Page 1 of 4 123 ... LastLast
Results 1 to 20 of 120

Thread: Cyber attacks on the USA (catch all)

Hybrid View

Previous Post Previous Post   Next Post Next Post
  1. #1
    i pwnd ur ooda loop selil's Avatar
    Join Date
    Sep 2006
    Location
    Belly of the beast
    Posts
    2,112

    Default Cyber attacks on the USA (catch all)

    There has long been a discussion about the kinetic nature of cyber warfare. Today CNN brings us video of a largish hole in the power grid. Kinetic effect without the kinetic cost. I wonder what the cost of a laptop and Internet connection is in relationship to a 500lb bomb (or dozens).

    http://www.cnn.com/2007/US/09/26/pow...isk/index.html

    Sources: Staged cyber attack reveals vulnerability in power grid

    WASHINGTON (CNN) -- Researchers who launched an experimental cyber attack caused a generator to self-destruct, alarming the federal government and electrical industry about what might happen if such an attack were carried out on a larger scale, CNN has learned.

    Department of Homeland Security video shows a generator spewing smoke after a staged experiment.

    Sources familiar with the experiment said the same attack scenario could be used against huge generators that produce the country's electric power.

    Some experts fear bigger, coordinated attacks could cause widespread damage to electric infrastructure that could take months to fix.

    CNN has honored a request from the Department of Homeland Security not to divulge certain details about the experiment, dubbed "Aurora," and conducted in March at the Department of Energy's Idaho lab

    In a previously classified video of the test CNN obtained, the generator shakes and smokes, and then stops.
    A lot more at the link
    Sam Liles
    Selil Blog
    Don't forget to duck Secret Squirrel
    The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
    All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.

  2. #2
    Council Member marct's Avatar
    Join Date
    Aug 2006
    Location
    Ottawa, Canada
    Posts
    3,682

    Default

    Hi Selil,

    I saw that story on CNN this morning. I almost wished they hadn't reported on it . There are just too many ways that a cyber attack can have kinetic consequences but, at least, it does look like someone is thinking about them now.

    Marc
    Sic Bisquitus Disintegrat...
    Marc W.D. Tyrrell, Ph.D.
    Institute of Interdisciplinary Studies,
    Senior Research Fellow,
    The Canadian Centre for Intelligence and Security Studies, NPSIA
    Carleton University
    http://marctyrrell.com/

  3. #3
    Council Member
    Join Date
    Jul 2007
    Posts
    204

    Default

    Think some folks out there aren't sweating about this?

    http://www.azcentral.com/arizonarepu...alavi0518.html

    From the article:

    The transcript indicates that Alavi wasn't the only employee to download the details of control rooms, reactors and designs as part of a software training package onto his personal laptop and take it home.
    The software provides employees with emergency scenarios and instructs them to react with proper procedures. It has no links to actual plant workings and can't be used to affect operations.
    Now, if I'm a bad guy and if I have a clear insight into what the "Plan B" steps are to counter emergency scenarios, and if I'm a halfway decent code cutter, I'm probably going to be able to write code sufficient to counteract/disable the standard emergency procedures.

    I think I'll stop now.
    Last edited by Watcher In The Middle; 09-28-2007 at 12:02 AM.

  4. #4
    i pwnd ur ooda loop selil's Avatar
    Join Date
    Sep 2006
    Location
    Belly of the beast
    Posts
    2,112

    Default

    I want to say that as an academic I step all over OPSEC for the fun of it. But, there are places that I tread carefully. I've been having a running battle with some entities and I've been informed that cyber security is nothing to worry about. It's not like anybody can really do anything like a kinetic attack... arghhh. I have to thank SWC/J as I've learned over the last year that my issue has been being able to frame my discussion in terms that the ones making decisions understand and expect. Now issues like this one are taken more seriously.
    Sam Liles
    Selil Blog
    Don't forget to duck Secret Squirrel
    The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
    All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.

