Page 2 of 2 FirstFirst 12
Results 21 to 34 of 34

Thread: Foreign Hackers Targeting U.S. Utilities In Cyber Attacks

  1. #21
    Postman vector7's Avatar
    Join Date
    Feb 2007
    Location
    Where it's quiet, peaceful and everyone owns guns
    Posts
    20,664
    Thanks
    16
    Thanked 49 Times in 44 Posts

    Default Re: Foreign Hackers Targeted U.S. Water Plant In Apparent Malicious Cyber Attack, Exp

    Why now?

    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.


    Nikita Khrushchev: "We will bury you"
    "Your grandchildren will live under communism."
    “You Americans are so gullible.
    No, you won’t accept
    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.
    outright, but we’ll keep feeding you small doses of
    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.
    until you’ll finally wake up and find you already have communism.

    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.
    ."
    We’ll so weaken your
    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.
    until you’ll
    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.
    like overripe fruit into our hands."



  2. #22
    Expatriate American Patriot's Avatar
    Join Date
    Jul 2005
    Location
    A Banana Republic, Central America
    Posts
    48,589
    Thanks
    76
    Thanked 27 Times in 27 Posts

    Default Re: Foreign Hackers Targeted U.S. Water Plant In Apparent Malicious Cyber Attack, Exp

    Why is Panetta just warning us now? Because the current administration members are antiques, a throw back from the Soviet Era of Communism.

    No, not that they are aware of things, they are JUST CATCHING UP TO CURRENT TECHNOLOGY.

    If these people had a clue they would have gone forward with the "Cyber Warfare" units we were putting together in the 1990s.

    If they had a CLUE that "3:00 AM Call that came in for Benghazi" last month would have been answered.

    No, these folks are clueless and will destroy America if allowed to remain in office.

    If Obama were anything like John Kennedy we'd not have had a hit on our embassy like that, after the lessons of 9-11.
    Libertatem Prius!


    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.




  3. #23
    Expatriate American Patriot's Avatar
    Join Date
    Jul 2005
    Location
    A Banana Republic, Central America
    Posts
    48,589
    Thanks
    76
    Thanked 27 Times in 27 Posts

    Default Re: Foreign Hackers Targeted U.S. Water Plant In Apparent Malicious Cyber Attack, Exp

    Sometimes Vector, the news just does it all for me.

    To illustrate my previous point, read this:

    Cuban Missile Crisis holds lessons for presidential race

    Opinion | Nicholas Burns

    THIS STORY APPEARED IN


    October 10, 2012






    Anxious people checked the Associated Press teletype machine in the Boston… (Jack O’Connell/Globe…)




    Next week marks the 50th anniversary of the Cuban Missile Crisis — arguably the most dangerous moment in modern history.

    During 13 harrowing days in October 1962, President John F. Kennedy and Soviet Premier Nikita Khrushchev squared off in a test of strategy and wills that nearly ended in a thermonuclear exchange. Hundreds of millions of people might have died in the United States and Soviet Union alone. At the height of the crisis, hardliners on both sides argued for war. Instead, Kennedy and Khrushchev, in a series of dramatic last-minute communications, opted for diplomacy and compromise to avoid the catastrophe of a nuclear conflagration.







    What can Barack Obama and Mitt Romney learn from this crisis 50 years later? My Harvard colleague Graham Allison, who wrote the revolutionary account of what happened in his landmark 1971 book “Essence of Decision,” hosted a conference recently at the Kennedy School to reflect on the meaning of the crisis for us today. I took away two big lessons that inform the war and peace challenges our next president could face in an increasingly dangerous international environment.


    First, success in diplomacy at the highest levels sometimes requires opening exit doors for your adversary so that he can save face and avoid the conflict ahead. Kennedy did just that in offering secretly to remove American Jupiter missiles in Turkey as a trade for the removal of Soviet nuclear weapons from Cuba. Will Romney and Obama take a similarly imaginative approach to negotiations with Iran? If we are to convince Tehran to halt its nuclear efforts and avoid a war, we may have to help its leaders find a way out — a compromise that will give it a public excuse to stop well short of a nuclear weapon.


    Second, Kennedy concluded after the crisis that we had to think about the Soviet people in a fundamentally different way if we wanted to avoid nuclear Armageddon. In his greatest speech, at American University eight months after the crisis, Kennedy advocated building bridges to the Soviets, as the “human interest” of avoiding world war had to eclipse the more narrow “national interest.” He warned Americans “not to see conflict as inevitable, accommodation as impossible, and communication as nothing more than an exchange of threats.” He said we should adopt a “strategy of peace” instead. Who is better placed in our time — Obama or Romney — to find a way to move beyond our many difficulties with our modern-day rival, China, and to avoid a future conflict in the Pacific?



    As we look to Nov. 6, we should measure the presidential candidates not just by their ubiquitous campaign commercials but by the qualities they possess that might make the difference between success or failure, war or peace, life or death in a future crisis. Kennedy demonstrated the value of restraint, good judgment, and courage in avoiding war in 1962. Of the two candidates this year, does Obama or Romney have the better command of history, coolness under pressure, and good sense to make the right choice for all of us when the next crisis occurs?







