There has long been a discussion about the kinetic nature of cyber warfare. Today CNN brings us video of a largish hole in the power grid. Kinetic effect without the kinetic cost. I wonder what the cost of a laptop and Internet connection is in relationship to a 500lb bomb (or dozens).

http://www.cnn.com/2007/US/09/26/power.at.risk/index.html



Sources: Staged cyber attack reveals vulnerability in power grid

WASHINGTON (CNN) -- Researchers who launched an experimental cyber attack caused a generator to self-destruct, alarming the federal government and electrical industry about what might happen if such an attack were carried out on a larger scale, CNN has learned.

Department of Homeland Security video shows a generator spewing smoke after a staged experiment.

Sources familiar with the experiment said the same attack scenario could be used against huge generators that produce the country's electric power.

Some experts fear bigger, coordinated attacks could cause widespread damage to electric infrastructure that could take months to fix.

CNN has honored a request from the Department of Homeland Security not to divulge certain details about the experiment, dubbed "Aurora," and conducted in March at the Department of Energy's Idaho lab

In a previously classified video of the test CNN obtained, the generator shakes and smokes, and then stops.



A lot more at the link

Hi Selil,

I saw that story on CNN this morning. I almost wished they hadn't reported on it :wry:. There are just too many ways that a cyber attack can have kinetic consequences but, at least, it does look like someone is thinking about them now.

Marc

Think some folks out there aren't sweating about this?

http://www.azcentral.com/arizonarepublic/news/articles/0518alavi0518.html

From the article:


The transcript indicates that Alavi wasn't the only employee to download the details of control rooms, reactors and designs as part of a software training package onto his personal laptop and take it home.


The software provides employees with emergency scenarios and instructs them to react with proper procedures. It has no links to actual plant workings and can't be used to affect operations.

Now, if I'm a bad guy and if I have a clear insight into what the "Plan B" steps are to counter emergency scenarios, and if I'm a halfway decent code cutter, I'm probably going to be able to write code sufficient to counteract/disable the standard emergency procedures.

I think I'll stop now.

I want to say that as an academic I step all over OPSEC for the fun of it. But, there are places that I tread carefully. I've been having a running battle with some entities and I've been informed that cyber security is nothing to worry about. It's not like anybody can really do anything like a kinetic attack... arghhh. I have to thank SWC/J as I've learned over the last year that my issue has been being able to frame my discussion in terms that the ones making decisions understand and expect. Now issues like this one are taken more seriously.

Think some folks out there aren't sweating about this?

http://www.azcentral.com/arizonarepublic/news/articles/0518alavi0518.html
Now, if I'm a bad guy and if I have a clear insight into what the "Plan B" steps are to counter emergency scenarios, and if I'm a halfway decent code cutter, I'm probably going to be able to write code sufficient to counteract/disable the standard emergency procedures.


I suspect that the Palo Verde training package is probably akin to the one that DoD uses for its Anti-Terrorism Level I certification on-line course. For those unfamiliar with it, the DoD training package puts one in a number of scenarios in order to reinforce points about what to do and not do should one become the target of "terrorist" activities. I found its contents fairly innocuous, if not down right inane. However, without seeing the program ised at Palo Verde, I cannot be sure that this is the case.

I think that the nation's power grids have other potential vulnerabilities that probably warrant much more concern that the story about Mr. Alavi. For one thing, the grid has a number of nodes that are single points of failure. Loss of those nodes can cripple large sections of it should those nodes go down. But then keeping the grid up is what NERC, the North America Electric Reliability Council, is supposed to be all about As another example, utilities are pushing an initiative called BPL--broadband over Power Lines--a competitor to your cable company's broadband over cable response to DSL/ISDN from your phone company. While BPL may not be a threat to the operation of the electric grid, it may provide alternative comm paths for bad guys which could be much harder to exploit by LE than other conventional comm paths. However, once one gets into a BPL pipe, one might also be able to gain access to some of the grid control data networks that flow over the same pathways--tactics like packet capture and packet replacement come to mind.

I wouldn't worry to much about the communication paths of criminal elements. With cell phone scramblers, good encryption, and a variety of "criminal" languages the com path for organized crime is fairly stout. There is telemetry already on the power grid which is interesting from a few different perspectives.

As to the electrical grid, if in my first under graduate systems design program I designed a system that was based on five large wobbly systems, with centralized control, little redundancy, over lapping vulnerabilities, was life critical, had a design goal of MTBF of 99.99999 up time, and had control features outside of the actual (extra-territorial) control of the owning entity I'd have been given an "F" so big I'd be an art teacher (or anthropologist).

Wired, 17 Oct 07: Astrophysicist Replaces Supercomputer with Eight PlayStation 3s (http://www.wired.com/techbiz/it/news/2007/10/ps3_supercomputer)

....The interest in the PS3 really was for two main reasons," explains Khanna, an assistant professor at the University of Massachusetts, Dartmouth who specializes in computational astrophysics. "One of those is that Sony did this remarkable thing of making the PS3 an open platform, so you can in fact run Linux on it and it doesn't control what you do."

He also says that the console's Cell processor, co-developed by Sony, IBM and Toshiba, can deliver massive amounts of power, comparable even to that of a supercomputer -- if you know how to optimize code and have a few extra consoles lying around that you can string together......

....This is precisely what Khanna needed. Prior to obtaining his PS3s, Khanna relied on grants from the National Science Foundation (NSF) to use various supercomputing sites spread across the United States "Typically I'd use a couple hundred processors -- going up to 500 -- to do these same types of things."....

....Khanna says that his gravity grid has been up and running for a little over a month now and that, crudely speaking, his eight consoles are equal to about 200 of the supercomputing nodes he used to rely on.....

Wowser Jedburgh that is a great link! I had missed this. I had lunch with Ian Foster last week (father of grid computing!) and we were discussing this kind of commodity computing and some the security issues it represents.

As a simple example of computer mediated conflict and terrorism having unlikely avenues of attack, or asymmetric methods to attack, advances in one technology can provide unexpected consequences in other ways. The quoted story (more at the link) gives an example how in providing service to passengers the flight control and safety systems were put in jeopardy. This is an error in architecture and likely was never considered at any point to be an issue until an outsider perceived the issue.

Unfortunately as technology is adapted and integrated into civilian society and military weapons and communications systems these unexpected consequences can be exploited. It's an interesting article and it appears they will be fixing the network architecture issues in this case. For the military professional or interested civilian look around your environment sometime and consider all of the interconnected technologies with an eye to how they could be used in unexpected ways.


Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.

The computer network in the Dreamliner's passenger compartment, designed to give passengers in-flight internet access, is connected to the plane's control, navigation and communication systems, an FAA report reveals.

The revelation is causing concern in security circles because the physical connection of the networks makes the plane's control systems vulnerable to hackers. A more secure design would physically separate the two computer networks. Boeing said it's aware of the issue and has designed a solution it will test shortly.

"This is serious," said Mark Loveless, a network security analyst with Autonomic Networks, a company in stealth mode, who presented a conference talk last year on Hacking the Friendly Skies (PowerPoint). "This isn’t a desktop computer. It's controlling the systems that are keeping people from plunging to their deaths. So I hope they are really thinking about how to get this right."

...... LINK (http://www.wired.com/politics/security/news/2008/01/dreamliner_security).......

"CIA Confirms Cyber Attack Caused Multi-City Power Outage" (http://www.merit.edu/mail.archives/netsec/msg02500.html) 18 January, 2008, The SANS Institute at Merit Network Email Archives:


SANS FLASH
CIA Confirms Cyber Attack Caused Multi-City Power Outage

On Wednesday, in New Orleans, US Central Intelligence Agency senior analyst Tom Donohue told a gathering of 300 US, UK, Swedish, and Dutch government officials and engineers and security managers from electric, water, oil & gas and other critical industry asset owners from all across North America, that "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

According to Mr. Donohue, the CIA actively and thoroughly considered the
benefits and risks of making this information public, and came down on
the side of disclosure.


CIA: Hackers Shook Up Power Grids (http://blog.wired.com/defense/) by Noah Shachtman at Danger Room; Noah's got some more on this, including a Washington Poat article and Michael Tanji's take on this.

More Cyber War Gouge (http://www.defensetech.org/) at Defense Tech:



The CIA went on to say they suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. The very next day the Federal Energy Regulatory Commission (FERC) approved eight mandatory cyber security standards that extend to all entities connected to the nation's power grid. The following are the eight areas addressed by these standards:

1. Critical cyber asset identification
2. Security management controls
3. Personnel and training
4. Electronic security perimeters
5. Physical security of critical cyber assets
6. System security management
7. Incident reporting and response planning
8. Recovery plans for critical cyber assets

These eight standards were created to increase the security of our CIP and reduce the risk of a successful attack. Disruption of a county’s critical infrastructure would have significant direct and indirect damages. Most of these damages would be psychological, economic and financial. Analysis of a cyber attack on critical infrastructure targets resulted in the following data:

Target value: High
Impact analysis: Elevated
Required skills: Moderate
Attack costs: Low
Current defenses: Moderate (elevated for nuclear sites)


More, including a references link, at the link.

What are these attackers doing this for, simply money? Or something else?

I hate to say it but if you want to bring the elite cyber intrusion minds into the mix (in the above scenario not likely), but the elite are motivated simply by cash. The attack methods appear to be simple not highly trained. The attacks were trivial to accomplish.

There have been several versions of this story starting to escape. It does inform the small wars scholar about possible issues and force multipliers in reconstruction and stabilization operations.

Link (http://www.govexec.com/story_page.cfm?articleid=39081&sid=1)


Hackers have targeted computers that operate power companies worldwide, causing at least one widespread electricity outage, a Central Intelligence Agency senior analyst told North American government and public works representatives in New Orleans this week.

The SANS Institute, a nonprofit cybersecurity research organization in Bethesda, Md., planned to release a report late Friday quoting CIA senior analyst Tom Donohue, who spoke Jan. 16 to 300 government officials, engineers and security managers from electric, water, oil and gas, and other utility companies based in the United States, United Kingdom, Sweden and Netherlands.

"We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands," Donohue said at the SCADA 2008 Control System Security Summit in New Orleans. SCADA stands for Supervisory Control and Data Acquisition, and generally refers to the systems that control critical U.S. infrastructure.

"We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge," he said. "We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

LINK (http://www.govexec.com/story_page.cfm?articleid=39081&sid=1)

"CIA Confirms Cyber Attack Caused Multi-City Power Outage" (http://www.merit.edu/mail.archives/netsec/msg02500.html) 18 January, 2008, The SANS Institute at Merit Network Email Archives:

Yes, and a pre-teen hacked SCADA and unleashed a devastating volume of water from the Teddy Roosevelt Dam--or at least that's how the story goes on its third re-telling. Here we have a vague reference to an attack that occurred outside of the United States that involved a penetration via the Internet somehow and purportedly resulted in a power outage of unknown magnitude across several cities. About the only thing hard we can deduce from this "report" is that the power grid involved most certainly wasn't managed privately nor was the investigation (if there was one) a matter of public record. Put another way, this story could easily be about a bunch of technicians at a substation in say...Iraq...taking wrenches to terminals which they were fully authorized to use. In fact, I'm pretty sure something like this happened in Najaf recently.

