PDA

View Full Version : Cyber Attack on US Infrastructure


Frenzy
11-19-2011, 05:56 PM
This level of hacking is worrysome.

U.S. probes cyber attack on water system (http://news.yahoo.com/u-investigates-cyber-attack-water-system-201719205.html)
By Jim Finkle | Reuters

(Reuters) - Federal investigators are looking into a report that hackers managed to remotely shut down a utility's water pump in central Illinois last week, in what could be the first known foreign cyber attack on a U.S. industrial system.

The November 8 incident was described in a one-page report from the Illinois Statewide Terrorism and Intelligence Center, according to Joe Weiss, a prominent expert on protecting infrastructure from cyber attacks.

The attackers obtained access to the network of a water utility in a rural community west of the state capital Springfield with credentials stolen from a company that makes software used to control industrial systems, according to the account obtained by Weiss. It did not explain the motive of the attackers.

He said that the same group may have attacked other industrial targets or be planning strikes using credentials stolen from the same software maker.

The U.S. Department of Homeland Security and the Federal Bureau of Investigation are examining the matter, said DHS spokesman Peter Boogaard.
"At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety," he said, declining to elaborate further. An FBI spokesman in Illinois did not return phone calls seeking comment.

SCADA SECURITY

Cyber security experts said that the reported attack highlights the risk that attackers can break into what is known as Supervisory Control and Data Acquisition (SCADA) systems. They are highly specialized computer systems that control critical infrastructure -- from water treatment facilities, chemicals plants and nuclear reactors to gas pipelines, dams and switches on train lines.

The issue of securing SCADA systems from cyber attacks made international headlines last year after the mysterious Stuxnet virus attacked a centrifuge at a uranium enrichment facility in Iran. Many experts say that was a major setback for Iran's nuclear weapon's program and attribute the attack to the United States and Israel.

In 2007, researchers at the U.S. government's Idaho National Laboratories identified a vulnerability in the electric grid, demonstrating how much damage a cyber attack could inflict on a large diesel generator. (To see video that was leaked to CNN: http://www.youtube.com/watch?v=fJyWngDco3g)

Lani Kass, who retired in September as senior policy adviser to the chairman of the U.S. Joint Chiefs of Staff, said the United States should take the possibility of a cyber attack seriously.
"The going in hypothesis is always that it's just an incident or coincidence. And if every incident is seen in isolation, it's hard -- if not impossible -- to discern a pattern or connect the dots," Kass told Reuters.

"Failure to connect the dots led us to be surprised on 9/11," she said, describing the September 11, 2001 hijacking attacks as a prime example in which authorities dismissed indicators of an impending disaster and were caught unaware.
Representative Jim Lanvevin, a Democrat from Rhode Island, said that the report of the attack highlighted the need to pass legislation to improve cyber security of the U.S. critical infrastructure.

"The stakes are too high for us to fail, and our citizens will be the ones to suffer the consequences of our inaction," he said in a statement.

ILLINOIS ATTACK

Several media reports identified the location of the attack as Springfield. City officials said that was inaccurate.

Don Craven, a lawyer and a trustee for the Curran-Gardner Township Public Water District, said late on Friday that the small water utility was aware that "something happened" but that he did not have much information on the matter.

"We are aware there may have been a successful or unsuccessful attempt to hack into the system," Craven said by telephone from his Springfield, Illinois, office.

"It came through a software system that's used to remotely access the pumps," he said. "A pump is burned out."

The district serves some 2,200 customers in a rural district West of Springfield. He said there was no interruption in service as the utility operates multiple pumps and wells. Its water comes from an aquifer underneath the Sangamon River.
Craven said he did not know what software at the utility was involved but said he was confident that no customer records were compromised. He said he was mystified as to the reason hackers might have targeted the tiny district.

The general manager of the utility has not returned messages.

OTHER ATTACKS?

Quoting from the one-page report, Weiss said it was not yet clear whether other networks had been hacked as a result of the breach at the U.S. software maker.

He said the manufacturer of that software keeps login credentials to the networks of its customers so that its staff can help them support those systems.

"An information technology services and computer repair company checked the computer logs of the system and determined the computer had been hacked into from a computer located in Russia," Weiss quoting from the report in a telephone interview with Reuters.

Workers at the targeted utility in central Illinois on November 8 noticed problems with SCADA systems which manages the water supply system, and discovered that a water pump had been damaged, said Weiss, managing partner of Applied Control Solutions in Cupertino, California.

(Reporting by Jim Finkle in Boston; Additional reporting by Jim Wolf, Andrew Stern, Diane Bartz and Andrea Shalal-Esa; Editing by Bernard Orr and Jonathan Thatcher)

Most people in disaster-prone areas typically stock up a couple days worth of critical supplies (food, water, gasoline, medicines, fuel, etc.) What happens when your sewer goes offline? It usually isn't anywhere near as redundant as potable water supplies, so disruptions will last longer.

Looks like they need to add Latrine-digging to safety classes....

Davian93
11-19-2011, 06:12 PM
This level of hacking is worrysome.



Most people in disaster-prone areas typically stock up a couple days worth of critical supplies (food, water, gasoline, medicines, fuel, etc.) What happens when your sewer goes offline? It usually isn't anywhere near as redundant as potable water supplies, so disruptions will last longer.

Looks like they need to add Latrine-digging to safety classes....

Digging a cathole is pretty straight forward. Also, I have a septic system so I dont care either way...a small part of why I live where I live is I want to be self-sufficient for many things (water, heat, sewer, etc) and I have a few weeks of rations in my basement.


Also, as far as hacking goes, DHS has approximately 20,000 hacking attempts against their intranet every single day. Any future conflict between 1st world powers will involve a ton of cyber attacks, asymmetric attacks on infrastructure and economic databases.

Khoram
11-19-2011, 09:49 PM
Also, as far as hacking goes, DHS has approximately 20,000 hacking attempts against their intranet every single day. Any future conflict between 1st world powers will involve a ton of cyber attacks, asymmetric attacks on infrastructure and economic databases.

THAT'S reassuring. -_-

GonzoTheGreat
11-20-2011, 03:52 AM
THAT'S reassuring. -_-Third world powers are less vulnerable to this, on account of not having any actual, you know, infrastructure. But they could still manage to have just enough skilled hackers in their employ. Think about that next time someone suggests attacking Iran or North Korea.

Sinistrum
11-20-2011, 10:56 AM
Why is this a big deal? If our sanitation system breaks down we can all just go crap in the park like the rest of the "99%."

Davian93
11-20-2011, 11:19 AM
Why is this a big deal? If our sanitation system breaks down we can all just go crap in the park like the rest of the "99%."

That could create a crap gap between us and the Soviets...we can't allow that. Considering we're already looking at a mine shaft gap and all.

Sei'taer
11-20-2011, 11:28 AM
IMO, this is a waste of resources. I could do the same thing without ever touching a computer. Granted, it'd be easier to do in the water system of some communities, but it could still be done fairly simply.

Davian93
11-20-2011, 11:29 AM
IMO, this is a waste of resources. I could do the same thing without ever touching a computer. Granted, it'd be easier to do in the water system of some communities, but it could still be done fairly simply.

Yeah but Die Hard 4 made me think the computer way is way cooler. It also taught me that all we need to stop such attacks is to contact Silent Bob.

yks 6nnetu hing
11-21-2011, 06:29 AM
This level of hacking is worrysome.



Most people in disaster-prone areas typically stock up a couple days worth of critical supplies (food, water, gasoline, medicines, fuel, etc.) What happens when your sewer goes offline? It usually isn't anywhere near as redundant as potable water supplies, so disruptions will last longer.

Looks like they need to add Latrine-digging to safety classes....

Sounds a lot like a counter-attack for Stuxnet (http://en.wikipedia.org/wiki/Stuxnet) which is widely speculated to have originated in Israel, with US backing. Can't prove anything of course, but it DID set the Iranian Nuclear program back considerably.

In other news, US has joined the NATO Cyber Defence center (http://www.ccdcoe.org/) as a full member rather than observer, I believe last week, and there has been at least one large-scale training operation for NATO heads of state in case something like this happens. So basically, what to do if a cyber attack shuts down your infrastructure, financial facilities and communication? Starting from ATM machines and traffic lights and ending with the government websites, major media outlets and the emergency services' systems.

The biggest problem in US but also other larger countries is that there is no real cooperation between the government and businesses in the case of an emergency. This means that one hand does not know what the other is doing and therefore the perps often have an access through a back door, seeing as most of the time the systems are integrated and so if the gonvernment takes some defencive measures they're only covering their area.

Thing is though, the vast majority of the cyber attacks are fairly "benign" in the sense that all they want is to hijack your computer to send really annoying advertisements or spam-mail. In order to reach a result that actually switches off or disrupts infrastructure, the code needs to be very advanced, which means someone must put considerable effort and money into creating it.

The most common response you get when something like this happens is "we need to shut off the Internet and censor everything" which - in reality - is not possible unless you're willing to turn your country into North Korea and really isolate yourelf from EVERYTHING. You can't really solve this problem unilaterally or by just clamping down on everything that happens online. You need cooperation internationally and you need cooperation domestically.

Uno
11-21-2011, 03:02 PM
What it reminds me of are those mysterious instances of rather insignificant small-scale sabotage at various places in Europe during the cold war. I know people in military intelligence were pretty sure they knew who was behind those.

tworiverswoman
11-23-2011, 12:51 PM
It sounds like "working up exercises" to me - like whoever is doing it is just checking out the process someplace where it will barely be noticed. And yeah, that sounds really worrying.

My husband and I were looking at the road system here on Oahu and noticing that it would only take about two significant bombings to completely cut the west end of the island off from the rest of the place. Whoever designed our traffic system was a serious isolationist - there's usually only two routes to ANYWHERE, and sometimes they cross each other - a perfect place to mess things up.

As a country, we're not really very defensible from outside attack.

Davian93
11-23-2011, 01:18 PM
That's why we have a Navy that's 10 times larger than anyone else and at least twice as big as every other Navy combined. We dont need to be defensable against such attacks.

Of course now DHS is saying the water system wasn't hacked by foreigners:

http://www.msnbc.msn.com/id/45409799/ns/technology_and_science-security/

Khoram
11-23-2011, 01:26 PM
"DHS and FBI have concluded that there was no malicious traffic from Russia or any foreign entities, as previously reported," DHS spokesman Chris Ortman said in an emailed statement.

Why specifically call out the Russians? Don't you have more to worry about from the North Koreans? It just doesn't make sense to me.

Wait, the Russians are Communist. Silly me. :rolleyes:

Davian93
11-23-2011, 01:54 PM
Why specifically call out the Russians? Don't you have more to worry about from the North Koreans? It just doesn't make sense to me.

Wait, the Russians are Communist. Silly me. :rolleyes:

It ain't the North Koreans who are rearing their heads...

http://4.bp.blogspot.com/_BYX14125JUQ/SNw1B0UyNwI/AAAAAAAAGNs/6cdl1Om9SqU/s400/Putin_Rears_His_Head.jpg

Khoram
11-23-2011, 02:52 PM
It ain't the North Koreans who are rearing their heads...

http://4.bp.blogspot.com/_BYX14125JUQ/SNw1B0UyNwI/AAAAAAAAGNs/6cdl1Om9SqU/s400/Putin_Rears_His_Head.jpg
Makes perfect sense. XD

GonzoTheGreat
11-24-2011, 03:56 AM
Well, it does make sense that it doesn't come from the Russians (or some other type of foreigners).

Who uses the American toilets most? Americans.
What do they use them for? To flush away drugs when the police bashes in the doors.
So who has most to gain by shutting down all US sewers? The cops. That way, it's far easier for them to get the evidence they need.

yks 6nnetu hing
11-24-2011, 04:08 AM
Why specifically call out the Russians? Don't you have more to worry about from the North Koreans? It just doesn't make sense to me.

Wait, the Russians are Communist. Silly me. :rolleyes:

Where the traffic is coming from isn't necessarily the same as "who's organizing the attack", it's more an indication on which countries have the most infected (read: hijacked to take part in a botnet) computers.