Category Archives: Cyber-Terrorism

Cyber warfare: What do state attacks look like and can anything be done to stop them?

CyberTerrorismThis political point-making manifests in other ways. For example, an attack on the Ukrainian power grid late last year, according to Larsen, was carried out in an unnecessarily theatrical way.

“Anyone who has the skill to hack in has the skill to write a piece of code to open the breakers. Instead they let the operator watch as they clicked and opened all the breakers. They wanted the operators to sit there and freak out.”

From the victim’s perspective, the attribution is also political: in many cases it would be perfectly possible to pretend that no hack had happened. For example, infrastructure failure could just be blamed on an outage.

The DOOMSDAY plan: EU prepares for ‘dark scenario’ of cyber attacks that could devastate power and communication networks

cyber_terrorism-150x150Experts have warned that cyber attacks on any number of systems, including satellites and nuclear power station, could result in a global catastrophe.

ENISA said that the exercise: ‘paints a very dark scenario inspired by events such as the blackout in an European Country over Christmas period and the dependence on technologies manufactured outside the jurisdiction of the European Union. ‘

New “Dragonfly” Virus Could Take Down Power Grid with 1 Click

8820091_sThe threat of a cyber-terrorist attack on U.S. energy companies is very real according to the cyber security firm Symantec.

Symantec warns of the new “Dragonfly virus,” which comes out of Eastern Europe. This malware virus has the power to utterly ruin large swaths of the electric grid should it manage to infect a power company’s computer systems.

The virus — which targets energy grids, major electricity generation firms, petroleum pipelines operators, and energy industrial equipment providers — has been around since 2011 and has already affected thousands of organizations in over 84 countries.

According to Symantec, the danger associated with the Dragonfly virus is it gives the hackers running the malware software the ability to gain privileged access inside the company’s operations systems.

Once the software is installed, hackers can torpedo the systems with just the click of a mouse.

Security experts are unsure where the virus originated, but believe that since all of the countries that have been affected so far have been part of NATO, that it could definitely be a foreign nation like Russia who is responsible for the virus.

The fact our nation’s power grids are so susceptible to cyber terrorism is frightening.

Should our nation’s grids suffer any cataclysmic attack, it would render millions of Americans defenseless and unable to provide for themselves.

The worst part about the Dragonfly virus is that many of the nation’s computer systems are believed to already have it since the malware is installed with updates for their operational controls.

WND reports:

The Dragonfly group is said to have at its disposal a range of malware tools to disrupt computer systems, especially industrial control systems. Sources believe it operates similar to the Stuxnet malware that the United States and Israel had used against Iran’s nuclear program to disrupt the operation of its centrifuges that enrich uranium.

According to Symantec, Dragonfly used two main malware tools – Backdoor Oldrea and Trojan Karagany. The former appears to be customized malware written for the attackers.

Eric Chien of Symantec’s Security Technology and Response Team told Bloomberg in an interview the type of access Dragonfly has indicates something more than snooping.

“When they do have that type of access, that motivation wouldn’t be for espionage,” Chien said. “When we look at where they’re at, we’re very concerned about sabotage.”

“The worst-case scenario would be that the systems get shut down,” Chien said. “You could see the power go out, for example, and there could be disruption in that sense.”

And just to make things clear, this is not the only cyber-threat leveled at the power systems here in the U.S.

Recently the FBI uncovered “Ugly Gorilla, a Chinese hacker who has been targeting utility companies’ systems to cut off heat and damage pipelines.”

Knowing how vulnerable the nation’s grid system is to cyber attack means if you want to prepare for a possible “grid down” scenario, you had better do so sooner than later.

Former CIA Director Warns About Cyber Threats From North Korea

Cyber Terrorism

Cyber Terrorism

Former CIA Director R. James Woolsey, Tuesday, said that the United States is at risk of a devastating cyber attack delivered by North Korea. Such an attack would use electromagnetic radiation to potentially wipe out 70% of the U.S. electric grid and cripple U.S. defenses, he said. Iran could also soon possess this capability. But others say the chances of such an attack are low, citing more traditional cyber threats as the primary danger to U.S. interests.

“We could well within months have two rogue states that are capable of launching this type of attack against the United States as part of their information warfare cyber campaign,” said Mr. Woolsey, testifying, Tuesday, before the United States House of Representatives Energy and Commerce Committee Hearing on cyber threats and security solutions.

Read Full Article Here

Kaspersky says cyber-attacks could “take us back to the pre-electric era”

SCADA is so vulnerable, Kaspersky told the AusCERT audience: “It’s not possible to protect. Stuxnet told us that modern systems are not protected at all. SCADA could be very easy victims – the result of an attack could be like Stuxnet but everywhere.”

He said his company’s research suggests that malware costs the world economy $US100 billion each year, and noted other vendors estimates of the total trillion-dollar cybercrime industry mean that, “because of cybercrime, we have the equivalent of two or three Japanese tsunamis a year” of economic damage.

People “need to understand the danger of cyber-weapons and of cyber-war to ruin national infrastructure. Transportation, power-grids, power plants … it would take us back to the pre-electric era.”

Read More…

Feds Warn of Cyber Attack Targeting Natural Gas Firms

Federal officials recently uncovered a cyber plot to infect various natural gas pipeline companies with malware.

A report from the Homeland Security Department’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said this “active series of cyber intrusions” is related to a single spear-phishing campaign that dates back to December.

Back in November, DHS and the FBI shot down reports that a cyber attack took down a pump at an Illinois public water utility. That came about a month after a DHS memo suggested that hacker collective Anonymous might one day target industrial control systems (ICS) in the U.S., though it is not yet organized enough for the endeavor.

Read More…

Homeland Security issues advisory to nation’s critical infrastructure industry

The U.S. Department of Homeland Security has issued an advisory about security vulnerabilities in Siemens SCADA systems, which runs much of the world’s industrial infrastructure, including in the United States. Hackers or terrorists could sabotage public utilities, hospitals and other critical infrastructure.

Bruce Schneier, an internationally renowned security technologist and author had this to say about SCADA vulnerabilities on his security blog in May:

“SCADA systems — computer systems that control industrial processes — are one of the ways a computer hack can directly affect the real world. Here, the fears multiply. It’s not bad guys deleting your files, or getting your personal information and taking out credit cards in your name; it’s bad guys spewing chemicals into the atmosphere and dumping raw sewage into waterways. It’s Stuxnet: centrifuges spinning out of control and destroying themselves. Never mind how realistic the threat is, it’s scarier.”

Read More…

Federal Agency Needed to Take Charge of Nation’s Power Grid, Says MIT

A federal agency should have the lead role in securing the critical infrastructure, MIT researchers said, but they did not state whether that agency should be Homeland Security.

In a 268-page report on the future of the United States electric grid through 2030 released Dec. 5, a team of MIT researchers recommended that a single federal agency have the appropriate regulatory authority to be responsible for cyber-security preparedness, response and recovery.

Cyber-attacks will happen, but a single agency would be better able to address the problem rather than several federal, state and local entities responsible for various parts of the grid trying to coordinate with each other, the researchers wrote.

Read More…

U.S. probes cyber attack on water system

Cyber Terrorism

Cyber Terrorism

Federal investigators are looking into a report that hackers managed to remotely shut down a utility’s water pump in central Illinois last week, in what could be the first known foreign cyber attack on a U.S. industrial system.

The Nov. 8 incident was described in a one-page report from the Illinois Statewide Terrorism and Intelligence Center, according to Joe Weiss, a prominent expert on protecting infrastructure from cyber attacks.

The attackers obtained access to the network of a water utility in a rural community west of the state capital Springfield with credentials stolen from a company that makes software used to control industrial systems, according to the account obtained by Weiss. It did not explain the motive of the attackers.

Read More…

Power grid cybersecurity: $60 piece of software could bring mass chaos

If your power went out and everything stayed down, could you envision chaos and rioting? We’ve heard chaos and cyber mayhem tossed about frequently in the last couple weeks, so it may come as no surprise that Pike Research reported [PDF], “Utility cybersecurity is in a state of near chaos.”

The threat is not science fiction,” Digital Communities reported. After nature got vicious and electricity was snuffed by Tropical Storm Irene and then the snowstorm this Halloween, 1 million Connecticut homes and businesses sat in the dark on two different occasions. Hartford Business reported, “Cybersecurity of the power grid is an often overlooked issue that could bring Connecticut, New England and possibly the country to its knees.” Joel Gordes, president of West Hartford consultant Environmental Energy Solutions, said, “Our entire society is dependent on two things: electricity and telecommunications. It makes us vulnerable. Remember, we are linked into one large grid, so if one goes down, it could all cascade.” Where would that take us but chaos?

Read More…

… dangerous computer worm that in some modified form could be used to attack an electric or telecommunications grid, an oil refinery or a water treatment facility

Cyber Terrorism

Cyber Terrorism

The Stuxnet computer worm, arguably the first and only cybersuperweapon ever deployed, continues to rattle security experts around the world, one year after its existence was made public.

Reactions to the use of Stuxnet in Iran generally fall into two categories. For those focused on the danger of Iran developing a nuclear weapon, Stuxnet was something to celebrate, because it set back Iran’s nuclear program, perhaps by years.

But for people who worry about the security of critical U.S. facilities, Stuxnet represented a nightmare: a dangerous computer worm that in some modified form could be used to attack an electric or telecommunications grid, an oil refinery or a water treatment facility in the United States.

Read More…