Yes, and a pre-teen hacked SCADA and unleashed a devastating volume of water from the Teddy Roosevelt Dam--or at least that's how the story goes on its third re-telling. Here we have a vague reference to an attack that occurred outside of the United States that involved a penetration via the Internet somehow and purportedly resulted in a power outage of unknown magnitude across several cities. About the only thing hard we can deduce from this "report" is that the power grid involved most certainly wasn't managed privately nor was the investigation (if there was one) a matter of public record. Put another way, this story could easily be about a bunch of technicians at a substation in say...Iraq...taking wrenches to terminals which they were fully authorized to use. In fact, I'm pretty sure something like this happened in Najaf recently.

Although the threat is real and the capabilities exist more often than not its just normal everyday screwing with stuff that happens. Anything more elegant tends to attract a lot more attention than most with that type of capability would want.

Conspiracy theories emerge after internet cables cut
http://www.abc.net.au/news/stories/2008/02/04/2153974.htm?section=world

Is information warfare to blame for the damage to underwater internet cables that has interrupted internet service to millions of people in India and Egypt, or is it just a series of accidents?

When two cables in the Mediterranean were severed last week, it was put down to a mishap with a stray anchor.

Now a third cable has been cut, this time near Dubai. That, along with new evidence that ships' anchors are not to blame, has sparked theories about more sinister forces that could be at work. :eek:

Where's Cthulhu?

There are a lot of cables out there on the bottom of the ocean. The process of laying sea cables is fairly labor intensive.

You guys will love this:
http://www.whatdoesitmean.com/index1067.htm

Dark Reading just published a report on the recent DDOS attacks on US and South Korean systems.


Supporters of North Korea may be behind a series of denial-of-service attacks that have crippled U.S. and South Korean government Websites during the past five days, a news report says.
source (http://www.darkreading.com/security/cybercrime/showArticle.jhtml?articleID=218401130&cid=nl_DR_DAILY_H)

Hey Marc,
Just to confirm the article, our State link was down as of late Thursday evening and only began flooding returned emails on Monday morning.

Foxtrotin' bastards :mad:

Hey Stan,


Hey Marc,
Just to confirm the article, our State link was down as of late Thursday evening and only began flooding returned emails on Monday morning.

Foxtrotin' bastards :mad:

Yup - looks like the little twerps were following the DDOS attack on Estonia awhile back.

Dark Reading just published a report on the recent DDOS attacks on US and South Korean systems.

Unlike the unnamed South Korean intelligence official in the report who attributes this to sophisticated state action, the view in most of the tech community seems to be that this is pretty primitive stuff:

Lazy Hacker and Little Worm Set Off Cyberwar Frenzy (http://www.wired.com/threatlevel/2009/07/mydoom/)
By Kim Zetter
Wired, July 8, 2009


Talk of cyberwar is in the air after more than two dozen high-level websites in the United States and South Korea were hit by denial-of-service attacks this week. But cooler heads are pointing to a pilfered five-year-old worm as the source of the traffic, under control of an unsophisticated hacker who apparently did little to bolster his borrowed code against detection.

Nonetheless, the attacks have launched a thousand headlines (or thereabouts) and helped to throw kindling on some long-standing international political flames — with one sworn enemy blaming another for the aggression.

...

Security experts who examined code used in the attack say it appears to have been delivered to machines through the MyDoom worm, a piece of malware first discovered in January 2004 and appearing in numerous variants since. The Mytob virus might have been used, as well.

...

In the recent attack, experts say the malware used no sophisticated techniques to evade detection by anti-virus software and doesn’t appear to have been written by someone experienced in coding malware. The author’s use of a pre-written worm to deliver the code also suggests the attacker probably wasn’t thinking of a long-term attack.



That, of course, doesn't exclude an unsophisticated NORK recycling some stale hacker tools, but it does perhaps place it in context.

Sam, any thoughts on this one?

Unlike the unnamed South Korean intelligence official in the report who attributes this to sophisticated state action, the view in most of the tech community seems to be that this is pretty primitive stuff:


In the recent attack, experts say the malware used no sophisticated techniques to evade detection by anti-virus software and doesn’t appear to have been written by someone experienced in coding malware. The author’s use of a pre-written worm to deliver the code also suggests the attacker probably wasn’t thinking of a long-term attack.



It does make one wonder about the "security" on the affected computers, doesn't it?

to be of Sam's caliber and a bit hesitant when it comes to using "attack" for a DDoS. But, when the system is down, I'd call that a successful WHATEVER. If they managed to shut down Foggy Bottom, I would assume they done good (and may have done us a slight favor in the process ;)

The DDOS is one of the lowest forms of disruption you can use. The worm code used was really old, the number of machines infected was really small, and the strategy used was really poor. Not to make light of this but knocking a few websites off the web really only takes an old pop-singer taking the long dirt nap.

The security service attacked by DDOS is availability but it only really matters in high performance, low latency systems, and web servers aren't that kind of animal. As to the strategy used by this adversary it really showed a low level of sophistication. Instead of targeting a few websites and possibly hiding a compromising exploit in the noise they attacked numerous websites with little hope of sustaining that kind of broad based attack.

In many ways attacking web servers is like painting mustaches on bill boards of super models. Web servers are not critical infrastructure, the attack is more annoying than dangerous, and the media response is likely going to be out of proportion to the attack.

As an aside most DDOS are actually user generated not any kind of cyber warfare. Users get all excited as they did in the Michael Jackson death and swarm to news websites crippling them instantly (like what happened to CNN). The second thing is that it is often the system admins who pull something down to keep sophisticated adversaries from hiding in the noise and using the web servers as jump off points to more tasty targets. And, finally AKAMI and other distributed systems vendors deal with DDOS as a business.

That doesn't mean it is nice, friendly, or isn't a probe to test responses. You must take these things seriously or the next one might be against the central power distribution grid telemetry computers in Chicago. A DDOS there would be catastrophic.

BOSTON (Reuters) - Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world.
Security company McAfee, which uncovered the intrusions, said it believed there was one "state actor" behind the attacks but declined to name it, though one security expert who has been briefed on the hacking said the evidence points to China.
The long list of victims in the five-year campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.


http://in.news.yahoo.com/biggest-ever-series-cyber-attacks-uncovered-u-n-041202195.html


Exclusive: Operation Shady rat—Unprecedented Cyber-espionage Campaign and Intellectual-Property Bonanza

http://www.vanityfair.com/culture/features/2011/09/operation-shady-rat-201109

AdamG:

I figure it this way. The nation of China is doing this. They will not stop no matter how often they are asked to or how politely they are asked. So, will it eventually come to cyber-counterattacks to disable/destroy the control computers in China? Would that result in a free for all? Or will we eventually have de-internationalize the internet and physically cut connections with China (if that is even possible)?

I don't know much about this kind of thing which is why I ask.

I'd have to assume this goes on in multiple directions. The Chinese won't issue a press release when they find out they've been hacked, but that doesn't mean it doesn't happen.

I pity the poor schmuck who has to read the take from the UN.

Noted this in the Vanity Fair piece:


Forensic investigation revealed that the defense contractor had been hit by a species of malware that had never been seen before: a spear-phishing e-mail containing a link to a Web page that, when clicked, automatically loaded a malicious program—a remote-access tool, or rat—onto the victim’s computer.

What kind of idiot clicks on a link in an e-mail of unknown origin? Doesn't everyone over 8 years old know better? Ok, maybe not everyone... but anyone on a computer that holds even potential access to confidential information should certainly know better.

What kind of idiot clicks on a link in an e-mail of unknown origin? Doesn't everyone over 8 years old know better? Ok, maybe not everyone... but anyone on a computer that holds even potential access to confidential information should certainly know better.
Phishing attacks do not appear to come from an unknown origin, but instead are designed to appear to come from a trusted source.

The above VF article is actually a web exclusive to a longer article for the print edition. The hacking of the UN and International Olympic Committee -which the web exclusive and media dwell upon- are marginal-issues next to what is revealed in the longer article.


Enter the Cyber-dragon (http://www.vanityfair.com/culture/features/2011/09/chinese-hacking-201109), by Michael Joseph Gross. Vanity Fair, September 2011.

Hackers have attacked America’s defense establishment, as well as companies from Google to Morgan Stanley to security giant RSA, and fingers point to China as the culprit. The author gets an exclusive look at the raging cyber-war—Operation Aurora! Operation Shady rat!—and learns why Washington has been slow to fight back.

Perhaps McAfee (and Intel) should immediately cease all business with China and shut down their operations there until all cyber-espionage ceases. That might be an appropriate first move considering the seriousness of this. People might also consider a boycott of Intel and McAfee until this is settled.


Intel looks for security in $7.7 billion McAfee deal

NEW YORK (CNNMoney.com) -- Intel Corp., the world's largest chipmaker, said Thursday it has agreed to acquire security software maker McAfee for $7.68 billion.

Intel looks for security in $7.7 billion McAfee deal (http://money.cnn.com/2010/08/19/technology/intel_mcafee/index.htm) - CNN Money - August 19, 2010.

...


Intel chips in with Chinese investment

BEIJING - Intel Capital, the global investment arm of the chipmaker Intel Corp, announced on Wednesday that it has invested $22 million in three Chinese technology companies this year. It will also invest in least six more in the coming five months.

The three companies are the Shanghai-based online e-commerce outfit, 6DX Change Inc, which operates the online fashion and lifestyle e-retailer website YaoDian100.com; high-definition smart TV and cable smart set top box provider Beijing JoySee Technology Co Ltd, a subsidiary of the US-listed China Digital TV holding Co Ltd; and a second Shanghai-based outfit, BOCOM Intelligent Network Technologies Co Ltd, a provider of intelligent sensing and networking technologies for digital security and surveillance

Intel chips in with Chinese investment (http://www.chinadaily.com.cn/cndy/2011-08/04/content_13046349.htm) - China Daily - August 4, 2011

...


McAfee Inc. to Establish New Wholly-Owned Subsidiary in China


Forming New Chinese Subsidiary Part of Expanded McAfee Investment in China, Company Aims To Boost China Business

BEIJING & SANTA CLARA, Calif., December 15, 2009 - McAfee, Inc. (NYSE:MFE) today announced it is establishing a new wholly-owned subsidiary in China. The new subsidiary forms part of a new investment McAfee is making in China and the Chinese market.

“China offers compelling opportunities for McAfee,” said Dave DeWalt, McAfee president and chief executive officer, at a press event in Beijing today. “China has great potential as a center for manufacturing, research and development for McAfee and is also a significant burgeoning market for our products. McAfee has continuously strengthened its presence in China over the last decade and we are planning to expand our investment in the near term to take full advantage of the opportunities China presents.”

