Cyber attacks on the USA (catch all)
There has long been a discussion about the kinetic nature of cyber warfare. Today CNN brings us video of a largish hole in the power grid. Kinetic effect without the kinetic cost. I wonder what the cost of a laptop and Internet connection is in relationship to a 500lb bomb (or dozens).
http://www.cnn.com/2007/US/09/26/pow...isk/index.html
Quote:
Sources: Staged cyber attack reveals vulnerability in power grid
WASHINGTON (CNN) -- Researchers who launched an experimental cyber attack caused a generator to self-destruct, alarming the federal government and electrical industry about what might happen if such an attack were carried out on a larger scale, CNN has learned.
Department of Homeland Security video shows a generator spewing smoke after a staged experiment.
Sources familiar with the experiment said the same attack scenario could be used against huge generators that produce the country's electric power.
Some experts fear bigger, coordinated attacks could cause widespread damage to electric infrastructure that could take months to fix.
CNN has honored a request from the Department of Homeland Security not to divulge certain details about the experiment, dubbed "Aurora," and conducted in March at the Department of Energy's Idaho lab
In a previously classified video of the test CNN obtained, the generator shakes and smokes, and then stops.
A lot more at the link
Boeing 787 mayb be subject to hack attack
As a simple example of computer mediated conflict and terrorism having unlikely avenues of attack, or asymmetric methods to attack, advances in one technology can provide unexpected consequences in other ways. The quoted story (more at the link) gives an example how in providing service to passengers the flight control and safety systems were put in jeopardy. This is an error in architecture and likely was never considered at any point to be an issue until an outsider perceived the issue.
Unfortunately as technology is adapted and integrated into civilian society and military weapons and communications systems these unexpected consequences can be exploited. It's an interesting article and it appears they will be fixing the network architecture issues in this case. For the military professional or interested civilian look around your environment sometime and consider all of the interconnected technologies with an eye to how they could be used in unexpected ways.
Quote:
Originally Posted by Wired Magazine (online)
Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.
The computer network in the Dreamliner's passenger compartment, designed to give passengers in-flight internet access, is connected to the plane's control, navigation and communication systems, an FAA report reveals.
The revelation is causing concern in security circles because the physical connection of the networks makes the plane's control systems vulnerable to hackers. A more secure design would physically separate the two computer networks. Boeing said it's aware of the issue and has designed a solution it will test shortly.
"This is serious," said Mark Loveless, a network security analyst with Autonomic Networks, a company in stealth mode, who presented a conference talk last year on Hacking the Friendly Skies (PowerPoint). "This isn’t a desktop computer. It's controlling the systems that are keeping people from plunging to their deaths. So I hope they are really thinking about how to get this right."
......
LINK.......
CIA official: North American power company systems hacked
There have been several versions of this story starting to escape. It does inform the small wars scholar about possible issues and force multipliers in reconstruction and stabilization operations.
Link
Quote:
Originally Posted by EarlyBird
Hackers have targeted computers that operate power companies worldwide, causing at least one widespread electricity outage, a Central Intelligence Agency senior analyst told North American government and public works representatives in New Orleans this week.
The SANS Institute, a nonprofit cybersecurity research organization in Bethesda, Md., planned to release a report late Friday quoting CIA senior analyst Tom Donohue, who spoke Jan. 16 to 300 government officials, engineers and security managers from electric, water, oil and gas, and other utility companies based in the United States, United Kingdom, Sweden and Netherlands.
"We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands," Donohue said at the SCADA 2008 Control System Security Summit in New Orleans. SCADA stands for Supervisory Control and Data Acquisition, and generally refers to the systems that control critical U.S. infrastructure.
"We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge," he said. "We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."
LINK
I would tend to see it in that vein as well
Quote:
Originally Posted by
Presley Cannady
Yes, and a pre-teen hacked SCADA and unleashed a devastating volume of water from the Teddy Roosevelt Dam--or at least that's how the story goes on its third re-telling. Here we have a vague reference to an attack that occurred outside of the United States that involved a penetration via the Internet somehow and purportedly resulted in a power outage of unknown magnitude across several cities. About the only thing hard we can deduce from this "report" is that the power grid involved most certainly wasn't managed privately nor was the investigation (if there was one) a matter of public record. Put another way, this story could easily be about a bunch of technicians at a substation in say...Iraq...taking wrenches to terminals which they were fully authorized to use. In fact, I'm pretty sure something like this happened in Najaf recently.
