A new piece of industrial control malware has been discovered. Dubbed SFG, Sentinel One Labs discovered the piece on the information networks of a yet-unnamed European energy company.
It appears quite sophisticated. It not only collects information on the infected system but opens a backdoor through which a destructive payload could be launched, “to potentially shut down an energy grid”. Continue reading
Something that has been warned about here since 2011. This is not limited to just Ukraine, but a very vulnerable America as well.
Late last year, the media reported on the co-ordinated, multi-faceted attack on the Supervisory Control and Data Acquisition (SCADA) systems used by a Ukrainian power company. These plunged the homes of more than 80,000 people into darkness at Christmas, sparking international interest and condemnation. Continue reading
The location of the utility has not been revealed and its name has been changed in Verizon’s report, but given the fact of Verizon’s involvement, this likely happened in the U.S. — all the other incidents discussed in the report linked in The Register’s article took place in America. And we know that jihadis have long wanted to poison the water supply. As far back as 2002, the feds arrested two jihadis who were carrying plans about how to poison water supplies. In 2003, al-Qaeda threatened to poison water supplies in Western countries. In 2011, a jihadi in Spain likewise planned to poison water supplies.
And in May 2013, seven Muslim “chemical engineers” were caught trespassing at the Quabbin Reservoir, a key supply of water for Boston, after midnight. Only months later and indirectly did we hear that it was a “criminal matter.” A month later, locks were cut at the aqueduct that supplies water to Greater Boston. Continue reading
For more information on SCADAs, their vulnerabilities and exploitations, please see the SCADA tag.
An example article showing American vulnerability to SCADA attacks:
Several attacks have already taken place against regional power plants in Ukraine, resulting in several short-term blackouts in December 2015. It was the first recorded case of power outages being caused by cyber attacks and originated from a type of malware known as BlackEnergy.
It is not clear who was behind the attacks but a military spokesperson stated last week that they were originating from Russia. Another type of malware has since been discovered by investigators looking into the December cyber attacks, although researchers say it is impossible to know how many systems are currently at risk. Continue reading
Rail networks aren’t the only thing that can be hacked into via SCADA vulnerabilities. Medicine and medication dosages can be altered, contaminate water systems, overflow sewage systems, and the food industry can produce contaminated or poisonous food. These are only but a few of the real risks and dangers America faces — and will likely come under attack from.
For more on SCADAs, please click HERE to view the topic.
Here is one such example post:
There doesn’t even need to be any hackers involved. Nine substations being taken out will send America back into the stone ages and claim upwards of 9 out of 10 American lives. That’s how safe the U.S. electrical grid is. The electrical grid in central California has already been attacked with sniper rifles in what’s likely a dry run. It was reported an entire year later after the incident, then whitewashed as a non-threat.
As for the rest of the infrastructure, control of SCADAs is key — something China and Russia likely can manipulate. From there, sewage systems could be forced to flood the streets and medication dosages for the sick and elderly could be manipulated.
The terror group’s hackers have attempted cyberattacks in the U.S., but aren’t skilled enough to succeed, the FBI said. Still, though, ISIL may have the cash to fund cyberattacks on U.S. targets.
“Strong intent. Thankfully, low capability,” John Riggi, a section chief in the FBI’s cyber division, told CNN. “But the concern is that they’ll buy that capability.” Continue reading
How many times can a nation be warned, yet still do next to nothing to neutralize the threat, before an attack or natural disaster actually happens? For more on the SCADA systems, see HERE and HERE. Imagine, for example, Russian or Chinese hackers being able to control dosage levels of medications for patients in America, without America knowing. The threat is real.
A former CIA director says the Obama administration hasn’t done nearly enough to protect the nation from attacks to America’s information and critical infrastructure systems.
“The president has to put this first on his list because we are very vulnerable, and we will stay vulnerable until some key things get fixed. So far, I have not seen anywhere near enough commitment from the White House or any place else in getting this done,” said R. James Woolsey, who served as director of the Central Intelligence in the Clinton administration. Woolsey is now chairman of the Foundation for the Defense of Democracies.
When the Department of Homeland Security mentions the Russians have infected critical industrial control systems with malware, it’s nearly over for America.
They are able to do this through SCADA systems which has been mentioned here as early as 2013 in the following previous posts:
The threat is real, now in motion and eerily resembles ‘grey terror’ as described in Viktor Suvorov’s book, “Spetsnaz: the story behind the Soviet SAS” during the ‘oveture’ phase in chapter 15, titled Spetsnaz’s First World War.
The sword draws closer to America every day.
Please see the source link for the video.
Washington (CNN) Russian hackers behind the damaging cyber intrusion of the State Department in recent months used that perch to penetrate sensitive parts of the White House computer system, according to U.S. officials briefed on the investigation.
While the White House has said the breach only ever affected an unclassified system, that description belies the seriousness of the intrusion. The hackers had access to sensitive information such as real-time non-public details of the president’s schedule. While such information is not classified, it is still highly sensitive and prized by foreign intelligence agencies, U.S. officials say.
Check out the SCADA tags to see more information on how systems can be compromised and diverted or shut down.
Critical U.S. infrastructures are being penetrated by foreign states in preparation for devastating future cyber attacks designed to cripple electrical power, communications and financial networks, the commander of the U.S. Cyber Command told Congress on Thursday.
Adm. Mike Rogers, Cybercom chief and director of the National Security Agency, said foreign states have broken into the networks that control industrial systems for a range of what the U.S. government considers 16 critical infrastructures, ranging from electrical power, water, telecommunications and financial systems.
“We have seen instances where we’re observing intrusions into industrial control systems,” Rogers told the House Permanent Select Committee on Intelligence. Continue reading
It’s not hard to imagine, after obtaining information such as this, seeing key dams failing. How would this happen? Not necessarily with terrorist bombings, but with cyberwarfare. If you wanted to physically take them down via power grids, as a professional hit team had done in California, you need only to take out nine substations to indefinitely cripple America and potentially kill hundreds of millions from the aftereffect. It’s already on the edge of failure now as we speak. On the cyberwarfare front, you only need to take advantage of the SCADA system (See also HERE and HERE) that remains largely unprotected and vulnerable as well.
America is in the final phase of a perfect storm overseeing its collapse (on the economic and social front as well) that could happen at any given time as it is now past the point of no return in protecting itself. It can’t even screen itself from espionage in its vital infrastructure, as seen in this article. Having said that, it’s not hard to see that America’s adversaries have first strike capability, and therefore likely checkmate.
But hey, no time for that, we have a MLB World Series to watch and cheap (sometimes toxic) Chinese goods to scuffle over on Black Friday.
A sensitive database that lists vulnerabilities in every major U.S. dam was breached last year in an attack traced back to the Chinese regime. The security breach had U.S. officials worried that China could be planning to attack America’s power grid.
Now, one year later, a Chinese woman was arrested for breaching that same network. Xiafen “Sherry” Chen, 59, was arrested on Oct. 20 for allegedly downloading the sensitive files on U.S. dams and for lying to federal investigators.
The registry Chen allegedly accessed and downloaded ranks the dams by the number of Americans who would die if they failed, according to Nextgov. It also lists vulnerabilities that could be exploited in the dams, which could be used by a hostile nation to attack the United States. Continue reading
For more on SCADAs, please see the following previous posts:
The NSA’s TAO hacking unit is considered to be the intelligence agency’s top secret weapon. It maintains its own covert network, infiltrates computers around the world and even intercepts shipping deliveries to plant back doors in electronics ordered by those it is targeting.
In January 2010, numerous homeowners in San Antonio, Texas, stood baffled in front of their closed garage doors. They wanted to drive to work or head off to do their grocery shopping, but their garage door openers had gone dead, leaving them stranded. No matter how many times they pressed the buttons, the doors didn’t budge. The problem primarily affected residents in the western part of the city, around Military Drive and the interstate highway known as Loop 410. Continue reading
For further information on SCADAs, please see the following Global Geopolitics entries that were ahead of the curve:
- Security backdoor found in China-made US military chip
- UPDATE 3: U.S. probes cyber attack on water system
“Red Dragon Rising: Communist China’s Military Threat to America” from 1999 is a highly recommended read. The United States is in more vulnerable than most people know, and longer than most people would have thought.
Cyberspies linked to China’s military targeted nearly two dozen US natural gas pipeline operators over a recent six-month period, stealing information that could be used to sabotage US gas pipelines, according to a restricted US government report and a source familiar with the government investigation.
From December 2011 through June 2012, cyberspies targeted 23 gas pipeline companies with e-mails crafted to deceive key personnel into clicking on malicious links or file attachments that let the attackers slip into company networks, says the Department of Homeland Security (DHS) report.
The report does not mention China, but the digital signatures of the attacks have been identified by independent cybersecurity researchers as belonging to a particular espionage group recently linked to China’s military.
The confluence of these factors – along with the sensitive operational and technical details that were stolen – make the cyberbreaches perhaps among the most serious so far, some experts say. The stolen information could give an adversary all the insider knowledge necessary to blow up not just a few compressor stations but perhaps many of them simultaneously, effectively holding the nation’s gas infrastructure hostage. Nearly 30 percent of the nation’s power grid now relies on natural gas generation.
“This theft of key information is about hearing the footsteps get closer and closer,” says William Rush, a retired scientist formerly with the Gas Technology Institute who chaired the effort to create a cybersecurity standard applicable to the gas pipeline industry.
“Anyone can blow up a gas pipeline with dynamite. But with this stolen information, if I wanted to blow up not one, but 1,000 compressor stations, I could,” he adds. “I could put the attack vectors in place, let them sit there for years, and set them all off at the same time. I don’t have to worry about getting people physically in place to do the job, I just pull the trigger with one mouse click.” Continue reading