[...]

Current McAfee operations in China include sales, manufacturing of the McAfee Unified Threat Management Firewall and an R&D team focused on mobile security, localization and security research. With the establishment of a new local subsidiary and the planned increased investment, McAfee intends to significantly grow its China business over the next few years.

McAfee Inc. to Establish New Wholly-Owned Subsidiary in China (http://www.mcafee.com/us/about/news/2009/q4/20091215-02.aspx) - McAfee Newsroom - December 15, 2009.

McAfee China Website (http://www.mcafee.com/cn/)

Foreign hackers caused a pump at an Illinois water plant to fail last week, according to a preliminary state report. Experts said the cyber-attack, if confirmed, would be the first known to have damaged one of the systems that supply Americans with water, electricity and other essentials of modern life.

Companies and government agencies that rely on the Internet have for years been routine targets of hackers, but most incidents have resulted from attempts to steal information or interrupt the functioning of Web sites. The incident in Springfield, Ill., would mark a departure because it apparently caused physical destruction.

http://www.washingtonpost.com/blogs/checkpoint-washington/post/foreign-hackers-broke-into-illinois-water-plant-control-system-industry-expert-says/2011/11/18/gIQAgmTZYN_blog.html

For those who are knowledgeable about this kind of thing, do you think somebody was running some kind of test in preparation for bigger things? What was the purpose of the attack? Also, why does a local water utility have to be connected to the internet?

For those who are knowledgeable about this kind of thing, do you think somebody was running some kind of test in preparation for bigger things? What was the purpose of the attack? Also, why does a local water utility have to be connected to the internet?
Carl,

I think the rules of the road for cyberwarfare are being written as we speak; but generally speaking, just as every weapon needs to be tested before it can see the battlefield – so too will every cyberwarfare capability.

The difference being there really isn’t cyberwar proving grounds. This means that enemy infrastructure networks need to be regularly penetrated and I imagine occasionally fooked with – just to ensure you still have the capability.

Why does a water utility need to be connected to the internet? Remote access brings efficiency and cost savings -- one group of SCADA engineers can control multiple sites remotely, instead of having to have SCADA engineers at every site 24/7.

Hacking is becoming a growing problem on Earth. It may seem strange to mention Earth, as there’s not much to hack outside of our planet’s atmosphere unless you count satellites. Even then, how feasible would it be to gain access to the systems running such devices?

Well, China not only has people working on such things, it has been discovered they actually managed to take control of two NASA satellites for more than 11 minutes.

The successful attacks occurred in 2007 and 2008. The more serious of the two happened in ’08 when NASA had control of the Terra EOS earth observation system satellite disrupted for 2 minutes in June, and then a further 9 minutes in October. During that time, whoever took control had full access to the satellites’ systems, but chose to do nothing with it.

http://www.geek.com/articles/geek-pick/chinese-hackers-took-control-of-nasa-satellite-for-11-minutes-20111119/

UPDATE1-US commander cannot pin down satellite anomaly

The command responsible for U.S. military space operations lacks enough data to determine who interfered with two U.S. government satellites, anomalies behind perhaps the most explosive charge in a report on China sent to the U.S. Congress on Wednesday.

"What I have seen is inconclusive," General Robert Kehler, commander of the U.S. Strategic Command, said in a teleconference from Omaha, Nebraska, home to the military outfit that conducts U.S. space and cyberspace operations.

[...]

China's military is a prime suspect, the bipartisan, 12-member commission made clear, though it added that the events in question had not actually been traced to China.

US Commander cannot pin down satellite anomaly (http://www.reuters.com/article/2011/11/17/china-usa-space-idUSN1E7AF21W20111117) - Reuters - Nov 16, 2011.

How does the excerpt in bold translate to the geek.com headline of "Chinese hackers took control of NASA satellite for 11 minutes"? Are they saying that the USAF General in charge of US Strategic Command is engaging in 'political correctness', incompetent, or worse, lying? Or is geek.com part of the re-activated Grill Flame program?

I did enjoy this comment on the geek.com article, however:


You have obviously never been to china...they will eat each other before they become a "super power"

Not my field, but I think some clues and understanding is found here:http://www.schneier.com/blog/archives/2011/11/hack_against_sc.html#comments

Are they saying that the USAF General in charge of US Strategic Command is engaging in 'political correctness', incompetent, or worse, lying?

After watching other Generals and high ranking State and Defense Dept. people pretend that what is isn't for the past decade in various parts of the world, I think it very plausible that the USAF General in question is doing all three at the same time.

After watching other Generals and high ranking State and Defense Dept. people pretend that what is isn't for the past decade in various parts of the world, I think it very plausible that the USAF General in question is doing all three at the same time.

Dang, and I thought I was cynical.:)

When you think about it, you would expect politically correct, incompetent and dishonest to all run together.

When you think about it, you would expect politically correct, incompetent and dishonest to all run together.

Yeah, but in China it's the other way round. (applause)


quote (http://www.quotationspage.com/quote/810.html)

John Kenneth Galbraith (http://en.wikipedia.org/wiki/John_Kenneth_Galbraith) - Wikipedia

Chinese hackers infiltrate Department of Homeland Security and FBI, pay off official mouthpieces:


No evidence of cyberattack at water pump, DHS says

Federal investigators have found no evidence that a cyberattack was behind a water pump failure this month in Illinois, the government announced Tuesday.

After a "detailed analysis," the Department of Homeland Security and the FBI "have found no evidence of a cyber intrusion," DHS spokesman Chris Ortman said.

Officials confirmed last week that they were looking into the possibility of a cyberattack at a public water district in Illinois, after a blog disclosed the possibility.

"There is no evidence to support claims made in initial reports -- which were based on raw, unconfirmed data and subsequently leaked to the media -- that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant," Ortman said Tuesday. " In addition, DHS and FBI have concluded that there was no malicious traffic from Russia or any foreign entities, as previously reported."

No evidence of cyberattack at water pump, DHS says (http://edition.cnn.com/2011/11/22/us/cyberattack-investigation/index.html) - CNN - Nov 23, 2011.

Chinese hackers tried to penetrate the computer systems of 48 chemical and military-related companies in a late summer cyber attack to steal design documents, formulas and manufacturing processes, a security firm reported Tuesday.

The attack ran from late July to mid-September and appeared to be aimed at collecting intellectual property for competitive advantage, reported Symantec, which code-named the attack Nitro, because of the chemical industry targets. Hackers went after 29 chemical companies and 19 other businesses that made advanced materials primarily used in military vehicles.

The attackers were the same Chinese group that targeted human rights organizations from late April to early May and the U.S. auto industry in late May. China and the U.S. have accused each other of industrial espionage for some time. China, which leads the world in the number of people online, is a hotbed for Internet crime, according to experts. The country has often been accused of cyber spying, which the government denies, while claiming to also be a target.

http://www.crn.com/news/security/231902077/chinese-hackers-target-chemical-companies.htm;jsessionid=yXwF1vEMmTsMeNEBSbPLQg**. ecappj02




Symantec said it traced the attacks back to a computer system that was a virtual private server (VPS) located in the United States.

However, the system was owned by a 20-something male located in the Hebei region in China. We internally have given him the pseudonym of Covert Grove based on a literal translation of his name. He attended a vocational school for a short period of time specializing in network security and has limited work experience, most recently maintaining multiple network domains of the vocational school.

Covert Grove claimed to have the U.S.-based VPS for the sole purpose of using the VPS to log into the QQ instant message system, a popular instant messaging system in China. By owning a VPS, he would have a static IP address. He claims this was the sole purpose of the VPS. And by having a static IP address, he could use a feature provided by QQ to restrict login access to particular IP addresses. The VPS cost was RMB200 (US$32) a month.

While possible, with an expense of RMB200 a month for such protection and the usage of a US-based VPS, the scenario seems suspicious. We were unable to recover any evidence the VPS was used by any other authorized or unauthorized users. Further, when prompted regarding hacking skills, Covert Grove immediately provided a contact that would perform ‘hacking for hire’. Whether this contact is merely an alias or a different individual has not been determined.

We are unable to determine if Covert Grove is the sole attacker or if he has a direct or only indirect role. Nor are we able to definitively determine if he is hacking these targets on behalf of another party or multiple parties.

http://www.zdnet.com/blog/security/nitro-targeted-malware-attacks-hit-chemical-companies/9754


"The question is: Who is 'they?' " writes James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), a Washington think tank, in an e-mail interview. "The Chinese government encourages economic espionage [for illicit acquisition of technology], but that does not mean it directs all economic espionage."

http://www.alaskadispatch.com/article/did-chinese-hackers-launch-offensive-us-chemical-industry

China hits back (http://www.guardian.co.uk/technology/2011/nov/04/china-us-claims-online-spying) over US claims of online spying


China's foreign ministry spokesman Hong Lei dismissed the report in a regular news briefing in Beijing.

"Online attacks are notable for spanning national borders and being anonymous. Identifying the attackers without carrying out a comprehensive investigation and making inferences about the attackers is both unprofessional and irresponsible," he said. "I hope the international community can abandon prejudice and work hard with China to maintain online security."

Within a week of the report’s release, DHS bluntly contradicted the memo, saying that it could find no evidence that a hack occurred. In truth, the water pump simply burned out, as pumps are wont to do, and a government-funded intelligence center incorrectly linked the failure to an internet connection from a Russian IP address months earlier.

Now, in an exclusive interview with Threat Level, the contractor behind that Russian IP address says a single phone call could have prevented the string of errors that led to the dramatic false alarm.

http://www.wired.com/threatlevel/2011/11/water-pump-hack-mystery-solved/

A classic, hence my emphasis and thanks for the link to The Wired article Adam G.


Asked if the fusion center is investigating how information that was uncorroborated and was based on false assumptions got into a distributed report, spokeswoman Bond said an investigation of that sort is the responsibility of DHS and the other agencies who compiled the report. The center’s focus, she said, was on how Weiss received a copy of the report that he should never have received.

“We’re very concerned about the leak of controlled information,” Bond said. “Our internal review is looking at how did this information get passed along, confidential or controlled information, get disseminated and put into the hands of users that are not approved to receive that information. That’s number one.”

So we have an industrial malfunction at a water plant that has nothing to do with cyber warfare, an intelligence assessment circulated widely and maybe beyond it's intended recipients - an assessment that is simply wrong and missed some basic research.

A classic on many levels.

The initial wave of reports makes reference to the compromise of the remote access software vendor; the consequences of which, if true, would be far greater than a single isolated incident.

This follow up story makes no reference to the compromised software vendor.

It looks to me as if there is a significant and distinct lack of understanding in the world of cyber of how to conduct an investigation. I am continually surprised as I run across "cyber" experts who haven't got clue one of basic police investigative procedure down. The entirety of this incident and several that are not being reported could have been less "flash" and more "bang" if simple specific principles of investigation were followed.

