America’s Cyber Vulnerabilities

ISTOCK.COM/MONSITJ

 

Cyber is the newest branch of warfare. Even in its baby stages, it has the potential to cripple the United States.

On the afternoon of Dec. 23, 2015, Ukrainian engineers from a Prykarpattya Oblenergo power station stared at a computer screen while the cursor progressed on its own across the monitor. The mouse on the table had not moved. But the cursor hovered over the station’s breakers, each one controlling power to thousands of Ukrainian citizens. Then, with one mouse click at a time, the hackers now in control of the power station began shutting off power to hundreds of thousands of Ukrainians.

At the same time, Kyivoblenergo employees watched as dozens of substations shut down, one by one. In their case, there was no phantom mouse. A computer on their network that they could not locate was being used by someone to shut down the power—and there was nothing they could do. Continue reading →

Russian hackers plan new attacks on Western military and civil infrastructure

A spokesman for the Russian Federal Security Service told SCMagazineUK.com that Russian hacker groups Energetic Bear, Dragonfly and some others are considering engaging their activities against selected Western countries. The current financial crisis in Russia, seen locally as having been caused by Western sanctions, has resulted in massive job cuts in the Russian IT industry, which in turn has resulted in an increase in the number of hacker groups in Russia. Continue reading →

Smart cities the world over ripe for hacking, expert says

So-called smart cities, with wireless sensors controlling everything from traffic lights to water management, may be vulnerable to cyberattacks, according to a computer security expert.

Last year, Cesar Cerrudo, an Argentine security researcher and chief technology officer at IOActive Labs, demonstrated how 200,000 traffic control sensors installed in major hubs like Washington, New York, Melbourne and Lyon were vulnerable to attack. Mr. Cerrudo showed how information coming from these sensors could be intercepted from 1500 feet away — or even by drone — because one company had failed to encrypt its traffic.

Just last Saturday, Mr. Cerrudo tested the same traffic sensors in San Francisco and found that, one year later, they were still not encrypted. Continue reading →

‘Dragonfly’ virus strikes U.S. power plants

WASHINGTON – U.S. and European energy companies have become the target of a “Dragonfly” virus out of Eastern Europe that goes after energy grids, major electricity generation firms, petroleum pipelines operators and energy industrial equipment providers.

Unearthed by the cyber security firm Symantec, Dragonfly has been in operation since at least 2011. Its malware software allows its operators to not only monitor in real time, but also disrupt and even sabotage wind turbines, gas pipelines and power plants – all with the click of a computer mouse.

The attacks have disrupted industrial control system equipment providers by installing the malware during downloaded updates for computers running the ICS equipment. Continue reading →