Cyber attacks on the USA (catch all)

**Jedburgh** · 10-17-2007

Wired, 17 Oct 07: Astrophysicist Replaces Supercomputer with Eight PlayStation 3s

....The interest in the PS3 really was for two main reasons," explains Khanna, an assistant professor at the University of Massachusetts, Dartmouth who specializes in computational astrophysics. "One of those is that Sony did this remarkable thing of making the PS3 an open platform, so you can in fact run Linux on it and it doesn't control what you do."

He also says that the console's Cell processor, co-developed by Sony, IBM and Toshiba, can deliver massive amounts of power, comparable even to that of a supercomputer -- if you know how to optimize code and have a few extra consoles lying around that you can string together......

....This is precisely what Khanna needed. Prior to obtaining his PS3s, Khanna relied on grants from the National Science Foundation (NSF) to use various supercomputing sites spread across the United States "Typically I'd use a couple hundred processors -- going up to 500 -- to do these same types of things."....

....Khanna says that his gravity grid has been up and running for a little over a month now and that, crudely speaking, his eight consoles are equal to about 200 of the supercomputing nodes he used to rely on.....

**selil** · 10-18-2007

Wowser Jedburgh that is a great link! I had missed this. I had lunch with Ian Foster last week (father of grid computing!) and we were discussing this kind of commodity computing and some the security issues it represents.

**Norfolk** · 01-19-2008

"CIA Confirms Cyber Attack Caused Multi-City Power Outage" 18 January, 2008, The SANS Institute at Merit Network Email Archives:

SANS FLASH
CIA Confirms Cyber Attack Caused Multi-City Power Outage

On Wednesday, in New Orleans, US Central Intelligence Agency senior analyst Tom Donohue told a gathering of 300 US, UK, Swedish, and Dutch government officials and engineers and security managers from electric, water, oil & gas and other critical industry asset owners from all across North America, that "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

According to Mr. Donohue, the CIA actively and thoroughly considered the
benefits and risks of making this information public, and came down on
the side of disclosure.

CIA: Hackers Shook Up Power Grids by Noah Shachtman at Danger Room; Noah's got some more on this, including a Washington Poat article and Michael Tanji's take on this.

More Cyber War Gouge at Defense Tech:

The CIA went on to say they suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. The very next day the Federal Energy Regulatory Commission (FERC) approved eight mandatory cyber security standards that extend to all entities connected to the nation's power grid. The following are the eight areas addressed by these standards:

1. Critical cyber asset identification
2. Security management controls
3. Personnel and training
4. Electronic security perimeters
5. Physical security of critical cyber assets
6. System security management
7. Incident reporting and response planning
8. Recovery plans for critical cyber assets

These eight standards were created to increase the security of our CIP and reduce the risk of a successful attack. Disruption of a county’s critical infrastructure would have significant direct and indirect damages. Most of these damages would be psychological, economic and financial. Analysis of a cyber attack on critical infrastructure targets resulted in the following data:

Target value: High
Impact analysis: Elevated
Required skills: Moderate
Attack costs: Low
Current defenses: Moderate (elevated for nuclear sites)

More, including a references link, at the link.

What are these attackers doing this for, simply money? Or something else?

**selil** · 01-19-2008

I hate to say it but if you want to bring the elite cyber intrusion minds into the mix (in the above scenario not likely), but the elite are motivated simply by cash. The attack methods appear to be simple not highly trained. The attacks were trivial to accomplish.

**Presley Cannady** · 01-28-2008

Originally Posted by Norfolk

"CIA Confirms Cyber Attack Caused Multi-City Power Outage" 18 January, 2008, The SANS Institute at Merit Network Email Archives:

Yes, and a pre-teen hacked SCADA and unleashed a devastating volume of water from the Teddy Roosevelt Dam--or at least that's how the story goes on its third re-telling. Here we have a vague reference to an attack that occurred outside of the United States that involved a penetration via the Internet somehow and purportedly resulted in a power outage of unknown magnitude across several cities. About the only thing hard we can deduce from this "report" is that the power grid involved most certainly wasn't managed privately nor was the investigation (if there was one) a matter of public record. Put another way, this story could easily be about a bunch of technicians at a substation in say...Iraq...taking wrenches to terminals which they were fully authorized to use. In fact, I'm pretty sure something like this happened in Najaf recently.

**Ron Humphrey** · 01-29-2008

Originally Posted by Presley Cannady

Yes, and a pre-teen hacked SCADA and unleashed a devastating volume of water from the Teddy Roosevelt Dam--or at least that's how the story goes on its third re-telling. Here we have a vague reference to an attack that occurred outside of the United States that involved a penetration via the Internet somehow and purportedly resulted in a power outage of unknown magnitude across several cities. About the only thing hard we can deduce from this "report" is that the power grid involved most certainly wasn't managed privately nor was the investigation (if there was one) a matter of public record. Put another way, this story could easily be about a bunch of technicians at a substation in say...Iraq...taking wrenches to terminals which they were fully authorized to use. In fact, I'm pretty sure something like this happened in Najaf recently.

Although the threat is real and the capabilities exist more often than not its just normal everyday screwing with stuff that happens. Anything more elegant tends to attract a lot more attention than most with that type of capability would want.

**AdamG** · 02-05-2008

Conspiracy theories emerge after internet cables cut
http://www.abc.net.au/news/stories/2...?section=world

Is information warfare to blame for the damage to underwater internet cables that has interrupted internet service to millions of people in India and Egypt, or is it just a series of accidents?

When two cables in the Mediterranean were severed last week, it was put down to a mishap with a stray anchor.

Now a third cable has been cut, this time near Dubai. That, along with new evidence that ships' anchors are not to blame, has sparked theories about more sinister forces that could be at work.

Where's Cthulhu?