When asked on this and other similar stories to comment by the media I say, "Sorry but we need more details and information before suggesting even an opinion" So, I don't end up on the front page, I don't get invited to all the big parties, but I also don't end up looking like a fool.

THe principles of police procedure are not specific to any domain. The forensic processes are not "special" because it has bits and bytes. The whole thing smacks of the debacle of the polygraph. The fusion center screwed up, the investigators screwed up, heck even DHS with their rebuttal of the facts screwed up. Nobody knows for sure what happened because nobody actually investigated the incident in a full and correct manner.

The entire escapade is simple bull pucky.

Chinese hackers perfect mind-control of US scientific community; evolution, fluoride to blame:


Hacked Satellites?: USCC Makes Claims It Can’t Support

[...]

These suspicious incidents may or may not have been caused by hacking. They appear to have involved computers operated by a commercial service provider—not by the US government. No commands were issued to the satellites, nor were any data manipulated or stolen. The satellites involved were nonstrategic, low-resolution environmental monitoring satellites. There is no evidence presented linking these events to the Chinese government; the USCC includes these incidents in their report to Congress on China on the basis of claims by a “marginal figure” in China that China is interested in such pursuits.

This doesn’t mean China is not capable of or interested in the ability to control U.S. satellites. But the evidence presented to Congress by the USCC makes an extremely poor case for it.

Hacked satellites - USCC makes claims it can't support (http://allthingsnuclear.org/post/13596775717/hacked-satellites-uscc-makes-claims-it-cant-support) - All Things Nuclear - Dec 1, 2011.

No sh1t.


America's critical infrastructure security response system is broken
Possible cyberattack on SCADA system at small Illinois water plant highlights weakness in U.S. system of "Fusion Centers"
http://www.networkworld.com/news/2011/120111-scada-253659.html

News in a reputable computer-related news portal in Germany (http://www.heise.de/newsticker/meldung/Wie-aus-einer-Pumpen-Wartung-eine-Hacker-Attacke-wurde-1388342.html) is that the hacker attack was a hoax.

Now could please a mod change the thread title to reflect this?

(CBS News) Back in 2010, the Pentagon established cyber command to wage war and defend America's computer systems. It's a top priority for Secretary of Defense Leon Panetta. In an interview for "60 Minutes," CBS Evening News anchor Scott Pelley spoke with Panetta while he was touring the Middle East last month, flying in a command post that's rigged to conduct nuclear war if need be. The Secretary told CBS News cyber war is one of his biggest worries.

http://www.cbsnews.com/8301-18563_162-57353420/panetta-cyber-warfare-could-paralyze-country/

Harvard National Security Journal, 9 Jan 12: Loving the Cyber Bomb? The Dangers of Threat Inflation in Cybersecurity Policy (http://harvardnsj.org/wp-content/uploads/2012/01/Vol.-3_Brito_Watkins.pdf)

There has been no shortage of attention devoted to cybersecurity, with a wide range of experts warning of potential doomsday scenarios should the government not act to better secure the Internet. But this is not the first time we have been warned of impending dangers; indeed, there are many parallels between present portrayals of cyberthreats and the portrayal of Iraq prior to 2003, or the perceived bomber gap in the late 1950s.

This article asks for a better justification for the increased resources devoted to cyber threats. It examines the claims made by those calling for increased attention to cybersecurity, and notes the interests of a military-industrial complex in playing up fears of a “cyber Katrina.” Cybersecurity is undoubtedly an important policy issue. But with a dearth of information regarding the true nature of the threat, it is quite difficult to determine whether certain government policies are warranted—or if this merely represents the latest iteration of threat inflation benefitting private and parochial political interests.

Wired, 14 Feb 12: Wired Opinion: Cyberwar Is the New Yellowcake (http://www.wired.com/threatlevel/2012/02/yellowcake-and-cyberwar/)

...Washington teems with people who have a vested interest in conflating and inflating threats to our digital security. The watchword, therefore, should be “trust but verify.”....

....Cybersecurity is a big and booming industry. The U.S. government is expected to spend $10.5 billion a year on information security by 2015, and analysts have estimated the worldwide market to be as much as $140 billion a year. The Defense Department has said it is seeking more than $3.2 billion in cybersecurity funding for 2012. Lockheed Martin, Boeing, L-3 Communications, SAIC, and BAE Systems have all launched cybersecurity divisions in recent years. Other traditional defense contractors, such as Northrop Grumman, Raytheon, and ManTech International, have invested in information security products and services. ....

WSJ podcast -


The director of the National Security Agency has warned that the hacking group Anonymous could have the ability within the next year or two to bring about a limited power outage through a cyberattack. Gen. Keith Alexander, the director, provided his assessment in meetings at the White House and in other private sessions, according to people familiar with the gatherings. While he hasn’t publicly expressed his concerns about the potential for Anonymous to disrupt power supplies, he has warned publicly about an emerging ability by cyberattackers to disable or even damage computer networks.

http://blogs.wsj.com/wsjam/2012/02/21/alert-on-hacker-power-play/

WASHINGTON—China almost certainly would mount a cyberattack on the U.S. in the event of a conflict, and the U.S. has no clear policy to determine how to respond appropriately, a congressional advisory panel is set to warn on Thursday.

In a lengthy report analyzing Chinese cyber-capabilities and the threat facing the U.S., the U.S.-China Economic and Security Review Commission found that the U.S. telecommunications supply chain is particularly vulnerable to cyber-tampering and an attack could result in a "catastrophic failure" of U.S. critical infrastructure.

The report was written for the commission by analysts at defense firm Northrop Grumman Corp.

http://online.wsj.com/article/SB10001424052970203961204577267923890777392.html?m od=world_newsreel

I have no problem appreciating the cyber vulnerability of the US, across all aspects of our society. We have pursued the benefits of technology while under-investing in the security of those same systems.

What I cannot embrace is why this is somehow a military mission to solve.

Anyone who can make the case for why this is a military mission, please, help make that case.

My concern is that the defense budget will not be made larger to address this wide mission area, but will come at the cost of actual defense capabilities. My other concern is that once DoD stands up and says they have this, that the other aspects of government and many civilian operations that rely on cyber capabilities will continue to under-invest in what is clearly their responsibility to secure.

What I cannot embrace is why this is somehow a military mission to solve.

Anyone who can make the case for why this is a military mission, please, help make that case.

My concern is that the defense budget will not be made larger to address this wide mission area, but will come at the cost of actual defense capabilities. My other concern is that once DoD stands up and says they have this, that the other aspects of government and many civilian operations that rely on cyber capabilities will continue to under-invest in what is clearly their responsibility to secure.

That seems sensible and a wise concern. If there were a conflict with the persistent threat, would it be best for the military to conduct and coordinate cyber counter attacks or the intel types or contractors or a combination?

Please excuse my ignorance, but what is the difference between cyber warfare, cyber terrorism, cyber espionage, and cyber crime? When a sovereign state attacked the Iranian nuclear facilities with a computer virus/worm - was this an act or war, terrorism, covert ops? When the Russian, Chinese, or North Korean governments hack into USG websites and databases, is this a criminal act, act of subversion, or act of war?

Please excuse my ignorance, but what is the difference between cyber warfare, cyber terrorism, cyber espionage, and cyber crime? When a sovereign state attacked the Iranian nuclear facilities with a computer virus/worm - was this an act or war, terrorism, covert ops? When the Russian, Chinese, or North Korean governments hack into USG websites and databases, is this a criminal act, act of subversion, or act of war?

Exactly.

My take on this is that the closer it comes to being an individual conducting the action, regardless of the character of the act, it is a criminal act if outside the law.

The closer it comes to being a state, or a state-like organization with political purpose, the closer it comes to being an act of war.

It is the character of the actor and purpose of the act much more so than the character of the act itself that matters.

If it is determined that an act of war has been perpetrated against the US thorugh the Cyber domain, then we respond just as we would to any act of war in any of the other domains (land, sea, air, space, etc). If it is a criminal act we should treat as we do any other criminal act.

The cyber domain is very democratic, in that criminal individuals can wreck havoc to the same degree as war waging states and organizations. That scares the heck out of states. It should.

But that does not make this of necessity a military function.


For the majority of the military I believe there are two broad missions that must be covered:
1. Be able to maximize the cyber domain to conduct one's core operations and activities.

2. Be able to continue to conduct one's core operations and activities even if the cyber domain is severely degraded or denied.

DOD has it's own cyber vulnerablities to address, and similarly has not fully explored how this domain can be maximized. We need to focus on that first. Let Bank of America, Florida Power and Light, thousands of other important institutions figure out, fund and address their own vulnerabilities. What works to stop acts of crime and vandalism will stop acts of war as well.

Government and business leaders in the United States and around the world are rushing to build better defenses -- and to prepare for the coming battles in the digital universe. To succeed, they must understand one of the most complex, man-made environments on Earth: cyberspace.


Matherly and other Shodan users quickly realized they were revealing an astonishing fact: Uncounted numbers of industrial control computers, the systems that automate such things as water plants and power grids, were linked in, and in some cases they were wide open to exploitation by even moderately talented hackers.

http://www.washingtonpost.com/investigations/cyber-search-engine-exposes-vulnerabilities/2012/06/03/gJQAIK9KCV_story.html

The Pentagon official at the top of the US Defense Department’s cyber program says that an attack on the United States’ computer systems is not just on the way but that America is now more vulnerable than ever.

National Security Agency Director Army Gen. Keith Alexander, who also heads the Pentagon’s Cyber Command unit, tells reporters this week that the US is coming close to being hit with a computer attack that could devastate the country. Speaking before a crowd this week, Alexander warns, "The conflict is growing [and] the probability for crisis is mounting.”


The US Congress is currently tasking itself with finding a way to fight cyberterrorism, but the inability to fully find a way to balance security with civil liberties has raised objections across the country. Alexander dismissed these concerns during this week’s address, however, insisting that the NSA does not "hold data on American citizens” and equated the US government’s association with major Internet entities as one that is relatively hands-off.*

http://rt.com/usa/news/cyber-nsa-way-alexander-858/

* References this :


National Security Agency whistle blowers Thomas Drake, former senior official; Kirk Wiebe, former senior analyst; and William Binney, former technical director, return to “Viewpoint” to talk about their allegations that the NSA has conducted illegal domestic surveillance. All three men are providing evidence in a lawsuit by the Electronic Frontier Foundation against the NSA.

Drake says the spying affects “the entire country,” citing a “key decision made shortly after 9/11 which began to rapidly turn the United States of America into the equivalent of a foreign nation for dragnet blanket electronic surveillance.”
http://current.com/shows/viewpoint/videos/nsa-whistle-blowers-warn-that-the-us-government-can-use-surveillance-to-see-into-your-life/

A catch-all thread, of incidents that may or may not be related.