Although the threat is real and the capabilities exist more often than not its just normal everyday screwing with stuff that happens. Anything more elegant tends to attract a lot more attention than most with that type of capability would want.
North Korea behind recent DDOS attacks?
Dark Reading just published a report on the recent DDOS attacks on US and South Korean systems.
Quote:
Supporters of North Korea may be behind a series of denial-of-service attacks that have crippled U.S. and South Korean government Websites during the past five days, a news report says.
source
Lazy Hacker and Little Worm Set Off Cyberwar Frenzy
Quote:
Originally Posted by
marct
Dark Reading just published a report on the recent DDOS attacks on US and South Korean systems.
Unlike the unnamed South Korean intelligence official in the report who attributes this to sophisticated state action, the view in most of the tech community seems to be that this is pretty primitive stuff:
Lazy Hacker and Little Worm Set Off Cyberwar Frenzy
By Kim Zetter
Wired, July 8, 2009
Quote:
Talk of cyberwar is in the air after more than two dozen high-level websites in the United States and South Korea were hit by denial-of-service attacks this week. But cooler heads are pointing to a pilfered five-year-old worm as the source of the traffic, under control of an unsophisticated hacker who apparently did little to bolster his borrowed code against detection.
Nonetheless, the attacks have launched a thousand headlines (or thereabouts) and helped to throw kindling on some long-standing international political flames — with one sworn enemy blaming another for the aggression.
...
Security experts who examined code used in the attack say it appears to have been delivered to machines through the MyDoom worm, a piece of malware first discovered in January 2004 and appearing in numerous variants since. The Mytob virus might have been used, as well.
...
In the recent attack, experts say the malware used no sophisticated techniques to evade detection by anti-virus software and doesn’t appear to have been written by someone experienced in coding malware. The author’s use of a pre-written worm to deliver the code also suggests the attacker probably wasn’t thinking of a long-term attack.
That, of course, doesn't exclude an unsophisticated NORK recycling some stale hacker tools, but it does perhaps place it in context.
Sam, any thoughts on this one?
Biggest-ever series of cyber attacks uncovered, U.N. hit
Quote:
BOSTON (Reuters) - Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world.
Security company McAfee, which uncovered the intrusions, said it believed there was one "state actor" behind the attacks but declined to name it, though one security expert who has been briefed on the hacking said the evidence points to China.
The long list of victims in the five-year campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.
http://in.news.yahoo.com/biggest-eve...041202195.html
Exclusive: Operation Shady rat—Unprecedented Cyber-espionage Campaign and Intellectual-Property Bonanza
http://www.vanityfair.com/culture/fe...ady-rat-201109
U.S. water plant malfunction, not a cyber attack (amended title)
Quote:
Foreign hackers caused a pump at an Illinois water plant to fail last week, according to a preliminary state report. Experts said the cyber-attack, if confirmed, would be the first known to have damaged one of the systems that supply Americans with water, electricity and other essentials of modern life.
Companies and government agencies that rely on the Internet have for years been routine targets of hackers, but most incidents have resulted from attempts to steal information or interrupt the functioning of Web sites. The incident in Springfield, Ill., would mark a departure because it apparently caused physical destruction.
http://www.washingtonpost.com/blogs/...TZYN_blog.html
2 Attachment(s)
'hacking' and chinese 'cuisine'
Quote:
UPDATE1-US commander cannot pin down satellite anomaly
The command responsible for U.S. military space operations lacks enough data to determine who interfered with two U.S. government satellites, anomalies behind perhaps the most explosive charge in a report on China sent to the U.S. Congress on Wednesday.
"What I have seen is inconclusive," General Robert Kehler, commander of the U.S. Strategic Command, said in a teleconference from Omaha, Nebraska, home to the military outfit that conducts U.S. space and cyberspace operations.
[...]
China's military is a prime suspect, the bipartisan, 12-member commission made clear, though it added that the events in question had not actually been traced to China.
US Commander cannot pin down satellite anomaly - Reuters - Nov 16, 2011.
