Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

US Electricity Grid Reportedly Penetrated By Spies

kdawson posted more than 5 years ago | from the im-in-ur-wirez-eatin-ur-lectrons dept.

Security 328

phantomfive worries about a report in the Wall Street Journal ("Makes me want to move to the country and dig a well") that in recent years a number of cyber attacks against US infrastructure have been launched over the Internet: "Cyberspies have penetrated the US electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials. The spies came from China, Russia, and other countries, these officials said, and were believed to be on a mission to navigate the US electrical system and its controls. The intruders haven't sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war."

cancel ×

328 comments

Sorry! There are no comments related to the filter you selected.

Remember, folks... (5, Insightful)

Anonymous Coward | more than 5 years ago | (#27500801)

...you must live in perpetual fear. Whenever you're starting to focus on the reality of life, new fear WILL be injected into it to distract you. This is how the natural order sustains itself.

Re:Remember, folks... (1, Insightful)

riskyrik (708727) | more than 5 years ago | (#27500971)

Mod parent up plse. He refers correctly to the type of brainwashing the way the Bush administration has pursuid the last 8 years. Off course there are still a number of elements present that continue this style up to today.

Re:Remember, folks... (5, Insightful)

oodaloop (1229816) | more than 5 years ago | (#27501013)

Uh, does that mean that there aren't real dangers for which we need to be prepared? Might want to check your bathwater for babies before tossing it out.

Re:Remember, folks... (5, Insightful)

Opportunist (166417) | more than 5 years ago | (#27501023)

Are there real threats? Yes, of course there are. But when enough scaremongering is mixed into them, you get the reaction that the OP AC shows: Cry wolf once too often and people will ignore you.

Also, there are a few things that I'd consider a lot more dangerous and worrysome that you don't hear about at all. Intentionally or not, your decision.

Re:Remember, folks... (-1, Troll)

Anonymous Coward | more than 5 years ago | (#27501031)

Hi, I love macs more than my family. If anyone needs their dick sucked, you know who to call! (me of course, you silly goose!)

-jcr

Re:Remember, folks... (4, Insightful)

oodaloop (1229816) | more than 5 years ago | (#27501167)

How is a former official talking about a real threat scare-mongering? Should he have just kept quiet instead?

Re:Remember, folks... (3, Insightful)

Opportunist (166417) | more than 5 years ago | (#27501259)

There are many real threats (assuming this one is). Why do we get to hear about this one now? Is it coincidence that this surfaces at the 'right' time when security money is being redistributed?

Re:Remember, folks... (5, Insightful)

totally bogus dude (1040246) | more than 5 years ago | (#27501445)

Probably not coincidence, but that doesn't mean it's sinister or improper. If you knew of a significant threat that wasn't being addressed, and it was that time when the People In Charge were working out where to spend money (i.e. are actively seeking information and advice on the most effective use of their funds), wouldn't that seem like an ideal time to try to raise awareness of it?

Or would you prefer to wait until there's no money to spend and nobody currently in a position to do anything about it before announcing it?

Not saying it isn't all another scam to get free money, but just because it might be doesn't mean it is.

Re:Remember, folks... (4, Funny)

Thanshin (1188877) | more than 5 years ago | (#27501141)

Whenever you're starting to focus on the reality of life, new fear WILL be injected into it to distract you.

Oh god! I'm so afraid of the fear injecting big brother.

This story is 100% false flag OPS (1)

cheekyboy (598084) | more than 5 years ago | (#27501213)

1. these systems are NOT new, and arent connected directly to the net except incoming emails.

2. control stations arent controlled by users desktop systems.

3. gambling networks are more secure, and older.

4. this is an excuse to create a mass event, so they can find a reason to 'SECURE THE NET' via EVIL means, ie, only authorized webservers, all ports but 80 blocked, everything logged.

Re:This story is 100% false flag OPS (1)

OolimPhon (1120895) | more than 5 years ago | (#27501375)

...except incoming emails.

Well, there ya go. Prime transport method for viruses, worms, trojans...

Re:This story is 100% false flag OPS (0)

Anonymous Coward | more than 5 years ago | (#27501423)

ZOMG Conspiracy Theory

Re:Remember, folks... (5, Insightful)

afxgrin (208686) | more than 5 years ago | (#27501237)

Not to mention the creation of an alien enemy. Obviously - OBVIOUSLY - the IP addresses come from Russia and China - and in no way could a proxy be used from those countries - by an American. No way that could ever happen.