PlaceRaider: The Military Smartphone Malware Designed to Steal Your Life

The US Naval Surface Warfare Center has created an Android app that secretly records your environment and reconstructs it as a 3D virtual model for a malicious user to browse

http://www.technologyreview.com/view/429394/placeraider-the-military-smartphone-malware/




Hackers linked to China’s government broke into one of the U.S. government’s most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials familiar with the incident.

http://freebeacon.com/white-house-hack-attack/

This month, some of America's largest banks became the targets of hackers -- but should we be concerned?

Since Sept 19, the websites for the Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank and PNC Bank have all been hit by denial of service (DoS) attacks. This common online attack directs vast amounts of traffic to a website, causing it to overload and deny normal users from accessing a website entirely -- or slowing it down to the point of being unusable. To bring down large websites, attackers may use botnets to flood a site with requests at the same time.

http://www.zdnet.com/what-do-cyberattacks-mean-for-the-banking-industry-7000005041/



Verizon Communications Inc. is helping to investigate a series of cyber attacks that have disrupted the websites of the biggest U.S. banks over the past two weeks, a company official said.

Verizon is looking into the attacks, which commandeered commercial servers to overwhelm the sites with traffic, for some of the affected banks and assisting the federal government through the National Cybersecurity and Communications Integration Center, said Sean McGurk, managing principal for industrial control systems cybersecurity for the New York-based company and formerly director of the center led by the Department of Homeland Security.
http://newyork.newsday.com/business/pnc-bank-wells-fargo-u-s-bank-hacker-attacks-probed-by-verizon-1.4055301

In June, many Google users were surprised to see an unusual greeting at the top of their Gmail inbox, Google home page or Chrome browser. “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.”

On Tuesday, tens of thousands more Google users will begin to see that message. The company said that since it started alerting users to malicious — probably state-sponsored — activity on their computers in June, it has picked up thousands more instances of cyberattacks than it anticipated.

http://bits.blogs.nytimes.com/2012/10/02/google-warns-new-state-sponsored-cyberattack-targets/

IDG News Service - The wave of cyberattacks against a half-dozen U.S. financial institutions has subsided this week, but the recent demonstration of force shows a careful honing of destructive techniques that could continue to cause headaches.

The attacks against Wells Fargo, U.S. Bancorp, PNC Financial Services Group, Citigroup, Bank of America and JPMorgan Chase succeeded in drawing ire from consumers trying to use the sites for regular banking.

http://www.computerworld.com/s/article/9232016/Cyberattacks_on_banking_websites_subside_for_now

In a blunt admission designed to prod action, Defense Secretary Leon Panetta Thursday night told business executives there has been a sudden escalation of cyber terrorism and that attackers have managed to gain access to control systems for critical infrastructure.

In a speech in New York City, Panetta said the recent activities have raised concerns inside the U.S. intelligence community that cyber terrorism might be combined with other attacks to create massive panic and destruction on par with the Sept. 11, 2001 attacks.

http://www.washingtonguardian.com/panettas-cyber-stunner

WASHINGTON (AP) - U.S. authorities believe that Iranian-based hackers were responsible for cyberattacks that devastated Persian Gulf oil and gas companies, a former U.S. government official said. Just hours later, Defense Secretary Leon Panetta said the cyberthreat from Iran has grown, and he declared that the Pentagon is prepared to take action if American is threatened by a computer-based assault.

http://apnews.myway.com/article/20121012/DA1RSBPG0.html

When is a cyberattack an act of war?
By Ellen Nakashima, Published: October 26


On the night of Oct. 11, Defense Secretary Leon Panetta stood inside the Intrepid Sea, Air and Space Museum, housed in a former aircraft carrier moored at a New York City pier, and let an audience of business executives in on one of the most important conversations inside the U.S. government.


Welcome to the new world of “drip, drip cyber attacks,” in the words of Tufts University law professor Michael J. Glennon. The nature of cyberspace, he says, creates the potential for “a mysterious airliner accident here, a strange power blackout there, incidents extending over months or years,” generally “with no traceable sponsorship.”

http://www.washingtonpost.com/opinions/when-is-a-cyberattack-an-act-of-war/2012/10/26/02226232-1eb8-11e2-9746-908f727990d8_story_1.html

The U.S. financial services industry has issued a warning that a Russian cyber-gangster is preparing to rob American banks and their customers of millions of dollars.


In addition, the computer security firm McAfee has reported that the cyber-criminal, who calls himself “Thief-in-Law,” already has infected the hundreds of computers of unwitting American customers in preparation to steal their bank account data.

The warning was issued Thursday by the Financial Services Information Sharing and Analysis Center (FS-ISAC), which shares information throughout the financial sector about terrorist and online threats, said Douglas Johnson, vice president for risk management at the American Bankers Association.

“FS-ISAC has sent out several notices warning about this gentleman,” Mr. Johnson told The Washington Times.

According to McAfee, Thief-in-Law has installed malicious software programs, known as “malware,” on hundreds of computers as part of his plan, dubbed “Project Blitzkrieg.” The malware steals passwords and login information, which hackers can use to drain victims’ bank accounts online.

Read more: http://www.washingtontimes.com/news/2012/dec/14/us-banks-warned-of-cyber-attack-on-accounts/#ixzz2F3HCYgrP

Related


Last week, security firm RSA detailed a new cybecriminal project aimed at recruiting 100 botmasters to help launch a series of lucrative online heists targeting 30 U.S. banks. RSA’s advisory focused primarily on helping financial institutions prepare for an onslaught of more sophisticated e-banking attacks, and has already received plenty of media attention. I’m weighing in on the topic because their analysis seemed to merely scratch the surface of a larger enterprise that speaks volumes about why online attacks are becoming bolder and more brash toward Western targets.

http://krebsonsecurity.com/2012/10/project-blitzkrieg-promises-more-aggressive-cyberheists-against-u-s-banks/#more-17096

(Reuters) - Homeland Security Secretary Janet Napolitano warned on Thursday that a major cyber attack is a looming threat and could have the same sort of impact as last year's Superstorm Sandy, which knocked out electricity in a large swathe of the Northeast.
http://www.reuters.com/article/2013/01/24/us-usa-cyber-threat-idUSBRE90N1A320130124



A jihadist website posted a new threat by al Qaeda this week that promises to conduct “shocking” attacks on the United States and the West.

The posting appeared on the Ansar al Mujahidin network Sunday and carried the headline, “Map of al Qaeda and its future strikes.”

The message, in Arabic, asks: “Where will the next strike by al Qaeda be?” A translation was obtained by Inside the Ring.

“The answer for it, in short: The coming strikes by al Qaeda, with God’s Might, will be in the heart of the land of nonbelief, America, and in France, Denmark, other countries in Europe, in the countries that helped and are helping France, and in other places that shall be named by al Qaeda at other times,” the threat states.

The attacks will be “strong, serious, alarming, earth-shattering, shocking and terrifying.”

Read more: http://www.washingtontimes.com/news/2013/jan/30/inside-the-ring-new-al-qaeda-threat/#ixzz2Jg8CH8dt

The Energy Department has been hit by a major cyber-attack, which resulted in the personal information of several hundred employees being compromised and could have been aimed at obtaining other sensitive information, The Washington Free Beacon reports.

Read more: http://www.foxnews.com/politics/2013/02/04/sophisticated-cyber-attack-hits-energy-department-china-possible-suspect/?cmpid=prn_aol#ixzz2JxTT3nw8

Apparently a rare White House comment on matters cyber, entitled 'Heartbleed: Understanding When We Disclose Cyber Vulnerabilities' and all beyond me:http://www.whitehouse.gov/blog/2014/04/28/heartbleedunderstanding-when-we-disclose-cyber-vulnerabilities?

Meantime over here a RUSI comment on how the UK responds:
The UK’s Computer Emergency Response Team (CERT) was launched this week to universal nods of approval. Questions remain, however, over how it will achieve its aims and what value it will add in an increasingly crowded UK network of cyber security teams.

See:https://www.rusi.org/analysis/commentary/ref:C533BE99712423/#.U1-mfqJZAdU

(Reuters) - A sophisticated hacking group recently attacked a U.S. public utility and compromised its control system network, but there was no evidence that the utility's operations were affected, according to the Department of Homeland Security.

DHS did not identify the utility in a report that was issued this week by the agency's Industrial Control Systems Cyber Emergency Response Team, or ICS-CERT.

"While unauthorized access was identified, ICS-CERT was able to work with the affected entity to put in place mitigation strategies and ensure the security of their control systems before there was any impact to operations," a DHS official told Reuters on Tuesday.

Such cyber attacks are rarely disclosed by ICS-CERT, which typically keeps details about its investigations secret to encourage businesses to share information with the government. Companies are often reluctant to go public about attacks to avoid potentially negative publicity.

http://www.reuters.com/article/2014/05/21/us-usa-cybercrime-infrastructure-idUSBREA4J10D20140521

Tom Clancy-esque plot twist - what if the US responds to a cyber attack against a State Actor (based on the best evidence at the time) when it was actually perpetrated by a non-State Actor (like say, a disgruntle ex-employee/s)?


The White House says the devastating cyber attack on Sony Pictures was done with "malicious intent" and was initiated by a "sophisticated actor" but it would not say if that actor was North Korea.

Spokesman Josh Earnest says the matter is still under investigation.
http://www.npr.org/blogs/thetwo-way/2014/12/18/371675379/white-house-says-response-to-sony-attack-will-be-proportional

Tom Clancy-esque plot twist - what if the US responds to a cyber attack against a State Actor (based on the best evidence at the time) when it was actually perpetrated by a non-State Actor (like say, a disgruntle ex-employee/s)?


http://www.npr.org/blogs/thetwo-way/2014/12/18/371675379/white-house-says-response-to-sony-attack-will-be-proportional

Great question asked by a lot of people. Not being answered either.

Tom Clancy-esque plot twist - what if the US responds to a cyber attack against a State Actor (based on the best evidence at the time) when it was actually perpetrated by a non-State Actor (like say, a disgruntle ex-employee/s)?


http://www.npr.org/blogs/thetwo-way/2014/12/18/371675379/white-house-says-response-to-sony-attack-will-be-proportional

Attribution is frequently challenging in cyber, but I suspect we will know with some degree of certainty, or we won't respond.

What would be a proportionate response for the hermit kingdom when it comes to cyber? Blocking the Dear Leader's access to porno?

Weaponization of code is one of the most important elements of the "new hybrid" war UW strategy and next to the weaponization of information two elements we are totally unprepared to handle.

As one coming from the active world of internet security I see many large enterprise corporations that would also have not been able to suppress such an attack---US companies and the government have throw literally millions of dollars at the problem but it is like a checklist mentality---do I have this check, do I have that check and on and on.

At the end of the checklist they "feel" fully protected and are stunned when something like Sony occur.

My phone has not stopped ringing since Sony and I must thank Sony for "awakening" CEOS, CTOs and CIOs to the seriousness of the problem.

