Discussion in the WSJ about an existing vulnerability.

To add perspective on the degree of vulnerability, please consider assignment 5 from chapter 5 of a college textbook for undergraduates enrolled in an introductory course about computers in society. A great many people are aware of the general methods and procedures involved - though the links to be provided will not include such specifics. It is my contention that such knowledge is pervasive, again as evidenced by the instructor materials at the link below.

LINK (http://www-rohan.sdsu.edu/faculty/giftfire/)

Here's the WSJ article:

LINK (http://online.wsj.com/article/SB123914805204099085.html)

Electricity Grid in U.S. Penetrated by Spies

By SIOBHAN GORMAN

Associated PressRobert Moran monitors an electric grid in Dallas. Such infrastructure grids across the country are vulnerable to cyberattacks.
.
WASHINGTON -- Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

"The Chinese have attempted to map our infrastructure, such as the electrical grid," said a senior intelligence official. "So have the Russians."

The espionage appeared pervasive across the U.S. and doesn't target a particular company or region, said a former Department of Homeland Security official. "There are intrusions, and they are growing," the former official said, referring to electrical systems. "There were a lot last year."

DiscussHow worried are you that a cyberattack could damage U.S. infrastructure?.
Many of the intrusions were detected not by the companies in charge of the infrastructure but by U.S. intelligence agencies, officials said. Intelligence officials worry about cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet.

Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, "If we go to war with them, they will try to turn them on."

Officials said water, sewage and other infrastructure systems also were at risk.

"Over the past several years, we have seen cyberattacks against critical infrastructures abroad, and many of our own infrastructures are as vulnerable as their foreign counterparts, " Director of National Intelligence Dennis Blair recently told lawmakers. "A number of nations, including Russia and China, can disrupt elements of the U.S. information infrastructure."

Officials cautioned that the motivation of the cyberspies wasn't well understood, and they don't see an immediate danger. China, for example, has little incentive to disrupt the U.S. economy because it relies on American consumers and holds U.S. government debt.

But protecting the electrical grid and other infrastructure is a key part of the Obama administration's cybersecurity review, which is to be completed next week. Under the Bush administration, Congress approved $17 billion in secret funds to protect government networks, according to people familiar with the budget. The Obama administration is weighing whether to expand the program to address vulnerabilities in private computer networks, which would cost billions of dollars more. A senior Pentagon official said Tuesday the Pentagon has spent $100 million in the past six months repairing cyber damage.

Overseas examples show the potential havoc. In 2000, a disgruntled employee rigged a computerized control system at a water-treatment plant in Australia, releasing more than 200,000 gallons of sewage into parks, rivers and the grounds of a Hyatt hotel.

Last year, a senior Central Intelligence Agency official, Tom Donohue, told a meeting of utility company representatives in New Orleans that a cyberattack had taken out power equipment in multiple regions outside the U.S. The outage was followed with extortion demands, he said.

The U.S. electrical grid comprises three separate electric networks, covering the East, the West and Texas. Each includes many thousands of miles of transmission lines, power plants and substations. The flow of power is controlled by local utilities or regional transmission organizations. The growing reliance of utilities on Internet-based communication has increased the vulnerability of control systems to spies and hackers, according to government reports.

The sophistication of the U.S. intrusions -- which extend beyond electric to other key infrastructure systems -- suggests that China and Russia are mainly responsible, according to intelligence officials and cybersecurity specialists. While terrorist groups could develop the ability to penetrate U.S. infrastructure, they don't appear to have yet mounted attacks, these officials say.

It is nearly impossible to know whether or not an attack is government-sponsored because of the difficulty in tracking true identities in cyberspace. U.S. officials said investigators have followed electronic trails of stolen data to China and Russia.

Russian and Chinese officials have denied any wrongdoing. "These are pure speculations," said Yevgeniy Khorishko, a spokesman at the Russian Embassy. "Russia has nothing to do with the cyberattacks on the U.S. infrastructure, or on any infrastructure in any other country in the world."

A spokesman for the Chinese Embassy in Washington, Wang Baodong, said the Chinese government "resolutely oppose[s] any crime, including hacking, that destroys the Internet or computer network" and has laws barring the practice. China was ready to cooperate with other countries to counter such attacks, he said, and added that "some people overseas with Cold War mentality are indulged in fabricating the sheer lies of the so-called cyberspies in China."

Utilities are reluctant to speak about the dangers. "Much of what we've done, we can't talk about," said Ray Dotter, a spokesman at PJM Interconnection LLC, which coordinates the movement of wholesale electricity in 13 states and the District of Columbia. He said the organization has beefed up its security, in conformance with federal standards.

In January 2008, the Federal Energy Regulatory Commission approved new protection measures that required improvements in the security of computer servers and better plans for handling attacks.

Last week, Senate Democrats introduced a proposal that would require all critical infrastructure companies to meet new cybersecurity standards and grant the president emergency powers over control of the grid systems and other infrastructure.

Specialists at the U.S. Cyber Consequences Unit, a nonprofit research institute, said attack programs search for openings in a network, much as a thief tests locks on doors. Once inside, these programs and their human controllers can acquire the same access and powers as a systems administrator.

NERC LetterThe North American Electric Reliability Corporation on Tuesday warned its members that not all of them appear to be adhering to cybersecuirty requirements. Read the letter.
.
The White House review of cybersecurity programs is studying ways to shield the electrical grid from such attacks, said James Lewis, who directed a study for the Center for Strategic and International Studies and has met with White House reviewers.

The reliability of the grid is ultimately the responsibility of the North American Electric Reliability Corp., an independent standards-setting organization overseen by the Federal Energy Regulatory Commission.

The NERC set standards last year requiring companies to designate "critical cyber assets." Companies, for example, must check the backgrounds of employees and install firewalls to separate administrative networks from those that control electricity flow. The group will begin auditing compliance in July.

