News Forum

US video shows hacker hit on power grid

 
 



Go Back   News Forum > Top Stories > Breaking News
Breaking News Forum US video shows hacker hit on power grid at News Forum - AP - A government video shows the potential destruction caused by hackers seizing control of a crucial part of the ...

Reply
 
LinkBack Thread Tools Display Modes
Old 09-27-2007, 02:39 AM   #1
Senior Member
 
NF Reporter's Avatar
 
Join Date: Nov 2006
Posts: 67,413
Default US video shows hacker hit on power grid

AP - A government video shows the potential destruction caused by hackers seizing control of a crucial part of the U.S. electrical grid: an industrial turbine spinning wildly out of control until it becomes a smoking hulk and power shuts down.



Full Story...
NF Reporter is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 05-08-2009, 11:40 PM   #2
Senior Member
 
Join Date: Aug 2007
Location: Okolona, Ky.
Posts: 26,302
Cool

Granny says, "Dat's right - Obama gonna hack the hackers...

US threatens military force against hackers
9 May 2009, Cyber espionage and attacks from well-funded nations or terror groups are the biggest threats to the military’s computer networks, a top US officer said.
Quote:
Gen Kevin Chilton, who heads US Strategic Command, said he worries that foes will learn to disable or distort battlefield communications. Chilton said even as the Pentagon improves its network defences against hackers, he needs more people, training and resources to hone offensive cyber war capacity. At the same time, he asserted that the US would consider using military force against an enemy who attacks and disrupts the nation’s critical networks.

“Our job would be to present options. I don’t think you take anything off the table when you provide options” to the president, in the wake of an attack, whether the weapon is a missile or a computer program, he said. Chilton’s comments shed the most light to date on the Pentagon’s ongoing debate over how to beef up its abilities to wage and defend against cyber warfare. And they came as the military is planning to set up a new cyber command at Fort Meade not far from Washington that would report to Strategic Command.

Chilton said that his biggest fear is that enemies hack into military battlefield systems, and when an American commander sends out an order that says forces should go left, it is changed to say forces should go right. While most systems are classified and walled off, he said there are often ways to cross into those networks. The other worry is more internal. When a soldier or sailor sits down at a computer, Chilton said “it’s like he’s stepping to the guard gate at his base,” and can open the digital gate and let adversaries in.

Source
waltky is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 08-13-2010, 10:47 PM   #3
Senior Member
 
Join Date: Aug 2007
Location: Okolona, Ky.
Posts: 26,302
Red face

Mebbe if dey could hack into suicide bomber's cars...

Scientists hack into cars' computers -- control brakes, engine remotely
August 13, 2010 - Two sets of researchers have shown that cars' onboard computers can be vulnerable to hackers. Cars remain safe, they say, but the studies show that flaws need to be addressed soon.
Quote:
It sounds like a Hollywood movie: cybercriminals in a van use a laptop to hack wirelessly into the computer-controlled systems of the car on the road ahead. In seconds the target car's engine, brakes, and door locks are under their nefarious control. It doesn't take a great script writer to figure out what's next – except that it's not the movies anymore. It's real – well, almost.

Hackers aren't taking over our cars just yet, but without tighter computer security they be able to before too long, research conducted by scientists at four universities indicates. For example, scientists hacked into a car's computer system by commandeering the wireless tire-pressure monitoring signal of a target vehicle – all while driving at more than 60 miles per hour, according to a joint study released Thursday by Rutgers University and the University of South Carolina.

The new study, along with a similar one from May, suggests looming dangers: People within a vehicle could be tracked using the wireless signals, and they could potentially could be harmed if malevolent hackers learn to exploit or invade a vehicle's control systems from a distance. "Our research shows that there are multiple risks," says Marco Gruteser, associate professor of electrical and computer engineering at Rutgers University. "Privacy is a problem since every car has these unique fingerprints from tire pressure, and that makes it possible to track movements. But this vulnerability can lead to something more serious."

Hacking a car's wireless systems
waltky is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 02-23-2012, 10:26 PM   #4
Senior Member
 
Join Date: Aug 2007
Location: Okolona, Ky.
Posts: 26,302
Question

Granny got her triple A battery flashlight near at hand...