How does the excerpt in bold translate to the geek.com headline of "Chinese hackers took control of NASA satellite for 11 minutes"? Are they saying that the USAF General in charge of US Strategic Command is engaging in 'political correctness', incompetent, or worse, lying? Or is geek.com part of the re-activated Grill Flame program?
I did enjoy this comment on the geek.com article, however:
Quote:
You have obviously never been to china...they will eat each other before they become a "super power"
May help with the water 'attack'?
Not my field, but I think some clues and understanding is found here:http://www.schneier.com/blog/archive....html#comments
anything that lies on anything that moves
Quote:
Originally Posted by
carl
After watching other Generals and high ranking State and Defense Dept. people pretend that what is isn't for the past decade in various parts of the world, I think it very plausible that the USAF General in question is doing all three at the same time.
Dang, and I thought I was cynical.:)
'Nitro' : who hacked US chemical companies, and why?
Quote:
Chinese hackers tried to penetrate the computer systems of 48 chemical and military-related companies in a late summer cyber attack to steal design documents, formulas and manufacturing processes, a security firm reported Tuesday.
The attack ran from late July to mid-September and appeared to be aimed at collecting intellectual property for competitive advantage, reported Symantec, which code-named the attack Nitro, because of the chemical industry targets. Hackers went after 29 chemical companies and 19 other businesses that made advanced materials primarily used in military vehicles.
The attackers were the same Chinese group that targeted human rights organizations from late April to early May and the U.S. auto industry in late May. China and the U.S. have accused each other of industrial espionage for some time. China, which leads the world in the number of people online, is a hotbed for Internet crime, according to experts. The country has often been accused of cyber spying, which the government denies, while claiming to also be a target.
http://www.crn.com/news/security/231...LQg**.ecappj02
Quote:
Symantec said it traced the attacks back to a computer system that was a virtual private server (VPS) located in the United States.
However, the system was owned by a 20-something male located in the Hebei region in China. We internally have given him the pseudonym of Covert Grove based on a literal translation of his name. He attended a vocational school for a short period of time specializing in network security and has limited work experience, most recently maintaining multiple network domains of the vocational school.
Covert Grove claimed to have the U.S.-based VPS for the sole purpose of using the VPS to log into the QQ instant message system, a popular instant messaging system in China. By owning a VPS, he would have a static IP address. He claims this was the sole purpose of the VPS. And by having a static IP address, he could use a feature provided by QQ to restrict login access to particular IP addresses. The VPS cost was RMB200 (US$32) a month.
While possible, with an expense of RMB200 a month for such protection and the usage of a US-based VPS, the scenario seems suspicious. We were unable to recover any evidence the VPS was used by any other authorized or unauthorized users. Further, when prompted regarding hacking skills, Covert Grove immediately provided a contact that would perform ‘hacking for hire’. Whether this contact is merely an alias or a different individual has not been determined.
We are unable to determine if Covert Grove is the sole attacker or if he has a direct or only indirect role. Nor are we able to definitively determine if he is hacking these targets on behalf of another party or multiple parties.
http://www.zdnet.com/blog/security/n...companies/9754
Quote:
"The question is: Who is 'they?' " writes James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), a Washington think tank, in an e-mail interview. "The Chinese government encourages economic espionage [for illicit acquisition of technology], but that does not mean it directs all economic espionage."
http://www.alaskadispatch.com/articl...mical-industry
Fusion Center priority No.1 is?
A classic, hence my emphasis and thanks for the link to The Wired article Adam G.
Quote:
Asked if the fusion center is investigating how information that was uncorroborated and was based on false assumptions got into a distributed report, spokeswoman Bond said an investigation of that sort is the responsibility of DHS and the other agencies who compiled the report. The center’s focus, she said, was on how Weiss received a copy of the report that he should never have received.
“We’re very concerned about the leak of controlled information,” Bond said. “Our internal review is looking at how did this information get passed along, confidential or controlled information, get disseminated and put into the hands of users that are not approved to receive that information. That’s number one.”
So we have an industrial malfunction at a water plant that has nothing to do with cyber warfare, an intelligence assessment circulated widely and maybe beyond it's intended recipients - an assessment that is simply wrong and missed some basic research.
A classic on many levels.