—Rebecca Smith contributed to this article.

FWIW - there are a lot of 'soft' targets in any free society and this is nothing new. We all know what they are - and so do our enemies. ;)

Richard's $.02 :munchin

We constantly make movies about altering the financial market, electrical grids, traffic patterns, water and air ways.....why shouldn't a foreign adversary seek to do this? Hell, we've shown them how.

This is not surprising, but is BAD news.

We, as a society are virtually totally dependent on plentiful, reliable, and cheap electricity.

It would appear that we may not be able to count on it for much longer.

Prudent Americans will start considering alternatives, and making plans.

TR

Prudent Americans will start considering alternatives, and making plans.

Along the lines of what you state, I thought the following blog post on micro-power was interesting...

Resilient communities: Micro Power (http://globalguerrillas.typepad.com/globalguerrillas/2008/10/resilient-commu.html)

EDIT: URL corrected, should work.

Along the lines of what you state, I thought the following blog post on micro-power was interesting...

Resilient Community: Micro-power (http://http://globalguerrillas.typepad.com/globalguerrillas/2008/10/resilient-commu.html)

Bad URL.

TR

This is not surprising, but is BAD news.

We, as a society are virtually totally dependent on plentiful, reliable, and cheap electricity.

It would appear that we may not be able to count on it for much longer.

Prudent Americans will start considering alternatives, and making plans.

TR


TR,

Quite a few people I know have connected an exterior 220v recepticle to their existing breaker panel which they can then run a heavy cable from the generator to the recepticle and thus they have the capability of running their basic needs, refrigerator, gas furnance and possibly a few lights.

Only catch is you 'MUST' shut the breaker off prior to connecting the generator as the feed....and fuel.

How viable an option in your opinion, is a portable 5000 to 6500 watt gas generator as a basic needs electrical source used in this manner for such a senario as is being discussed?

TR,

Quite a few people I know have connected an exterior 220v recepticle to their existing breaker panel which they can then run a heavy cable from the generator to the recepticle and thus they have the capability of running their basic needs, refrigerator, gas furnance and possibly a few lights.

Only catch is you 'MUST' shut the breaker off prior to connecting the generator as the feed....and fuel.

How viable an option in your opinion, is a portable 5000 to 6500 watt gas generator as a basic needs electrical source used in this manner for such a senario as is being discussed?

This may be a common technique, but does not conform to the National Electrical Code, which requires a transfer device which must prevent the simultaneous connection of generator and utility power. This commonly means a separate breaker subpanel in which you put the circuits you plan on powering during an emergency, and a transfer switch that powers the subpanel with either generator power or utility power, but cannot accidentally have both at the same time. These transfer switches can be automatic, switching to generator power when a power failure is detected.

There are a lot of reasons for this, but an important one is to prevent electrocuting an unsuspecting utility worker who is not expecting power to be coming backwards from the house to the pole when he shows up to re-connect your electricity. Another reason is so that you can more easily control the amount of power draw to your generator (in other words, size your subpanel load to your generator capacity) to avoid damaging your generator.

Again, I realize that backfeeding your panel is a common technique, and in theory, if you are that conscientious person who knows enough about electricity and cares enough to do the right procedures ALL THE TIME, it is an OK practice. However, Murphy is always lurking, and someone can get hurt or killed. We all know what bad electrical practices have done to our fellow servicemembers overseas.:(

Not to beat a dead horse, but there are a lot of subtleties to electrical work that may not be obvious to the homeowner or amateur electrician. The reasons behind certain codes or procedures may not be apparent, but most of the time, they are for very good reasons.

TR,

Quite a few people I know have connected an exterior 220v recepticle to their existing breaker panel which they can then run a heavy cable from the generator to the recepticle and thus they have the capability of running their basic needs, refrigerator, gas furnance and possibly a few lights.

Only catch is you 'MUST' shut the breaker off prior to connecting the generator as the feed....and fuel.

How viable an option in your opinion, is a portable 5000 to 6500 watt gas generator as a basic needs electrical source used in this manner for such a senario as is being discussed?

That is the size gas generator I am currently running. I have a large panel with a manual switch that cuts the feed from the utility company and throws power to a second main panel with primarily emergency circuits in it.

I want to upgrade to an LP powered unit though.

Sizing is the real issue. A larger generator running at 50% load burns more energy than a smaller unit at a higher load. I need to total up the load for the circuits I want to energize, like the refrigerator, freezer, microwave, fans, a battery charger bank, selected lights and wall outlets, etc., decide what I can unplug occasionally to throw a heavy load on, like a hot water heater for an hour or so, and determine what size unit I ultimately need.

I would anticipate running it for a few hours in the morning, and a few in the evening, not 24/7. I have enough gas in the vehicles to run the genset on the above part-time schedule for at least a couple of weeks.

Hopefully, a bank of 12v. deep-cycle batteries, with an inverter or two, can provide me with any 24/7 needs and save the generator fuel for the surge periods. I do have a few solar panels, but they are just for recharging AA batteries, and even that is tasking them. When the generator fuel is low, if the emergency has not been resolved, then you could drop back to a very limited load for the battery bank and work to keep it charged.

An idea worth exploring would be a windmill generator, you could fab one up perhaps with a heavy duty vehicle alternator providing supplemental charge power to the battery bank. You could duplicate the system with a bicycle turning a similar generator set up to recharge the batteries if the wind was uncooperative or you needed more power. A hydro-electric generator would work if you have the water source and a water wheel.

Solar cells are currently just too expensive to be practical for anything but remote, low power requirements.

Solar hot water could be viable though.

HTH.

TR

This may be a common technique, but does not conform to the National Electrical Code, which requires a transfer device which must prevent the simultaneous connection of generator and utility power. This commonly means a separate breaker subpanel in which you put the circuits you plan on powering during an emergency, and a transfer switch that powers the subpanel with either generator power or utility power, but cannot accidentally have both at the same time. These transfer switches can be automatic, switching to generator power when a power failure is detected.