But here is the single most important issue---no major company drives offensive defensive internet security--most companies rely on a defensive mode concept and that no longer works. Also we are seeing a paradigm change that most companies still have not seen---away from a structured approach of internet security to a distributed multifunctional team approach which some of us were already pushing in 2004 and it was laughed at.

If one would see in articles on a daily basis concerning the dark internet sites being driven by criminals that even offer now total software hacking packages---ie you buy it just like regular software complete with a technical help desk if the software does not work--then we might hear a new tone coming from American end users but until then Sony types events will start increasing. Actually in the area of say the consumer world we see massive computer break-ins daily now with literally millions of CC data stolen and resold on the dark sites.

We often think American computer types are the greatest but there is a generation of Russians, Ukrainians, Chinese, NKoreans, and Iranians that are far better at cyber warfare/ cyber criminal activities than we are.

Working under the code name Sabu, Hector Monsegur was responsible for some of the most notorious hacks ever committed. As he told "CBS This Morning" co-host Charlie Rose earlier this month, Monsegur began cooperating with the FBI after getting caught. He now works as a security researcher.

"For something like this to happen, it had to happen over a long period of time. You cannot just exfiltrate one terabyte or 100 terabytes of data in a matter of weeks," Monsegur said. "It's not possible. It would have taken months, maybe even years, to exfiltrate something like 100 terabytes of data without anyone noticing."


Monsegur said there's also a chance the hack could have originated from China.

"I mean, it's possible," he said. "It might be a North Korean inside China."

Some of the investigators point to malware written in Korean, but Monsegur said that doesn't necessarily mean the hackers are Korean.

"Well, it doesn't tell me much. I've seen Russian hackers pretending to be Indian. I've seen Ukrainian hackers pretending to be Peruvian.There's hackers that pretend they're little girls. They do this for misinformation, disinformation, covering their tracks," he said. "Do you really think a bunch of nerds from North Korea are going to fly to New York and start blowing up movie theaters? No. It's not realistic. It's not about 'The interview.' It's about money. It's a professional job."

Monsegur thinks it's also possible this was an inside job, that an employee or consultant downloaded all the information from Sony's servers and then sold it to someone else.

http://www.cbsnews.com/news/sony-hack-former-anonymous-hacker-not-convinced-north-korea-is-responsible/

Shave with Occam's Razor (http://math.ucr.edu/home/baez/physics/General/occam.html)

My quick comments on investigating digital crime (less about this and more about general concepts) http://selil.com/archives/6129

I am deeply skeptical of the FBI’s announcement on Friday that North Korea was behind last month’s Sony hack. The agency’s evidence is tenuous, and I have a hard time believing it. But I also have trouble believing that the U.S. government would make the accusation this formally if officials didn’t believe it.

Clues in the hackers’ attack code seem to point in all directions at once. The FBI points to reused code from previous attacks associated with North Korea, as well as similarities in the networks used to launch the attacks. Korean language in the code also suggests a Korean origin, though not necessarily a North Korean one since North Koreans use a unique dialect. However you read it, this sort of evidence is circumstantial at best. It’s easy to fake, and it’s even easier to interpret it wrong. In general, it’s a situation that rapidly devolves into storytelling, where analysts pick bits and pieces of the “evidence” to suit the narrative they already have worked out in their heads.

http://www.theatlantic.com/international/archive/2014/12/did-north-korea-really-attack-sony/383973/

Note: Bruce Schneier is a contributing writer for The Atlantic and the chief technology officer of the computer-security firm Co3 Systems.

In Plain English: Five Reasons Why Security Experts Are Skeptical that North Korea Masterminded the Sony Attack
https://medium.com/elissa-shevinsky/in-plain-english-five-reasons-why-security-experts-are-skeptical-that-north-korea-masterminded-the-24509b4b8331

All the evidence leads me to believe that the great Sony Pictures hack of 2014 is far more likely to be the work of one disgruntled employee facing a pink slip.

I may be biased, but, as the director of security operations for DEF CON, the world’s largest hacker conference, and the principal security researcher for the world's leading mobile security company, Cloudflare, I think I am worth hearing out.
http://www.thedailybeast.com/articles/2014/12/24/no-north-korea-didn-t-hack-sony.html

FBI agents investigating the Sony Pictures hack were briefed Monday by a security firm that says its research points to laid-off Sony staff, not North Korea, as the perpetrator — another example of the continuing whodunit blame game around the devastating attack.

Even the unprecedented decision to release details of an ongoing FBI investigation and President Barack Obama publicly blaming the hermit authoritarian regime hasn’t quieted a chorus of well-qualified skeptics who say the evidence just doesn’t add up.

Read more: http://www.politico.com/story/2014/12/fbi-briefed-on-alternate-sony-hack-theory-113866.html#ixzz3NMAk7Dow

http://www.wsj.com/articles/penn-states-engineering-school-computers-hacked-1431804110


Hackers apparently based in China have had access to Pennsylvania State University’s engineering school computers for over two years, the university disclosed on Friday after a lengthy analysis by federal and private investigators.

The breach potentially has exposed research pertaining to technology for the U.S. Defense Department.

The university said it would take the affected computer network offline for several days to root out the hackers.

“This was an advanced attack against our College of Engineering by very sophisticated threat actors,” Penn State President Eric Barron said in a letter to students and faculty.

Cybersecurity Expert: Be Afraid, America. Be Very Afraid.

Leading cybersecurity expert Joseph Weiss writes about how vulnerable America’s computer systems are. He features in the NOVA documentary ‘CyberWar Threat,’ premiering Oct. 14 on PBS.
http://www.thedailybeast.com/articles/2015/10/14/cybersecurity-expert-be-afraid-america-be-very-afraid.html

SAN FRANCISCO — Over the last four years, foreign hackers have stolen source code and blueprints to the oil and water pipelines and power grid of the United States and have infiltrated the Department of Energy’s networks 150 times.

So what’s stopping them from shutting us down?

The phrase “cyber-Pearl Harbor” first appeared in the 1990s. For the last 20 years, policy makers have predicted catastrophic situations in which hackers blow up oil pipelines, contaminate the water supply, open the nation’s floodgates and send airplanes on collision courses by hacking air traffic control systems.

http://bits.blogs.nytimes.com/2015/10/14/online-attacks-on-infrastructure-are-increasing-at-a-worrying-pace/?_r=1

US Still Doesn’t Know Who’s In Charge of What If Massive Cyber Attack Strikes Nation
NOVEMBER 3, 2015 BY PATRICK TUCKER
Cyber physical attacks on infrastructure may be an unlikely sneak attack, but if it happens, the chain of command is far from clear.
http://www.defenseone.com/threats/2015/11/us-still-doesnt-know-whos-charge-if-massive-cyber-attack-strikes-nation/123377/?oref=d-mostread

http://www.thesilo.ca/wp-content/uploads/2012/10/ApocolypseNowSheenBarrettProrogue-600x350.jpg

http://2.bp.blogspot.com/_9r7lwQc66ZY/SONOwC4EbiI/AAAAAAAAAKQ/qHMhamn4Xu0/s400/DO%2BLUNG%2B10a.jpg

*Indicators*

http://entertainment.suntimes.com/entertainment-news/ted-koppel-warns-chance-truly-lights/


For Koppel it was a series of what he called “repeated little items,” and he provided several examples.

“For instance, there was the time [former Defense Secretary and CIA director] Leon Panetta refered to a ‘cyber Pearl Harbor.’ Or when Janet Napolitano was leaving, after almost five years as secretary of Homeland Security. She gave a speech at the National Press Club in Washington — and way down at the bottom of the speech was this warning we were facing a cyber-attack on the power grid.

“Then President Obama in 2013 said something about foreign governments trying to break into our power grid with cyber techniques.”

While each piece wasn’t all that compelling, the combination of those mentions led Koppel to want to look into the potential threats to America. He thought initially that if all those “well-informed people are offering warnings about the likelihood of this happening, what is being done about it?”

From CNA a report on the power grid:https://www.cna.org/mab/reports?

It seems like everyone knows there is a problem and what solutions are available, but no-one does anything. A common problem here too.

For those of you folks in the bowels of the Kremlin following this thread, nice job guys!



Russian government hackers penetrated the computer network of the Democratic National Committee and gained access to the entire database of opposition research on GOP presidential candidate Donald Trump, according to committee officials and security experts who responded to the breach.

The intruders so thoroughly compromised the DNC’s system that they also were able to read all email and chat traffic, said DNC officials and the security experts.

The intrusion into the DNC was one of several targeting American political organizations. The networks of presidential candidates Hillary Clinton and Donald Trump were also targeted by Russian spies, as were the computers of some GOP political action committees, U.S. officials said. But details on those cases were not available.

https://www.washingtonpost.com/world/national-security/russian-government-hackers-penetrated-dnc-stole-opposition-research-on-trump/2016/06/14/cf006cb4-316e-11e6-8ff7-7b6c1998b7a0_story.html


https://memecrunch.com/meme/8NJPM/good-job/image.jpg?w=600&c=1

From CNA a report on the power grid:https://www.cna.org/mab/reports?

It seems like everyone knows there is a problem and what solutions are available, but no-one does anything. A common problem here too.

It's easier to jump on social media and do some hashtag activism.

#HouseCurrentMatters

A U.S. intelligence official told CBS News that the signature of the breach is Russian and the U.S. government has identified methods and techniques used by Russia in past hacks that mirror those used in the DNC incursion.

"We understand how hack groups use the Internet to attack. The pattern and launch point used before by Russians is similar to the DNC attack," the official said.

A cyber analyst quoted by the Associated Press, Michael Buratowski with Fidelis Cybersecurity, which investigated the hack, said he was near certain that Russia was the culprit, based on the use by the hackers of "Russian internet addresses, Russian language keyboards, and the time codes corresponding to business hours in Russia, as well as the sophistication of the hack," according to the AP.

http://www.cbsnews.com/news/russian-fingerprints-left-behind-on-dnc-hack/


In related popcorn-worthy readings, see also https://twitter.com/wikileaks/status/757335823754887168

San Francisco's BART system shut down. Welcome to the BladeRunner world.
http://gizmodo.com/commuters-get-free-rides-after-hackers-target-san-franc-1789408436

This is exactly why one must seriously question the political "sanity" of Trump and his transition team when he openly and publicly denies the Russians are in fact hacking the US.....

http://www.msn.com/en-us/news/us/russian-operation-hacked-a-vermont-util...
Russian operation hacked a Vermont utility, showing risk to U.S. electrical grid security, officials say


A code associated with the Russian hacking operation dubbed Grizzly Steppe by the Obama administration has been detected within the system of a Vermont utility, according to U.S. officials.

While the Russians did not actively use the code to disrupt operations, according to officials who spoke on the condition of anonymity to discuss a security matter, the discovery underscores the vulnerabilities of the nation’s electrical grid.

And it raises fears in the U.S. government that Russian government hackers are actively trying to penetrate the grid to carry out potential attacks.

