SCADA Security Incidents and Critical Infrastructure Insecurities

A decent article on the topic of the most hyped cyberterrorism threat of them all - direct attack on the critical infrastrcture of a country by attacking the SCADA devices -- despite increased connectivity and integration with third-party networks, for the time being misconfigurations and failures in maintainance make their impact. What is critical infrastructure anyway? In the days when it used to be a closed network, that is one isolated from the Internet and performance-obsessed top management, dealing with threats was benefiting from the controlled environment compared to the open Internet. Converging both infrastructures to maximize performance, project demand and supply, thus achieving cost-cutting and profits results in the basic truth that poluting the Internet would inevitably influence the what used to be closed critical infrastructure one -- and it already happened on several occasions. Incident in Australia :

"That was the case in Australia in April 2000. Vitek Boden, a former contractor, took control of the SCADA system controlling the sewage and water treatment system at Queensland's Maroochy Shire. Using a wireless connection and a stolen computer, Boden released millions of gallons of raw sewage and sludge into creeks, parks and a nearby hotel. He later went to jail for two years. Not surprisingly, U.S. companies are hesitant to talk about the security of their SCADA networks for fear they may give clues to hackers. But security consultants say problems with them are widespread. Allor's company, for instance, regularly does audits of SCADA systems at major installations such as power plants, oil refineries and water treatment systems.

Almost invariably, Allor said, the companies claim their SCADA systems are secure and not connected to the Internet. And almost invariably, he said, ISS consultants find a wireless connection that company officials didn't know about or other open doors for hackers. Realizing the growing threat, the federal government two years ago directed its Idaho National Laboratory to focus on SCADA security. The lab created the nation's first "test bed" for SCADA networks and began offering voluntary audits for companies."

And more security incidents courtesy of Filip Maertens - Cyber threats to critical infrastructures slides :

1992 -- Chevron -- Emergency system was sabotaged by disgruntled employee in over 22 states
1997 -- Worchester Airport -- External hacker shut down the air and ground traffic communication system for six hours
1998 -- Gazprom -- Foreign hackers seize control of the main EU gas pipelines using trojan horse attacks
2000 -- Queensland, Australia -- Disgruntled employee hacks into sewage system and releases over a million liters of raw sewage into the coastal waters
2002 -- Venezuela Port -- Hackers disable PLC components during a national unrest and general workers strike, disabled the country's main port
2003 -- U.S East Coast blackout -- A worm did not cause the blackout, yet the Blaster worm did significantly infect all systems that were related to the large scale power blackout
2003 -- Ohio Davis-Besse Nuclear Plant -- Plant safery monitoring system was shut down by the Slammer worm for over five hours
2003 -- Israel Electric Corporation -- Iran originating cyber attacks penetrate IEC, but fail to shut down the power grid using DoS attacks
2005 -- Daimler Chrysler -- 13 U.S manufacturing plants were shut down due to multiple internet worm infections (Zotob, RBot, IRCBot)
2005 -- International Energy Company -- Malware infected HMI system disabled the emergency stop of equipment under heavy weather conditions
2006 -- Middle East Sea Port -- Intrusion test gone wrong. ARP spoofing attacks shut down port signaling system
2006 -- International Petrochemical Company -- Extremist propaganda was found together with text files containing usernames & passwords of control systems

Go through the results of the Cyberstorm cyber exercise, and a previous post on The Biggest Military Hacks of All Time to grasp the big picture of what cyberterrorism and asymmetric warfare is all about.

Terrorist Letters and Internet Intentions

A juicy recently de-classified letter to Zarqawi courtesy of the Combating Terrorism Center, reveals possible intentions for Internet based communications :

"We advise you to maintain reliable and quick contact, with all the power you can muster. I am ready to communicate via the Internet or any other means, so send me your men to ask for me on the chat forum of Ana al-Muslim, or others. The password between us is that thing that you brought to me a long time ago from Herat. Then, after that, we would agree with them about e-mails, or you should instruct your men who are in the country that I live in to develop communications with us. We are ready to write to you and to consult with you regarding opinions anytime directly. “By the time, Surely man is at a loss, Except for those who believe and do good, and exhort one another to Truth, and exhort one another to patience."

Rather primitive suggestion compared to the alternatives, it sounds more of a loyal jihadist trying to demonstrate his determination of making an impact. The other day I came across to an article mentioning the possibility of "suicidal hackers", that is hackers who doesn't care whether they'll be caught or not in a possible information warfare scenario -- chinese hackers have been utilizing the power of masses, thus disinforming on the actual sophistication of the attack and directing the traceback efforts to script kiddies.

However, in this case that's an example of a suicidal jihadist.

Filtering "Good Girls" and IM Threats

Respecting your kids' right to privacy while wanting to ensure you're aware of the type of people they IM with? Consider a recently launched initiative, IMSafer aims to filter, not spy on kids :

"Keeping children safe from predatory adults in online communication is a service in high demand, but in order for children to participate the parental control needs to be kept to a minimum. IMSafer is a service that launched today and promises to filter IM communication for conversation deemed potentially predatory. The company says it worked with law enforcement specialists to develop its filtering rules and some of them are quite interesting - the phrase “you’re a good girl” is believed to be common language for building a dominance/submission based relationship, for example. Only questionable excerpts from IM conversations will be shown to parents; the company hopes that this relative privacy will help buy-in from kids."

Yet, this is a great example of marginal thinking when it comes to detecting potential child abuse activities with respect to little princess's -- why not prince? -- right to digital privacy. Whereas in the spirit of Web 2.0, the concept is primarily driven by the collective wisdom of parents participating and shaping the service's database and increasing interactions, IMSafer has already predefined categories of alerts :

"1. Someone looking to make direct contact (i.e. coming to your house)
2. Someone looking to make indirect contact (i.e. calling a phone)
3. Personal information (i.e. phone numbers)
4. Obscene language
5. Specific and sexual references to body parts
6. Specific references to sexual acts
7. Anything related to pedophilia"

Issues to keep in mind :
- the differently perceived dangerous or offensive conversation by parents
- the presumption that the "predator" would be using the same username next time, thus establishing long-lasting reputation
- how kids feeling in the middle of a silent war with their parents could simply IM from another location, one without the software installed excluding the possibilities of bypassing it with nerdy talk or vulnerabilities and hacks appearing on-the-fly
- monitors IM only, thus email, IRC, and forums remain an option for further communication

Don't emphasize on spying, not even filtering, but on educating your kids, thus gaining their participation in the process of building awareness on what's are potentially dangerous IM activities. From another perspective, do bored or adventurous kids spend time chatting with strangers? I think boringness, loneliness, the lack of strong, even developed communications with their folks is the root of the problem. And yes, predators acting as online stalkers, thus improving their chances of utilizing a long-lasting conversation.

Related posts:
What's the potential of the IM security market? Symantec thinks big
"IM me" a strike order

Mark Hurd on HP's Surveillance and Disinformation

Straight from the source - HP's CEO, one that compared to Fiorina's qualitative approaches decided to shift the company's strategy to a quantitative internal benchmarking model -- one is always fulfilling the other and vice versa -- and he succeeded, but with today's competitive environment and seek for "the next big thing" some companies are sacrificing productivity for insider fears related investigations. Not that there aren't any, it's just that this particular case is nothing more than a bored top management employee sending signals to the press. Next time it would be a top floor hygiene COO's comments on how HP are definitely up to something given the late hour conference meetings, the press will quote as "an insider source leaked this to us" type of quotation :

"Now the question is do you pick up the document and turn to page whatever, or do you say, 'are you sure?' He says 'I'm sure.' So then you say, 'what are we going to do?' Now let me give you two thoughts. You could react by not confronting the problem. You talk about ethics. We've gone down the backward looking view. There's also the dimension that says, are you going to bury this or confront it. Pretty big question, right? And I want to make something clear. I only know of the facts around the one leak. I don't know, there's been a lot of speculation around tens of leaks, and they associate with this one person [Jay Keyworth, a longtime HP board member]. This fact was about one leak from this one person who is a really good guy in the sense of contributions he made to Hewlett Packard over many years.

So now you're confronted with data that says, great contributor, and the team is looking at Pattie [Then board chairman Patricia Dunn] and saying 'what are you going to do.' And I can tell you if you're looking down at this room as you're making a decision, my first reaction wasn't to say, 'hey Pattie, why don't you look backward at how the data was collected.' The stress was, how are you going to confront the fact that was being presented to you. You're going to do what?

Now to your point, knowing what we know now I wish we'd looked at a different set of facts. But even at that point, what had been done had been done. You'd have been reacting at that point in time. I don't want to shirk any of this. The buck stops with me. But you can't have a CEO of a company our size being the backstop. The thought that I'm going to catch everything -- revenue, costs, personnel decisions, investigations... you know the scale of this company."

Catch up with the case through a previous post on the topic, and keep on reading.

Government Data Mining Programs - Interactive

A very extensive visualization of various U.S government data mining programs :

"Individually, each piece of information gives only a small glimpse into people’s lives -- but over time, these bits of personal information can begin to reveal patterns. Such as the places they go, the products they buy, or perhaps the type of people they associate with.This pattern-recognition process is called “Data Mining” or sometimes “Knowledge Discovery.” Since September 11, the federal government -- especially intelligence and law enforcement agencies -- have turned to data mining programs to make sense of growing oceans of data. The end result isn’t always about discovering what people have done -- but what people might do tomorrow. What does a terrorist look like? What is the culmination of their credit, contacts, purchases and travel? Is it possible that you might share these similar patterns? Chances are at least some of these programs sift through personal information about you."

Go through the questionnaire for a specific case, directly on a program of interest and see its relationship with the rest, if any of course. Go through a previous post on Able Danger's Intelligence Unit Findings Rejected to find out more about the state of information sharing.

Satellite Imagery of Secret or Sensitive Locations

Continuing the Travel Without Moving Series, and a previous post on Open Source North Korean IMINT Reloaded, this collection of Google Earth, Google Maps, Local Live and Yahoo Maps versions of secret or sensitive locations is worth browsing through. Included coordinates for over 80 locations, for instance :

- Predator Drone Returning From Mission
- Predator Drones at Remote Airstrip
- Predator Drone Taking Off From Remote Airstrip
- TAGS 45 'Waters'
- M80 'Stiletto' Stealth Boat
- U-2 Being Readied For Mission
- Underground Hangars at Sunchon Airbase
- North Korean No-Dong Missile Assembly Building
- Former MI6/FCO high security SIGINT enclave at Poudon
- Former NSA/DoD satellite intercept site
- CIA 'Black Site' for terrorist interogations
- Russian Foreign Intelligence (SVR) Headquarters
- CFS Leitrim - Satellite Singal Interception station
- Russian Don-2NP Pill Box Radar
- Star Wars missile defense support site
- AN/FRD-10 Classic Bullseye Antenna
- Radomes on Fort Belvoir
- Northrop "Secret" Research Facility
- Classic Bullseye listening antenna array

As you will find out the data provided is a historical one -- the UAVs and B2s have already dissapeared for instance. Does the publicly obtainable imagery represent a threat to these locations? Not necessarily, as threats from which these facilities were supposed to be protected from have been replaced by ones requiring a different perspective. The dishes however, are still there, listening..

Related posts and resources:
Satellite
Defense
Military
Japan's Reliance on U.S Spy Satellites and Early Warning Missile Systems
Stealth Satellites Developments Source Book
Anti Satellite Weapons