There are a lot of reasons for this, but an important one is to prevent electrocuting an unsuspecting utility worker who is not expecting power to be coming backwards from the house to the pole when he shows up to re-connect your electricity. Another reason is so that you can more easily control the amount of power draw to your generator (in other words, size your subpanel load to your generator capacity) to avoid damaging your generator.

Again, I realize that backfeeding your panel is a common technique, and in theory, if you are that conscientious person who knows enough about electricity and cares enough to do the right procedures ALL THE TIME, it is an OK practice. However, Murphy is always lurking, and someone can get hurt or killed. We all know what bad electrical practices have done to our fellow servicemembers overseas.:(

Not to beat a dead horse, but there are a lot of subtleties to electrical work that may not be obvious to the homeowner or amateur electrician. The reasons behind certain codes or procedures may not be apparent, but most of the time, they are for very good reasons.


Very, very true. For most folks a call to 'Licensed Electrician' would be well advised, tell them what you want to do, what you plan on running and they will get you setup safely.

FWIW - there are a lot of 'soft' targets in any free society and this is nothing new. We all know what they are - and so do our enemies. ;)

Richard's $.02 :munchin

Sir, I'm sure you're right. And yet, the great mass of people may not know.

The reason this situation may be a problem requires a bit of background...

A friend and previous colleague created a computer honey-pot - basically, a computer that appears to be part of an active system, but isn't really. Its purpose is to study what hackers do and how they do it - thus, it is completely benign in application. It sits and waits, providing a target for hackers to attack. The system was running an unpatched version of Redhat Linux.

Anyway, it was compromised within 8 hours. Two hackers even attacked each other on the little system. :rolleyes:

The point of interest is that the attacks came (as nearly as anyone could tell) from Romania - but they were routed through a South Korean girl's school. The likely scenario is that the school had an insecure system which the hackers used as an intermediate point in their attack.

And that brings us to the public. There are more and more systems that are connected and active 24/7, and which may be vulnerable to compromise, just as the school was. However, the technical information that might help someone avoid or prevent an attack is seldom discussed anywhere - so the public isn't aware of a potential problem. Of course, the same public often fails to read the manual anyway, so perhaps I'm guilty of over optimism.

And is anyone here naive enough to think we're not working to protect our systems while going after their networks, too? ;)

And in the 'nothing new' category:

Our ODA was on a month-long GW exercise in Northern Arizona in the fall of 1972. Once our G's were ready and we were given some DA missions, one of our targets was a microwave telephone relay atop one of the mountain peaks near Flagstaff. We raided the securely fenced target at O'Dark-thirty without encountering any resistance and left our dummy charges on key components of the facility. The security for the site had been alerted to the increased possibility of sabotage, but not by whom or when. Sometime later, a site security guard stumbled upon one of our charges placed on a large propane tank to power the auxilliary power generators, sounded the alarm, and shut down the facility - causing an NCA level panic - until they located all of our charges and had determined they were not a threat. We made Jack Anderson's column in the Washington Post citing the vulnerability of our electronic communications networks to saboteurs because the destruction of the microwave relay would have cut all such communications between that point and to the W/SW of that point. Because we were in the mountains for a couple of more weeks, we didn't find out about all the foofarah we'd caused - and it was quite considerable - until we were extracted.

As the old saying goes, the more things change...;)

Richard's $.02 :munchin

It seems I have even more to learn than I thought.

Thank you for your patience, and for the story.

And is anyone here naive enough to think we're not working to protect our systems while going after their networks, too? ;)

And in the 'nothing new' category:

Our ODA was on a month-long GW exercise in Northern Arizona in the fall of 1972. Once our G's were ready and we were given some DA missions, one of our targets was a microwave telephone relay atop one of the mountain peaks near Flagstaff. We raided the securely fenced target at O'Dark-thirty without encountering any resistance and left our dummy charges on key components of the facility. The security for the site had been alerted to the increased possibility of sabotage, but not by whom or when. Sometime later, a site security guard stumbled upon one of our charges placed on a large propane tank to power the auxilliary power generators, sounded the alarm, and shut down the facility - causing an NCA level panic - until they located all of our charges and had determined they were not a threat. We made Jack Anderson's column in the Washington Post citing the vulnerability of our electronic communications networks to saboteurs because the destruction of the microwave relay would have cut all such communications between that point and to the W/SW of that point. Because we were in the mountains for a couple of more weeks, we didn't find out about all the foofarah we'd caused - and it was quite considerable - until we were extracted.

As the old saying goes, the more things change...;)

Richard's $.02 :munchin

By any chance, were those dummy charges actually "feminine hygiene" products? While up there in N AZ, did you spend any time in a large barn housing rafts for river running, etc. and associate with a relative of the president of the local state university? Just wonderin'... :)

By any chance, were those dummy charges actually "feminine hygiene" products? While up there in N AZ, did you spend any time in a large barn housing rafts for river running, etc. and associate with a relative of the president of the local state university? Just wonderin'... :)

Nope - sand filled C ration boxes wrapped with friction tape and training M3 push-pull non-electric firing devices with white plastic covered cotton rope (used for clotheslines) for simulated det cord. We wrote "BOOM" with a red marker on the bottom of each of the charges. Looked real - at least the security guards thought so. :D

Richard's $.02 :munchin

We wrote "BOOM" with a red marker on the bottom of each of the charges

That's priceless! :lifter

The only "up" side to this report is that the "attacks" were external. Had then been "internal" I would venture to say some more than a tea-party was afoot.
Then again I believe about 25% of the news I read unless it's verified by multiple sources, then I raise it to 50% believable.

I don't see war with any of the superpowers anytime soon. China is making trillions off the US economy and the last thing Russia wants is another conflict.