  5. #5
    Council Member wm's Avatar
    Join Date
    Dec 2006
    Location
    On the Lunatic Fringe
    Posts
    1,237

    Default

    Quote Originally Posted by Watcher In The Middle View Post
    Think some folks out there aren't sweating about this?

    http://www.azcentral.com/arizonarepu...alavi0518.html
    Now, if I'm a bad guy and if I have a clear insight into what the "Plan B" steps are to counter emergency scenarios, and if I'm a halfway decent code cutter, I'm probably going to be able to write code sufficient to counteract/disable the standard emergency procedures.
    I suspect that the Palo Verde training package is probably akin to the one that DoD uses for its Anti-Terrorism Level I certification on-line course. For those unfamiliar with it, the DoD training package puts one in a number of scenarios in order to reinforce points about what to do and not do should one become the target of "terrorist" activities. I found its contents fairly innocuous, if not down right inane. However, without seeing the program ised at Palo Verde, I cannot be sure that this is the case.

    I think that the nation's power grids have other potential vulnerabilities that probably warrant much more concern that the story about Mr. Alavi. For one thing, the grid has a number of nodes that are single points of failure. Loss of those nodes can cripple large sections of it should those nodes go down. But then keeping the grid up is what NERC, the North America Electric Reliability Council, is supposed to be all about As another example, utilities are pushing an initiative called BPL--broadband over Power Lines--a competitor to your cable company's broadband over cable response to DSL/ISDN from your phone company. While BPL may not be a threat to the operation of the electric grid, it may provide alternative comm paths for bad guys which could be much harder to exploit by LE than other conventional comm paths. However, once one gets into a BPL pipe, one might also be able to gain access to some of the grid control data networks that flow over the same pathways--tactics like packet capture and packet replacement come to mind.

  6. #6
    i pwnd ur ooda loop selil's Avatar
    Join Date
    Sep 2006
    Location
    Belly of the beast
    Posts
    2,112

    Default

    I wouldn't worry to much about the communication paths of criminal elements. With cell phone scramblers, good encryption, and a variety of "criminal" languages the com path for organized crime is fairly stout. There is telemetry already on the power grid which is interesting from a few different perspectives.

    As to the electrical grid, if in my first under graduate systems design program I designed a system that was based on five large wobbly systems, with centralized control, little redundancy, over lapping vulnerabilities, was life critical, had a design goal of MTBF of 99.99999 up time, and had control features outside of the actual (extra-territorial) control of the owning entity I'd have been given an "F" so big I'd be an art teacher (or anthropologist).
    Sam Liles
    Selil Blog
    Don't forget to duck Secret Squirrel
    The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
    All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.

  7. #7
    Council Member
    Join Date
    Oct 2005
    Posts
    3,099

    Default

    Wired, 17 Oct 07: Astrophysicist Replaces Supercomputer with Eight PlayStation 3s
    ....The interest in the PS3 really was for two main reasons," explains Khanna, an assistant professor at the University of Massachusetts, Dartmouth who specializes in computational astrophysics. "One of those is that Sony did this remarkable thing of making the PS3 an open platform, so you can in fact run Linux on it and it doesn't control what you do."

    He also says that the console's Cell processor, co-developed by Sony, IBM and Toshiba, can deliver massive amounts of power, comparable even to that of a supercomputer -- if you know how to optimize code and have a few extra consoles lying around that you can string together......

    ....This is precisely what Khanna needed. Prior to obtaining his PS3s, Khanna relied on grants from the National Science Foundation (NSF) to use various supercomputing sites spread across the United States "Typically I'd use a couple hundred processors -- going up to 500 -- to do these same types of things."....

    ....Khanna says that his gravity grid has been up and running for a little over a month now and that, crudely speaking, his eight consoles are equal to about 200 of the supercomputing nodes he used to rely on.....

  8. #8
    i pwnd ur ooda loop selil's Avatar
    Join Date
    Sep 2006
    Location
    Belly of the beast
    Posts
    2,112

    Default Boeing 787 mayb be subject to hack attack

    As a simple example of computer mediated conflict and terrorism having unlikely avenues of attack, or asymmetric methods to attack, advances in one technology can provide unexpected consequences in other ways. The quoted story (more at the link) gives an example how in providing service to passengers the flight control and safety systems were put in jeopardy. This is an error in architecture and likely was never considered at any point to be an issue until an outsider perceived the issue.

    Unfortunately as technology is adapted and integrated into civilian society and military weapons and communications systems these unexpected consequences can be exploited. It's an interesting article and it appears they will be fixing the network architecture issues in this case. For the military professional or interested civilian look around your environment sometime and consider all of the interconnected technologies with an eye to how they could be used in unexpected ways.

    Quote Originally Posted by Wired Magazine (online)
    Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.

    The computer network in the Dreamliner's passenger compartment, designed to give passengers in-flight internet access, is connected to the plane's control, navigation and communication systems, an FAA report reveals.

    The revelation is causing concern in security circles because the physical connection of the networks makes the plane's control systems vulnerable to hackers. A more secure design would physically separate the two computer networks. Boeing said it's aware of the issue and has designed a solution it will test shortly.

    "This is serious," said Mark Loveless, a network security analyst with Autonomic Networks, a company in stealth mode, who presented a conference talk last year on Hacking the Friendly Skies (PowerPoint). "This isn’t a desktop computer. It's controlling the systems that are keeping people from plunging to their deaths. So I hope they are really thinking about how to get this right."

    ...... LINK.......
    Sam Liles
    Selil Blog
    Don't forget to duck Secret Squirrel
    The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
    All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.

  9. #9
    i pwnd ur ooda loop selil's Avatar
    Join Date
    Sep 2006
    Location
    Belly of the beast
    Posts
    2,112

    Default CIA official: North American power company systems hacked

    There have been several versions of this story starting to escape. It does inform the small wars scholar about possible issues and force multipliers in reconstruction and stabilization operations.

    Link

    Quote Originally Posted by EarlyBird
    Hackers have targeted computers that operate power companies worldwide, causing at least one widespread electricity outage, a Central Intelligence Agency senior analyst told North American government and public works representatives in New Orleans this week.

    The SANS Institute, a nonprofit cybersecurity research organization in Bethesda, Md., planned to release a report late Friday quoting CIA senior analyst Tom Donohue, who spoke Jan. 16 to 300 government officials, engineers and security managers from electric, water, oil and gas, and other utility companies based in the United States, United Kingdom, Sweden and Netherlands.

    "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands," Donohue said at the SCADA 2008 Control System Security Summit in New Orleans. SCADA stands for Supervisory Control and Data Acquisition, and generally refers to the systems that control critical U.S. infrastructure.

    "We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge," he said. "We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."
    LINK
    Sam Liles
    Selil Blog
    Don't forget to duck Secret Squirrel
    The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
    All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.

  10. #10
    Council Member marct's Avatar
    Join Date
    Aug 2006
    Location
    Ottawa, Canada
    Posts
    3,682

    Default North Korea behind recent DDOS attacks?

    Dark Reading just published a report on the recent DDOS attacks on US and South Korean systems.

    Supporters of North Korea may be behind a series of denial-of-service attacks that have crippled U.S. and South Korean government Websites during the past five days, a news report says.
    source
    Sic Bisquitus Disintegrat...
    Marc W.D. Tyrrell, Ph.D.
    Institute of Interdisciplinary Studies,
    Senior Research Fellow,
    The Canadian Centre for Intelligence and Security Studies, NPSIA
    Carleton University
    http://marctyrrell.com/

  11. #11
    Council Member Stan's Avatar
    Join Date
    Dec 2006
    Location
    Estonia
    Posts
    3,817

    Default

    Hey Marc,
    Just to confirm the article, our State link was down as of late Thursday evening and only began flooding returned emails on Monday morning.

    Foxtrotin' bastards
    If you want to blend in, take the bus

  12. #12
    Council Member marct's Avatar
    Join Date
    Aug 2006
    Location
    Ottawa, Canada
    Posts
    3,682

    Default

    Hey Stan,

    Quote Originally Posted by Stan View Post
    Hey Marc,
    Just to confirm the article, our State link was down as of late Thursday evening and only began flooding returned emails on Monday morning.

    Foxtrotin' bastards
    Yup - looks like the little twerps were following the DDOS attack on Estonia awhile back.
    Sic Bisquitus Disintegrat...
    Marc W.D. Tyrrell, Ph.D.
    Institute of Interdisciplinary Studies,
    Senior Research Fellow,
    The Canadian Centre for Intelligence and Security Studies, NPSIA
    Carleton University
    http://marctyrrell.com/

  13. #13
    Council Member
    Join Date
    Aug 2007
    Location
    Montreal
    Posts
    1,602

    Default Lazy Hacker and Little Worm Set Off Cyberwar Frenzy

    Quote Originally Posted by marct View Post
    Dark Reading just published a report on the recent DDOS attacks on US and South Korean systems.
    Unlike the unnamed South Korean intelligence official in the report who attributes this to sophisticated state action, the view in most of the tech community seems to be that this is pretty primitive stuff:

    Lazy Hacker and Little Worm Set Off Cyberwar Frenzy
    By Kim Zetter
    Wired, July 8, 2009

    Talk of cyberwar is in the air after more than two dozen high-level websites in the United States and South Korea were hit by denial-of-service attacks this week. But cooler heads are pointing to a pilfered five-year-old worm as the source of the traffic, under control of an unsophisticated hacker who apparently did little to bolster his borrowed code against detection.

    Nonetheless, the attacks have launched a thousand headlines (or thereabouts) and helped to throw kindling on some long-standing international political flames — with one sworn enemy blaming another for the aggression.

    ...

    Security experts who examined code used in the attack say it appears to have been delivered to machines through the MyDoom worm, a piece of malware first discovered in January 2004 and appearing in numerous variants since. The Mytob virus might have been used, as well.

    ...

    In the recent attack, experts say the malware used no sophisticated techniques to evade detection by anti-virus software and doesn’t appear to have been written by someone experienced in coding malware. The author’s use of a pre-written worm to deliver the code also suggests the attacker probably wasn’t thinking of a long-term attack.
    That, of course, doesn't exclude an unsophisticated NORK recycling some stale hacker tools, but it does perhaps place it in context.

    Sam, any thoughts on this one?
    They mostly come at night. Mostly.


  14. #14
    Council Member marct's Avatar
    Join Date
    Aug 2006
    Location
    Ottawa, Canada
    Posts
    3,682

    Default

    Quote Originally Posted by Rex Brynen View Post
    Unlike the unnamed South Korean intelligence official in the report who attributes this to sophisticated state action, the view in most of the tech community seems to be that this is pretty primitive stuff:

    In the recent attack, experts say the malware used no sophisticated techniques to evade detection by anti-virus software and doesn’t appear to have been written by someone experienced in coding malware. The author’s use of a pre-written worm to deliver the code also suggests the attacker probably wasn’t thinking of a long-term attack.
    It does make one wonder about the "security" on the affected computers, doesn't it?
    Sic Bisquitus Disintegrat...
    Marc W.D. Tyrrell, Ph.D.
    Institute of Interdisciplinary Studies,
    Senior Research Fellow,
    The Canadian Centre for Intelligence and Security Studies, NPSIA
    Carleton University
    http://marctyrrell.com/

  15. #15
    Council Member Stan's Avatar
    Join Date
    Dec 2006
    Location
    Estonia
    Posts
    3,817

    Default I won't begin to pretend

    to be of Sam's caliber and a bit hesitant when it comes to using "attack" for a DDoS. But, when the system is down, I'd call that a successful WHATEVER. If they managed to shut down Foggy Bottom, I would assume they done good (and may have done us a slight favor in the process
    If you want to blend in, take the bus

  16. #16
    i pwnd ur ooda loop selil's Avatar
    Join Date
    Sep 2006
    Location
    Belly of the beast
    Posts
    2,112

    Default

    The DDOS is one of the lowest forms of disruption you can use. The worm code used was really old, the number of machines infected was really small, and the strategy used was really poor. Not to make light of this but knocking a few websites off the web really only takes an old pop-singer taking the long dirt nap.

    The security service attacked by DDOS is availability but it only really matters in high performance, low latency systems, and web servers aren't that kind of animal. As to the strategy used by this adversary it really showed a low level of sophistication. Instead of targeting a few websites and possibly hiding a compromising exploit in the noise they attacked numerous websites with little hope of sustaining that kind of broad based attack.

    In many ways attacking web servers is like painting mustaches on bill boards of super models. Web servers are not critical infrastructure, the attack is more annoying than dangerous, and the media response is likely going to be out of proportion to the attack.

    As an aside most DDOS are actually user generated not any kind of cyber warfare. Users get all excited as they did in the Michael Jackson death and swarm to news websites crippling them instantly (like what happened to CNN). The second thing is that it is often the system admins who pull something down to keep sophisticated adversaries from hiding in the noise and using the web servers as jump off points to more tasty targets. And, finally AKAMI and other distributed systems vendors deal with DDOS as a business.

    That doesn't mean it is nice, friendly, or isn't a probe to test responses. You must take these things seriously or the next one might be against the central power distribution grid telemetry computers in Chicago. A DDOS there would be catastrophic.
    Sam Liles
    Selil Blog
    Don't forget to duck Secret Squirrel
    The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
    All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.

  17. #17
    Council Member AdamG's Avatar
    Join Date
    Dec 2005
    Location
    Hiding from the Dreaded Burrito Gang
    Posts
    3,096

    Default Biggest-ever series of cyber attacks uncovered, U.N. hit

    BOSTON (Reuters) - Security experts have discovered the biggest series of cyber attacks to date, involving the infiltration of the networks of 72 organizations including the United Nations, governments and companies around the world.
    Security company McAfee, which uncovered the intrusions, said it believed there was one "state actor" behind the attacks but declined to name it, though one security expert who has been briefed on the hacking said the evidence points to China.
    The long list of victims in the five-year campaign include the governments of the United States, Taiwan, India, South Korea, Vietnam and Canada; the Association of Southeast Asian Nations (ASEAN); the International Olympic Committee (IOC); the World Anti-Doping Agency; and an array of companies, from defense contractors to high-tech enterprises.

    http://in.news.yahoo.com/biggest-eve...041202195.html


    Exclusive: Operation Shady rat—Unprecedented Cyber-espionage Campaign and Intellectual-Property Bonanza

    http://www.vanityfair.com/culture/fe...ady-rat-201109
    A scrimmage in a Border Station
    A canter down some dark defile
    Two thousand pounds of education
    Drops to a ten-rupee jezail


    http://i.imgur.com/IPT1uLH.jpg

  18. #18
    Council Member carl's Avatar
    Join Date
    Nov 2005
    Location
    Denver on occasion
    Posts
    2,460

    Default

    AdamG:

    I figure it this way. The nation of China is doing this. They will not stop no matter how often they are asked to or how politely they are asked. So, will it eventually come to cyber-counterattacks to disable/destroy the control computers in China? Would that result in a free for all? Or will we eventually have de-internationalize the internet and physically cut connections with China (if that is even possible)?

    I don't know much about this kind of thing which is why I ask.
    "We fight, get beat, rise, and fight again." Gen. Nathanael Greene

  19. #19
    Council Member Dayuhan's Avatar
    Join Date
    May 2009
    Location
    Latitude 17° 5' 11N, Longitude 120° 54' 24E, altitude 1499m. Right where I want to be.
    Posts
    3,137

    Default

    I'd have to assume this goes on in multiple directions. The Chinese won't issue a press release when they find out they've been hacked, but that doesn't mean it doesn't happen.

    I pity the poor schmuck who has to read the take from the UN.

    Noted this in the Vanity Fair piece:

    Forensic investigation revealed that the defense contractor had been hit by a species of malware that had never been seen before: a spear-phishing e-mail containing a link to a Web page that, when clicked, automatically loaded a malicious program—a remote-access tool, or rat—onto the victim’s computer.
    What kind of idiot clicks on a link in an e-mail of unknown origin? Doesn't everyone over 8 years old know better? Ok, maybe not everyone... but anyone on a computer that holds even potential access to confidential information should certainly know better.
    “The whole aim of practical politics is to keep the populace alarmed (and hence clamorous to be led to safety) by menacing it with an endless series of hobgoblins, all of them imaginary”

    H.L. Mencken

  20. #20
    Council Member bourbon's Avatar
    Join Date
    Jun 2007
    Location
    Boston, MA
    Posts
    903

    Default

    Quote Originally Posted by Dayuhan View Post
    What kind of idiot clicks on a link in an e-mail of unknown origin? Doesn't everyone over 8 years old know better? Ok, maybe not everyone... but anyone on a computer that holds even potential access to confidential information should certainly know better.
    Phishing attacks do not appear to come from an unknown origin, but instead are designed to appear to come from a trusted source.

Similar Threads

  1. Russo-Ukraine War 2016 (April-June)
    By davidbfpo in forum Europe
    Replies: 1088
    Last Post: 07-01-2016, 08:44 PM
  2. The Threat from Swarm Attacks (catch all)
    By davidbfpo in forum Doctrine & TTPs
    Replies: 4
    Last Post: 08-07-2012, 11:42 AM
  3. USAF Cyber Command (catch all)
    By selil in forum Media, Information & Cyber Warriors
    Replies: 150
    Last Post: 03-15-2011, 09:50 PM
  4. Attacks in Iraq Down Considerably
    By SWJED in forum Blog Watch
    Replies: 1
    Last Post: 01-23-2006, 10:33 PM

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •