Cyber attacks on the USA (historical catch all)

[Backwards Observer]

Chinese hackers infiltrate Department of Homeland Security and FBI, pay off official mouthpieces:

Quote:

No evidence of cyberattack at water pump, DHS says

Federal investigators have found no evidence that a cyberattack was behind a water pump failure this month in Illinois, the government announced Tuesday.

After a "detailed analysis," the Department of Homeland Security and the FBI "have found no evidence of a cyber intrusion," DHS spokesman Chris Ortman said.

Officials confirmed last week that they were looking into the possibility of a cyberattack at a public water district in Illinois, after a blog disclosed the possibility.

"There is no evidence to support claims made in initial reports -- which were based on raw, unconfirmed data and subsequently leaked to the media -- that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant," Ortman said Tuesday. " In addition, DHS and FBI have concluded that there was no malicious traffic from Russia or any foreign entities, as previously reported."

No evidence of cyberattack at water pump, DHS says - CNN - Nov 23, 2011.

[AdamG]

Quote:

Chinese hackers tried to penetrate the computer systems of 48 chemical and military-related companies in a late summer cyber attack to steal design documents, formulas and manufacturing processes, a security firm reported Tuesday.

The attack ran from late July to mid-September and appeared to be aimed at collecting intellectual property for competitive advantage, reported Symantec, which code-named the attack Nitro, because of the chemical industry targets. Hackers went after 29 chemical companies and 19 other businesses that made advanced materials primarily used in military vehicles.

The attackers were the same Chinese group that targeted human rights organizations from late April to early May and the U.S. auto industry in late May. China and the U.S. have accused each other of industrial espionage for some time. China, which leads the world in the number of people online, is a hotbed for Internet crime, according to experts. The country has often been accused of cyber spying, which the government denies, while claiming to also be a target.

http://www.crn.com/news/security/231...LQg**.ecappj02

Quote:

Symantec said it traced the attacks back to a computer system that was a virtual private server (VPS) located in the United States.

However, the system was owned by a 20-something male located in the Hebei region in China. We internally have given him the pseudonym of Covert Grove based on a literal translation of his name. He attended a vocational school for a short period of time specializing in network security and has limited work experience, most recently maintaining multiple network domains of the vocational school.

Covert Grove claimed to have the U.S.-based VPS for the sole purpose of using the VPS to log into the QQ instant message system, a popular instant messaging system in China. By owning a VPS, he would have a static IP address. He claims this was the sole purpose of the VPS. And by having a static IP address, he could use a feature provided by QQ to restrict login access to particular IP addresses. The VPS cost was RMB200 (US$32) a month.

While possible, with an expense of RMB200 a month for such protection and the usage of a US-based VPS, the scenario seems suspicious. We were unable to recover any evidence the VPS was used by any other authorized or unauthorized users. Further, when prompted regarding hacking skills, Covert Grove immediately provided a contact that would perform ‘hacking for hire’. Whether this contact is merely an alias or a different individual has not been determined.

We are unable to determine if Covert Grove is the sole attacker or if he has a direct or only indirect role. Nor are we able to definitively determine if he is hacking these targets on behalf of another party or multiple parties.

http://www.zdnet.com/blog/security/n...companies/9754

Quote:

"The question is: Who is 'they?' " writes James Lewis, director of the Technology and Public Policy Program at the Center for Strategic and International Studies (CSIS), a Washington think tank, in an e-mail interview. "The Chinese government encourages economic espionage [for illicit acquisition of technology], but that does not mean it directs all economic espionage."

http://www.alaskadispatch.com/articl...mical-industry

[Stan]

China hits back over US claims of online spying

Quote:

China's foreign ministry spokesman Hong Lei dismissed the report in a regular news briefing in Beijing.

"Online attacks are notable for spanning national borders and being anonymous. Identifying the attackers without carrying out a comprehensive investigation and making inferences about the attackers is both unprofessional and irresponsible," he said. "I hope the international community can abandon prejudice and work hard with China to maintain online security."

[AdamG]

Quote:

Within a week of the report’s release, DHS bluntly contradicted the memo, saying that it could find no evidence that a hack occurred. In truth, the water pump simply burned out, as pumps are wont to do, and a government-funded intelligence center incorrectly linked the failure to an internet connection from a Russian IP address months earlier.