    Obama has demonstrated some of these qualities in his adept isolation of Iran, his largely skillful handling of the Arab uprisings, and his bridge-building to allies and partners that has rebuilt US credibility in Europe, especially. Romney’s big foreign policy speech Monday illuminated the challenge he has had in making an impact in foreign policy. His back-to-the-future evocation of American leadership seems right for the Cold War but not nearly sophisticated enough for our very different 21st-century world.
    This election can’t be just about which candidate gives the snappiest presentation in a debate and rattles off the most memorable one-liners. We need a strong leader to preserve our power but one who can also avoid the rash rush to war that has, too often, been our reaction to global tests since 9/11. President Kennedy was far from perfect. But his leadership 50 years ago saved us from disaster. The Cuban Missile Crisis reminds us that we must prize above all the qualities of intelligence, leadership, and wisdom in our next president.


    Nicholas Burns is a professor of the practice of diplomacy and international politics at Harvard’s Kennedy School of Government. His column appears regularly in the Globe.




    =======================


    Now, everyone seems to just want the "Soviets" to get along. Except the Soviets. The Russians are no different today than they were 50 years ago. Fifty years ago I sat as a little boy in front of the television awed by the images of nuclear bombs exploding and knowing those people were going to drop bombs on the USA. My home.

    That crisis was a defining moment in my life. I was only five years old but I remember it as clearly as if it happened a month ago. I remember Kennedy on television. I remember Walter Cronkite looking worried. I remember the "Duck and Cover" drills in Kindergarten. And I remember KNOWING without a doubt having watched those massive nuclear explosions on the black and white television set that there was NO WAY my little school, my desk or the big black board was going to save me and my classmates if one of those missiles fell on Detroit.

    I also know that it was at the height of this that my life changed. Dad and Mom packed up everything we owned in the back of a car and little trailer and we left at 3 AM to move to Kentucky for the next few years. I left my classmates behind and I'm sure they never knew what happened to me. I honestly believe to this day Dad thought we were all going to be vaporized in a cloud of radioactive fire. (we moved back for a short time, a year later, about 6 months and then back to Ky again until late 1968)

    Either way, I think that the Cuban Missile Crisis set several things in motion in my life.
    Libertatem Prius!


    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.




  4. #24
    Super Moderator and PHILanthropist Extraordinaire Phil Fiord's Avatar
    Join Date
    Dec 2005
    Posts
    3,495
    Thanks
    16
    Thanked 11 Times in 11 Posts

    Default Re: Foreign Hackers Targeted U.S. Water Plant In Apparent Malicious Cyber Attack, Exp

    If memory serves, the bill cited was not only about infrastructure anyway. Why can't congress write a Bill for a specific purpose and that's it. Not so expansive a thing with attached causes.

  5. #25
    Expatriate American Patriot's Avatar
    Join Date
    Jul 2005
    Location
    A Banana Republic, Central America
    Posts
    48,589
    Thanks
    76
    Thanked 27 Times in 27 Posts

    Default Re: Foreign Hackers Targeted U.S. Water Plant In Apparent Malicious Cyber Attack, Exp

    Because Phil, writing a small bill makes it easy to understand for the public, shows it's true meaning and spends the least amount of money.

    We can't have THAT!
    Libertatem Prius!


    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.




  6. #26
    Postman vector7's Avatar
    Join Date
    Feb 2007
    Location
    Where it's quiet, peaceful and everyone owns guns
    Posts
    20,664
    Thanks
    16
    Thanked 49 Times in 44 Posts

    Default Re: Foreign Hackers Targeted U.S. Water Plant In Apparent Malicious Cyber Attack, Exp

    Quote Originally Posted by Ryan Ruck View Post

    Time to wag the dog or loose some more freedoms?



    Panetta says cyber attackers accessed controls for critical US infrastructure



    Defense secretary bluntly warns were in 'pre-9-11 moment' that could precede catastrophic attack, hints Iran involved

    UPDATED 6:33 AM EDT, October 12, 2012 | BY John Solomon

    In a blunt admission designed to prod action, Defense Secretary Leon Panetta Thursday night told business executives there has been a sudden escalation of cyber terrorism and that attackers have managed to gain access to control systems for critical infrastructure.


    In a speech in New York City, Panetta said the recent activities have raised concerns inside the U.S. intelligence community that cyber terrorism might be combined with other attacks to create massive panic and destruction on par with the Sept. 11, 2001 attacks.

    “These attacks mark a significant escalation of the cyber threat. And they have renewed concerns about still more destructive scenarios that could unfold,” he said. “For example, we know that foreign cyber actors are probing America’s critical infrastructure networks.

    “They are targeting the computer control systems that operate chemical, electricity and water plants, and those that guide transportation throughout the country,” he added. “We know of specific instances where intruders have successfully gained access to these control systems. We also know they are seeking to create advanced tools to attack these systems and cause panic, destruction, and even the loss of life.”

    Current and former U.S. officials tell the Washington Guardian that U.S. investigators have growing evidence that Iran was behind a recent wave of cyber attacks, particularly those that temporarily paralyzed energy interests in two Middle East countries that are key U.S. allies.

    Panetta stopped short in his speech of formally accusing Iran but left no doubt America has strong suspicions about Tehran. "Iran has also undertaken a concerted effort to use cyberspace to its advantage," he declared.

    Panetta’s speech came as the Obama administration is pressing ahead with its own cyber security measures using executive powers after reaching a stalemate with congressional Republicans and their business allies over sweeping legislation to change the nation’s cybersecurity posture.