That said one of the quickest ways to destabilize a reigning government is to show it's people it has no control of a given situation. Shutting off the power to a major city would do just that......

Want to see some "change" shut off the power to LA or NYC for a week......

Makes me wonder who is really hacking our power grid...

Team Sergeant

More to add to this cauldron of e-fire...;)

Richard's $.02 :munchin

Cyber spying a threat, and everyone is in on it
AP News, 09 Apr 2009

Ghost hackers infiltrating the computers of Tibetan exiles and the U.S. electric grid have pulled the curtain back on 21st-century espionage as nefarious as anything from the Cold War _ and far more difficult to stop.

Nowadays, a hacker with a high-speed Internet connection, knowledge of computer security and some luck can pilfer information thought to be safely ensconced in a digital locker. And the threat is growing, with countries _ including the U.S. _ pointing fingers at each other even as they ramp up their own cyber espionage.

The Pentagon this week said it spent more than $100 million in the last six months responding to damage from cyber attacks and other computer network problems. And the White House is wrapping up a 60-day review of how the government can better use technology to protect everything from the nation's electrical grid and stock markets to tax data, airline flight systems and nuclear launch codes.

In 2008, there were 5,499 known breaches of U.S. government computers with malicious software, according to the Department of Homeland Security. That's up from 3,928 the previous year, and just 2,172 in 2006.

Serious breaches by what are described as "unknown foreign entities" have occurred in recent years in computers at the Departments of Defense, Homeland Security and Commerce, as well as NASA, according to a report by the Center for Strategic and International Studies, a nonpartisan organization in Washington.

The electrical grid might already have been compromised by spies who left behind computer programs that would let them disrupt service, a former U.S. government official told The Associated Press. The official said the sophistication of the attack meant it was almost certainly state-sponsored, but the government does not know its extent because federal officials lack the authority to monitor the entire grid.

"The vulnerability may be bigger than we think," said the official, who asked not to be identified because he was not authorized to discuss details.

It's not just the United States. In 2007, Russian hackers crippled computer networks in Estonia for nearly three weeks. In response, NATO set up an Estonia-based cyber defense center, and announced in April that cyber defense is being incorporated into NATO exercises.

"NATO takes this threat very seriously," Carmen Romero, a NATO representative in Brussels, told the AP. "NATO has to be ready for the new security challenges, and cyber attacks are one of them."

In Germany, experts have been monitoring Chinese cyber espionage since the 1990s. A counterespionage official with Germany's domestic intelligence agency said the country has verified "many hundreds of attacks per year," and that others had likely gone undetected.

"We expect that the attacks we've seen are only the tip of the iceberg," said the official, who spoke on condition of anonymity because of the sensitive nature of the subject. "We follow the attacks to their source, and many come from China."

Governments are not the only targets.

David Livingstone, author of a report on cyber threats by the London-based Chatham House think tank, said cyber espionage is a problem in all sectors _ businesses, government and individuals.

"Anywhere there is attractive intellectual property and anything that is valuable and useful to someone else will be a target," he said.

In fact, the ubiquity of computers and the need to spread information electronically leaves us all vulnerable. Joel Brenner, head of the U.S. Office of the National Counterintelligence Executive, has warned that skilled cyber attackers can remotely turn on the camera on your home computer, convert your cell phone into a listening device, and even convert the earphones of your iPod into microphones.

Gone are the days when spies like American Whittaker Chambers hid microfilm in a hollowed-out pumpkin or Christopher Boyce spirited classified documents away inside a potted plant. Even Aldrich Ames, perhaps the CIA's most notorious double agent, used both hard documents and disks to betray U.S. secrets to Russia.

"Now, you can walk into many corporate and government offices, slip a thumb drive into an open USB port and download in seconds more information than all these traitors stole together," Brenner said in a recent speech on cyber espionage.

You don't even need a thumb drive. By infiltrating the Dalai Lama group's e-mail system with malware, cyber invaders saw nearly everything his monks did, from discussions of protest plans to documents that could have put activists at risk. And the Chinese hackers went even further, infiltrating 1,295 computers in 103 countries.

The information was used to warn foreign officials against meeting with the Dalai Lama, and to stop at least one Tibetan activist at the airport, according to researchers from the Ottawa-based think tank SecDev Group and the University of Toronto's Munk Centre for International Studies.

"People in Tibet may have died as a result," concluded a bleak assessment by computer engineers at Cambridge University in Britain also involved in the case. The Cambridge security experts recommended the exiles keep any sensitive information on computers that are never used to connect to a network, or better yet, use pen and paper.

"We have seen all sorts of attempts to computerize things that should never have been computerized," Ross Anderson, lead author of the Cambridge report, told the AP. "It takes a professor of computer science to have the confidence to say that some things simply should never be put on a computer."

While China's name pops up most in headlines about cyber espionage, experts say Russian hackers are at least as dangerous.

Last summer, in the weeks leading up to the war between Russia and Georgia, Georgian government and corporate Web sites began to see "denial of service" attacks, in which sites are deluged with traffic so as to effectively take them off-line. The Kremlin denied involvement, but a group of independent Western computer experts traced domain names and Web site registration data to conclude that the Russian top security and military intelligence agencies were involved.

"It is, quite simply, implausible that the parallel attacks by land and by cyberspace were a coincidence _ official denials by Moscow notwithstanding," Eka Tkeshelashvili, the head of the Georgia's National Security Council, said in a speech in Washington last month.

China has denied any involvement in the Tibetan attacks and in cyber espionage. Chinese officials note that cyber invaders can use technology to bounce their identities off IP addresses around the world, making it difficult to pinpoint their whereabouts. And they claim the United States maintains a wide technological superiority in cyberspace.

Chen Wenguang, a Chinese computer expert, said any American accusations of Chinese cyber spying are "just another case of a robber crying 'Stop, thief!'"