Officials in government and the utility industry regularly monitor the grid because it is highly computerized and any disruptions can have disastrous implications for the country’s medical and emergency services.

Burlington Electric said in a statement that the company detected a malware code used in the Grizzly Steppe operation in a laptop that was not connected to the organization’s grid systems.

The firm said it took immediate action to isolate the laptop and alert federal authorities.

Friday night, Vermont Gov. Peter Shumlin (D) called on federal officials “to conduct a full and complete investigation of this incident and undertake remedies to ensure that this never happens again.”

“Vermonters and all Americans should be both alarmed and outraged that one of the world’s leading thugs, Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety,” Shumlin said in a statement. “This episode should highlight the urgent need for our federal government to vigorously pursue and put an end to this sort of Russian meddling.”

Sen. Patrick J. Leahy (D-Vt.) said he was briefed on the attempts to penetrate the electric grid by Vermont State Police onFriday evening. “This is beyond hackers having electronic joy rides — this is now about trying to access utilities to potentially manipulate the grid and shut it down in the middle of winter,” Leahy said in a statement. “That is a direct threat to Vermont and we do not take it lightly.”

American officials, including one senior administration official, said they are not yet sure what the intentions of the Russians might have been. The incursion may have been designed to disrupt the utility’s operations or as a test to see whether they could penetrate a portion of the grid.

Officials said that it is unclear when the code entered the Vermont utility’s computer, and that an investigation will attempt to determine the timing and nature of the intrusion, as well as whether other utilities were similarly targeted.

“The question remains: Are they in other systems and what was the intent?” a U.S. official said.

This week, officials from the Department of Homeland Security, FBI and the Office of the Director of National Intelligence shared the Grizzly Steppe malware code with executives from 16 sectors nationwide, including the financial, utility and transportation industries, a senior administration official said.

Vermont utility officials identified the code within their operations and reported it to federal officials Friday, the official said.

The DHS and FBI also publicly posted information about the malware Thursday as part of a joint analysis report, saying that the Russian military and civilian services’ activity “is part of an ongoing campaign of cyber-enabled operations directed at the U.S. government and its citizens.”
Another senior administration official, who also spoke on the condition of anonymity to discuss security matters, said in an email that “by exposing Russian malware” in the joint analysis report, “the administration sought to alert all network defenders in the United States and abroad to this malicious activity to better secure their networks and defend against Russian malicious cyber activity.”

According to the report by the FBI and DHS, the hackers involved in the Russian operation used fraudulent emails that tricked their recipients into revealing passwords.

Russian hackers, U.S. intelligence agencies say, earlier obtained a raft of internal emails from the Democratic National Committee, which were later released by WikiLeaks during this year’s presidential campaign.

President-elect Donald Trump has repeatedly questioned the veracity of U.S. intelligence pointing to Russia’s responsibility for hacks in the run-up to the Nov. 8 election. He also has spoken highly of Russian President Vladimir Putin, despite President Obama’s suggestion that the approval for hacking came from the highest levels of the Kremlin.

Trump spokesman Sean Spicer said it would be “highly inappropriate to comment” on the incident given the fact that Spicer has not been briefed by federal authorities at this point.

Obama has been criticized by lawmakers from both parties for not retaliating against Russia before the election. But officials said the president was concerned that U.S. countermeasures could prompt a wider effort by Moscow to disrupt the counting of votes on Election Day, potentially leading to a wider conflict.

Officials said Obama also was concerned that taking retaliatory action before the election would be perceived as an effort to help the campaign of Democratic presidential nominee Hillary Clinton.

On Thursday, when Obama announced new economic measures against Russia and the expulsion of 35 Russian officials from the United States in retaliation for what he said was a deliberate attempt to interfere with the election, Trump told reporters, “It’s time for our country to move on to bigger and better things.”

Trump has agreed to meet with U.S. intelligence officials next week to discuss allegations surrounding Russia’s online activity.

Russia has been accused in the past of launching a cyberattack on Ukraine’s electrical grid, something it has denied. Cybersecurity experts say a hack in December 2015 destabilized Kiev’s power grid, causing a blackout in part of the Ukrainian capital.

On Thursday, Ukranian President Petro #Poroshenko accused Russia of waging a hacking war on his country that has entailed 6,500 attacks against Ukranian state institutions over the past two months.

Since at least 2009, U.S. authorities have tracked efforts by China, Russia and other countries to implant malicious software inside computers used by U.S. utilities. It is unclear if the code used in those earlier attacks was similar to what was found in the Vermont case. In November 2014, for example, federal authorities reported that a Russian malware known as BlackEnergy had been detected in the software controlling electric turbines in the United States.

The Russian Embassy did not immediately respond to a request for comment. Representatives for the Energy Department and DHS declined to comment Friday.BUT WAIT if Trump had attended his daily intelligence briefings he would have been informed about this latest Russian attack and thus his spokesperson could and should have had an answer...not this "we will get back to you and it "ain't our fault"....

The previous post was moved here, from the Ukraine War thread, it sists here better and updates this quiet thread.

For a non-cyber attack on the Silicon Valley power grid see this closed thread:http://council.smallwarsjournal.com/showthread.php?t=20044

Whoops:
U.S. officials say they have no information that a power grid in the northeastern state of Vermont was penetrated, even as they continue to investigate suspected Russian malware found on a utility's laptop computer. The Department of Homeland Security said late New Year's Eve that the laptop was not connected to the electrical grid operated by the Burlington Electric Department.
Link:http://www.voanews.com/a/russian-malware-utility-did-not-penetrate-power-grid/3658860.html

A more polemical, almost funny in places given the author, but it does cite the WaPo story having an Editor's update:
https://prod01-cdn07.cdn.firstlook.org/wp-uploads/sites/1/2016/12/editorsnote-540x81.png (https://prod01-cdn07.cdn.firstlook.org/wp-uploads/sites/1/2016/12/editorsnote.png)

Link:https://theintercept.com/2016/12/31/russia-hysteria-infects-washpost-again-false-story-about-hacking-u-s-electric-grid/

WASHINGTON — The United States has long relied on its borders and superior military might to protect against and deter foreign aggressors. But a lack of boundaries and any rulebook in cyberspace has increased the threat and leveled the playing field today.
It's unclear how President Donald Trump, who has emphasized an "America First" approach to domestic issues, will respond to cyberspace threats, which transcend traditional borders and make it easier and cheaper than ever for foreigners to attack the U.S. Whatever the approach, it will set the tone and precedent for global policies during a critical time when the ground rules are still being written.
At a hearing this month on foreign cyberthreats, the chairman of the Senate Armed Services Committee, Sen. John McCain, R-Ariz., ran through a list of recent operations the U.S. believes was carried out by foreign countries — Russia, China, Iran and North Korea. The targets: the White House, State Department, Office of Personnel Management, Joint Chiefs of Staff, Navy, major U.S. financial institutions, a small New York dam and Sony Pictures Entertainment Inc.
"Our adversaries have reached a common conclusion, that the reward for attacking America in cyberspace outweighs the risk," McCain said.

Now that we passed the pearl-clutching, we get to the "parking your fighter planes in neat rows on the tarmac is dumb" part.


With most of the U.S. critical infrastructure in private hands and Americans among the most connected citizens in the world, the potential attack surface for any hacker is vast and increasing. U.S. officials and lawmakers have argued that because there is no official policy on cyberwarfare, the response to any attack can be slow, politicized and ultimately ineffectual.

http://www.msn.com/en-us/news/technology/us-no-longer-has-geography-as-defense-ally-in-cybercombat/ar-AAmkQsX?li=AA4ZnC&ocid=spartandhp

Lille (France) (AFP) - Jihadists have yet to shut down a power grid, paralyse a transport network or banking system or take over a key industrial site from afar, but experts say the threat of such a cyber attack should be taken seriously.
Analysts fear that while extremist groups may not have the necessary skills themselves, they could hire someone else to wreak havoc.

https://www.yahoo.com/tech/fears-grow-over-jihadist-cyber-threat-061030636.html

The attacks on IoT..internet of things...are getting brutal lately and will be coming soon to the US five star hotels....unless they take immediate action to avoid what has been happening to five star European hotels....

All hotels now have IT/internet controlled door locking systems and hackers have been taking over those IT based door locking systems...locking them shut with either customers inside their rooms or locked out...forcing hotels to privately pay millions in Bitcoin payments to get them unlocked and their computers systems back online....

The IoT is going to cause far more damage than just a power grid....because it is now everywhere and not able to be secured....and driven by Chinese manufacturers who also deliberately planted backdoors even when warned about the backdoors...

Whoops:
Link:http://www.voanews.com/a/russian-malware-utility-did-not-penetrate-power-grid/3658860.html

A more polemical, almost funny in places given the author, but it does cite the WaPo story having an Editor's update:
Link:https://theintercept.com/2016/12/31/russia-hysteria-infects-washpost-again-false-story-about-hacking-u-s-electric-grid/

BUT is here the reality of a power grid network...had that computer been attached to the power grid and all grids are based on a network...once you gain entrance to any network a hacker can then work his way easily to the controlling network of power grids as they car inherently also connected to the power company management network for things like email....and computer updates.....

Take it from someone who works with power companies here in Europe...easy easy easy once you have a single infected computer on any network.....

And surprise surprise most of the power grid hacks conducted by Russians here in Europe come via email phishing....so much more needs to be done on the security education of the end users....

BTW...this was the entrance method for the election hacks of DNC....and the three State voting databases....just need one single inflected computer these days...

Since May, hackers have been penetrating the computer networks of companies that operate nuclear power stations and other energy facilities, as well as manufacturing plants in the United States and other countries.
Among the companies targeted was the Wolf Creek Nuclear Operating Corporation, which runs a nuclear power plant near Burlington, Kan., according to security consultants and an urgent joint report issued by the Department of Homeland Security and the Federal Bureau of Investigation last week.
The joint report was obtained by The New York Times and confirmed by security specialists who have been responding to the attacks. It carried an urgent amber warning, the second-highest rating for the sensitivity of the threat.
The report did not indicate whether the cyberattacks were an attempt at espionage — such as stealing industrial secrets — or part of a plan to cause destruction. There is no indication that hackers were able to jump from their victims’ computers into the control systems of the facilities, nor is it clear how many facilities were breached.

https://www.nytimes.com/2017/07/06/technology/nuclear-plant-hack-report.html

WASHINGTON — The cybersecurity company FireEye says in a new report to private clients, obtained exclusively by NBC News, that hackers linked to North Korea recently targeted U.S. electric power companies with spearphishing emails.
The emails used fake invitations to a fundraiser to target victims, FireEye said. A victim who downloaded the invitation attached to the email would also be downloading malware into his or her computer network, according to the FireEye report. The company did not dispute NBC's characterization of the report, but declined to comment.
There is no evidence that the hacking attempts were successful, but FireEye assessed that the targeting of electric utilities could be related to increasing tensions between the U.S. and North Korea, potentially foreshadowing a disruptive cyberattack.

http://www.newsweek.com/yellowstone-supervolcano-earthquake-swarm-longest-ever-recorded-677387

The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May.
The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage.
http://www.reuters.com/article/us-usa-cyber-energy/u-s-warns-public-about-attacks-on-energy-industrial-firms-idUSKBN1CQ0IN

The full title is 'Extremist Content and Russian Disinformation Online: Working with Tech to Find Solutions' and the author, Clint Watts (Forum member), gave evidence today before the Senate Judiciary Committee, Subcommittee on Crime and Terrorism.