    “This is a pre-9/11 moment,” Panetta told the business executives, referring to the period before the terror attacks 11 years ago when signs of a mounting threat were overlooked. “The attackers are plotting. Our systems will never be impenetrable, just like our physical defenses are not perfect. But more can be done to improve them. We need Congress, and we need all of you, to help in that effort.”


    Panetta, who has been sounding alarm for month about the potential for a "Cyber Pearl Habor", gave unusually blunt description of three recent attacks --- one against U.S. financial interests and two against Middle East energy interests – that have raised the alarm. Defense officials said classified information was declassified so Panetta could give specific details about the nature of the attacks.


    The defense secretary, who previously served as President Obama’s CIA director, said consecutive attacks on Saudi Arabia’s ARAMCO oil company and Qatar’s Ras Gas known launched by a virus known as Shamoon were “probably the most destructive attack that the private sector has seen to date. “

    “Shamoon included a routine called a 'wiper,' coded to self-execute. This routine replaced crucial system files with an image of a burning U.S. flag. It also put additional “garbage” data that overwrote all the real data on the machine. The more than 30,000 computers it infected were rendered useless, and had to be replaced,” Panetta explained.

    The defense secretary offered an assessment of possible future doomsday scenarios feared by U.S. intelligence in which cyber terrorism could be combined with waves of attacks.

    “An aggressor nation or extremist group could gain control of critical switches and derail passenger trains, or trains loaded with lethal chemicals. They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.,” he said.

    “The most destructive scenarios involve cyber actors launching several attacks on our critical infrastructure at once, in combination with a physical attack on our country,” he added. “Attackers could also seek to disable or degrade critical military systems and communications networks.”

    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.


    Nikita Khrushchev: "We will bury you"
    "Your grandchildren will live under communism."
    “You Americans are so gullible.
    No, you won’t accept
    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.
    outright, but we’ll keep feeding you small doses of
    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.
    until you’ll finally wake up and find you already have communism.

    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.
    ."
    We’ll so weaken your
    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.
    until you’ll
    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.
    like overripe fruit into our hands."



  7. #27
    Postman vector7's Avatar
    Join Date
    Feb 2007
    Location
    Where it's quiet, peaceful and everyone owns guns
    Posts
    20,664
    Thanks
    16
    Thanked 49 Times in 44 Posts

    Default Re: Foreign Hackers Targeted U.S. Water Plant In Apparent Malicious Cyber Attack, Exp

    Defense Secretary Panetta Sees a 'Pre-9/11 Moment' for Cyber Security

    By Matt Egan
    Published October 12, 2012
    FOXBusiness




    Against the backdrop of a slew of recent cyber attacks against U.S. banks, Defense Secretary Leon Panetta this week warned about the cyber threat and said the U.S. may need to aggressively hit back at cyber evildoers.

    The comments marked some of the clearest remarks by Panetta about the evolving and rising cyber threat, which has been on full display in recent months through a high-profile attack on Saudi Arabia’s state oil company and recent ones on U.S. banks like Bank of America (BAC) and Wells Fargo (WFC).

    “A cyber attack perpetrated by nation states or violent extremist groups could be as destructive as the terrorist attack of 9/11,” Panetta said in a speech to the Business Executives for National Security meeting in New York on Thursday. “Such a destructive cyber terrorist attack could paralyze the nation.”

    While he didn’t call out Iran for a specific role in any recent attack, previous reports indicate some U.S. officials blame Iran for the bank attacks and cyber security experts see Iranian fingerprints on the Saudi Aramco intrusion.

    “It's no secret that Russia and China have advanced cyber capabilities. Iran has also undertaken a concerted effort to use cyberspace to its advantage,” Panetta said.

    Panetta spoke out about the potential need for the U.S. to retaliate or deter a future cyber attack.

    “In the past, we have done so through operations on land and at sea, in the skies and in space. In this new century, the United States military must help defend the nation in cyberspace as well,” he said.

    Panetta warned that “this is a pre-9/11 moment” and said “the attackers are plotting.”

    The Defense Secretary also appeared to declassify some new information, warning that intruders infiltrated computer control systems that “operate chemical, electricity and water plants and those that guide transportation throughout the country.” It’s not clear who was behind this attack.

    Panetta expressed concern that an “aggressor nation or extremist group” could deploy cyber weapons to derail passenger trains, contaminate the water supply, shut down the power grid or amplify a physical attack.

    Panetta also specifically addressed the denial of service (DDoS) cyber attacks of recent weeks on major lenders like J.P. Morgan Chase (JPM) and U.S. Bancorp (USB).

    “These attacks delayed or disrupted services on customer websites. While this kind of tactic isn't new, the scale and speed with which it happened was unprecedented,” he said.

    Likewise, Panetta detailed the Shamoon virus that infected computers in Saudi Aramco, destroying about 30,000 systems. There was a similar attack on RasGas of Qatar, another major energy company in the region, just days later.

    “All told, the Shamoon virus was probably the most destructive attack that the private sector has seen to date,” Panetta said.

    Panetta said the Department of Defense has developed the “world’s most sophisticated system” to detect cyber attacks but is also thinking about a response.

    To prepare for this threat, Panetta said the DOD is developing new capabilities by investing $3 billion a year in cyber security because “we need to build and maintain the finest cyber force and operations.”

    The DOD is also finalizing a major upgrade to its rules of engagement in cyber space and working toward building stronger partnerships, including with the private sector.

    “The private sector, government, military, our allies -- all share the same global infrastructure and we all share the responsibility to protect it,” Panetta said.

    The Defense secretary called on Congress to pass cyber legislation in order to ensure that information sharing is “timely and comprehensive.” He said the legislation should be like the stalled bipartisan bill co-sponsored by U.S. Sens. Joseph Lieberman and Diane Feinstein.

    Panetta: Cyber threat is pre 9/11 moment



    U.S. Defense Secretary Leon Panetta
    October 12th, 2012
    03:00 AM ET

    By Pam Benson

    The United States must beef up its cyber defenses or suffer as it did on September 11, 2001 for failing to see the warning signs ahead of that devastating terrorist attack, the Secretary of Defense told a group of business leaders in New York Thursday night.

    Calling it a “pre-9/11 moment,” Leon Panetta said he is particularly worried about a significant escalation of attacks.

    In a speech aboard a decommissioned aircraft carrier, Panetta reminded the Business Executives for National Security about recent distributed denial of service attacks that hit a number of large U.S. financial institutions with unprecedented speed, disrupting services to customers.

    And he pointed to a cyber virus known as Shamoon which infected the computers of major energy firms in Saudi Arabia and Qatar this past summer. More than 30-thousand computers were rendered useless by the attack on the Saudi state oil company ARAMCO. A similar incident occurred with Ras Gas of Qatar. Panetta said the attacks were probably the most devastating to ever hit the private sector.

    The secretary did not say who is believed responsible for those attacks, but senior defense officials who briefed reporters on the speech, said the United States knows, however they would not divulge the suspect.

    And he warned America's critical infrastructure - its electrical power grid, water plants and transportation systems - are threatened by foreign actors.

    "We know of specific instances where intruders have successfully gained access to these control systems," Panetta said. "We also know they are seeking to create advanced tools to attack those systems and cause panic, destruction and even loss of life."

    For its part, Panetta said the Defense Department is "aggressively ... putting in place measures to stop cyber attacks dead in their tracks." The steps he outlined included both defensive and offensive responses.

    He cited efforts to stop malicious code before it infects systems and investments in forensics to help track down who is responsible.

    But defense isn't the only answer. "If we detect an imminent threat of attack that will cause significant physical destruction or kill American citizens, we need to have the option to take action to defend the nation when directed by the president," Panetta said.

    Panetta also said the Defense Department is in the process of finalizing rules of engagement in cyberspace. In a telephone briefing with reports, a senior defense official would not provide any details about the proposed rules but did stress they involve what the response would be to a cyber attack on the United States "that would rise under international law to the level of armed attack."

    Panetta's comments never used the word "offensive" and the senior defense officials who briefed reports about the speech under the condition of anonymity, were also reluctant to use the word. One official said it was important "to keep the maximum number of options on the table." Another official stressed the United States was prepared to take action if threatened, but added the Pentagon had previously acknowledged it has offensive cyber capabilities.

    Cyber security is ultimately a team effort, and Panetta said the Defense Department was working closely with the State Department, the Department of Homeland Security, the FBI and others to protect the nation. He called on Congress to pass comprehensive cyber-security legislation now.

    Over the summer, the Senate came up short when opponents of the Lieberman-Collins cyber bill blocked it from coming up for a final vote. A group of mostly Republican senators and the Chamber of Commerce opposed the bill because they believed it required too much of the private sector.

    Panetta urged the business leaders to work with government to support stronger cyber defenses.

    "We must share information between the government and the private sector about threats to cyberspace," Panetta said, adding everything would be done to protect civil liberties and privacy.

    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.


    Nikita Khrushchev: "We will bury you"
    "Your grandchildren will live under communism."
    “You Americans are so gullible.
    No, you won’t accept
    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.
    outright, but we’ll keep feeding you small doses of
    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.
    until you’ll finally wake up and find you already have communism.

    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.
    ."
    We’ll so weaken your
    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.
    until you’ll
    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.
    like overripe fruit into our hands."



  8. #28
    Creepy Ass Cracka & Site Owner Ryan Ruck's Avatar
    Join Date
    Jul 2005
    Location
    Cincinnati, OH
    Posts
    24,166
    Thanks
    31
    Thanked 60 Times in 59 Posts

    Default Re: Foreign Hackers Targeted U.S. Water Plant In Apparent Malicious Cyber Attack, Exp


    Energy Companies Hit By Cyber Attack From Russia-Linked Group

    June 30, 2014

    The industrial control systems of hundreds of European and US energy companies have been infected by a sophisticated cyber weapon operated by a state-backed group with apparent ties to Russia, according to a leading US online security group.

    The powerful piece of malware known as “Energetic Bear” allows its operators to monitor energy consumption in real time, or to cripple physical systems such as wind turbines, gas pipelines and power plants at will.

    The well-resourced organisation behind the cyber attack is believed to have compromised the computer systems of more than 1,000 organisations in 84 countries in a campaign spanning 18 months. The malware is similar to the Stuxnet computer programme created by the US and Israel that succeeded in infecting and sabotaging Iran’s uranium enrichment facilities two years ago.

    The latest attacks are a new deployment of malware that was first monitored by IT security companies at the beginning of the year.

    Early infections by Energetic Bear appeared to be based solely around espionage.

    Symantec, a US cyber security company, said on Monday, however, that it had identified a virulent new “attack vector” designed to give the malware control over physical systems themselves.

    Symantec said the group behind Energetic Bear, who they have dubbed Dragonfly, succeeded last year in infecting three leading specialist manufacturers of industrial control systems. Dragonfly then inserted the malware covertly into the legitimate software updates those companies sent to clients.

    As clients downloaded the updates, their industrial control systems become infected. Contaminated software from one of the companies was downloaded to more than 250 industrial systems.

    The malware is said to have indiscriminately infected hundreds of organisations, but by filtering infections to see where it is in regular contact with its command and control servers, Symantec said it had a clear picture of where Dragonfly’s interests lie.

    According to Symantec, which produces the Norton range of antivirus software, Energetic Bear is most actively in use in Spain and the US, followed by France, Italy and Germany.

    (All NATO countries!)

    Symantec said it believed that Dragonfly was “based in eastern Europe and has all the markings of being state-sponsored”.

    Stuart Poole-Robb, a former MI6 and military intelligence officer and founder of KCS Group, a security consultancy, said: “To target a whole sector like this at the level they are doing just for strategic data and control speaks of some form of government sanction.

    “These are people working with Fapsi [Russia’s electronic spying agency]; working to support mother Russia.”

    Timestamps and Cyrillic text and names within the code for Energetic Bear indicate the malware’s origins are in Russia, although attributing cyber attacks is far from an exact science.

    For example, Chinese hackers, who have also been involved in energy-related espionage in the past, have been known to route their attacks through Russia to provide cover for their activities.

  9. #29
    Expatriate American Patriot's Avatar
    Join Date
    Jul 2005
    Location
    A Banana Republic, Central America
    Posts
    48,589
    Thanks
    76
    Thanked 27 Times in 27 Posts

    Default Re: Foreign Hackers Targeted U.S. Water Plant In Apparent Malicious Cyber Attack, Exp

    Massive Cyber Attack Dragonfly, Compromised +1K Power Plants Worldwide
    July 1, 2014 · by Fortuna's Corner · in big data, CIA, cloud computing, Critical Infrastructure Protection, Cyber War, Cybersecurity, Defense Industrial Base, DIA, espionage, spying, FBI, Intelligence Community, Internet, national security, NSA, technology & innovation, terrorism, U.S. Cyber Command, US Military · Leave a comment

    Dragonfly: Massive Cyber Attack Has Compromised +1000 Power Plants Worldwide

    http://www.fortunascorner.wordpress.com

    The cyber security firm Symantec is reporting this morning (July 1, 2014) on their website blog, that “an ongoing cyber espionage campaign — against a range of targets — mainly in the energy sector — has given the attackers the ability to mount sabotage operations against their victims. The attackers, known to Symantec as Dragonfly, managed to compromise a number of strategically important organizations for spying purposes; and, if they had used sabotage capabilities [available] open to them, [they] could have caused [significant] damage or disruption to energy supplies in the affected countries.

    Symantec notes that among the targets of Dragonfly:, were energy grid operators; major electricity generation firms; petroleum pipeline operators; and, energy industrial equipment providers. Symantec notes that the majority of victims were located in the United States, Spain, France, Italy, Germany, Poland, and Turkey.

    Symantec adds that the group is well-resourced, with a range of malware tools at its disposal; and, is capable of launching attacks through a number of vectors. It’s most ambitious attack campaign saw it compromise a number of industrial control system (ICS) equipment providers, infecting their software with a remote access-type Trojan . This discovery prompted the companies to install the malware — when downloading software updates for computers running ICS equipment. These infections not only gave the attackers a beachhead in the targeted organizations network, Symantec notes, but, also gave them the means to mount sabotage operations against infected ICS computers.

    The campaign follows in the footsteps of the Stuxnet cyber virus, which was the first known major malware campaign to target ICS systems. While Stuxnet was narrowly targeted at the Iranian nuclear program; and, had sabotage as its primary goal — Dragonfly appears to have a much broader focus — with espionage and persistent access as its current objective — with sabotage as a an optional capability, if required.

    In addition to compromising ICS software, Dragonfly has used spam email campaigns and watering hole attacks to infect targeted organizations. According to Symantec, the group has used two primary tools, Backdoor Oldrea, and Trojan Karagany. The former, Symantec says, appears to be a custom piece of malware, either written by, or for the attackers.

    Prior to the publication of this article, Symantec says it notified affected victims and relevant authorities, such as the Computer Emergency Response Centers (CERTs) that handle and respond to Internet security incidents.

    Background

    The Dragonfly group, also known as Energetic Bear, appears to have been in operation since at least 2011; and, may have been active even longer than that. Dragonfly initially targeted defense and aviation companies in the U.S. and Canada, before shifting its focus mainly to U.S. and European energy firms in early 2013.

    The campaign against the European and American energy sector quickly expanded in scope. The group initially began sending malware in phishing emails to personnel in target firms. Later, the group added watering hole attacks to its offensive, compromising websites likely to be visited by those working in the energy sector — in order to redirect them to websites hosting an exploit kit. The exploit kit, in turn, delivered malware to the victim’s computer. The third phase of the campaign was the Trojanizing of legitimate software bundles belonging to three different ICS equipment manufacturers.

