http://www.guardian.co.uk/world/2013/feb/28/china-cyber-attacks-military-website-us
The Unit 61398 building. Photograph: Peter Parks/AFP/Getty Images
http://www.wnd.com/2013/02/sledgehammer-of-cyber-warfare-emp-attack/
and.....
http://www.csmonitor.com/Environment/2013/0227/Exclusive-Cyberattack-leaves-natural-gas-pipelines-vulnerable-to-sabotage?nav=87-frontpage-entryLeadStory
China claims most cyber-attacks on its military websites have US origin
Beijing says defence ministry and another site subjected to 1.7m attacks last year, two-thirds of which came from within America
Email
China denies allegations made earlier this month that a Chinese military unit was probably behind a series of hacking attacks mostly targeting the US. Photograph: Andy Wong/AP
Two Chinese military websites were subject to about 144,000 hacking attacks a month last year, almost two-thirds of which came from the US,China's defence ministry has said.
Earlier this month a US computer security company said a Chinese military unit was probably behind a series of hacking attacks mostly targeting America, triggering a war of words between Washington and Beijing. China denied the allegations and said it was the victim.
Beijing has now provided some details for the first time of the alleged attacks from the US. "The defence ministry and China military online websites have faced a serious threat from hacking attacks since they were established, and the number of hacks has risen steadily in recent years," said a ministry spokesman, Geng Yansheng, on Thursday.
"According to the IP addresses, the websites were, in 2012, hacked on average from overseas 144,000 times a month, of which attacks from the US accounted for 62.9%."
The comments were made at a monthly news conference, which foreign reporters are not allowed to attend, and posted on the ministry's website.
Geng said he had noted reports that the US planned to expand its cyberwarfare capability but that they were unhelpful to increasing international co-operation towards fighting hacking.
"We hope that the US side can explain and clarify this," he added.
The Unit 61398 building. Photograph: Peter Parks/AFP/Getty Images
The US security company, Mandiant, identified the Shanghai-based Unit 61398 of the Chinese army as the most likely culprits behind the hacking targeting America. Mandiant said it believed the unit had carried out "sustained" attacks on a wide range of industries.
The hacking dispute adds to diplomatic tension between China and the US, already strained by Chinese suspicion about Washington's motives in Asia and arguments over issues from trade to human rights.
and......
http://www.wnd.com/2013/02/sledgehammer-of-cyber-warfare-emp-attack/
WASHINGTON – Warnings from U.S. Defense Secretary Leon Panetta and U.S. Department of Homeland Security Secretary Janet Napolitano that enemy nations are carrying out cyber attacks on the U.S. are on the rise.
The target? The U.S. electric infrastructure.
Even President Obama has pointed out that “our enemies are also seeking the abilities to sabotage our power grid, our financial institutions and our air traffic control systems.”
But that may not be the worst of it. Those same adversaries – China, Russia, Iran and North Korea – also incorporate in their military doctrine the use of a nuclear electromagnetic pulse, or EMP, attack as “part of a strategic operation that would basically ‘throw the kitchen sink’ at the United States,” according to Cynthia E. Ayers, who once was with the National Security Agency and currently is with the U.S. Army War College.
These countries, she said, will “hit us with everything – computer viruses, sabotage of critical communications nodes, kinetic strikes on key information systems and a nuclear EMP attack.”
“The last, an EMP, is their best chance to collapse our national power grid and take us down, perhaps permanently,” she said.
In recent months, U.S. banks, the Federal Reserve, oil and gas production companies, media outlets and U.S. Defense Department and National Nuclear Security Administration entities have reported what Ayers calls a “massive” number – “in the millions” – of cyber attacks daily
As a former employee of the National Security Agency, she is very familiar with cyber attacks on computers through the Internet and telecommunications systems.
North Korea, for example, recently exploded a nuclear weapon in what experts believe may have been a test of the miniaturization of a nuclear bomb that could fit on its missiles. The Hermit State recently tested successfully a three-stage missile that experts said could reach the Western part of the U.S.
The North Koreans also orbited a package during that missile test, which in the future could be a nuclear weapon that could be exploded at a high altitude above the U.S., causing an EMP blast that would virtually knock out the entire U.S. national electric grid system.
Experts agree that countries that cannot match the U.S. militarily have undertaken asymmetrical, or unconventional, warfare in an effort to defeat or seriously impair America.
Such an attack would be in the form of a kinetic engagement, much as Russia undertook when it invaded the neighboring Republic of Georgia with a combination of cyber and military assault techniques.
Ayers said that such an approach served as a “prototype” for “the ultimate cyberwar.”