Now, in an exclusive interview with Threat Level, the contractor behind that Russian IP address says a single phone call could have prevented the string of errors that led to the dramatic false alarm.

http://www.wired.com/threatlevel/201...ystery-solved/

[davidbfpo]

A classic, hence my emphasis and thanks for the link to The Wired article Adam G.

Quote:

Asked if the fusion center is investigating how information that was uncorroborated and was based on false assumptions got into a distributed report, spokeswoman Bond said an investigation of that sort is the responsibility of DHS and the other agencies who compiled the report. The center’s focus, she said, was on how Weiss received a copy of the report that he should never have received.

“We’re very concerned about the leak of controlled information,” Bond said. “Our internal review is looking at how did this information get passed along, confidential or controlled information, get disseminated and put into the hands of users that are not approved to receive that information. That’s number one.”

So we have an industrial malfunction at a water plant that has nothing to do with cyber warfare, an intelligence assessment circulated widely and maybe beyond it's intended recipients - an assessment that is simply wrong and missed some basic research.

A classic on many levels.

[bourbon]

The initial wave of reports makes reference to the compromise of the remote access software vendor; the consequences of which, if true, would be far greater than a single isolated incident.

This follow up story makes no reference to the compromised software vendor.

[selil]

It looks to me as if there is a significant and distinct lack of understanding in the world of cyber of how to conduct an investigation. I am continually surprised as I run across "cyber" experts who haven't got clue one of basic police investigative procedure down. The entirety of this incident and several that are not being reported could have been less "flash" and more "bang" if simple specific principles of investigation were followed.

When asked on this and other similar stories to comment by the media I say, "Sorry but we need more details and information before suggesting even an opinion" So, I don't end up on the front page, I don't get invited to all the big parties, but I also don't end up looking like a fool.

THe principles of police procedure are not specific to any domain. The forensic processes are not "special" because it has bits and bytes. The whole thing smacks of the debacle of the polygraph. The fusion center screwed up, the investigators screwed up, heck even DHS with their rebuttal of the facts screwed up. Nobody knows for sure what happened because nobody actually investigated the incident in a full and correct manner.

The entire escapade is simple bull pucky.

[Backwards Observer]

Chinese hackers perfect mind-control of US scientific community; evolution, fluoride to blame:

Quote:

Hacked Satellites?: USCC Makes Claims It Can’t Support

[...]

These suspicious incidents may or may not have been caused by hacking. They appear to have involved computers operated by a commercial service provider—not by the US government. No commands were issued to the satellites, nor were any data manipulated or stolen. The satellites involved were nonstrategic, low-resolution environmental monitoring satellites. There is no evidence presented linking these events to the Chinese government; the USCC includes these incidents in their report to Congress on China on the basis of claims by a “marginal figure” in China that China is interested in such pursuits.

This doesn’t mean China is not capable of or interested in the ability to control U.S. satellites. But the evidence presented to Congress by the USCC makes an extremely poor case for it.

Hacked satellites - USCC makes claims it can't support - All Things Nuclear - Dec 1, 2011.

[AdamG]

No sh1t.

Quote:

America's critical infrastructure security response system is broken
Possible cyberattack on SCADA system at small Illinois water plant highlights weakness in U.S. system of "Fusion Centers"

http://www.networkworld.com/news/201...da-253659.html

[Fuchs]

News in a reputable computer-related news portal in Germany is that the hacker attack was a hoax.

Now could please a mod change the thread title to reflect this?

[AdamG]

Quote:

Government and business leaders in the United States and around the world are rushing to build better defenses -- and to prepare for the coming battles in the digital universe. To succeed, they must understand one of the most complex, man-made environments on Earth: cyberspace.

Quote:

Matherly and other Shodan users quickly realized they were revealing an astonishing fact: Uncounted numbers of industrial control computers, the systems that automate such things as water plants and power grids, were linked in, and in some cases they were wide open to exploitation by even moderately talented hackers.

http://www.washingtonpost.com/invest...KCV_story.html

[AdamG]

A catch-all thread, of incidents that may or may not be related.

Quote:

PlaceRaider: The Military Smartphone Malware Designed to Steal Your Life

The US Naval Surface Warfare Center has created an Android app that secretly records your environment and reconstructs it as a 3D virtual model for a malicious user to browse

http://www.technologyreview.com/view...phone-malware/

Quote:

Hackers linked to China’s government broke into one of the U.S. government’s most sensitive computer networks, breaching a system used by the White House Military Office for nuclear commands, according to defense and intelligence officials familiar with the incident.

http://freebeacon.com/white-house-hack-attack/

[AdamG]

Quote:

This month, some of America's largest banks became the targets of hackers -- but should we be concerned?