U.S. concerned about Anonymous power grid attack
WASHINGTON, Feb. 21,`12 (UPI) -- U.S. officials are apparently concerned the group Anonymous may launch a cyberattack against the country's electrical grid, The Wall Street Journal reported.
Quote:
National Security Agency Director Keith Alexander discussed the possibility of an Anonymous-led attack in meetings with the White House and other officials, the Journal said. While Alexander has not publicly commented on the electrical grid issue, he has mentioned the "hacktivist" group's ability to go after computer networks. Anonymous, for its part, said it has no plans to disrupt the electrical grid. "Ridiculous! Why should Anonymous shut off power grid? Makes no sense! They just want to make you feel afraid," a post on the AnonOps blog said.

The NSA's concerns follow fears Anonymous also had plans to shut down the Internet on March 31, something the group also denied, PC Magazine reported. "GlobalBlackOut is another Fake Operation. No intention of #Anonymous to cut Internet," @AnonOps tweeted Tuesday. Anonymous has, however, targeted Web sites of U.S. agencies in protest of some of their actions.

Following the shutting down of the Megaupload file site by U.S. authorities, Anonymous launched successful denial-of-service attacks against the Department of Justice Web site and earlier this month disrupted the CIA Web site. The NSA has declined to comment on the electrical grid matter, PC Magazine said.

Read more: U.S. concerned about Anonymous power grid attack - UPI.com
waltky is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 07-27-2012, 08:28 AM   #5
Senior Member
 
Join Date: Aug 2007
Location: Okolona, Ky.
Posts: 26,302
Wink

Granny keeps her flashlight close at hand in case dem hackers cut off the `lectricity...

DoD official: Vulnerability of U.S. electrical grid is a dire concern
July 27th, 2012 - Speaking candidly at the Aspen Security Forum, one defense department official expressed great concern about the possibility of a terrorist attack on the U.S. electric grid that would cause a “long term, large scale outage.”
Quote:
Paul Stockton, assistant secretary for Homeland Defense and Americas’ Security Affairs at the Department of Defense, said such an attack would affect critical defense infrastructure at home and abroad – a thought that Stockton said was keeping him up at night. “The DOD depends on infrastructure in order to be able to operate abroad. And to make those operations function, we depend on the electric grid,” Stockton said. The concern, Stockton continued, was that America’s adversaries would avoid attacking “the pointy end of the spear,” meaning combat troops, and would instead look for homeland, possibly non-military, targets. “Our adversaries, state and non-state, are not stupid. They are clever and adaptive,” Stockton said. “There is a risk that they will adopt a profoundly asymmetric strategy, reach around and attack us here at home, the critical infrastructure that is not owned by the Department of Defense.”

But Stockton’s concerns were not solely limited to terrorist attacks. Other concerning scenarios, said the assistant secretary, include geomagnetic disturbances, earthquakes and other natural disasters that could take down the grid. According to Stockton, a recurrence of a massive earthquake, like the New Madrid earthquake of 1812, “would cause a power outage for weeks to months across a multi-state area, rolling blackouts in the East Coast…” The New Madrid earthquakes hit along the Mississippi River in the town of New Madrid (now part of Missouri) and is still considered one of the largest earthquakes to ever hit the Eastern United States.

In response to a scenario like this, Stockton told the crowd that the Department of Defense is working with power companies in the Washington area – namely Pepco, Baltimore Gas and Electric and Virginia Dominion – and giving these companies “a new design basis for the grid of the future that takes into account cyber threats and other emerging threats.” Additionally, the three power companies and the Department of Defense are determining, in case of a massive outage, who gets their power restored first, according to Stockton. Even with the dire outlook, Stockton said that Secretary of Defense Leon Panetta is making strides in how to respond to these outages, including changing the way defense supports civil authorities and provides life saving and life sustaining capabilities.

Source
See also:

Cyber Command chief flunks US in readiness to deal with cyber attacks
July 26th, 2012 - Since 2009, online attacks that could destroy key infrastructure in the U.S. have skyrocketed. And the man in charge of cyber defense gave the national a failing grade in being prepared.
Quote:
Gen. Keith Alexander is director of the National Security Agency and commander of U.S. Cyber Command. He spoke Thursday at the Aspen Security Forum in Colorado about cyber threats from around the world. When asked by moderator Pete Williams of NBC how well-prepared, on a scale of 1-10, the U.S. is for a serious cyber attack on a critical part of our infrastructure, Alexander said, "From my perspective I'd say around a 3." He later said that cyber attacks that could not just disrupt computer systems but destroy them or the machines they run have climbed more than seventeen-fold since 2009.

He said the nation's financial industries and Internet-related companies have very robust cyber security, but he's concerned about vital services that many take for granted until they're interrupted. "I'm worried most about the power. I'm worried about water, I think those are the ones that need the most help," Alexander said. But he said these destructive attacks have the potential to cause problems that last much longer than, say, a day without access to your Facebook account. "What they could do is destroy parts of our infrastructure like routers, servers, actual end devices that would have to be replaced. And if you do that in such a way, some of the replacement of that would take weeks or months."

Alexander said the threat to computers and the industries they run is sitting in the average American's hand each day. "Your cell phone is communicating completely digital; it's part of the Internet. Your attack surfaces for adversaries to get on the Internet now include all those mobile devices. And so, if you want to penetrate, you can go through a land line, to the Internet that way, or now we can go through the iPhone, or the Android or through your mobile device that way," Alexander said. "The mobile security situation lags. It's far behind."

His message was not all negative. He said work is under way to improve the nation's cyber defenses. "I do think there are government/industry partnerships to help mitigate as many of these vulnerabilities as possible." And as commander of the Pentagon's Cyber Command, his mission includes "conducting full-spectrum military cyberspace operations." When asked if his command has undertaken such operations he replied, "Yes, but I can't go into that." Alexander is encouraging Congress to pass the Cybersecurity Act of 2012, which would establish what the government and industry can do to protect the nation's computers from attack. The bill is moving through the Senate this week.

Source
waltky is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 04-17-2014, 12:03 AM   #6
Senior Member
 
Join Date: Aug 2007
Location: Okolona, Ky.
Posts: 26,302
Lightbulb

Dat's why Granny keeps her flashlight handy - so she can see inna dark...

Security holes in power grid have federal officials scrambling
April 16, 2014: WASHINGTON — Adam Crain assumed that tapping into the computer networks used by power companies to keep electricity zipping through transmission lines would be nearly impossible in these days of heightened vigilance over cybersecurity. To his surprise, it was startlingly easy.
Quote:
When Crain, the owner of a small tech firm in Raleigh, N.C., shared the discovery with beleaguered utility security officials, the Homeland Security Department began sending alerts to power grid operators, advising them to upgrade their software. The alerts haven’t stopped because Crain keeps finding new security holes he can exploit. “There are a lot of people going through various stages of denial” about how easily terrorists — or anyone — could disrupt the power grid, he said. “If I could write a tool that does this, you can be sure a nation state or someone with more resources could.”

In Congress, the vulnerability of the power grid has emerged as among the most pressing domestic security concerns. It is also among the most vexing. At times, lawmakers appear to be working at cross purposes. Some want to empower regulators to force specific security upgrades at utilities. Others are attacking whistleblowers and the media, demanding an investigation into disclosures of how easily the country’s power grid could be shut down. The magnitude of the problem is underscored by insurance giant Lloyds of London, whose appraisers have been making visits lately to power companies seeking protection against the risk of cyberattack. Their take-away: Security at about half the companies they visit is too weak for Lloyds to offer a policy. “When Lloyds won’t insure you, you know you’ve got a problem,” said Patrick Miller, founder of the Energy Sector Security Consortium, a Washington-based nonprofit that advocates for tougher cybersecurity measures for the electricity industry.

The challenges are compounded by lingering tensions between federal law enforcement and the industry. Each accuses the other of being territorial and evasive, neglecting to share confidential incident reports, intelligence analyses and other sensitive data. Power companies, eager to keep regulators at bay, find themselves in a bind. They need to show quickly that they are equipped to protect the grid against outside attacks. They warn the grid is so massive, complicated and fragile that any tinkering needs to remain the responsibility of those who operate it day to day, not well-intentioned but inexperienced federal regulators. “The notion of … a single government agency giving an order to direct changes in the grid is extremely dangerous,” said Gerry Cauley, chief executive of the North American Electric Reliability Corp., the quasi-governmental organization through which utilities manage the power grid.

Even security experts who criticize Cauley’s organization for moving too slowly agree his argument has merit. The problem, said Scott White, a security technology scholar at Drexel University in Philadelphia, is that “you are basically dealing with these monopolies that are determining for themselves which expenditures are a priority. Security has not generally been one.” Utilities deny they’ve ignored the problem, pointing to the billions of dollars they say they’ve spent to upgrade outdated computer systems and close security holes. They are signing contracts with security firms like Booz Allen Hamilton to investigate such things as to how to keep potentially mischievous devices out of the equipment they buy, often from foreign suppliers. The security firms help clients sift through reams of confidential intelligence provided by federal agencies. They simulate cyberattacks. “It is the equivalent of war gaming, like the military does,” said Steve Senterfit, vice president of commercial energy at Booz Allen Hamilton.

MORE
waltky is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 11-14-2014, 12:08 AM   #7
Senior Member
 
Join Date: Aug 2007
Location: Okolona, Ky.
Posts: 26,302
Angry

Uncle Ferd says dem hackers an' terrorists are tryin' to put our lights out...

Former Counterterror Adviser: Attack on Grid Could Leave Part of U.S. in Dark for Months
November 10, 2014 – Former White House Counterterrorism Adviser Richard Clarke on ABC’s “This Week with George Stephanopolous” on Sunday warned that terrorists could gain the capability to attack the U.S. power grid, potentially knocking out power to part of the country for months.
Quote:
“The real worry is that eventually, non-state actors, maybe even terrorist groups, will gain this capability,” Clarke said. Rep. Jim Langevin (D-R.I.), who is on the Armed Services Committee, said there was a study done by the Idaho National Laboratory that showed through a Systems Control and Data Acquisition System (SCADA) attack, a generator – or a number of generators - could be blown up, leaving “a whole sector of the country without electricity for a period of not just days or weeks, but potentially months.”

That’s because the generators are large, Langevin said. “They're not just like batteries that are sitting on a shelf that you can, you know, take one out and plug another one in. These generators take months to build, ship and install.” “What can be done to prevent that?” Stephanopolous asked Clarke. “Well, very little,” Clarke said. “The thing here to really bear in mind is this is not about to happen. We have nuclear weapons. We haven't used them. We have cyber weapons and we've seldom used them. The United States did do a cyber attack on Iran and destroyed some nuclear centrifuges. But this is a contingency and it's very unlikely that it will be used by nation states. “The real worry is that eventually, non-state actors, maybe even terrorist groups, will gain this capability,” he added.

“Is that the real threat, Congressman?” Stephanopolous asked Langevin. “Yes, it is the real threat, and Richard hit it right on the point right now. Right now, these -- these worst weapons and cyber weapons are in the hands of nation states who have the capability but not necessarily the will to use them, but then you have groups like ISIL or al Qaeda, that certainly would have the intent, but not the weapons,” Langevin said. “And that gap, that divide, if you will, seems to be becoming much more narrow and eventually the worst actors will have the worst weapons and they potentially will use them against us,” he said.

Langevin has been “trying to raise the alarm on this,” and he pointed to an information sharing bill that cleared the House but is waiting for Senate action that would pass along classified threat information to the private sector and relay information about attacks experienced by the private sector “back to the government so that information could be more widely shared.” “This is not a problem that we're ever going to be -- that we're ever going to solve. It's one that we need to manage. We need to close the aperture of vulnerability to something that is much more manageable,” he said. “So what we need to do in Congress is pass an information sharing bill. That bill passed and was unanimous out of the House Intelligence Committee, on which I sit. It passed the House with strong bipartisan support. And now we're waiting for the Senate to take it up,” Langevin added.

Former Counterterror Adviser: Attack on Grid Could Leave Part of U.S. in Dark for Months | CNS News
waltky is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 11-21-2014, 04:05 AM   #8
Senior Member
 
Join Date: Aug 2007
Location: Okolona, Ky.
Posts: 26,302
Lightbulb

But we can do it right back to `em...

NSA Director: China can damage US power grid
November 20, 2014: WASHINGTON – The head of the NSA issued a blunt warning Thursday to lawmakers: China can shut down the United States.
Quote:
The grim forecast came from Admiral Michael Rogers, the director of the National Security Agency and commander of the U.S. Cyber Command. Rogers said he believed China along with “one or two” other countries had the capability to successfully launch a cyber-attack that could shut down the electric grid in parts of the United States.

Rogers reiterated that if the U.S. remains on the defensive, it would be a “losing strategy.” Speaking to the House Intelligence Committee, the NSA director said the cyber threat was “so real,” and that agreeing to an international code, a sort of “laws of law” in the cyber realm is urgent. The possibility of such cyberattacks by U.S. adversaries has been widely known, but never confirmed publicly by the nation's top cyber official.

At a House hearing, Rogers says U.S. adversaries are performing electronic "reconnaissance," on a regular basis so that they can be in a position to attack the industrial control systems that run everything from chemical facilities to water treatment plants. Outside experts say the U.S. Cyber Command also has that capability, which in theory should amount to mutual deterrence.

NSA Director: China can damage US power grid | Fox News
waltky is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 12-14-2014, 12:01 AM   #9
Senior Member
 
Join Date: Aug 2007
Location: Okolona, Ky.
Posts: 26,302
Angry

Granny says Obama needs to kick some Iranian butt a-fore our lights go out...

Exclusive: Iran hackers may target U.S. energy, defense firms, FBI warns
12/13/14 - The Federal Bureau of Investigation has warned U.S. businesses to be on the alert for a sophisticated Iranian hacking operation whose targets include defense contractors, energy firms and educational institutions, according to a confidential agency document.
Quote:
The operation is the same as one flagged last week by cyber security firm Cylance Inc as targeting critical infrastructure organizations worldwide, cyber security experts said. Cylance has said it uncovered more than 50 victims from what it dubbed Operation Cleaver, in 16 countries, including the United States. The FBI's confidential "Flash" report, seen by Reuters on Friday, provides technical details about malicious software and techniques used in the attacks, along with advice on thwarting the hackers. It asked businesses to contact the FBI if they believed they were victims.

Cylance Chief Executive Stuart McClure said the FBI warning suggested that the Iranian hacking campaign may have been larger than its own research revealed. "It underscores Iran's determination and fixation on large-scale compromise of critical infrastructure," he said. The FBI's technical document said the hackers typically launch their attacks from two IP addresses that are in Iran, but did not attribute the attacks to the Tehran government. Cylance has said it believes Iran's government is behind the campaign, a claim Iran has vehemently denied. An FBI official did not provide further details, but said the agency routinely provides private industry with advisories to help it fend off cyber threats.

The Pentagon and National Security Agency had no immediate comment. Tehran has been substantially increasing investment in its cyber capabilities since 2010, when its nuclear program was hit by the Stuxnet computer virus, widely believed to have been launched by the United States and Israel. Cyber security professionals who investigate cyber attacks said that they are seeing evidence that Iran's investment is paying off. "They are good and have a lot of talent in the country," said Dave Kennedy, CEO of TrustedSEC LLC. "They are definitely a serious threat, no question."

Iranian hackers are increasingly being blamed for sophisticated cyberattacks. Bloomberg Businessweek on Thursday reported that Iranian hacker activists were responsible for a devastating February 2014 attack on casino operator Las Vegas Sands Corp, which crippled thousands of servers by wiping them with destructive malware. It said the hackers sought to punish Sands CEO Sheldon Adelson for comments he made about detonating a nuclear bomb in Iran.

Exclusive: Iran hackers may target U.S. energy, defense firms, FBI warns
waltky is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 12-14-2014, 12:08 AM   #10
Senior Member
 
Join Date: Aug 2007
Location: Okolona, Ky.
Posts: 26,302
Angry

Granny says Obama needs to kick some Iranian butt a-fore our lights go out...

Exclusive: Iran hackers may target U.S. energy, defense firms, FBI warns
12/13/14 - The Federal Bureau of Investigation has warned U.S. businesses to be on the alert for a sophisticated Iranian hacking operation whose targets include defense contractors, energy firms and educational institutions, according to a confidential agency document.
Quote:
The operation is the same as one flagged last week by cyber security firm Cylance Inc as targeting critical infrastructure organizations worldwide, cyber security experts said. Cylance has said it uncovered more than 50 victims from what it dubbed Operation Cleaver, in 16 countries, including the United States. The FBI's confidential "Flash" report, seen by Reuters on Friday, provides technical details about malicious software and techniques used in the attacks, along with advice on thwarting the hackers. It asked businesses to contact the FBI if they believed they were victims.

Cylance Chief Executive Stuart McClure said the FBI warning suggested that the Iranian hacking campaign may have been larger than its own research revealed. "It underscores Iran's determination and fixation on large-scale compromise of critical infrastructure," he said. The FBI's technical document said the hackers typically launch their attacks from two IP addresses that are in Iran, but did not attribute the attacks to the Tehran government. Cylance has said it believes Iran's government is behind the campaign, a claim Iran has vehemently denied. An FBI official did not provide further details, but said the agency routinely provides private industry with advisories to help it fend off cyber threats.

The Pentagon and National Security Agency had no immediate comment. Tehran has been substantially increasing investment in its cyber capabilities since 2010, when its nuclear program was hit by the Stuxnet computer virus, widely believed to have been launched by the United States and Israel. Cyber security professionals who investigate cyber attacks said that they are seeing evidence that Iran's investment is paying off. "They are good and have a lot of talent in the country," said Dave Kennedy, CEO of TrustedSEC LLC. "They are definitely a serious threat, no question."

Iranian hackers are increasingly being blamed for sophisticated cyberattacks. Bloomberg Businessweek on Thursday reported that Iranian hacker activists were responsible for a devastating February 2014 attack on casino operator Las Vegas Sands Corp, which crippled thousands of servers by wiping them with destructive malware. It said the hackers sought to punish Sands CEO Sheldon Adelson for comments he made about detonating a nuclear bomb in Iran.

Exclusive: Iran hackers may target U.S. energy, defense firms, FBI warns
waltky is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 02-02-2016, 04:56 AM   #11
Senior Member
 
Join Date: Aug 2007
Location: Okolona, Ky.
Posts: 26,302
Angry

Power grids are increasingly tempting target for hackers...

National Power Grids Increasingly Targeted in Cyber Attacks
February 01, 2016 | WASHINGTON — Ukraine’s electric power grid is once again under cyberattack, just one month after a similar incident successfully brought down portions of the system and left millions in the dark.
Quote:
Worse, researchers studying the attacks say the malware believed responsible – a new version of the so-called BlackEnergy bug – has likely spread to numerous European power grids and is poised to infect many more. The attacks and spreading malware have left cybersecurity analysts scrambling to determine not only which systems are at greatest risk, but who might be responsible. “We need to assume it’s already being deployed around Europe,” says Udi Shamir, co-founder and chief security officer for the cybersecurity firm SentinelOne. “This is cyber-warfare; we need to wake up and see that this is war.”


Shamir and his team recently completed a total reverse engineering of the new BlackEnergy3 bug – a technique often used by analysts to learn how bugs work, and possibly who wrote it. What they discovered is that BlackEnergy3 is using the same Microsoft Office vulnerability to spread as its earlier, and less sophisticated, versions, BE1 & BE2. Shamir says that’s unusual, because Microsoft patched that hole in 2014. “There are a few possible explanations,” Shamir told VOA. “First, these just might be old systems that haven’t been updated. Second, someone on the inside might be intentionally spreading this. And third, it’s possible these bugs have been sleeping in systems for months on end, and they’re only now waking up.”

Attribution is notoriously difficult with malware, making it very difficult to conclusively prove who is behind these attacks; however, researchers at the cybersecurity firm iSight previously found similarities between earlier versions of BlackEnergy and the Russian-linked Sandworm malware that targeted NATO infrastructure back in 2014. Shamir found the same similarities in BlackEnergy3, providing his team with “suggestions” of Russian involvement. “The code-style, the clustering, yeah it looks like Russia,” Shamir said. “I’m pretty confident that the origin is from Russia, but I don’t have any bulletproof evidence.” More troublesome, Shamir says this latest version of BlackEnergy is “modular,” making it much easier for hackers to quickly change how the malware works, and significantly harder for security analysts to find and root it out.

MORE
waltky is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Old 07-01-2017, 07:00 PM   #12
Senior Member
 
Join Date: Aug 2007
Location: Okolona, Ky.
Posts: 26,302
Exclamation

Uncle Ferd says if dey can cut our power, dey can cut our water off - den what ya gonna do?...

US Warns Nuclear, Energy Firms of Hacking Campaign
July 01, 2017 — The U.S government warned industrial firms this week about a hacking campaign targeting the nuclear and energy sectors, the latest event to highlight the power industry’s vulnerability to cyberattacks.
Quote:
Since at least May, hackers used tainted “phishing” emails to “harvest credentials” so they could gain access to networks of their targets, according to a joint report from the U.S. Department of Homeland Security and Federal Bureau of Investigation. The report provided to the industrial firms was reviewed by Reuters Friday. While disclosing attacks, and warning that in some cases hackers succeeded in compromising the networks of their targets, it did not identify any specific victims.

Industry looking into intrusions

“Historically, cyber actors have strategically targeted the energy sector with various goals ranging from cyber espionage to the ability to disrupt energy systems in the event of a hostile conflict,” the report said. Homeland Security and FBI officials could not be reached for comment on the report, which was dated June 28. The report was released during a week of heavy hacking activity.

A virus dubbed “NotPetya” attacked Tuesday, spreading from initial infections in Ukraine to businesses around the globe. It encrypted data on infected machines, rendering them inoperable and disrupting activity at ports, law firms and factories. On Tuesday the energy-industry news site E&E News reported that U.S. investigators were looking into cyber intrusions this year at multiple nuclear power generators. Reuters has not confirmed details of the E&E News report, which said there was no evidence safety systems had been compromised at affected plants.

Worry since 2016

Industrial firms, including power providers and other utilities, have been particularly worried about the potential for destructive cyber attacks since December 2016, when hackers cut electricity in Ukraine. U.S. nuclear power generators PSEG, SCANA Corp and Entergy Corp said they were not affected by the recent cyberattacks. SCANA’s V.C. Summer nuclear plant in South Carolina shut down Thursday because of a problem with a valve in the non-nuclear portion of the plant, a spokesman said. Another nuclear power generator, Dominion Energy, said it does not comment on cyber security. Two cyber security firms said June 12 that they had identified the malicious software used in the Ukraine attack, which they dubbed Industroyer, warning that it could be easily modified to attack utilities in the United States and Europe.

Industroyer is the second piece of malware uncovered to date that is capable of disrupting industrial processes without the need for hackers to manually intervene. The first, Stuxnet, was discovered in 2010 and is widely believed by security researchers to have been used by the United States and Israel to attack Iran’s nuclear program. The U.S. government report said attackers conducted reconnaissance to gain information about the individuals whose computers they sought to infect so that they create “decoy documents” on topics of interest to their targets. In an analysis, it described 11 files used in the attacks, including malware downloaders and tools that allow the hackers to take remote control of victims’ computers and travel across their networks. Chevron Corp, Exxon Mobil Corp and ConocoPhillips, the three largest U.S. oil producers, declined to comment on their network security.

https://www.voanews.com/a/us-warns-n...n/3924104.html
See also:

US government warns energy sector of hacking
Sun, Jul 02, 2017 - The US government this week warned industrial firms about a hacking campaign targeting the nuclear and energy sectors.
Quote:
Since at least May, hackers used tainted “phishing” e-mails to “harvest credentials” so they could gain access to networks of their targets, a joint report from the US Department of Homeland Security and FBI said. The report provided to the industrial firms was reviewed by reporters on Friday. While disclosing attacks and warning that in some cases hackers succeeded in compromising the networks of their targets, it did not identify any specific victims. “Historically, cyberactors have strategically targeted the energy sector with various goals ranging from cyberespionage to the ability to disrupt energy systems in the event of a hostile conflict,” the report said.

On Tuesday the energy-industry news Web site E&E News reported that US investigators were looking into cyberintrusions this year at multiple nuclear power generators. There was no evidence safety systems had been compromised at affected plants, the report said.

The US government report said attackers conducted reconnaissance to gain information about the individuals whose computers they sought to infect so that they create “decoy documents” on topics of interest to their targets. In an analysis, it described 11 files used in the attacks, including malware downloaders and tools that allow the hackers to take remote control of victims’ computers and travel across their networks.

US government warns energy sector of hacking - Taipei Times
waltky is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!
Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On


Similar Threads
Thread Thread Starter Forum Replies Last Post
Video shows endangered Sumatran rhino NF Reporter Science / Space 2 04-12-2017 04:16 AM
SoCal heat wave strains power grid NF Reporter Breaking News 2 03-15-2012 09:51 AM
Iran shows video of captured Britons NF Reporter Breaking News 0 03-28-2007 01:22 PM
Surveillance video shows London, France, underpants (CourtTV) NF Reporter Law 1 03-16-2007 07:05 PM
Thanksgiving Day NFL Grid MillerLite Sports 2 11-22-2006 05:10 PM


All times are GMT -5. The time now is 06:14 AM.


Powered by vBulletin® Version 3.8.7
Copyright ©2000 - 2017, vBulletin Solutions, Inc.

SEO by vBSEO 3.2.0 ©2008, Crawlability, Inc.