“In fact, Russian, Iranian, Chinese and North Korean cyberwarfare doctrine includes EMP attacks on critical infrastructure to effectively remove both cyber capabilities and communications from the battlespace of the adversary,” Ayers said.
“Unfortunately, the battlespace is increasingly civilian.”
Just to be clear, she said, there have been increasing warnings of a cyber and EMP threat from America’s adversaries to collapse the nation’s critical infrastructure.
“It is worth repeating,” said U.S. Rep. Patrick Meehan, R-Pa. “The collapse of critical infrastructure, whether through intentional attack or from the effects of a great geomagnetic storm, would essentially remove the United States as an actor on the world stage instantaneously, and long-term.”
However, Ayers pointed out, recent events such as a Cyber Security Conference last October, would have been a good forum to underscore the threats, but there apparently were “legal threats to the briefers” despite having been pre-cleared to discuss nuclear power plant vulnerabilities.
“Their warnings were ultimately withheld, not because the presenters were wrong, or even because of classification, but because of private industry fears of the consequences of such revelations made public,” Ayers asserted.
His assertion is reinforced by a Chicago Tribune story last October revealing that legal fears were muffling warnings of cyber security threats. A separate article in the Sophos publication similarly referred to how nuclear power plant cyber security warnings were silenced due to legal threats.
The notion of a “digital warhead” now is coming into vogue, with the introduction apparently by the U.S. and Israel of the Stuxnet virus aimed at industrial controllers associated with Iran’s power grid and its suspected nuclear weapons-related activities.
Ayers said the Stuxnet worm ultimately gave Iranian cyber experts a “leg up” on the possibilities for response.
She said that the Iranians could refocus this digital warhead and turn it into a weapon of mass destruction.
In turning the Stuxnet virus on the U.S., Ayers said the Iranians or any potential adversary could take down the U.S. power grid from remote locations by targeting specific automated control systems for destruction.
Such an initiative, she said, would be “only one step away from a high-altitude nuclear (EMP) attack.”
She pointed out that Iran and other countries openly have discussed such a prospect with U.S. officials.
“Even if the scale of such a threat seems too grandiose, the fact that the U.S. has not to date responded kinetically to a major cyber attack may make escalation in the form of incrementally more devastating cyber efforts enticing alternatives to a smaller challenger with fewer resources,” Ayers said.
Yet, President Obama has ordered new waves of cyber attacks against Iran even though the Stuxnet virus has become public knowledge.
For some, Ayers says, this alone could become a justification for an Iranian response “unless cyberwarfare is considered simply another tactic of a larger, more strategic warfare doctrine – that is, combining kinetic, strategic communication and cyber.”
and.....
http://www.csmonitor.com/Environment/2013/0227/Exclusive-Cyberattack-leaves-natural-gas-pipelines-vulnerable-to-sabotage?nav=87-frontpage-entryLeadStory
Exclusive: Cyberattack leaves natural gas pipelines vulnerable to sabotage
A government report says a cyberattack against 23 natural gas pipeline operators stole crucial information that could compromise security. Experts strongly suspect China's military.
A yellow underground EnCana natural gas pipeline marker is seen along a road on State Forest Park Land in Kalkaska, Michigan, in 2012.
Rebecca Cook/Reuters/File
Cyberspies linked to China’s military targeted nearly two dozen US natural gas pipeline operators over a recent six-month period, stealing information that could be used to sabotage US gas pipelines, according to a restricted US government report and a source familiar with the government investigation.
From December 2011 through June 2012, cyberspies targeted 23 gas pipeline companies with e-mails crafted to deceive key personnel into clicking on malicious links or file attachments that let the attackers slip into company networks, says the Department of Homeland Security (DHS) report.
The report does not mention China, but the digital signatures of the attacks have been identified by independent cybersecurity researchers as belonging to a particular espionage group recently linked to China’s military.
The confluence of these factors – along with the sensitive operational and technical details that were stolen – make the cyberbreaches perhaps among the most serious so far, some experts say. The stolen information could give an adversary all the insider knowledge necessary to blow up not just a few compressor stations but perhaps many of them simultaneously, effectively holding the nation’s gas infrastructure hostage. Nearly 30 percent of the nation’s power grid now relies on natural gas generation.
“This theft of key information is about hearing the footsteps get closer and closer,” says William Rush, a retired scientist formerly with the Gas Technology Institute who chaired the effort to create a cybersecurity standard applicable to the gas pipeline industry.
“Anyone can blow up a gas pipeline with dynamite. But with this stolen information, if I wanted to blow up not one, but 1,000 compressor stations, I could,” he adds. “I could put the attack vectors in place, let them sit there for years, and set them all off at the same time. I don’t have to worry about getting people physically in place to do the job, I just pull the trigger with one mouse click.”
