Hackers Turn Ukrainian Infrastructure into ‘Powder Keg’

For more information on SCADAs, their vulnerabilities and exploitations, please see the SCADA tag.

An example article showing American vulnerability to SCADA attacks:

UPDATE 3: U.S. probes cyber attack on water system

 

Several attacks have already taken place against regional power plants in Ukraine, resulting in several short-term blackouts in December 2015. It was the first recorded case of power outages being caused by cyber attacks and originated from a type of malware known as BlackEnergy.

It is not clear who was behind the attacks but a military spokesperson stated last week that they were originating from Russia. Another type of malware has since been discovered by investigators looking into the December cyber attacks, although researchers say it is impossible to know how many systems are currently at risk. Continue reading →

Ex-CIA director: U.S. wide open to grid attack

How many times can a nation be warned, yet still do next to nothing to neutralize the threat, before an attack or natural disaster actually happens? For more on the SCADA systems, see HERE and HERE. Imagine, for example, Russian or Chinese hackers being able to control dosage levels of medications for patients in America, without America knowing. The threat is real.

 

A former CIA director says the Obama administration hasn’t done nearly enough to protect the nation from attacks to America’s information and critical infrastructure systems.

“The president has to put this first on his list because we are very vulnerable, and we will stay vulnerable until some key things get fixed. So far, I have not seen anywhere near enough commitment from the White House or any place else in getting this done,” said R. James Woolsey, who served as director of the Central Intelligence in the Clinton administration. Woolsey is now chairman of the Foundation for the Defense of Democracies.

Continue reading →

Exclusive: Cyberattack leaves natural gas pipelines vulnerable to sabotage

For further information on SCADAs, please see the following Global Geopolitics entries that were ahead of the curve:

• Security backdoor found in China-made US military chip
• UPDATE 3: U.S. probes cyber attack on water system

“Red Dragon Rising: Communist China’s Military Threat to America” from 1999 is a highly recommended read. The United States is in more vulnerable than most people know, and longer than most people would have thought.

Cyberspies linked to China’s military targeted nearly two dozen US natural gas pipeline operators over a recent six-month period, stealing information that could be used to sabotage US gas pipelines, according to a restricted US government report and a source familiar with the government investigation.

From December 2011 through June 2012, cyberspies targeted 23 gas pipeline companies with e-mails crafted to deceive key personnel into clicking on malicious links or file attachments that let the attackers slip into company networks, says the Department of Homeland Security (DHS) report.

The report does not mention China, but the digital signatures of the attacks have been identified by independent cybersecurity researchers as belonging to a particular espionage group recently linked to China’s military.

The confluence of these factors –  along with the sensitive operational and technical details that were stolen – make the cyberbreaches perhaps among the most serious so far, some experts say. The stolen information could give an adversary all the insider knowledge necessary to blow up not just a few compressor stations but perhaps many of them simultaneously, effectively holding the nation’s gas infrastructure hostage. Nearly 30 percent of the nation’s power grid now relies on natural gas generation.

“This theft of key information is about hearing the footsteps get closer and closer,” says William Rush, a retired scientist formerly with the Gas Technology Institute who chaired the effort to create a cybersecurity standard applicable to the gas pipeline industry.

“Anyone can blow up a gas pipeline with dynamite. But with this stolen information, if I wanted to blow up not one, but 1,000 compressor stations, I could,” he adds. “I could put the attack vectors in place, let them sit there for years, and set them all off at the same time. I don’t have to worry about getting people physically in place to do the job, I just pull the trigger with one mouse click.” Continue reading →

UPDATE 3: U.S. probes cyber attack on water system

As written in a book called “Red Dragon Rising: Communist China’s Military Threat to America” in 1999, so it has become…

Book passage:

TARGETING AMERICA: THE REVOLUTION IN MILITARY AFFAIRS

Information warfare and electronic warfare are of key importance, while fighting on the ground can only exploit the victory. Hence, China is more convinced [than ever] that as far as the PLA is concerned, a military revolution with information warfare as the core has reached the stage where efforts must be made to catch up with and overtake rivals.¹ —General Liu Huaqing, vice chairman of the Central Military Commission, 1995 On Wednesday night, June 16, 1999, officials at a California sanitation plant decided to check its computers for Year 2000 (Y2K) compliance. They were testing a back-up electrical system when they received a frantic midnight call from a park ranger: Raw, untreated sewage was pouring out of a manhole cover and spilling into a park.

Later it was estimated that four million gallons of sewage had been released. A computer had mistakenly closed a gate that should have remained open to control the transfer of sewage. A programmer’s error fifteen years earlier seems to have been the culprit. It cost taxpayers about $100,000 to clean up the mess.² This is just one of a number of unfortunate accidents that have occurred as businesses and governments test for Y2K compliance. But Y2K accidents are just that—accidents. Suppose, however, that a competent and motivated hostile force was able to manipulate modern computer systems. Such a force could conceivably do the following:
• Change the dose levels in prescription medicines at pharmaceutical plants so that thousands of people would be poisoned³

• Infiltrate the manufacturing process for baby food so that the standard components would be increased by 400 percent—to toxic levels⁴

• Taint the processed-food industry for restaurants, hotels, hospitals, and retirement homes

• Subtly change airport radar signals so that air traffic controllers would unknowingly put passenger planes on the same flight path

• Open the electronic gates and fences at a number of jails and prisons around the country simultaneously, overwhelming law enforcement officials⁵

• Stage a surprise attack on many of the automated gasoline refineries in the nation, causing enormous, out-of-control fires that would inundate emergency officials and lead to immediate gasoline rationing⁶

• Contaminate the city water systems, turn the valves backwards at the sewer systems, shut down the electric power grid, and overload the natural gas pipeline system

• Loot bank accounts, transferring all funds overseas⁷

• Attack individuals’ identities, eliminating their Social Security records, Veterans Department records, driver’s license numbers, bank accounts and credit card numbers, and so on⁸

All of these are examples of what is known as “information warfare,” or more specifically “offensive information warfare.” Is there something to this, or is it just the product of an overactive imagination? The concept of information warfare—and in particular, offensive information warfare—is perhaps America’s most highly guarded military secret today.⁹ Most experts in the field believe that the United States is currently the world’s information warfare leader.¹⁰But the interconnected nature of modern American society makes the United states “the most vulnerable country in the world” for this sort of warfare, according to the former director of the National Security Agency, our premier electronic warfare agency.“Every one of the examples above has either been tried successfully or will be within the capability of hostile forces in a short period of time, and every one is of deep concern to the American government.¹²The problem is real.More alarming, the Chinese People’s Liberation Army has the world’s largest information warfare program, after the United States.¹³

The article:

* Researcher cites report from Illinois State Police
* Says report shows computer was hacked from Russia
* Says water pump was damaged
* Motives of attacker unclear (Adds reaction from cyber security expert)

Nov 18 (Reuters) – Federal investigators are looking into a report that hackers managed to remotely shut down a utility’s water pump in central Illinois last week, in what could be the first known foreign cyber attack on a U.S. industrial system.

The Nov. 8 incident was described in a one-page report from the Illinois Statewide Terrorism and Intelligence Center, according to Joe Weiss, a prominent expert on protecting infrastructure from cyber attacks.

The attackers obtained access to the network of a water utility in a rural community west of the state capital Springfield with credentials stolen from a company that makes software used to control industrial systems, according to the account obtained by Weiss. It did not explain the motive of the attackers.

He said that the same group may have attacked other industrial targets or be planning strikes using credentials stolen from the same software maker.

The U.S. Department of Homeland Security and the Federal Bureau of Investigation are examining the matter, said DHS spokesman Peter Boogaard.

“At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety,” he said, declining to elaborate further. An FBI spokesman in Illinois did not return phone calls seeking comment.

SCADA SECURITY

Cyber security experts said that the reported attack highlights the risk that attackers can break into what is known as Supervisory Control and Data Acquisition (SCADA) systems. They are highly specialized computer systems that control critical infrastructure — from water treatment facilities, chemicals plants and nuclear reactors to gas pipelines, dams and switches on train lines.

The issue of securing SCADA systems from cyber attacks made international headlines last year after the mysterious Stuxnet virus attacked a centrifuge at a uranium enrichment facility in Iran. Many experts say that was a major setback for Iran’s nuclear weapon’s program and attribute the attack to the United States and Israel.

In 2007, researchers at the U.S. government’s Idaho National Laboratories identified a vulnerability in the electric grid, demonstrating how much damage a cyber attack could inflict on a large diesel generator. (To see video that was leaked to CNN: here)

Lani Kass, who retired in September as senior policy adviser to the chairman of the U.S. Joint Chiefs of Staff, said the United States should take the possibility of a cyber attack seriously.
“The going in hypothesis is always that it’s just an incident or coincidence. And if every incident is seen in isolation, it’s hard — if not impossible — to discern a pattern or connect the dots,” Kass told Reuters.
“Failure to connect the dots led us to be surprised on 9/11,” she said, describing the Sept. 11, 2001 hijacking attacks as a prime example in which authorities dismissed indicators of an impending disaster and were caught unaware.

Representative Jim Lanvevin, a Democrat from Rhode Island, said that the report of the attack highlighted the need to pass legislation to improve cyber security of the U.S. critical infrastructure.

“The stakes are too high for us to fail, and our citizens will be the ones to suffer the consequences of our inaction,” he said in a statement.

Continue Reading Article: UPDATE 3-U.S. probes cyber attack on water system (Reuters)