Since Sept 19, the websites for the Bank of America, JPMorgan Chase, Wells Fargo, U.S. Bank and PNC Bank have all been hit by denial of service (DoS) attacks. This common online attack directs vast amounts of traffic to a website, causing it to overload and deny normal users from accessing a website entirely -- or slowing it down to the point of being unusable. To bring down large websites, attackers may use botnets to flood a site with requests at the same time.

http://www.zdnet.com/what-do-cyberat...ry-7000005041/

Quote:

Verizon Communications Inc. is helping to investigate a series of cyber attacks that have disrupted the websites of the biggest U.S. banks over the past two weeks, a company official said.

Verizon is looking into the attacks, which commandeered commercial servers to overwhelm the sites with traffic, for some of the affected banks and assisting the federal government through the National Cybersecurity and Communications Integration Center, said Sean McGurk, managing principal for industrial control systems cybersecurity for the New York-based company and formerly director of the center led by the Department of Homeland Security.

http://newyork.newsday.com/business/...izon-1.4055301

[AdamG]

Quote:

In June, many Google users were surprised to see an unusual greeting at the top of their Gmail inbox, Google home page or Chrome browser. “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer.”

On Tuesday, tens of thousands more Google users will begin to see that message. The company said that since it started alerting users to malicious — probably state-sponsored — activity on their computers in June, it has picked up thousands more instances of cyberattacks than it anticipated.

http://bits.blogs.nytimes.com/2012/1...ttack-targets/

[AdamG]

Quote:

IDG News Service - The wave of cyberattacks against a half-dozen U.S. financial institutions has subsided this week, but the recent demonstration of force shows a careful honing of destructive techniques that could continue to cause headaches.

The attacks against Wells Fargo, U.S. Bancorp, PNC Financial Services Group, Citigroup, Bank of America and JPMorgan Chase succeeded in drawing ire from consumers trying to use the sites for regular banking.

http://www.computerworld.com/s/artic...ubside_for_now

[AdamG]

Quote:

WASHINGTON (AP) - U.S. authorities believe that Iranian-based hackers were responsible for cyberattacks that devastated Persian Gulf oil and gas companies, a former U.S. government official said. Just hours later, Defense Secretary Leon Panetta said the cyberthreat from Iran has grown, and he declared that the Pentagon is prepared to take action if American is threatened by a computer-based assault.

http://apnews.myway.com/article/20121012/DA1RSBPG0.html

[AdamG]

Quote:

The U.S. financial services industry has issued a warning that a Russian cyber-gangster is preparing to rob American banks and their customers of millions of dollars.

Quote:

In addition, the computer security firm McAfee has reported that the cyber-criminal, who calls himself “Thief-in-Law,” already has infected the hundreds of computers of unwitting American customers in preparation to steal their bank account data.

The warning was issued Thursday by the Financial Services Information Sharing and Analysis Center (FS-ISAC), which shares information throughout the financial sector about terrorist and online threats, said Douglas Johnson, vice president for risk management at the American Bankers Association.

“FS-ISAC has sent out several notices warning about this gentleman,” Mr. Johnson told The Washington Times.

According to McAfee, Thief-in-Law has installed malicious software programs, known as “malware,” on hundreds of computers as part of his plan, dubbed “Project Blitzkrieg.” The malware steals passwords and login information, which hackers can use to drain victims’ bank accounts online.

Read more: http://www.washingtontimes.com/news/...#ixzz2F3HCYgrP

[AdamG]

Related

Quote:

Last week, security firm RSA detailed a new cybecriminal project aimed at recruiting 100 botmasters to help launch a series of lucrative online heists targeting 30 U.S. banks. RSA’s advisory focused primarily on helping financial institutions prepare for an onslaught of more sophisticated e-banking attacks, and has already received plenty of media attention. I’m weighing in on the topic because their analysis seemed to merely scratch the surface of a larger enterprise that speaks volumes about why online attacks are becoming bolder and more brash toward Western targets.

http://krebsonsecurity.com/2012/10/p...ks/#more-17096