and organization apart from the mainstream.
AFAIK, there remains no clear policy or line on what sort of cyber incident would warrant escalation to a “kinetic” (blowing things up) response. This is a serious problem, as it can lead to unintentional escalation.

For example, if Turkey and Russia got into a spat over access to the Black Sea and Russia triggered blackouts in Turkey that (perhaps unintentionally) killed people. Would that trigger Article 5? (NATO Mutual Defense Treaty?)

What if a state sponsored (but not state controlled) group managed to do a massive uncontrolled release of dam water, drowning hundreds. Would the US be justified in a kinetic retaliation against the sponsoring state?

This is one reason why people are calling for a cyber version of the Geneva convention- we need norms to help make the signaling and consequences inherent in these actions clear to all parties.

The US already has a policy to use kinetic means to retaliate against state sponsored terrorism. Whether that terrorism is carried out through "cyber" or other means is irrelevant. And the US did trigger Article 5 after the 9/11 attacks.
Ok, the dam scenario is excessive (and kinetic already), but where that threshold crossed? If a string of on going attacks caused 10s of billions of damage but with no fatalities, would it crossed? What about incidental fatalities such as preventable deaths in a blackout?

Messaging and intentions aren’t clear in this domain yet, that’s the worry about unintentional escalation.

Intentions about military responses are intentionally unclear. Presidents want to preserve their freedom of action and keep their options open.
Why were there no military actions against russia for DNC hacks then? Sure,they might bomb a few useless places if a 3rd world country did it. But the US will need to weigh the cost of attacking countries like China,N Korea,Russia or any one of the currently US allied western european and some asian countries like Japan and Vietnam. Good chance the attackers deny relationship with the Gov't,US will respond with just air strikes and sanctions.

If N Korea caused something like the 2008 crash,is it worth a regional nuclear war by invading them? You're also assuming it's just one country that will attack and they haven't already prepared an invasion against mainland US

>Why were there no military actions against Russia for the DNC hacks then?

Probably because the “evidence” Russia hacked the DNC is dubious at best.

There are reports from the FBI, CIA and joint reports from the Department of Homeland Security detailing what they describe as intention from Russian backed security groups.

Here are two links to the joint reports from the three letter agencies involved:

https://www.dni.gov/files/documents/ICA_2017_01.pdf

https://www.us-cert.gov/sites/default/files/publications/JAR...

Those are both almost entirely lacking in any technical evidence.
The US appears to be shockingly unprepared for social cyberwar.

If you're an aggressor, you don't need to break infrastructure or blow things up. For the cost of a few troll farms, a few training classes in infowar, and maybe a mainstream news outlet or two, you can split any country along its political fault lines and encourage division, sectarianism, social unrest, "spontaneous" terrorism, and perhaps eventually civil war.

A country like the US, which has extremely deep social fault lines, is almost ridiculously vulnerable to this kind of attack.

And with the right financial and/or political incentives, there will always be potential fifth column interests who would support such an effort, as long as they gain personally.

The US has sponsored efforts like these in other countries in the past. There doesn't seem to be much understanding that it's also vulnerable to them - far more than it used to be, thanks to the amplifying effects of social media.

Indeed, the society is so divided, just sowing a little bit of doubt would be enough to prevent the huge decision of retaliation. Merely some anonymous accounts on influential forums could be a very cheap way to make strides in that direction.

So cheap in fact that I'm not surprised if we witness exactly that very, very nearby.

The dutch literally watched the russians over cctv cameras(apt28).
The hacks may have manipulated public opinion, but that's it. Why is that worth military attack? It's not.
Although I imagine the first target of this unnamed adversary will be Estonia.
A cyber 9/11 would be the prelude to a shooting war if committed by a nation state. 9/11 was not conducted by a nation state.
> 9/11 was not conducted by a nation state.

Of course this post will be downvoted or ignored but maybe someone is willing to check the links to learn.

It was conducted by at least 2 states: USA and Israel; the only "beneficiaries". Besides the USA is not a nation state like Israel: https://en.wikipedia.org/wiki/Jewish_state

Larry Silverstein: WTC 7 "Pull It" from 2002 Interview https://www.youtube.com/watch?v=Y7lSC3jXFDE

Stand for the Truth: A Government Researcher Speaks Out | 9/11 Evidence and NIST https://www.youtube.com/watch?v=GvAv-114bwM

The 9/11 Building Collapse | Richard Gage https://www.youtube.com/watch?v=nu2QqxpYcvA

9/11 Suspects: The Dancing Israelis https://www.youtube.com/watch?v=2XHm56O2NTI&t=414

9/11 Trillions: Follow The Money https://www.youtube.com/watch?v=n3xgjxJwedA&t=3131

CIA Agent Confesses On Deathbed: ‘We Blew Up WTC7 On 9 11’ https://www.youtube.com/watch?v=hmx-DiWUqfs

Depends on your perspective,they acted on behalf islamic states,although not directly supported. Their backing isn't as important as their intent. For example,North Korea supports APT groups that operate with loose connections to Pyongyang,it's rumored one of these groups(Lazarus?) Was behind the Sony hacks which were effectively a much smaller act of cyber terrorism. They attacked to terrorize Sony into changing its repease of a movie mocking their leader.
I don't think the Sony hacks register on that scale.

But hacks against a country's infrastructure would.

I think prior to cyber 9/11 we're more likely to see actors executing attacks for financial gain. i.e. for competitive advantage or market manipulation.

> A hacker took over the Twitter account of the Associated Press in 2013, tweeting "Breaking: Two Explosions in the White House and Barack Obama is injured." The stock market instantly fell 143 points.

Regardless, our best defense is diversification/decentralization - which goes against normal economic development (mergers and centralization). But as the risk increases (more attacks) - then the balance will shift to support diversification (well I hope).

Wouldn't work very well, even in your example you'd have to be a very quick trader and the SEC would catch it immediately after the fact. Whatever the attack, it would have to be very real not some fake event.
The cyber 9/11 will be done by rogue AWS employees who are part of a sleeper cell at Amazon.
This is an interesting idea: how many Big-N companies have sleeper cells, capable of wrecking havoc the moment they're called upon?
Gee, "Cyber 911" is a really unfortunate buzzword that reduces serious infrastructure attacks to a curious soundbite from a media outlet.

It sounds like Chris Hanson's follow-up Reality TV exposé series, for Dateline, circa 1998 after winning multple awards for To Catch A Predator, in which he further demonstrates the perils of the Information Super Highway.

I think a cyber 9/11 is just about the only thing that'll make us get our shit together in this industry. Hopefully it happens before cyber WWI.
it's very telling how everyone here is making the same mistakes USA intelligence made on 911 itself.

911 was some internal actors, sponsored by some CIA trained warlord who they forgot from 20 years before, but they could only see attacks coming from big nation states.

Here the comments are making the same mistake. cyber 911 can be something like a random operative who was given some covert training and now focus it on the coutry who trained them. instead everyone can only see full blown world war from well organized and funded nation states.

my guess: the (israeli?) company the US outsourced scada atacks on iran (stuxnet) will start selling the same tech (which most US facilities are still vulnerable to) other actors, such as north korea or syrians who felt betrayed with the US constant side-changing.

I read the other comments, and it's not "everyone here", or even a majority.

There's also one specifically pointing out that 9/11 wasn't state sponsored, posted more than an hour ago.

I think you're right. I wrote about this in a mediocre essay for a university competition (https://nickhayden.com/blog/war-poverty-and-the-human-elemen...)

I think what we'll see is people living in poverty being radicalised, not too different from what we have in Syria, Iraq and Afghanistan except now instead of risking their lives attacking a US convoy they just start hitting businesses with invalid security until they find something big. We're probably not too far away from it.

> until they find something big

What do you envisage that to be?

If the electrical grid in the US to go down for greater than 2 weeks I think that could be an example of systematic shutdown that would be something big enough to sufficiently scare people into radically different habits.
Maybe this attacker gets into a few generic companies like accountants, builders, marketers. Nothing really valuable beyond the scope of the particular company and their customers. Maybe they find their way into a oil/gas/mining operation, specialised software development company or everyone's favourite example, the electrical grid/water systems.

Without data to back it up, I think that most attackers don't want to cause nation-wide problems and are motivated by money or revenge against a specific target. The biggest risk for them is if they did nation-wide damage whether deliberately or accidentally they might be on the receiving end of a response similar to OBL. Whether or not that would happen I don't know but it's the perception that matters.

My biggest reason for hope is that the people I've seen working in government and large corp security have been skilled, aware of the risks and are ready to put in the work keeping systems safe.

> 911 was some internal actors, sponsored by some CIA trained warlord who they forgot from 20 years before, but they could only see attacks coming from big nation states.

Despite popular opinion, Bin Laden wasn't trained by the CIA or a hero of the Afghan jihad. He hid out in caves Pakistan for the most of that war and made occasional forays in to Afghanistan with a rag tag group of "fighters" whose exploits were comical more than anything else.

Bin Laden's family very much wanted him to "stop dicking around", as did the Saudi govt and secret service. If I'm not mistaken he was persona-non-grata in Saudi Arabia and the only country that would have him was Sudan, where he lived in squalor, even before 911 happened (source: The Looming Tower).

> cyber 911 can be something like a random operative who was given some covert training and now focus it on the coutry who trained them

Most of those tools are for espionage, not warfare. Stuxnet was sabotage, highly specialised and took huge amounts of effort to develop and deploy.

Afaik Middle Eastern hackers are mainly defacing websites and N-Korea is hacking entertainment companies and robbing banks.

The cyber realm is different from the physical world in the sense that it has much more eyes on it than 911 had during the planning phase.

Stuxnet was discovered by a tiny E-European IT shop and examined by a handful of people working in the private sector.

To really start a war using software (say by launching missiles) you'd need highly specialised, precisely targeted tools that aren't lying around to be sold by rogue agents.

To really start a war you need to persuade the people with the missiles they should launch them. Or maybe that voters should elect someone who is more likely to launch them.

That's a whole lot easier than hacking into the launch systems.

Well - and all they really needed was facebook... a mad reality tv star, and a mass of uneducated americans...
A nation won’t play this hand without expecting to back it up with standard military options. So when things get to that point it should come as no surprise.
Lol, nutty HN thinks 9/11 was the direct product of a nation state do they?

So let's leave the larping conspiracy world for a second and actually talk about a 'cyber 9/11'

All someone needs to know is a 0 day that could brick a lot of computers (or phones) remotely and have a small botnet that could do it. The complexity won't/can't be much more than lets run a plane into a building.

It'd be pretty funny, millions might die in the immediate aftermath depending on how good the brick is (GFC killed millions) but I could see a lot of strength in the aftermath.

But as 4-chan says - for the lolz, one needs no reason.

I just don't get why it hasn't happened yet?

Remotely rooting automobiles during rush hour to accelerate.

Several models now stupidly designed with media systems on same wire where it is physically possible.