    Dragonfly, Symantec notes, bears the hallmarks of a state-sponsored operation, displaying a high degree of technical capability. The group is able to mount attacks through multiple vectors, and compromise numerous third party websites in the process. Dragonfly has targeted multiple organizations in the energy sector — over a long period of time. It’s current main motive appears to be cyber espionage, with potential for sabotage a definite secondary capability/option.

    Symantec says that their analysis of the compilation timestamps on the malware used by the attackers — indicate the group mostly worked between Monday – Friday, with activity mainly concentrated in a nine-hour period that correspond to a 9am – 6pm working day in the UTC +4 time zone. Based on this information, Symantec writes, it is likely the attackers are based in Eastern Europe.

    Tools Employed

    Dragonfly uses two main pieces of malware in their attacks, notes Symantec. Both are Remote Access Tool-type (RAT) malware — which provide the attackers with access and control of compromised computers. Dragonfly’s main malware tool, the report says is, Backdoor Oldrea, which is also known as Havex, or the Energetic Bear RAT. Oldrea acts as a back-door for the attackers to turn on the victim’s computer, allowing them to extract data and install additional malware. The gift that keeps on giving — if you will. Oldrea, Symantec contends, appears to be custom malware, either written by the group itself; or, created for it. This provides some indication of the capabilities and resources behind the Dragonfly group.

    Once installed on a victim’s computer, Oldrea gathers system information, along with lists of files, programs installed, and root of available drives. It will also extract data from the computer’s Outlook address book and VPN configuration files. This data is then written to a temporary file in an encrypted format before being sent to a remote command-and-control (C and C) server controlled by the attackers.

    The majority of the C and C severs appear to be hosted on compromised servers — running content management systems, indicating the attackers may have used the same exploit to gain control of each server. Oldrea has a basic control panel which allows an authenticated user to download a compressed version of the stolen data for each particular victim.

    The second main tool used by Dragonfly is Trojan Karagany, according to the Symantec report. Karagany was available Symantec notes, on the underground [Internet] market. The source code for version 1 of Karagany was leaked in 2010. Symantec believes that Dragonfly may have taken this source code and modified it for its own use. This version is detected by Symantec as Trojan Karagany!gen1.

    Karagany is capable of uploading stolen data, downloading new files, and running executable files on an infected computer. It is also capable of running additional plugins, such as tools for collecting passwords, taking screenshots, and cataloging documents on infected computers.

    Symantec found that the majority of computers compromised by the attackers were infected with Oldrea. Karagany was used in only about 5 percent of infections. The two pieces of malware are similar in functionality and what prompts the attackers to chose one tool over the other remains unknown the company said.

    Multiple Attack Vendors

    The Dragonfly group has used at least three infection tactics against targets in the energy sector. The earliest method was an email campaign, which saw executives and senior employees in target companies receive emails containing a malicious PDF attachment. Infected emails had one or two subject lines: “The account” or “Settlement of delivery problem.” All emails were from a single Gmail address.

    The spam campaign began in February 2013, and continued into late June 2013. Symantec identified seven different organizations targeted in this campaign. The number of emails sent to each organization ranged from one to 84.

    The attackers then shifted their focus to watering hole attacks, the company said, comprising a number of energy-related websites and injecting an iframe into each which redirected vendors to another compromised legitimate website hosting the Lightsout exploit kit. Lightsout exploits either Java or Internet Explorer in order to drop Oldera or Karagany on the victim’s computer. The fact that the attackers compromised multiple, legitimate websites for each stage of the operation is further evidence that the group has strong technical capabilities Symantec said.

    In September, 2013, Dragonfly began using a new version of this exploit kit known as Hello exploit kit. The landing page for this kit contains JavaScript — which fingerprints the system, identifying installed browser plugins. The victim is then redirected to a URL, which in turn determines the best exploit to use — based on the information collected.

    Trojanized Software

    The most ambitious attack vector used by Dragonfly, according to Symantec, was the compromise of a number of legitimate software packages. Three different ICS equipment providers were targeted; and, malware was inserted into their software bundles they had made available for download on their websites. All three companies made equipment that is used in a number of industrial sectors, including energy.

    The first identified Trojanized software was a product used to provide VPN access to programmatic logic controller(PLC) type devices. The vendor discovered the attack shortly after it was mounted, but there had already been 250 unique downloads of the compromised software.

    The second company to be compromised was a European manufacturer of specialist PLC-type devices. In this instance, Symantec says, a software package containing a driver for one of its devices was compromised. Symantec estimates that the Trojanized software was available for download for at least six weeks in June and July of 2013.

    The third firm attacked was a European company which develops systems to manage wind turbines, biogas plants, and other energy infrastructure. Symantec believes that compromised software may have been available for download for approximately ten days in April, 2014.

    The Dragonfly group is technically adept and able to think strategically. Given the size of some of its targets, the group found a “soft underbelly” by compromising suppliers, which are invariably smaller, less protected companies.

    Protection

    Symantec notes that is has the following detections in place, that will protect customers running up to date versions of their products from the malware used in these attacks: Antivirus detections and Intrusion Prevention Signatures.

    Obviously, there are other cyber security firms such as FireEye, Palo Alto Networks, Fortinet, Barracuda Networks, etc. that also likely have the requisite cyber security tools, technology and techniques to combat and mitigate these kinds of attacks. While the information that the attackers gained was not used in an offensive way — that we are aware of — this kind of data is important for an adversary who is “mapping” the IT “battlefield” and keeping this information in their kit-bag of tricks. No doubt they are also learning what worked and what didn’t and improving on their techniaues, tactics and procedures. V/R, RCP
    Libertatem Prius!


    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.




  10. #30
    Creepy Ass Cracka & Site Owner Ryan Ruck's Avatar
    Join Date
    Jul 2005
    Location
    Cincinnati, OH
    Posts
    24,166
    Thanks
    31
    Thanked 60 Times in 59 Posts

    Default Re: Foreign Hackers Targeted U.S. Water Plant In Apparent Malicious Cyber Attack, Exp

    This fits in line with when the first article in this thread was posted. Was that a trial run of what this new article discusses?


    'Trojan Horse' Bug Lurking in Vital US Computers Since 2011

    November 6, 2014

    A destructive “Trojan Horse” malware program has penetrated the software that runs much of the nation’s critical infrastructure and is poised to cause an economic catastrophe, according to the Department of Homeland Security.

    National Security sources told ABC News there is evidence that the malware was inserted by hackers believed to be sponsored by the Russian government, and is a very serious threat.

    The hacked software is used to control complex industrial operations like oil and gas pipelines, power transmission grids, water distribution and filtration systems, wind turbines and even some nuclear plants. Shutting down or damaging any of these vital public utilities could severely impact hundreds of thousands of Americans.

    DHS said in a bulletin that the hacking campaign has been ongoing since 2011, but no attempt has been made to activate the malware to “damage, modify, or otherwise disrupt” the industrial control process. So while U.S. officials recently became aware the penetration, they don’t know where or when it may be unleashed.

    DHS sources told ABC News they think this is no random attack and they fear that the Russians have torn a page from the old, Cold War playbook, and have placed the malware in key U.S. systems as a threat, and/or as a deterrent to a U.S. cyber-attack on Russian systems – mutually assured destruction.

    The hack became known to insiders last week when a DHS alert bulletin was issued by the agency’s Industrial Control Systems Cyber Emergency Response Team to its industry members. The bulletin said the “BlackEnergy” penetration recently had been detected by several companies.

    DHS said “BlackEnergy” is the same malware that was used by a Russian cyber-espionage group dubbed “Sandworm” to target NATO and some energy and telecommunications companies in Europe earlier this year. “Analysis of the technical findings in the two reports shows linkages in the shared command and control infrastructure between the campaigns, suggesting both are part of a broader campaign by the same threat actor,” the DHS bulletin said.

    The hacked software is very advanced. It allows designated workers to control various industrial processes through the computer, an iPad or a smart phone, sources said. The software allows information sharing and collaborative control.

  11. #31
    Expatriate American Patriot's Avatar
    Join Date
    Jul 2005
    Location
    A Banana Republic, Central America
    Posts
    48,589
    Thanks
    76
    Thanked 27 Times in 27 Posts

    Default Re: Foreign Hackers Targeted U.S. Water Plant In Apparent Malicious Cyber Attack, Exp

    I mentioned cyberwarfare a couple of days ago along with the article on Putin "not having a real clue" and "living for the minute".

    Of course we all kind of pooh-pooh such statements coming from former soviet aids, but in reality, Putin might be driving the train be he ain't putting the fuel in the vehicle. That would be the Politburo of the old Soviet Union. Remember that those people are still there, many of them, at least the younger people who are now older.

    I don't believe for a second Putin hasn't thought out the future, and he's saying nuclear war is inevitable. That's a blatant threat to the West. "YOu do something we don't like, we'll hit you with nukes".

    People like Obama would be scared of this. Hell, most of Congress is terrified of it.

    But a cyber attack, plus perhaps an emp event would smack America harder than a direct nuclear war if you ask me.
    Libertatem Prius!


    To view links or images in signatures your post count must be 15 or greater. You currently have 0 posts.




  12. #32
    Creepy Ass Cracka & Site Owner Ryan Ruck's Avatar
    Join Date
    Jul 2005
    Location
    Cincinnati, OH
    Posts
    24,166
    Thanks
    31
    Thanked 60 Times in 59 Posts

    Default Re: Foreign Hackers Targeting U.S. Utilities In Cyber Attacks


    Cyberattack Pings Data Systems of At Least Four Gas Networks

    April 4, 2018

    At least four U.S. pipeline companies have seen their electronic systems for communicating with customers shut down over the last few days, with three confirming it resulted from a cyberattack.

    On Tuesday, Oneok Inc., which operates natural gas pipelines in the Permian Basin in Texas and the Rocky Mountains region, said it disabled its system as a precaution after determining that a third-party provider was the “target of an apparent cyberattack."

    A day earlier, Energy Transfer Partners LP, Boardwalk Pipeline Partners LP, and Chesapeake Utilities Corp.’s Eastern Shore Natural Gas reported communications breakdowns, with Eastern Shore saying its outage occurred on March 29. The Department of Homeland Security, which said Monday it was gathering information about the attacks, had no immediate comment Tuesday.

