Tag - tech

1
Israeli Military Networks Breached
2
How the U.S. Thinks Russia Hacked the White House
3
FAA Computer Networks Highly Susceptible To Cyber Attack
4
Energy Sector Tops List of US Industries under Cyber Attack
5
Cyber Attack Caused Confirmed Physical Damage
6
Attributing Cyber Attacks

Israeli Military Networks Breached

According to a report by Blue Coat Systems, the Israeli military networks have been breached by what appears to be Arabic-speaking malicious actors:

Waylon Grange, a researcher with the Blue Coat [PRJCBB.UL who discovered the campaign, said the vast majority of the hackers’ software was cobbled together from widely available tools, such as the remote-access Trojan called Poison Ivy.

The hackers were likely working on a budget and had no need to spend much on tailored code, Grange said, adding that most of their work appeared to have gone into so-called social engineering, or human trickery.

The hackers sent emails to various military addresses that purported to show breaking military news, or, in some cases, a clip featuring “Girls of the Israel Defense Forces.” Some of the emails included attachments that established “back doors” for future access by the hackers and modules that could download and run additional programs, according to Blue Coat.

How the U.S. Thinks Russia Hacked the White House

The White House has ostensibly been compromised by Russian hackers and the U.S. believes it make know how this attack occured:

The White House in October said it noticed suspicious activity in the unclassified network that serves the executive office of the president. The system has been shut down periodically to allow for security upgrades.

The FBI, Secret Service and U.S. intelligence agencies are all involved in investigating the breach, which they consider among the most sophisticated attacks ever launched against U.S. government systems. ​The intrusion was routed through computers around the world, as hackers often do to hide their tracks, but investigators found tell-tale codes and other markers that they believe point to hackers working for the Russian government.

National Security Council spokesman Mark Stroh didn’t confirm the Russian hack, but he did say that “any such activity is something we take very seriously.”

“In this case, as we made clear at the time, we took immediate measures to evaluate and mitigate the activity,” he said. “As has been our position, we are not going to comment on [this] article’s attribution to specific actors.”

If true, this is a huge blunder and quite serious. It is about time for the White House to reconsider their current security architecture because it is obviously in need of an overhaul.

FAA Computer Networks Highly Susceptible To Cyber Attack

According to a report by the Government Accountability Office, the Federal Aviation Administration has a severe deficit in how it secures its own computer networks:

The Federal Aviation Administration has fallen short in its efforts to protect the national air traffic control system from terrorists or others who might try to hack into the computers used to direct planes in flight, according to a government report released Monday.

The Government Accountability Office report credited the FAA with taking steps to deter hackers but concluded that “significant security control weaknesses remain, threatening the agency’s ability to ensure the safe and uninterrupted operation of the national airspace.”

This should come as no surprise to those in the industry, but probably would scare the average layman. It is amazing how much work the U.S. government needs to do to properly security its own networks.

Energy Sector Tops List of US Industries under Cyber Attack

According to a Department of Homeland Security report, the U.S. energy sector tops the list of industries under cyber attack:

A report issued today by the US Department for Homeland Security says that in 2014 the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) responded to 245 incidents reported by asset owners and industry partners.

The energy sector, says Jeremy Cowan, led all others again in 2014 with 79 reported incidents, followed by manufacturing at 65 and worryingly healthcare at 15 reported incidents. ICS-CERT’s continuing partnership with the Energy sector reportedly provides many opportunities to share information and collaborate on incident response efforts.

Cyber Attack Caused Confirmed Physical Damage

Kim Zetter at Wired reporting on the second known time a cyber attack has caused confirmed physical damage:

Amid all the noise the Sony hack generated over the holidays, a far more troubling cyber attack was largely lost in the chaos. Unless you follow security news closely, you likely missed it.

I’m referring to the revelation, in a German report released just before Christmas (.pdf), that hackers had struck an unnamed steel mill in Germany. They did so by manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in “massive”—though unspecified—damage.

This is only the second confirmed case in which a wholly digital attack caused physical destruction of equipment. The first case, of course, was Stuxnet, the sophisticated digital weapon the U.S. and Israel launched against control systems in Iran in late 2007 or early 2008 to sabotage centrifuges at a uranium enrichment plant. That attack was discovered in 2010, and since then experts have warned that it was only a matter of time before other destructive attacks would occur. Industrial control systems have been found to be rife with vulnerabilities, though they manage critical systems in the electric grid, in water treatment plants and chemical facilities and even in hospitals and financial networks. A destructive attack on systems like these could cause even more harm than at a steel plant.

Industrial Control Systems security is the next frontier. This is an area ripe for abuse because of the rush to connect ICS to the internet with an utter disregard for the potential for attack. Plus, many people in the industry lack the understanding of the threat, falsely believe they are protected or just simple do not need protection.

Attributing Cyber Attacks

Abstract on new paper discussing cyber attack attribution:

Who did it? Attribution is fundamental. Human lives and the security of the state may depend on ascribing agency to an agent. In the context of computer network intrusions, attribution is commonly seen as one of the most intractable technical problems, as either solvable or not solvable, and as dependent mainly on the available forensic evidence. But is it? Is this a productive understanding of attribution? — This article argues that attribution is what states make of it. To show how, we introduce the Q Model: designed to explain, guide, and improve the making of attribution. Matching an offender to an offence is an exercise in minimising uncertainty on three levels: tactically, attribution is an art as well as a science; operationally, attribution is a nuanced process not a black-and-white problem; and strategically, attribution is a function of what is at stake politically. Successful attribution requires a range of skills on all levels, careful management, time, leadership, stress-testing, prudent communication, and recognising limitations and challenges.

Copyright © 2015, Scott Jarkoff, & all respective content owners.