The report comes at a time of growing US-China tensions over cyberespionage. President Obamacalled for tighter cybersecurity of critical US infrastructure in his State of the Union speech. This month, the White House also released an executive order that attempts to bolster cybersecurity among agencies that regulate electric utilities and other key industries. Congress, however, continues to resist legislation to mandate that such companies meet specific cybersecurity performance standards.
The attacks chronicled in the new DHS report were first reported in an exclusive Monitor article in May 2012, but the report offers confirmation, as well as further details and insights. Of the natural-gas pipeline operators targeted, 10 were infiltrated, another 10 cases are still being investigated, and three were “near misses,” in which the companies narrowly avoided infiltration of their networks, according to the report, titled “Active Cyber Campaigns Against the US Energy Sector” and compiled by DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT).
What was stolen
Sensitive files were stolen that could give a cyberintruder the ability to control, or alter the operation of the pipelines, including usernames, passwords, personnel lists, system manuals, and pipeline control system access credentials, the report says.
“The data exfiltrated could provide an adversary with the capability to access US [oil and natural gas industrial-control systems], including performing unauthorized operations,” the report concludes. The stolen files were part of a “sophisticated attack shopping list.”
According to a source familiar with the DHS investigation, hackers could use the data to directly reset computer-controlled pipeline systems, sabotaging them through extreme pipeline pressures or unsafe valve settings that could result in explosions or other critical failures.
Related stories
How much do you know about cybersecurity? Take our quiz.
- Massive cyberattacks from China? Report claims to expose secret 'Unit 61398.' (+video)
- Why Obama's executive order on cybersecurity doesn't satisfy most experts
- Exclusive: Cyberattacks on US natural-gas pipeline companies, evidence points to China
| Ads by Google |
|
Enjoy AKB48's full livestreamed
concert on YouTube, Google+ 1/23-27 |
Subscribe Today to the Monitor
“These are not children or politically motivated hackers upset with someone’s rhetorical position on something,” says the individual, who was not permitted to speak to the press and so requested anonymity. “These are educated, motivated, well-funded operatives – and they’re working toward something specific. If they exfiltrate credentials, they can log back in as system-level users and do whatever they want … even blow something up.”
The cyberspies installed custom malware to search pipeline companies’ networks for any computer files with the letters “SCAD,” which stand for supervisory control and data acquisition (SCADA). These are the special computerized control systems that software companies create to monitor and operate natural gas pipeline pumping stations, valves, communications, and other systems. Files the malware found and stole are just the sort of information necessary for an attacker to locate and operate compressors, valves, switches, pressure settings, and other pipeline operations, says Robert Huber, a cybersecurity expert at Critical Intelligence, a control-system security firm based in Idaho Falls, Idaho.
For example, among the 28 computer files stolen from the gas pipeline operators’ networks were lists of dialup modem access numbers for critical devices called RTUs, which are scattered across miles of pipeline and give operators the ability to monitor and control their networks – including pipeline pressure. This is the greatest concern to Dr. Rush.
“If you can use this information to reset things – either equipment or the pipeline’s control system – that’s a serious penetration,” he says. “If you’re getting dialup access information to the RTUs through the phone lines, that’s the one that’s pretty scary, very serious.”
China suspected
Natural gas pipelines are crucial to national security, says John Bumgarner, research director for the US Cyber Consequences Unit, a nonprofit group that studies cyberattacks.
“The natural gas pipeline industry is near the top of the US critical infrastructure list, so of course they would be a military target,” he says. “The Chinese would want to get in and understand how the system communicates, how it works, and everything else. Yes, it’s also about gathering business intelligence to improve processes in a foreign country. But those same digital pathways could also be used as a jumping off point for an attack.”
The new link to China comes from the “indicators of compromise” reported by DHS to the industry. Independent experts say these IOCs point to a perpetrators who were identified earlier this month as being part of China’s People’s Liberation Army. The Feb. 19 report by Mandiant, a leading cybersecurity firm in Arlington, Va., traced attacks on 141 companies worldwide to “Unit 61398,” which works out of a 12-story building in Shanghai.
“The IOCs put out by Mandiant and the IOCs put out by ICS-CERT are the same as the IOCs involved in the natural gas pipelines,” says the person familiar with the investigation.
Others researchers come to the same conclusion: All signs point to Unit 61398, which has also been dubbed “APT1” and “Comment Crew.”
“With the gas-pipeline attacks, we know those indicators are associated with APT1,” says Mr. Huber of Critical Intelligence. “We’ve seen this group operating before.”
No comments:
Post a Comment