There is much to learn; this sentence IMHO will resonate with Forum readers:
Stopping the false information artillery barrage landing on social media users comes only when those outlets distributing bogus stories are silenced – silence the guns and the barrage will end.

(He ends with) America’s war with itself has already begun. We all must act now on the social media battlefield to quell information rebellions that can quickly lead to violent confrontations and easily transform us into the Divided States of America.Link:https://www.fpri.org/article/2017/10/extremist-content-russian-disinformation-online-working-tech-find-solutions/

FBI Director Chris Wray and a team of security officials told the Senate Intelligence Committee on Tuesday that Huawei and ZTE pose threats to the US.


That position of power would allow Huawei or ZTE "the capacity to exert pressure or control over our telecommunications infrastructure, it provides the capacity to maliciously modify or steals information and provides the capacity to conduct undetected espionage."
He commended AT&T and Verizon for heeding the government's warnings regarding Huawei, which led to the Mate 10 Pro not getting carrier support in the US.
https://www.cnet.com/news/huawei-zte-fbi-chris-wray-nsa/

Researchers Rickrolled Emergency Alert Sirens in Proof-of-Concept Hack
Security researchers found that it was relatively easy to hijack the signal of the emergency alert siren system in San Francisco.
https://motherboard.vice.com/en_us/article/9kgn4v/hackers-take-over-san-franciscos-emergency-sirens

Senior U.S. and British officials on Monday blamed the Russian government for coordinated cyberattacks against internet infrastructure worldwide in an effort to conduct espionage and intellectual property theft.

Officials said that Russian hackers have been conducting a months-long cyber campaign against network devices used by government organizations, private industry and critical infrastructure operators. The hackers have tried to breach routers, switches and firewalls in an effort to breach organizations across the globe, officials said.

http://thehill.com/policy/cybersecurity/383364-us-uk-blame-russia-for-coordinated-cyberattacks-on-internet-devices

Temporary stand-alone thread until everyone who needs to see this has seen it.


China's long-running hacking efforts may be more extensive than first thought. Security researchers at ProtectWise's 401TRG team have determined that a long series of previously unconnected attacks are actually part of a concerted campaign by Chinese intelligence officials. Nicknamed the Winnti umbrella, the effort has been going on since "at least" 2009 and has struck game companies (like Nexon and Trion) and other tech-driven businesses to compromise political targets.

There are common methods and goals to the attacks. They usually start with phishing to trick someone into compromising the company network (often using political bait), and then use a mix of custom and off-the-shelf malware to collect info. They'll often stay undetected by "living off the land" with the victim's own software, such as system admin tools. The intuders are primarily looking for code signing certificates and "software manipulation," according to the report.

The perpetrators also make occasional mistakes, and it's those slip-ups that helped identify the Chinese origins. They normally use command-and-control servers to hide, but they inadvertently accessed some machines using IP addresses from China Unicom's network in a Beijing district.

Even with these mistakes, the Winnti umbrella is an "advanced and potent threat," 401TRG said. It's also a not-so-subtle reminder that China's state-backed hacking efforts are deeper than they seem at first glance -- hacks that appear to be one-off incidents may be linked if you look for subtler similarities.

https://www.engadget.com/2018/05/06/china-linked-to-winnti-umbrella-hacks/

Original source -> https://arstechnica.com/information-technology/2018/05/researchers-link-a-decade-of-potent-hacks-to-chinese-intelligence-group/

Chinese government hackers have compromised the computers of a Navy contractor, stealing massive amounts of highly sensitive data related to undersea warfare — including secret plans to develop a supersonic anti-ship missile for use on U.S. submarines by 2020, according to American officials.
The breaches occurred in January and February, the officials said, speaking on the condition of anonymity to discuss an ongoing investigation. The hackers targeted a contractor who works for the Naval Undersea Warfare Center, a military organization headquartered in Newport, R.I., that conducts research and development for submarines and underwater weaponry.

https://www.washingtonpost.com/world/national-security/china-hacked-a-navy-contractor-and-secured-a-trove-of-highly-sensitive-data-on-submarine-warfare/2018/06/08/6cc396fa-68e6-11e8-bea7-c8eb28bc52b1_story.html

China-based hacking campaign is said to have breached satellite, defense companies


A hacking campaign launched from computers in China breached satellite operators, defense contractors and telecommunications companies in the U.S. and Southeast Asia, according to Symantec.
Researchers at the company said they could not say what communications, if any, were taken.
But they said the hackers infected computers that controlled satellites, so that they could have changed the positions of the orbiting devices and disrupted data traffic.
https://www.cnbc.com/2018/06/19/china-based-hacking-breached-satellite-defense-companies-symantec.html

WASHINGTON — The Department of Homeland Security told representatives of electric utilities Monday about a round of efforts by Russian hackers last year to target control systems for electric power plants and grids.

In an unclassified webinar, DHS officials said the hackers last summer got access to vendors who provide computer services to electric utilities, and used that to provide a way into power company control systems.


https://www.nbcnews.com/politics/politics-news/russian-hackers-targeted-control-systems-electric-utilities-homeland-security-says-n894226

WASHINGTON (AP) — North Korea’s nuclear and missile tests have stopped, but its hacking operations to gather intelligence and raise funds for the sanction-strapped government in Pyongyang may be gathering steam.

U.S. security firm FireEye raised the alarm Wednesday over a North Korean group that it says has stolen hundreds of millions of dollars by infiltrating the computer systems of banks around the world since 2014 through highly sophisticated and destructive attacks that have spanned at least 11 countries. It says the group is still operating and poses “an active global threat.”
https://apnews.com/f6822f1313e2499883348a5615d2dbed/NKorea-said-to-have-stolen-a-fortune-in-online-bank-heists

Nested on the servers’ motherboards, the testers found a tiny microchip, not much bigger than a grain of rice, that wasn’t part of the boards’ original design. Amazon reported the discovery to U.S. authorities, sending a shudder through the intelligence community. Elemental’s servers could be found in Department of Defense data centers, the CIA’s drone operations, and the onboard networks of Navy warships. And Elemental was just one of hundreds of Supermicro customers.

During the ensuing top-secret probe, which remains open more than three years later, investigators determined that the chips allowed the attackers to create a stealth doorway into any network that included the altered machines. Multiple people familiar with the matter say investigators found that the chips had been inserted at factories run by manufacturing subcontractors in China.

This attack was something graver than the software-based incidents the world has grown accustomed to seeing. Hardware hacks are more difficult to pull off and potentially more devastating, promising the kind of long-term, stealth access that spy agencies are willing to invest millions of dollars and many years to get.

https://www.bloomberg.com/news/features/2018-10-04/the-big-hack-how-china-used-a-tiny-chip-to-infiltrate-america-s-top-companies

While this reads like the first five minutes of a Sci-Fi horror film, imagine the gleeful mayhem a Hank Scorpio style hacker could have tweaking the medical bots.

https://dcdirtylaundry.com/surgical-robot-botches-surgery-kills-man-on-operating-table-while-doctors-sipped-lattes/

(Natural News) In the name of scientific “progress,” Newcastle’s Freeman Hospital in the United Kingdom recently tried to pioneer the use of a surgical robot that it tasked with repairing a patient’s damaged heart valve, only to have the machine go completely bonkers and ultimately kill the man on the operating table.

According to reports, this first-time-use robot not only physically assaulted a living medic while attempting to conduct its programmed surgery, but also implanted stitches into the patient’s heart in a manner that physicians present during the fiasco described as not being in “an organised fashion.”

A situation that can only be described as total chaos, with human surgeons, doctors, and nurses having to scream at each other in order to overcome the “tinny” sound coming from the robot as they were trying to control it, the attempted surgery ended up being nothing short of a complete failure. And in the end, retired music teacher and conductor, Stephen Pettitt, the guinea pig patient in this medical experiment, ultimately lost his life.

I was puzzled at now spotting this story in the UK media and on looking there are a number of reports. First this has become public as thee is a coroners inquest underway and second the actual death was in March 2015 - 3.5yrs ago (the operation was in February 2015). That is a long time to wait for an inquest (not that far more political and contentious matters can wait a very long time for an inquest).

The inquest's final BBC report:https://www.bbc.co.uk/news/uk-england-tyne-46143940

This linked article has a video advert for the robot:https://www.dailymail.co.uk/news/article-6363243/Pioneering-robot-KNOCKED-medics-hand-middle-heart-operation.html


(https://www.dailymail.co.uk/news/article-6363243/Pioneering-robot-KNOCKED-medics-hand-middle-heart-operation.html)

This linked article has a video advert for the robot:



SKYNET has a sense of humor.

No cell phones in the SKIF!


A recently introduced feature for iPhones and AirPods called "Live Listen" is going viral.
It enables a person to use an iPhone's microphone to listen in to conversations wirelessly through AirPods.
Some people are creeped out by the feature, suggesting it could be used to spy, but it was originally intended to help people with hearing aids or hearing loss to clearly hear conversations in crowded environments.

https://www.businessinsider.com/apple-live-listening-feature-for-iphone-airpods-intended-for-hearing-loss-2019-1

Chinese hackers singled out over two dozen universities in the US and around the world in an apparent bid to gain access to maritime military research, according to a report by cybersecurity firm iDefense, which was obtained by The Wall Street Journal.

The hackers sent universities spear phishing emails doctored to appear as if they came from partner universities, but they unleashed a malicious payload when opened. Universities are traditionally seen as easier targets than US military contractors, and they can still contain useful military research.

Twenty-seven universities were found to have been targeted by the group, including the Massachusetts Institute of Technology, the University of Washington, and other colleges in Canada and Southeast Asia. iDefense didn’t name every school in the report due to ongoing investigations, but anonymous sources told the WSJ that Penn State and Duke University were two of the other targets.

https://www.theverge.com/2019/3/5/18251836/chinese-hackers-us-servers-universities-military-secrets-cybersecurity

There has long been a discussion about the kinetic nature of cyber warfare. Today CNN brings us video of a largish hole in the power grid. Kinetic effect without the kinetic cost. I wonder what the cost of a laptop and (https://www.chiltanpure.com/) Internet connection is in relationship to a 500lb bomb (or dozens).

http://www.cnn.com/2007/US/09/26/power.at.risk/index.html



A lot more at the link

Please excuse my ignorance, but what is the difference between cyber warfare, cyber terrorism, cyber espionage, and cyber crime?