"I believe that it is the Americans that steal the most secrets," said Chen, assistant director of the computer science department at Beijing's Tsinghua University. Chinese Foreign Ministry spokeswoman Jiang Yu said Tuesday the recent headlines were an attempt to sully the country's image.

U.S. officials acknowledge that even as they step up the nation's digital defense, they are quietly moving forward with an offense. Military officials in Washington said they had established rules for any offensive cyber strike, but would not say if the Pentagon already has pursued cyber warfare operations.

"A good defense also depends on a good offense," said Air Force Gen. Kevin Chilton, who heads U.S. Strategic Command.

http://townhall.com/Common/PrintPage.aspx?g=80b68708-81ed-4d77-b5a8-e21d38b9b832&t=c

Although a certain IT team at an "employer of choice" takes a short-sighted and heavy handed view towards security issues, I agree with the concept that protecting a network's integrity should center around the activities of the end user.

IMHO, what is most needed is approach analogous to the following.

You gun proof the kids, not childproof the guns.


nmap--

What is missing from the story is a discussion of the usage patterns of some of the technicians and engineers in the plants. It wouldn't be the first time that some bored guy in a back room went surfing for this that and the other in the middle of the night.:rolleyes:

Or, as many a morning went in the salt mines "[Sigaba], when's the last FedEx pick up? We got servers coming in this morning that have to go back out TODAY.":cool: One day, one came in with bees in it.

It wouldn't be the first time that some bored guy in a back room went surfing for this that and the other in the middle of the night.

That seems very common. But there is a bigger problem - failure to safeguard the system due to time or lack of knowledge.

It seems there are two species of crackers (in this case, hackers are benign, crackers are those who criminally attack systems). One are the script kiddies, who use a tool to attack systems and have no idea what they're doing. They just poke about until they find a vulnerable system. Another type are much more dangerous. They seek out vulnerabilities, and they truly understand - at a deep level - what they're doing.

As an example, years ago (circa 1995), there was a glaring vulnerability in the Unix email system. The manual was (is?) a thick book - but someone who knew the vulnerability could have their way with a system. Not good. When the vulnerability was discovered, a software patch was generated to protect against that vulnerability. Those who applied the patch were protected - and those who failed to do so weren't. You can imagine what happens if an administrator fails to do those patches.

The home user should make a point of applying software patches too - and not just for his or her own sake.

My apologies if I've belabored the obvious.

And is anyone here naive enough to think we're not working to protect our systems while going after their networks, too? ;)

And in the 'nothing new' category:

Our ODA was on a month-long GW exercise in Northern Arizona in the fall of 1972. Once our G's were ready and we were given some DA missions, one of our targets was a microwave telephone relay atop one of the mountain peaks near Flagstaff. We raided the securely fenced target at O'Dark-thirty without encountering any resistance and left our dummy charges on key components of the facility. The security for the site had been alerted to the increased possibility of sabotage, but not by whom or when. Sometime later, a site security guard stumbled upon one of our charges placed on a large propane tank to power the auxilliary power generators, sounded the alarm, and shut down the facility - causing an NCA level panic - until they located all of our charges and had determined they were not a threat. We made Jack Anderson's column Richard's $.02

I'll guess the first defensive measure directed was "Tell those SF guys they can't do that anymore!"

My apologies if I've belabored the obvious.

To paraphrase a saying oft used by historians, one disregards your posts at their peril. Your guidance on staying up to date with patches is sound.

At times, though, I do wonder if Microsoft's many patches are actually designed to fill up an end-user's hard drive? If the void space is completely filled, there's no room for malware.:p

Regarding the subjects of the electrical generators and so forth discussed earlier, how would one go about learning about such things (like home electricity) and so forth? Would it behoove me to take a few home electric courses at a local college or something?


http://www.bookmarki.com/Electrical-Exam-Study-Guides-s/134.htm

http://www.amazon.com/Electrical-Course-Apprentices-Journeymen-Fourth/dp/0764542001

http://howtowireahouse.com/index.html

We get weekly hacking attempts by China and NKorea. They always trace back to a College lab in one of the big cities but that is probably just a cover. My home PC also gets hit a lot from the same sites but I use the same provider as work........ Funny but it is sorta not funny.:confused:

This is why I keep a hell of a firewall (Hardwars and Software) for all our systems at work and home.....

More to add to this cauldron of e-fire...;)

Richard's $.02 :munchin

Cyber spying a threat, and everyone is in on it
AP News, 09 Apr 2009

Ghost hackers infiltrating the computers of Tibetan exiles and the U.S. electric grid have pulled the curtain back on 21st-century espionage as nefarious as anything from the Cold War _ and far more difficult to stop.

Nowadays, a hacker with a high-speed Internet connection, knowledge of computer security and some luck can pilfer information thought to be safely ensconced in a digital locker. And the threat is growing, with countries _ including the U.S. _ pointing fingers at each other even as they ramp up their own cyber espionage.

The Pentagon this week said it spent more than $100 million in the last six months responding to damage from cyber attacks and other computer network problems. And the White House is wrapping up a 60-day review of how the government can better use technology to protect everything from the nation's electrical grid and stock markets to tax data, airline flight systems and nuclear launch codes.

In 2008, there were 5,499 known breaches of U.S. government computers with malicious software, according to the Department of Homeland Security. That's up from 3,928 the previous year, and just 2,172 in 2006.

Serious breaches by what are described as "unknown foreign entities" have occurred in recent years in computers at the Departments of Defense, Homeland Security and Commerce, as well as NASA, according to a report by the Center for Strategic and International Studies, a nonpartisan organization in Washington.

The electrical grid might already have been compromised by spies who left behind computer programs that would let them disrupt service, a former U.S. government official told The Associated Press. The official said the sophistication of the attack meant it was almost certainly state-sponsored, but the government does not know its extent because federal officials lack the authority to monitor the entire grid.

"The vulnerability may be bigger than we think," said the official, who asked not to be identified because he was not authorized to discuss details.