    “We do not believe any customer data was compromised,” said the Latitude Technologies unit of Energy Services Group, which Energy Transfer and Eastern Shore both identified as their third-party provider. “We are investigating the re-establishment of this data,” Latitude said in a message to customers.

    The company wasn’t ready to make a statement or discuss the details of the service disruption yet, Carla Roddy, marketing director at Energy Services Group, said in a brief interview at the company’s headquarters in Norwell, Massachusetts.

    The attacks follow a U.S. government warning in March that Russian hackers are conducting an assault on the U.S. electric grid and other targets. Last month, Atlanta’s government was hobbled by a ransomware attack.

    Computer to Computer

    The electronic systems help pipeline customers communicate their needs with operators, using a computer-to-computer exchange of documents. Energy Transfer said the electronic data interchange system provided by Latitude was back up and working Monday night. The business wasn’t otherwise affected, spokeswoman Vicki Granado said in an email.

    Eastern Shore Natural Gas’s Latitude system was restored on Monday as well, the company said in a notice to customers. In addition to providing EDI services, Latitude also hosts websites used by about 50 pipelines for posting notices to customers. At least some of the websites went down on March 29 and didn’t start returning until Monday, according to Dan Spangler, pipeline manager for data provider Genscape Inc. in Boulder, Colorado.

    “Although all of the sites are back up now, many of them are still missing” data for March 30 and April 1, he said. “Other than Energy Transfer pipes and the pipelines hosted by Latitude, we haven’t seen any issues with gas data.”

    The shutdowns are “not operationally serious in the sense that it’s stopping the natural gas from moving, but it is serious because it’s causing these companies to use workarounds for communication,” said Rae McQuade, president of the North American Energy Standards Board in Houston, which is responsible for developing industry standards.

    “If somebody is running a business that has some kind of critical asset to it -- pipelines, energy, finance -- those networks are going to be targets; those networks have been targets,” said John Harbaugh, chief operating officer at R9B, a Colorado Springs, Colorado, cybersecurity solutions provider.

    Many of the 3 million miles of pipelines that spread across America rely on third-party companies for their electronic communication systems, Andy Lee, senior partner at Jones Walker LLP in New Orleans, said by telephone Tuesday. In turn, they depend on those companies to provide security for those systems from attacks.

    Latitude is “very well known in the industry,” the energy board’s McQuade said. “They have a lot of clients, they are very well respected.”

    The systems are gaining attention from hackers because they’ve proven to be "low-hanging" fruit that creates an opportunity for ransomware or to sell the information on the dark web, Lee said.

    Entry Points

    While the EDI systems may be entry points for hackers, they are likely not the ultimate target, said Jim Guinn, managing director and global cybersecurity leader for energy, utilities, chemicals and mining at Accenture Plc, a technology consulting company.

    “There is absolutely nothing of intrinsic value for someone to infiltrate the EDI other than to navigate a network to do something more malicious," Guinn said by telephone Tuesday. "All bad actors are looking for a way to get into the museum to go steal the Van Gogh painting."

    He also said there is nothing inherently different about oil and gas EDI systems.

    Not First Time

    This isn’t the first time U.S. pipelines have been targeted. In 2012, a federal cyber response team said in a note that it had identified a number of “cyber intrusions” targeting natural gas pipeline sector companies. The group, the Industrial Control Systems Cyber Emergency Response Team, is a division of Homeland Security.

    “It’s important to recognize that this does not appear to be an attack on an operational system,” said Cathy Landry, a spokeswoman for the Interstate Natural Gas Association of America. “An attack on a network certainly is inconvenient and can be costly, and something any company – whether a retailer, a bank or a media company -- wants to avoid, but there is no threat to public safety or to natural gas deliveries.”

    She said she “cannot speak for any of the companies specifically about what may or may not have happened to their systems.”

  13. #33
    Super Moderator Malsua's Avatar
    Join Date
    Jul 2005
    Posts
    7,972
    Thanks
    1
    Thanked 16 Times in 16 Posts

    Default

    These folks need to return to old school shit that wasn't hackable.

    Yes, I'm talking about dial-up, point to point comms over POTS. There's simply no hacking that. Oh, someone may be able to listen in if they are exceptionally gifted, but they couldn't change anything.

    Toss on some end-to-end encryption with one-time passwords for initiating comms and no one is touching that shit.

    The internet is not secure so use something else.

  14. #34
    Creepy Ass Cracka & Site Owner Ryan Ruck's Avatar
    Join Date
    Jul 2005
    Location
    Cincinnati, OH
    Posts
    24,166
    Thanks
    31
    Thanked 60 Times in 59 Posts

    Default Re: Foreign Hackers Targeting U.S. Utilities In Cyber Attacks

    If we were serious about utility cybersecurity, we'd have a version of the Defense Information System Network for utilities exclusively.

    Only thing is, no telling how secure DISN really is if there's Chinese networking gear with backdoors installed on it.

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Similar Threads

  1. Replies: 2
    Last Post: June 6th, 2011, 20:08
  2. S. Korean hackers trade cyber blows with N. Korea
    By American Patriot in forum Southeast Asia
    Replies: 0
    Last Post: January 10th, 2011, 18:43
  3. Replies: 0
    Last Post: December 18th, 2009, 23:38
  4. Replies: 0
    Last Post: October 20th, 2007, 05:25
  5. Replies: 0
    Last Post: September 22nd, 2006, 03:29

Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •