SMALL WARS COUNCIL
Go Back   Small Wars Council > Small Wars Participants & Stakeholders > Media, Information & Cyber Warriors

Media, Information & Cyber Warriors Getting the story, dealing with those who do, and operating in the information & cyber domains. Not the news itself, that's here.

Reply
 
Thread Tools Display Modes
Old 09-27-2007   #1
selil
i pwnd ur ooda loop
 
selil's Avatar
 
Join Date: Sep 2006
Location: Belly of the beast
Posts: 2,112
Default Cyber attacks on the USA (catch all)

There has long been a discussion about the kinetic nature of cyber warfare. Today CNN brings us video of a largish hole in the power grid. Kinetic effect without the kinetic cost. I wonder what the cost of a laptop and Internet connection is in relationship to a 500lb bomb (or dozens).

http://www.cnn.com/2007/US/09/26/pow...isk/index.html

Quote:
Sources: Staged cyber attack reveals vulnerability in power grid

WASHINGTON (CNN) -- Researchers who launched an experimental cyber attack caused a generator to self-destruct, alarming the federal government and electrical industry about what might happen if such an attack were carried out on a larger scale, CNN has learned.

Department of Homeland Security video shows a generator spewing smoke after a staged experiment.

Sources familiar with the experiment said the same attack scenario could be used against huge generators that produce the country's electric power.

Some experts fear bigger, coordinated attacks could cause widespread damage to electric infrastructure that could take months to fix.

CNN has honored a request from the Department of Homeland Security not to divulge certain details about the experiment, dubbed "Aurora," and conducted in March at the Department of Energy's Idaho lab

In a previously classified video of the test CNN obtained, the generator shakes and smokes, and then stops.
A lot more at the link
__________________
Sam Liles
Selil Blog
Don't forget to duck Secret Squirrel
The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.
selil is offline   Reply With Quote
Old 09-27-2007   #2
marct
Council Member
 
marct's Avatar
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 3,682
Default

Hi Selil,

I saw that story on CNN this morning. I almost wished they hadn't reported on it . There are just too many ways that a cyber attack can have kinetic consequences but, at least, it does look like someone is thinking about them now.

Marc
__________________
Sic Bisquitus Disintegrat...
Marc W.D. Tyrrell, Ph.D.
Institute of Interdisciplinary Studies,
Senior Research Fellow,
The Canadian Centre for Intelligence and Security Studies, NPSIA
Carleton University
http://marctyrrell.com/
marct is offline   Reply With Quote
Old 09-28-2007   #3
Watcher In The Middle
Council Member
 
Join Date: Jul 2007
Posts: 204
Default

Think some folks out there aren't sweating about this?

http://www.azcentral.com/arizonarepu...alavi0518.html

From the article:

Quote:
The transcript indicates that Alavi wasn't the only employee to download the details of control rooms, reactors and designs as part of a software training package onto his personal laptop and take it home.
Quote:
The software provides employees with emergency scenarios and instructs them to react with proper procedures. It has no links to actual plant workings and can't be used to affect operations.
Now, if I'm a bad guy and if I have a clear insight into what the "Plan B" steps are to counter emergency scenarios, and if I'm a halfway decent code cutter, I'm probably going to be able to write code sufficient to counteract/disable the standard emergency procedures.

I think I'll stop now.

Last edited by Watcher In The Middle; 09-28-2007 at 01:02 AM.
Watcher In The Middle is offline   Reply With Quote
Old 09-28-2007   #4
selil
i pwnd ur ooda loop
 
selil's Avatar
 
Join Date: Sep 2006
Location: Belly of the beast
Posts: 2,112
Default

I want to say that as an academic I step all over OPSEC for the fun of it. But, there are places that I tread carefully. I've been having a running battle with some entities and I've been informed that cyber security is nothing to worry about. It's not like anybody can really do anything like a kinetic attack... arghhh. I have to thank SWC/J as I've learned over the last year that my issue has been being able to frame my discussion in terms that the ones making decisions understand and expect. Now issues like this one are taken more seriously.
__________________
Sam Liles
Selil Blog
Don't forget to duck Secret Squirrel
The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.
selil is offline   Reply With Quote
Old 09-28-2007   #5
wm
Council Member
 
wm's Avatar
 
Join Date: Dec 2006
Location: On the Lunatic Fringe
Posts: 1,237
Default

Quote:
Originally Posted by Watcher In The Middle View Post
Think some folks out there aren't sweating about this?

http://www.azcentral.com/arizonarepu...alavi0518.html
Now, if I'm a bad guy and if I have a clear insight into what the "Plan B" steps are to counter emergency scenarios, and if I'm a halfway decent code cutter, I'm probably going to be able to write code sufficient to counteract/disable the standard emergency procedures.
I suspect that the Palo Verde training package is probably akin to the one that DoD uses for its Anti-Terrorism Level I certification on-line course. For those unfamiliar with it, the DoD training package puts one in a number of scenarios in order to reinforce points about what to do and not do should one become the target of "terrorist" activities. I found its contents fairly innocuous, if not down right inane. However, without seeing the program ised at Palo Verde, I cannot be sure that this is the case.

I think that the nation's power grids have other potential vulnerabilities that probably warrant much more concern that the story about Mr. Alavi. For one thing, the grid has a number of nodes that are single points of failure. Loss of those nodes can cripple large sections of it should those nodes go down. But then keeping the grid up is what NERC, the North America Electric Reliability Council, is supposed to be all about As another example, utilities are pushing an initiative called BPL--broadband over Power Lines--a competitor to your cable company's broadband over cable response to DSL/ISDN from your phone company. While BPL may not be a threat to the operation of the electric grid, it may provide alternative comm paths for bad guys which could be much harder to exploit by LE than other conventional comm paths. However, once one gets into a BPL pipe, one might also be able to gain access to some of the grid control data networks that flow over the same pathways--tactics like packet capture and packet replacement come to mind.
wm is offline   Reply With Quote
Old 09-28-2007   #6
selil
i pwnd ur ooda loop
 
selil's Avatar
 
Join Date: Sep 2006
Location: Belly of the beast
Posts: 2,112
Default

I wouldn't worry to much about the communication paths of criminal elements. With cell phone scramblers, good encryption, and a variety of "criminal" languages the com path for organized crime is fairly stout. There is telemetry already on the power grid which is interesting from a few different perspectives.

As to the electrical grid, if in my first under graduate systems design program I designed a system that was based on five large wobbly systems, with centralized control, little redundancy, over lapping vulnerabilities, was life critical, had a design goal of MTBF of 99.99999 up time, and had control features outside of the actual (extra-territorial) control of the owning entity I'd have been given an "F" so big I'd be an art teacher (or anthropologist).
__________________
Sam Liles
Selil Blog
Don't forget to duck Secret Squirrel
The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.
selil is offline   Reply With Quote
Old 10-17-2007   #7
Jedburgh
Council Member
 
Join Date: Oct 2005
Posts: 3,098
Default

Wired, 17 Oct 07: Astrophysicist Replaces Supercomputer with Eight PlayStation 3s
Quote:
....The interest in the PS3 really was for two main reasons," explains Khanna, an assistant professor at the University of Massachusetts, Dartmouth who specializes in computational astrophysics. "One of those is that Sony did this remarkable thing of making the PS3 an open platform, so you can in fact run Linux on it and it doesn't control what you do."

He also says that the console's Cell processor, co-developed by Sony, IBM and Toshiba, can deliver massive amounts of power, comparable even to that of a supercomputer -- if you know how to optimize code and have a few extra consoles lying around that you can string together......

....This is precisely what Khanna needed. Prior to obtaining his PS3s, Khanna relied on grants from the National Science Foundation (NSF) to use various supercomputing sites spread across the United States "Typically I'd use a couple hundred processors -- going up to 500 -- to do these same types of things."....

....Khanna says that his gravity grid has been up and running for a little over a month now and that, crudely speaking, his eight consoles are equal to about 200 of the supercomputing nodes he used to rely on.....
Jedburgh is offline   Reply With Quote
Old 10-18-2007   #8
selil
i pwnd ur ooda loop
 
selil's Avatar
 
Join Date: Sep 2006
Location: Belly of the beast
Posts: 2,112
Default

Wowser Jedburgh that is a great link! I had missed this. I had lunch with Ian Foster last week (father of grid computing!) and we were discussing this kind of commodity computing and some the security issues it represents.
__________________
Sam Liles
Selil Blog
Don't forget to duck Secret Squirrel
The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.
selil is offline   Reply With Quote
Old 01-09-2008   #9
selil
i pwnd ur ooda loop
 
selil's Avatar
 
Join Date: Sep 2006
Location: Belly of the beast
Posts: 2,112
Default Boeing 787 mayb be subject to hack attack

As a simple example of computer mediated conflict and terrorism having unlikely avenues of attack, or asymmetric methods to attack, advances in one technology can provide unexpected consequences in other ways. The quoted story (more at the link) gives an example how in providing service to passengers the flight control and safety systems were put in jeopardy. This is an error in architecture and likely was never considered at any point to be an issue until an outsider perceived the issue.

Unfortunately as technology is adapted and integrated into civilian society and military weapons and communications systems these unexpected consequences can be exploited. It's an interesting article and it appears they will be fixing the network architecture issues in this case. For the military professional or interested civilian look around your environment sometime and consider all of the interconnected technologies with an eye to how they could be used in unexpected ways.

Quote:
Originally Posted by Wired Magazine (online)
Boeing's new 787 Dreamliner passenger jet may have a serious security vulnerability in its onboard computer networks that could allow passengers to access the plane's control systems, according to the U.S. Federal Aviation Administration.

The computer network in the Dreamliner's passenger compartment, designed to give passengers in-flight internet access, is connected to the plane's control, navigation and communication systems, an FAA report reveals.

The revelation is causing concern in security circles because the physical connection of the networks makes the plane's control systems vulnerable to hackers. A more secure design would physically separate the two computer networks. Boeing said it's aware of the issue and has designed a solution it will test shortly.

"This is serious," said Mark Loveless, a network security analyst with Autonomic Networks, a company in stealth mode, who presented a conference talk last year on Hacking the Friendly Skies (PowerPoint). "This isn’t a desktop computer. It's controlling the systems that are keeping people from plunging to their deaths. So I hope they are really thinking about how to get this right."

...... LINK.......
__________________
Sam Liles
Selil Blog
Don't forget to duck Secret Squirrel
The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.
selil is offline   Reply With Quote
Old 01-19-2008   #10
Norfolk
Council Member
 
Join Date: Oct 2007
Posts: 716
Default

"CIA Confirms Cyber Attack Caused Multi-City Power Outage" 18 January, 2008, The SANS Institute at Merit Network Email Archives:

Quote:
SANS FLASH
CIA Confirms Cyber Attack Caused Multi-City Power Outage

On Wednesday, in New Orleans, US Central Intelligence Agency senior analyst Tom Donohue told a gathering of 300 US, UK, Swedish, and Dutch government officials and engineers and security managers from electric, water, oil & gas and other critical industry asset owners from all across North America, that "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

According to Mr. Donohue, the CIA actively and thoroughly considered the
benefits and risks of making this information public, and came down on
the side of disclosure.
CIA: Hackers Shook Up Power Grids by Noah Shachtman at Danger Room; Noah's got some more on this, including a Washington Poat article and Michael Tanji's take on this.

More Cyber War Gouge at Defense Tech:

Quote:
The CIA went on to say they suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. The very next day the Federal Energy Regulatory Commission (FERC) approved eight mandatory cyber security standards that extend to all entities connected to the nation's power grid. The following are the eight areas addressed by these standards:

1. Critical cyber asset identification
2. Security management controls
3. Personnel and training
4. Electronic security perimeters
5. Physical security of critical cyber assets
6. System security management
7. Incident reporting and response planning
8. Recovery plans for critical cyber assets

These eight standards were created to increase the security of our CIP and reduce the risk of a successful attack. Disruption of a county’s critical infrastructure would have significant direct and indirect damages. Most of these damages would be psychological, economic and financial. Analysis of a cyber attack on critical infrastructure targets resulted in the following data:

Target value: High
Impact analysis: Elevated
Required skills: Moderate
Attack costs: Low
Current defenses: Moderate (elevated for nuclear sites)
More, including a references link, at the link.

What are these attackers doing this for, simply money? Or something else?

Last edited by Norfolk; 01-19-2008 at 08:44 PM. Reason: Added even more stuff.
Norfolk is offline   Reply With Quote
Old 01-19-2008   #11
selil
i pwnd ur ooda loop
 
selil's Avatar
 
Join Date: Sep 2006
Location: Belly of the beast
Posts: 2,112
Default

I hate to say it but if you want to bring the elite cyber intrusion minds into the mix (in the above scenario not likely), but the elite are motivated simply by cash. The attack methods appear to be simple not highly trained. The attacks were trivial to accomplish.
__________________
Sam Liles
Selil Blog
Don't forget to duck Secret Squirrel
The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.
selil is offline   Reply With Quote
Old 01-21-2008   #12
selil
i pwnd ur ooda loop
 
selil's Avatar
 
Join Date: Sep 2006
Location: Belly of the beast
Posts: 2,112
Default CIA official: North American power company systems hacked

There have been several versions of this story starting to escape. It does inform the small wars scholar about possible issues and force multipliers in reconstruction and stabilization operations.

Link

Quote:
Originally Posted by EarlyBird
Hackers have targeted computers that operate power companies worldwide, causing at least one widespread electricity outage, a Central Intelligence Agency senior analyst told North American government and public works representatives in New Orleans this week.

The SANS Institute, a nonprofit cybersecurity research organization in Bethesda, Md., planned to release a report late Friday quoting CIA senior analyst Tom Donohue, who spoke Jan. 16 to 300 government officials, engineers and security managers from electric, water, oil and gas, and other utility companies based in the United States, United Kingdom, Sweden and Netherlands.

"We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands," Donohue said at the SCADA 2008 Control System Security Summit in New Orleans. SCADA stands for Supervisory Control and Data Acquisition, and generally refers to the systems that control critical U.S. infrastructure.

"We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge," he said. "We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."
LINK
__________________
Sam Liles
Selil Blog
Don't forget to duck Secret Squirrel
The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.
selil is offline   Reply With Quote
Old 01-28-2008   #13
Presley Cannady
Council Member
 
Join Date: Nov 2007
Location: Boston, MA
Posts: 310
Default

Quote:
Originally Posted by Norfolk View Post
"CIA Confirms Cyber Attack Caused Multi-City Power Outage" 18 January, 2008, The SANS Institute at Merit Network Email Archives:
Yes, and a pre-teen hacked SCADA and unleashed a devastating volume of water from the Teddy Roosevelt Dam--or at least that's how the story goes on its third re-telling. Here we have a vague reference to an attack that occurred outside of the United States that involved a penetration via the Internet somehow and purportedly resulted in a power outage of unknown magnitude across several cities. About the only thing hard we can deduce from this "report" is that the power grid involved most certainly wasn't managed privately nor was the investigation (if there was one) a matter of public record. Put another way, this story could easily be about a bunch of technicians at a substation in say...Iraq...taking wrenches to terminals which they were fully authorized to use. In fact, I'm pretty sure something like this happened in Najaf recently.
__________________
PH Cannady
Correlate Systems
Presley Cannady is offline   Reply With Quote
Old 01-29-2008   #14
Ron Humphrey
Council Member
 
Ron Humphrey's Avatar
 
Join Date: Nov 2007
Location: Kansas
Posts: 1,099
Post I would tend to see it in that vein as well

Quote:
Originally Posted by Presley Cannady View Post
Yes, and a pre-teen hacked SCADA and unleashed a devastating volume of water from the Teddy Roosevelt Dam--or at least that's how the story goes on its third re-telling. Here we have a vague reference to an attack that occurred outside of the United States that involved a penetration via the Internet somehow and purportedly resulted in a power outage of unknown magnitude across several cities. About the only thing hard we can deduce from this "report" is that the power grid involved most certainly wasn't managed privately nor was the investigation (if there was one) a matter of public record. Put another way, this story could easily be about a bunch of technicians at a substation in say...Iraq...taking wrenches to terminals which they were fully authorized to use. In fact, I'm pretty sure something like this happened in Najaf recently.
Although the threat is real and the capabilities exist more often than not its just normal everyday screwing with stuff that happens. Anything more elegant tends to attract a lot more attention than most with that type of capability would want.
Ron Humphrey is offline   Reply With Quote
Old 02-05-2008   #15
AdamG
Council Member
 
AdamG's Avatar
 
Join Date: Dec 2005
Location: Hiding from the Dreaded Burrito Gang
Posts: 2,436
Default

Conspiracy theories emerge after internet cables cut
http://www.abc.net.au/news/stories/2...?section=world

Is information warfare to blame for the damage to underwater internet cables that has interrupted internet service to millions of people in India and Egypt, or is it just a series of accidents?

When two cables in the Mediterranean were severed last week, it was put down to a mishap with a stray anchor.

Now a third cable has been cut, this time near Dubai. That, along with new evidence that ships' anchors are not to blame, has sparked theories about more sinister forces that could be at work.

Where's Cthulhu?
AdamG is offline   Reply With Quote
Old 02-05-2008   #16
selil
i pwnd ur ooda loop
 
selil's Avatar
 
Join Date: Sep 2006
Location: Belly of the beast
Posts: 2,112
Default

There are a lot of cables out there on the bottom of the ocean. The process of laying sea cables is fairly labor intensive.
__________________
Sam Liles
Selil Blog
Don't forget to duck Secret Squirrel
The scholarship of teaching and learning results in equal hatred from latte leftists and cappuccino conservatives.
All opinions are mine and may or may not reflect those of my employer depending on the chance it might affect funding, politics, or the setting of the sun. As such these are my opinions you can get your own.

Last edited by selil; 12-27-2008 at 04:16 PM.
selil is offline   Reply With Quote
Old 02-05-2008   #17
AdamG
Council Member
 
AdamG's Avatar
 
Join Date: Dec 2005
Location: Hiding from the Dreaded Burrito Gang
Posts: 2,436
Default

You guys will love this:
http://www.whatdoesitmean.com/index1067.htm
AdamG is offline   Reply With Quote
Old 07-09-2009   #18
marct
Council Member
 
marct's Avatar
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 3,682
Default North Korea behind recent DDOS attacks?

Dark Reading just published a report on the recent DDOS attacks on US and South Korean systems.

Quote:
Supporters of North Korea may be behind a series of denial-of-service attacks that have crippled U.S. and South Korean government Websites during the past five days, a news report says.
source
__________________
Sic Bisquitus Disintegrat...
Marc W.D. Tyrrell, Ph.D.
Institute of Interdisciplinary Studies,
Senior Research Fellow,
The Canadian Centre for Intelligence and Security Studies, NPSIA
Carleton University
http://marctyrrell.com/
marct is offline   Reply With Quote
Old 07-09-2009   #19
Stan
Council Member
 
Stan's Avatar
 
Join Date: Dec 2006
Location: Estonia
Posts: 3,817
Default

Hey Marc,
Just to confirm the article, our State link was down as of late Thursday evening and only began flooding returned emails on Monday morning.

Foxtrotin' bastards
__________________
If you want to blend in, take the bus
Stan is offline   Reply With Quote
Old 07-09-2009   #20
marct
Council Member
 
marct's Avatar
 
Join Date: Aug 2006
Location: Ottawa, Canada
Posts: 3,682
Default

Hey Stan,

Quote:
Originally Posted by Stan View Post
Hey Marc,
Just to confirm the article, our State link was down as of late Thursday evening and only began flooding returned emails on Monday morning.

Foxtrotin' bastards
Yup - looks like the little twerps were following the DDOS attack on Estonia awhile back.
__________________
Sic Bisquitus Disintegrat...
Marc W.D. Tyrrell, Ph.D.
Institute of Interdisciplinary Studies,
Senior Research Fellow,
The Canadian Centre for Intelligence and Security Studies, NPSIA
Carleton University
http://marctyrrell.com/
marct is offline   Reply With Quote
Reply

Bookmarks

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
Russo-Ukraine War 2016 (April-June) davidbfpo Europe 1088 07-01-2016 09:44 PM
The Threat from Swarm Attacks (catch all) davidbfpo Doctrine & TTPs 4 08-07-2012 12:42 PM
USAF Cyber Command (catch all) selil Media, Information & Cyber Warriors 150 03-15-2011 10:50 PM
Attacks in Iraq Down Considerably SWJED Blog Watch 1 01-23-2006 10:33 PM


All times are GMT. The time now is 05:38 AM.


Powered by vBulletin® Version 3.8.9. ©2000 - 2018, Jelsoft Enterprises Ltd.
Registered Users are solely responsible for their messages.
Operated by, and site design 2005-2009, Small Wars Foundation