It's not just the United States. In 2007, Russian hackers crippled computer networks in Estonia for nearly three weeks. In response, NATO set up an Estonia-based cyber defense center, and announced in April that cyber defense is being incorporated into NATO exercises.

"NATO takes this threat very seriously," Carmen Romero, a NATO representative in Brussels, told the AP. "NATO has to be ready for the new security challenges, and cyber attacks are one of them."

In Germany, experts have been monitoring Chinese cyber espionage since the 1990s. A counterespionage official with Germany's domestic intelligence agency said the country has verified "many hundreds of attacks per year," and that others had likely gone undetected.

"We expect that the attacks we've seen are only the tip of the iceberg," said the official, who spoke on condition of anonymity because of the sensitive nature of the subject. "We follow the attacks to their source, and many come from China."

Governments are not the only targets.

David Livingstone, author of a report on cyber threats by the London-based Chatham House think tank, said cyber espionage is a problem in all sectors _ businesses, government and individuals.

"Anywhere there is attractive intellectual property and anything that is valuable and useful to someone else will be a target," he said.

In fact, the ubiquity of computers and the need to spread information electronically leaves us all vulnerable. Joel Brenner, head of the U.S. Office of the National Counterintelligence Executive, has warned that skilled cyber attackers can remotely turn on the camera on your home computer, convert your cell phone into a listening device, and even convert the earphones of your iPod into microphones.

Gone are the days when spies like American Whittaker Chambers hid microfilm in a hollowed-out pumpkin or Christopher Boyce spirited classified documents away inside a potted plant. Even Aldrich Ames, perhaps the CIA's most notorious double agent, used both hard documents and disks to betray U.S. secrets to Russia.

"Now, you can walk into many corporate and government offices, slip a thumb drive into an open USB port and download in seconds more information than all these traitors stole together," Brenner said in a recent speech on cyber espionage.

You don't even need a thumb drive. By infiltrating the Dalai Lama group's e-mail system with malware, cyber invaders saw nearly everything his monks did, from discussions of protest plans to documents that could have put activists at risk. And the Chinese hackers went even further, infiltrating 1,295 computers in 103 countries.

The information was used to warn foreign officials against meeting with the Dalai Lama, and to stop at least one Tibetan activist at the airport, according to researchers from the Ottawa-based think tank SecDev Group and the University of Toronto's Munk Centre for International Studies.

"People in Tibet may have died as a result," concluded a bleak assessment by computer engineers at Cambridge University in Britain also involved in the case. The Cambridge security experts recommended the exiles keep any sensitive information on computers that are never used to connect to a network, or better yet, use pen and paper.

"We have seen all sorts of attempts to computerize things that should never have been computerized," Ross Anderson, lead author of the Cambridge report, told the AP. "It takes a professor of computer science to have the confidence to say that some things simply should never be put on a computer."

While China's name pops up most in headlines about cyber espionage, experts say Russian hackers are at least as dangerous.

Last summer, in the weeks leading up to the war between Russia and Georgia, Georgian government and corporate Web sites began to see "denial of service" attacks, in which sites are deluged with traffic so as to effectively take them off-line. The Kremlin denied involvement, but a group of independent Western computer experts traced domain names and Web site registration data to conclude that the Russian top security and military intelligence agencies were involved.

"It is, quite simply, implausible that the parallel attacks by land and by cyberspace were a coincidence _ official denials by Moscow notwithstanding," Eka Tkeshelashvili, the head of the Georgia's National Security Council, said in a speech in Washington last month.

China has denied any involvement in the Tibetan attacks and in cyber espionage. Chinese officials note that cyber invaders can use technology to bounce their identities off IP addresses around the world, making it difficult to pinpoint their whereabouts. And they claim the United States maintains a wide technological superiority in cyberspace.

Chen Wenguang, a Chinese computer expert, said any American accusations of Chinese cyber spying are "just another case of a robber crying 'Stop, thief!'"

"I believe that it is the Americans that steal the most secrets," said Chen, assistant director of the computer science department at Beijing's Tsinghua University. Chinese Foreign Ministry spokeswoman Jiang Yu said Tuesday the recent headlines were an attempt to sully the country's image.

U.S. officials acknowledge that even as they step up the nation's digital defense, they are quietly moving forward with an offense. Military officials in Washington said they had established rules for any offensive cyber strike, but would not say if the Pentagon already has pursued cyber warfare operations.

"A good defense also depends on a good offense," said Air Force Gen. Kevin Chilton, who heads U.S. Strategic Command.

http://townhall.com/Common/PrintPage.aspx?g=80b68708-81ed-4d77-b5a8-e21d38b9b832&t=c

The other bit of good news is that at least we've got sharp enough people somewhere to figure out we've been exploited. Same goes for a similar exploitation many on here will recall involving the ubiquitous thumb drive.

I have three particular hopes:

1. That we're similarly exploiting their infrastructural vulnerabilities (although it's hard to imagine current POTUS approving things like that).

2. That in some control room, somewhere, there is a switch labeled "ACTIVATE MANUAL BACKUP SYSTEM"

3. As TR said, that people are taking their own precautions (recalling that I'm expecting this from the same John-Q-Publics that produced disaster awareness hits like Katrina, again.... hard to imagine).

One can always hope.

Regarding cyber-espionage in general:

It is certainly true that today cyber-spies are collecting more data in seconds than some of the history's most notorious spies accumulated over a career.

But data is not information until it has been analyzed and vetted. I wonder sometimes if the sheer volumes of information does not become its own problem for these agencies.

When Aldrich Ames produced a microfilm, there were an army of analysts waiting on it.

I suspect in China these days, that for each quality analyst there are thousands of terrabytes of data to be scrubbed and analyzed (if estimates of their collection are accurate). One wonders whether or not in spite of the quantity collected, the quality of the end analysis is really any better.

I have a feeling this news was released to gain public support for the "Cybersecurity Act of 2009" (http://cdt.org/security/CYBERSEC4.pdf"), that is comprised of two bills, and will be voted on in the Senate soon.

S.773 (http://www.opencongress.org/bill/111-s773/show)
A bill to ensure the continued free flow of commerce within the United States and with its global trading partners through secure cyber communications, to provide for the continued development and exploitation of the Internet and intranet communications for such purposes, to provide for the development of a cadre of information technology specialists to improve and maintain effective cybersecurity defenses against disruption, and for other purposes.

S.778 (http://www.opencongress.org/bill/111-s778/show)
A bill to establish, within the Executive Office of the President, the Office of National Cybersecurity Advisor.

It is the result of:
20 (7) The Cyber Strategic Inquiry 2008, sponsored by Business Executives for National Security and executed by Booz Allen Hamilton, recommended to ‘‘establish a single voice for cybersecurity within government’’ concluding that the ‘‘unique nature of cybersecurity requires a new leadership paradigm.’’ "(p.4/51)" (http://cdt.org/security/CYBERSEC4.pdf")

The bills have gotten some criticism:

"Center for Democracy and Technology" (http://cdt.org/"):
"A cybersecurity bill introduced today in the Senate would give the federal government extraordinary power over private sector Internet services, applications and software. The Cybersecurity Act of 2009 would, for example, give the President unfettered power to shut down Internet traffic in emergencies or disconnect any critical infrastructure system or network on national security grounds. The bill would grant the Commerce Department the ability to override all privacy laws to access any information about Internet usage in connection with a new role in tracking cybersecurity threats. The bill, introduced by Sens. John Rockefeller and Olympia Snowe, would also give the government unprecedented control over computer software and Internet services, threatening innovation, freedom and privacy. CDT President and CEO Leslie Harris said, "The cybersecurity threat is real, but such a drastic federal intervention in private communications technology and networks could harm both security and privacy."

Larry Seltzer, Editor of "eWeek" (http://securitywatch.eweek.com/index.html")(an Internet and print news source on technology issues), wrote:
"The whole thing smells bad to me, I don't like the chances of the government improving this situation by taking it over generally, and I definitely don't like the idea of politicizing this authority by putting it in the direct control of the president.
What are the critical infrastructure networks? The examples provided are 'banking, utilities, air/rail/auto traffic control, telecommunications.'
Let's think about this, I'm especially curious as to how you take the telecommunications networks off of the Internet when they are, in large part, what the Internet is comprised of. And if my bank were taken offline, I would think about going into my branch and asking for all of my deposits in cash."

I'm for hacking into the system and setting all the IRS computers to porn streaming from the Fiji Islands at $3.95/min whenever those size 2 hats start them up to view with our 1040s! ;)

Richard's $.02 :munchin

I'm for hacking into the system and setting all the IRS computers to porn streaming from the Fiji Islands at $3.95/min whenever those size 2 hats start them up to view with our 1040s! ;)

Richard's $.02 :munchin

Richard.

That is priceless and made me LMAO.................:lifter

GB TFS :munchin

I'm for hacking into the system and setting all the IRS computers to porn streaming from the Fiji Islands at $3.95/min whenever those size 2 hats start them up to view with our 1040s! ;)

Richard's $.02 :munchin

And how, praytell, do you know about this "porn streaming from the Fiji Islands at $3.95/min"??? :D

And how, praytell, do you know about this "porn streaming from the Fiji Islands at $3.95/min"??? :D

A surprise addendum to our telephone bill one month when my teenaged sons were getting up in the middle of the night and cruising the WWWs back alleys. It cost them over $400 and their computer privileges until they paid the bill. :D

It may even be more per minute now - that was over 8 years ago and I haven't seen such a bill since. ;)

Richard's $.02 :munchin

A surprise addendum to our telephone bill one month when my teenaged sons were getting up in the middle of the night and cruising the WWWs back alleys. It cost them over $400 and their computer privileges until they paid the bill. :D

It may even be more per minute now - that was over 8 years ago and I haven't seen such a bill since. ;)

Richard's $.02 :munchin

My younger daughter learned that lesson by way of AOL back around '95 when it was cost bucks after your relatively short "free" time ended. No more leaving it on and open while you watch TV or do homework! Kids... ya gotta love 'em! :)

A surprise addendum to our telephone bill one month when my teenaged sons were getting up in the middle of the night and cruising the WWWs back alleys. It cost them over $400 and their computer privileges until they paid the bill. :D

It may even be more per minute now - that was over 8 years ago and I haven't seen such a bill since. ;)

Richard's $.02 :munchin


Boy's will be Boys wont they..........:eek:
It will give you something to bring up in the moment later in life as when you need to embarrass them......

...bump

No surprises here.....


SAN FRANCISCO (AP) -- Computer-security researchers say new "smart" meters that are designed to help deliver electricity more efficiently also have flaws that could let hackers tamper with the power grid in previously impossible ways.

At the very least, the vulnerabilities open the door for attackers to jack up strangers' power bills. These flaws also could get hackers a key step closer to exploiting one of the most dangerous capabilities of the new technology, which is the ability to remotely turn someone else's power on and off.

The attacks could be pulled off by stealing meters - which can be situated outside of a home - and reprogramming them. Or an attacker could sit near a home or business and wirelessly hack the meter from a laptop, according to Joshua Wright, a senior security analyst with InGuardians Inc. The firm was hired by three utilities to study their smart meters' resistance to attack.

These utilities, which he would not name, have already done small deployments of smart meters and plan to roll the technology out to hundreds of thousands of power customers, Wright told The Associated Press.

There is no evidence the security flaws have been exploited, although Wright said a utility could have been hacked without knowing it. InGuardians said it is working with the utilities to fix the problems.

Power companies are aggressively rolling out the new meters. In the U.S. alone, more than 8 million smart meters have been deployed by electric utilities and nearly 60 million should be in place by 2020, according to a list of publicly announced projects kept by The Edison Foundation, an organization focused on the electric industry.

Unlike traditional electric meters that merely record power use - and then must be read in person once a month by a meter reader - smart meters measure consumption in real time. By being networked to computers in electric utilities, the new meters can signal people or their appliances to take certain actions, such as reducing power usage when electricity prices spike.

But the very interactivity that makes smart meters so attractive also makes them vulnerable to hackers, because each meter essentially is a computer connected to a vast network.

There are few public studies on the meters' resistance to attack, in part because the technology is new. However, last summer, Mike Davis, a researcher from IOActive Inc., showed how a computer worm could hop between meters in a power grid with smart meters, giving criminals control over those meters.

Alan Paller, director of research for the SANS Institute, a security research and training organization that was not involved in Wright's work with InGuardians, said it proved that hacking smart meters is a serious concern.

"We weren't sure it was possible," Paller said. "He actually verified it's possible. ... If the Department of Energy is going to make sure the meters are safe, then Josh's work is really important."

SANS has invited Wright to present his research Tuesday at a conference it is sponsoring on the security of utilities and other "critical infrastructure."

Industry representatives say utilities are doing rigorous security testing that will make new power grids more secure than the patchwork system we have now, which is already under hacking attacks from adversaries believed to be working overseas.

"We know that automation will bring new vulnerabilities, and our task - which we tackle on a daily basis - is making sure the system is secure," said Ed Legge, spokesman for Edison Electric Institute, a trade organization for shareholder-owned electric companies.

But many security researchers say the technology is being deployed without enough security probing.

Wright said his firm found "egregious" errors, such as flaws in the meters and the technologies that utilities use to manage data from meters. "Even though these protocols were designed recently, they exhibit security failures we've known about for the past 10 years," Wright said.

He said InGuardians found vulnerabilities in products from all five of the meter makers the firm studied. He would not disclose those manufacturers.

One of the most alarming findings involved a weakness in a communications standard used by the new meters to talk to utilities' computers.

Wright found that hackers could exploit the weakness to break into meters remotely, which would be a key step for shutting down someone's power. Or someone could impersonate meters to the power company, to inflate victims' bills or lower his own. A criminal could even sneak into the utilities' computer networks to steal data or stage bigger attacks on the grid.

Wright said similar vulnerabilities used to be common in wireless Internet networking equipment, but have vanished with an emphasis on better security.

For instance, the meters encrypt their data - scrambling the information to hide it from outsiders. But the digital "keys" needed to unlock the encryption were stored on data-routing equipment known as access points that many meters relay data to. Stealing the keys lets an attacker eavesdrop on all communication between meters and that access point, so the keys instead should be kept on computers deep inside the utilities' networks, where they would be safer.

"That lesson seems to be lost on these meter vendors," he said. That speaks to the "relative immaturity" of the meter technology, Wright added.

Critical infrastructure hacks....

I expect (reports of) these will continue.

Should there be some determination (doubtful if it would be public) it is unsurprising. The systems are not designed to a level of resiliency expected of WAN and LAN deployments where there is considered to be some motivation for an attack.

:munchin

Posted at 12:44 PM ET, 11/18/2011

Foreign hackers targeted U.S. water plant in apparent malicious cyber attack, expert says

By Ellen Nakashima

Foreign hackers caused a pump at an Illinois water plant to fail last week, according to a preliminary state report. Experts said the cyber-attack, if confirmed, would be the first known to have damaged one of the systems that supply Americans with water, electricity and other essentials of modern life.

Companies and government agencies that rely on the Internet have for years been routine targets of hackers, but most incidents have resulted from attempts to steal information or interrupt the functioning of Web sites. The incident in Springfield, Ill., would mark a departure because it apparently caused physical destruction.

Federal officials confirmed that the FBI and the Department of Homeland Security were investigating damage to the water plant but cautioned against concluding that it was necessarily a cyber-attack before all the facts could be learned. “At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety,” said DHS spokesman Peter Boogaard.

Full story here (http://www.washingtonpost.com/blogs/checkpoint-washington/post/foreign-hackers-broke-into-illinois-water-plant-control-system-industry-expert-says/2011/11/18/gIQAgmTZYN_blog.html)

I bought my wife one of these for emergency power...

Critical infrastructure hacks....

Should there be some determination (doubtful if it would be public) it is unsurprising. The systems are not designed to a level of resiliency expected of WAN and LAN deployments where there is considered to be some motivation for an attack.



Update...funny... The headline is misleading...if it was "false" then it was NOT a cyber attack.... And "blamed"....really??


U.S. contractor blamed for false cyberattack
Friday - 12/2/2011, 6:53am ET
By CARLA K. JOHNSON
Associated Press

CHICAGO (AP) - Mystery solved. A reported cyberattack on a water district in central Illinois turned out to be a false alarm set off when an American contractor logged onto the system remotely while vacationing in Russia.

Jim Mimlitz of suburban St. Louis says he hopes he'll be able to laugh about it someday. For now, the contractor is puzzled. Why didn't terrorism investigators pick up the phone and call him? He says he could have straightened out the matter quickly.

Instead, investigators assumed someone had stolen Mimlitz' password and hacked into the system from Russia, causing a water pump to shut down five months later. A blogger spread word of the possible hack, touching off a minor panic

Link here (http://www.federalnewsradio.com/?nid=241&sid=2654141)

They are still investigating the incident in South Houston and one other: https://www.infosecisland.com/blogview/18450-FBI-Three-Cities-Compromised-via-SCADA-Networks.html


On a side note, a recent report from Pike Research on the state of cyber-security in the Utility sector, a good read, but take with a grain(or two) of salt.

http://www.pikeresearch.com/wordpress/wp-content/uploads/2011/11/UCS-11-Pike-Research.pdf