Obviously the spies are Russian or Chinese, because Americans would have no reason to hack into their own government's systems.

Jesus Christ. (1, Funny)

Anonymous Coward | more than 5 years ago | (#27500805)

It's a fire sale.

NUKE the kommie bastards once and for a!! (-1, Offtopic)

Anonymous Coward | more than 5 years ago | (#27501279)

Let them eat shit and die /./.

Kapitan, I believe ve have determined a pattern (0)

BadAnalogyGuy (945258) | more than 5 years ago | (#27500813)

Watch zis zignal. It fluctuates betveen zero and vun at a constant rate. Yes, here it is. 60 Helmholtz.

Vut could it mean?

Big surprise (2, Insightful)

cdgeorge (775179) | more than 5 years ago | (#27500831)

I'm sure China and Russia are having the same kind of problem.

Re:Big surprise (4, Insightful)

AigariusDebian (721386) | more than 5 years ago | (#27501051)

Nope, electrical grid computers in exUSSR region do not even have the theoretical capacity to be connected to the public Internet. I am amazed there is an actual data linkage between the public Internet and the computers even remotely related to the power control functionality.

Re:Big surprise (1, Flamebait)

m0rph3us0 (549631) | more than 5 years ago | (#27501121)

You do know that the US penetrated the Soviet pipeline system and has caused industrial accidents with that right?

Re:Big surprise (2, Informative)

Anonymous Coward | more than 5 years ago | (#27501333)

You do know that the US penetrated the Soviet pipeline system and has caused industrial accidents with that right?

The US didn't "penetrate" the pipeline system. The Soviets did it to themselves by stealing software.

Lesson to be learned: If you find pipeline control software inside a big wooden rabbit then don't take it and certainly don't run it.

Re:Big surprise (2, Informative)

benjfowler (239527) | more than 5 years ago | (#27501397)

I seem to remember that the CIA planted a logic bomb in an shipped component; and it was nothing to do with the system getting hacked over a network.

Re:Big surprise (2, Informative)

Anonymous Coward | more than 5 years ago | (#27501429)

You do know that the US penetrated the Soviet pipeline system and has caused industrial accidents with that right?

This is what I believe you are talking about: http://www.builderau.com.au/architect/work/soa/US-software-blew-up-Russian-gas-pipeline-/0,339024596,320283135,00.htm

Russia tried to steal the software to control the pipelines. The US caught wind of the plan and planted bugs in there to cause problems. The US did NOT hack in and cause it.

Re:Big surprise (0, Offtopic)

Shrike82 (1471633) | more than 5 years ago | (#27501133)

See, the fact that the parent post is modded flamebait epitomises bad modding.

Shame on whoever considers this flaming. Get a dictionary.

Re:Big surprise (1)

jeffstar (134407) | more than 5 years ago | (#27501335)

how else is a power station operator on a remote plant supposed to work? You don't expect them to go to the plant if it is hours away from anything. Stay at the plant, away from families? Forget it. operators telecommute too!

People always say these things aren't connected to the internet and there are supposed to be seperate control and communication and PC networks but I bet few plants actually have that. Maybe super critical ones like nuclear, but your average small hydro or peaking gas plant...

Time, Budget, the need to get that sensor or remote control connected to something, anything, whatever is near by so we can talk to it *now* and then the temporary fix becomes permanent

Re:Big surprise (1)

Antique Geekmeister (740220) | more than 5 years ago | (#27501361)

And don't forget fools with laptops who leave their wi-fi on when they are connected to the internal network, and fools who install 'PCAnywhere' on their desktop hooked to their desktop, and the spread of the littls 3G modems and VPN's so people can work on the train. Couple this with really, really stupid behavior like unlocked SSH keys in NFS shared home directories, or Subversion and CVS storing passwords in clear text in people's home directories on NFS servers, and you have a disaster begging to happen.

So once a while (4, Insightful)

microbee (682094) | more than 5 years ago | (#27500835)

"Some officials" come forward and warn about threats from China, Russia, Iran and North Korea. "Ya know, Sir, we need funding for enhancing national security, so please make sure you get your budget right."

Quite so... (2, Interesting)

denzacar (181829) | more than 5 years ago | (#27501137)

From TFA:

But protecting the electrical grid and other infrastructure is a key part of the Obama administration's cybersecurity review, which is to be completed next week.
Under the Bush administration, Congress approved $17 billion in secret funds to protect government networks, according to people familiar with the budget.
The Obama administration is weighing whether to expand the program to address vulnerabilities in private computer networks, which would cost billions of dollars more.
A senior Pentagon official said Tuesday the Pentagon has spent $100 million in the past six months repairing cyber damage.

Sounds a lot like someone is making up excuses and drumming up support to ask for more government money.

Re:Quite so... (4, Informative)

gclef (96311) | more than 5 years ago | (#27501281)

Close, they're drumming up support for S.773 and S.778. These bills are designed to give the executive the power to control the security of vital parts of the internet. If they can show that these vital parts of the net are compromised, and therefore risking America, they have an easy talking point when lobbying congress members.

Re:Quite so... (2, Interesting)

Anonymous Coward | more than 5 years ago | (#27501327)

Don't forget an easy way to shut down the internet when some whistleblower decides it's time to disseminate those files he has before the government removes him... Only instead of in the movies where he gets away with it, because the internet is 'free' and routes around damage. The whole damn thing suddenly goes dark because our glorious and incorruptable administrators decided it's 'better for all involved' this way.

Oh no... (2, Funny)

Professeur Shadoko (230027) | more than 5 years ago | (#27500839)

They must have the CIP module !

Former officials... (4, Funny)

onion2k (203094) | more than 5 years ago | (#27500847)

former national-security officials

Aren't these people just admitting that they were incompetent? That's refreshingly honest of them.

Re:Former officials... (4, Interesting)

Antique Geekmeister (740220) | more than 5 years ago | (#27501385)

Not necessarily. I've been in the situation where security issues that I warned about, documented, and was refused resources or permission to secure were in fact used against my employer. The Morris Worm in 1988 was a particularly bad example: I had printouts of the management refusals to permit security updates in a locked cabinet to prevent tampering, and my goodness, was I glad I had those. I keep similar files to this day, as a matter of basic self-defense when layoffs are pending and managers are looking for things to blame on our technical people in order to fire them and avoid paying severance bundles.

Re:Former officials... (1)

testpoint (176998) | more than 5 years ago | (#27501405)

Yes, they are incompetent. And congress would like to apply this same standard of expertise to our medical records.

Software programs? (5, Insightful)

gzipped_tar (1151931) | more than 5 years ago | (#27500859)

I thought mission critical computers should not be reachable from the Internet. So the spies walked to those computers and planted the software there???

Re:Software programs? (2, Insightful)

MichaelSmith (789609) | more than 5 years ago | (#27500871)

Maybe they got a job working on those systems. I have the internals of several major cities traffic signal systems in my head at the moment, and that is just what I was working on up to ten years ago.

Re:Software programs? (2, Interesting)

margam_rhino (778498) | more than 5 years ago | (#27500927)

Be careful if you live in the UK, this could be classed as material likely to be useful to a terrorist and get you arrested.

Re:Software programs? (1)

gzipped_tar (1151931) | more than 5 years ago | (#27500945)

From the article it seems that the software could be activated whenever its masters behind the scenes wish so, which is not quite easy if it has to be manually triggered by insiders (workers could get fired, etc..). TFA also said "Intelligence officials worry about cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet."

Re:Software programs? (1)

MichaelSmith (789609) | more than 5 years ago | (#27501011)

From the article it seems that the software could be activated whenever its masters behind the scenes wish so, which is not quite easy if it has to be manually triggered by insiders (workers could get fired, etc..)

Given control of the firmware and software at some point I can think of a way to do it on the traffic signal system. Just send it messages through its normal inputs. Send morse code in through a pedestrian signal button, look for feedback in the flashing walk signal.

Maybe for the power system you could signal it through its fault database. A pylon on fire reported by a Mr A Cross of Smith street has a particular meaning to your hidden easter egg. If that system is not appropriate you could (ab)use other sensors like temperature and moisture sensors.

Re:Software programs? (1)

Shrike82 (1471633) | more than 5 years ago | (#27501155)

TFA also said "Intelligence officials worry about cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet."

You have to wonder at what point someone thought it would be a good idea to directly connect hardware responsible for the safe operation of a nuclear power plant to the Internet. Or do they mean "taking control" in terms of something slightly less sinister, like vandalising the plant's public web page and internal e-mail system?

Re:Software programs? (1)

Opportunist (166417) | more than 5 years ago | (#27501029)

Duh! How do you outsource managing them to India or Whereverstan if they can't connect from there?

Remember, today, nothing is as mission critical as it is cost critical...

Re:Software programs? (1)

gadget junkie (618542) | more than 5 years ago | (#27501239)

I thought mission critical computers should not be reachable from the Internet. So the spies walked to those computers and planted the software there???

that happens in the military, where there's a defined physical space between mission critical rigs, unconnected to the internet, and non mission critical rigs, and you must use physical media, "launder" it on a standalone computer, then transfer the data to the mission critical computers.

I do think, tough, that in any event physical security built into the systems would block major damage; no sane engineer would avoid building that into the infrastructure. After all we do have circuit breakers at home, we do not rely on a computer chip.

It might also be that this is a colossal scam, in that some federal agency is "phishing" these guys, which to me could be a perfectly legitimate ruse-de-guerre.

Re:Software programs? (2, Insightful)

giles hogben (1145597) | more than 5 years ago | (#27501317)

USB Keys in car parks used by personel?

Why are they on the internet? (1)

jolyonr (560227) | more than 5 years ago | (#27500863)

While arpanet/the internet was originally designed for just these sorts of things, the modern reality is that critical infrastructure shouldn't really be attached to the internet. Shouldn't there be a private network entirely isolated from the public internet for these things?

Yes it'd be more expensive and it make it less easy for private contractors to work on stuff from their offices, but the word 'critical' is a bit of a clue here.

Not that even this would guarantee security, but it makes it a heap load harder for any would-be hacker.

Jolyon

Re:Why are they on the internet? (4, Informative)

MichaelSmith (789609) | more than 5 years ago | (#27500895)

The systems I work on are typically airgapped, but there is a constant push from users for some access to the internet. A user might need to access meteorological information, and the simplest way is to go online to get the data. Another user might need to refer to work instructions on the corporate intranet, but the intranet gets you to the internet anyway. Like it or not, the internet is working its way into many types of work and many people are starting to expect it to be available.

Re:Why are they on the internet? (4, Insightful)

jolyonr (560227) | more than 5 years ago | (#27500905)

Then I'd suggest they need two PCs.

Re:Why are they on the internet? (4, Informative)

Anonymous Coward | more than 5 years ago | (#27501075)

I actually do work with these exact systems. I have yet to install a system in a control room that had net access to the operator consoles or even the operational servers. These computers - yes, running Server 2003/8 or XP Pro - are patched to the latest and greatest before they leave our shop, but once on-site should never, ever, ever interact with the Internet.

That being said, the PI data servers are designed to be a go-between for the internal secure network, and the rest of the world so the data logging can reach those who need it. Not only does the PI server have security protocols built in, but is required to be installed in a DMZ with full firewall protections, and in some cases a dedicated leased hard line to an off-site office.

So, to summarize, no, the Op stations, the Op servers, should NEVER be connected to the Internet, and we do out best to disable any way of the operators even getting to the OS level, but there are times and reasons that you need to hook the internal network (through full security measures) to the outside world.

Re:Why are they on the internet? (2, Interesting)

BLQWME (791611) | more than 5 years ago | (#27501441)

Any system that needs to be secure should never be allowed access to any network that has public access. If remote systems "need" to communicate it should be done via dedicated leased lines. Even better since we are talking utility type SCADA systems here, why not have the utility lay fiber, line of sight microwave or what have you (as long as it is properly encrypted)? This way if the telco gets ganked, the leased lines can't be traversed.

Re:Why are they on the internet? (1)

MichaelSmith (789609) | more than 5 years ago | (#27501081)

Then I'd suggest they need two PCs.

Then you have a badly integrated UI. What if a user confused one with the other at a critical moment?

Re:Why are they on the internet? (4, Funny)

jolyonr (560227) | more than 5 years ago | (#27501099)

On one they're controlling the power station, on the other they're reading slashdot.

Unless typing 'FIRST POST! LOL' on the wrong box causes a reactor meltdown, I think we'll be ok :)

Jolyon

Re:Why are they on the internet? (0)

Anonymous Coward | more than 5 years ago | (#27501131)

> The systems I work on are typically airgapped

Re:Why are they on the internet? (1)

Thanshin (1188877) | more than 5 years ago | (#27501251)

they need two PCs.

What? No copy paste? You're talking crazy now.

Re:Why are they on the internet? (2, Insightful)

drsmithy (35869) | more than 5 years ago | (#27501067)

The systems I work on are typically airgapped, but there is a constant push from users for some access to the internet. A user might need to access meteorological information, and the simplest way is to go online to get the data. Another user might need to refer to work instructions on the corporate intranet, but the intranet gets you to the internet anyway. Like it or not, the internet is working its way into many types of work and many people are starting to expect it to be available.

Then your users need two PCs and a KVM (or even two completely separate PCs - ideally on opposite ends of the desk - to properly drive the point home).

There are some situations where security MUST override convenience.

Re:Why are they on the internet? (1)

pjt33 (739471) | more than 5 years ago | (#27501087)

I've worked at a games company which had precisely that setup, so it's mind-boggling that major infrastructure companies wouldn't do it.

Re:Why are they on the internet? (2, Interesting)

MichaelSmith (789609) | more than 5 years ago | (#27501147)

There are some situations where security MUST override convenience.

Tell that to the union. Remember power industry operational environments are blue collar work places. I have seen people in similar environments go to any length to get a system they don't want to see shut down. They will play totally dumb, like not noticing they are using the wrong keyboard for hours at a time. Assume that your users are hostile to you. Then design a solution.

Re:Why are they on the internet? (0)

Anonymous Coward | more than 5 years ago | (#27501289)

Bullshit.
Mission critical means exactly that.
Not nearly, not almost, or some exceptions.
There was one HUGE blackout - and lessons have not been learnt.

My old work had dedicated internet terminals, and the cost of wireless dongles and laptops means
isolated can mean just that.

I should say before internet, FSK radio and teleprinters worked fine. Newer, younger, more stupid and cocky is what we have here.

Re:Why are they on the internet? (1)

Jackie_Chan_Fan (730745) | more than 5 years ago | (#27501437)

So you have 1 computer on the internet, and the one siting next to it, is not and can not and will not ever access the internet :)

Re:Why are they on the internet? (1)

Yvanhoe (564877) | more than 5 years ago | (#27500961)

I am not sure that it would really help. It is just a matter of plugging on the good wire. If the protocols used aren't secure, it doesn't make much of a difference whether or not they are connected on the net. As soon as a network is necessary, internet is as good as any...

Very convenient ... (5, Insightful)

krou (1027572) | more than 5 years ago | (#27500875)

From the article:

Under the Bush administration, Congress approved $17 billion in secret funds to protect government networks, according to people familiar with the budget. The Obama administration is weighing whether to expand the program to address vulnerabilities in private computer networks, which would cost billions of dollars more.

So, the week before a review is due looking into whether or not they should increase the flow from the money pump, "current and former national-security officials" have come forward to draw attention to a network of spies in the power grid.

Look, I'm not saying that cyber-attacks don't happen, or that there isn't a risk, but bloody hell, this article reads like a well-crafted piece of BS, designed to put the N back into FUDing.

Re:Very convenient ... (1)

microbee (682094) | more than 5 years ago | (#27500919)

While I was reading it (well I didn't really, but pretend you believed me RTFA), I had a hunch that these officials really got all the threat ideas from certain hot anti-terrorism show. Power grid attack? That sounds too familiar. What's next, I guess a bunch of armed terrorists are just going to break into the white house?

Re:Very convenient ... (2, Funny)

Thanshin (1188877) | more than 5 years ago | (#27500923)

this article reads like a well-crafted piece of BS, designed to put the N back into FUDing.

Nuding?

Re:Very convenient ... (1)

MichaelSmith (789609) | more than 5 years ago | (#27501235)

this article reads like a well-crafted piece of BS, designed to put the N back into FUDing.

Nuding?

Where?

Ya not a real surprise (4, Interesting)

Sycraft-fu (314770) | more than 5 years ago | (#27501077)

Everyone wants money for their projects. Part of getting it is knowing what to sell in your given field. Well, as of late with federal government dollars, national security has been the name of the game. Was more narrow to anti-terror but they are kind losing focus on that. So, it is also no surprise that is what people use to try and get the money, even if what they want really has fuck all to do with it.

For example Consolidated Edison wants to install a super conducting core in for New York's power grid. Reason is the existing grid has load problems and this looks like the best way to handle it, rather than massive amounts of more copper. This is expensive, of course. To the best of my knowledge when this is deployed, it'll be the first super conductor used for commercial power delivery. Means plenty of R&D in addition to the actual costs. Well, sure would be nice if the government would help pay for that... So they got them to.

How? Well they sold it to DHS as an "anti-terror" deal. No idea how this is supposed to be more terror resistant, but DHS bought it and that's what's important. They gave ConEd something like half the money they need for the project.

Now you know that ConEd isn't really doing this as an anti-terror measure, they are doing it as a "grid is overloaded" measure. However, they put that spin on it to get government funding, and it worked. I'm betting this is a similar money grab.

Re:Very convenient ... (0)

Anonymous Coward | more than 5 years ago | (#27501433)

I could swear that these computers are primarily shielded from the Internet due to their incredibly important functions. And if they aren't at LEAST mostly shielded from the Internet, why is this? To say it's FUD seems to be a bit of an understatement.

"LOOK, WE'RE SHOUTING ABOUT TECHNOLOGY; IT HAPPENS THE WAY WE SAY IT DOES BECAUSE IT'S MAGIC"

We have bigger problems than the enemies if their security is this lax.

The Bush Regime (0)

Anonymous Coward | more than 5 years ago | (#27500879)

and the Financial Terrorists were / are the biggest attackers on US infrastructure.

Re:The Bush Regime (0)

Anonymous Coward | more than 5 years ago | (#27501169)

and the Financial Terrorists were / are the biggest attackers on US infrastructure.

Aren't the Financial Terrorist the Wall Street fat cats? They've done worse to this country's economy then any terrorist could have ever hoped for.

California (0)

Rob Kaper (5960) | more than 5 years ago | (#27500883)

Based on what I hear from my friends, they're already testing the software in California?

China and Russia? (5, Funny)

Thanshin (1188877) | more than 5 years ago | (#27500897)

China, Russia, and other countries,

So you mean there are people capable of hacking the US energy grid but who can't start the attacks from a hacked box in Madagascar?

"Who's attacking us?"
"Sir, the attacks come from half a million infected machines all around the world."
"From all coutries?"
"Yes, sir."
"So China and Russia too?"
"Hmm, Yes, of course, sir"
"Damn commies... We should've nuked them a long time ago."

Re:China and Russia? (2, Interesting)

Zocalo (252965) | more than 5 years ago | (#27501139)

So you mean there are people capable of hacking the US energy grid but who can't start the attacks from a hacked box in Madagascar?

Maybe the attackers did start the attacks from the box in Madagascar or wherever, but if that box could be hacked by the attackers then I suppose it's possible that it was also hacked by those tracking these attacks who found evidence pointing back to the usual suspects. That becomes all the more likely if at least some of the hacked systems are parts of a honey net or monitoring of compromised systems in the US shows an abnormally high level of communication back to some countries and not others.

What I find quite interesting about this though is that it's the older cold war opponents being singled out, and not the terrorists like all of those alleged Al Qaeda sympathisers in in quite well connected countries like Pakistan that we keep hearing about. If this were a FUD campaign, then which of those is Joe Public more likely to get worked up about, do you suppose?

Re:China and Russia? (1)

kaaposc (1515329) | more than 5 years ago | (#27501227)

[..] but if that box could be hacked by the attackers then I suppose it's possible that it was also hacked by those tracking these attacks who found evidence pointing back to the usual suspects.

yeah, sure. hacked windows boxes keep bunch of log files for authorities to review.

Re:China and Russia? (1)

TheP4st (1164315) | more than 5 years ago | (#27501417)

If this were a FUD campaign, then which of those is Joe Public more likely to get worked up about, do you suppose?

I don't know about Joe Public. But, for Joe the Plumber terrorist and communist probably are synonyms.

This is the new war. (3, Insightful)

palegray.net (1195047) | more than 5 years ago | (#27500907)

Trust me folks, it's coming. It won't be pretty, either. The power to disrupt a nation's economy via information warfare measures represents a much clearer threat than people trying to get something through airport security.

There's a reason the military is starting to get mighty interested in nerdy types, although most programs designed to leverage these skills are in their infancy. We need to get serious about this fast; other nations certainly are.

Re:This is the new war. (1)

Thanshin (1188877) | more than 5 years ago | (#27500955)

The power to disrupt a nation's economy via information warfare measures represents a much clearer threat than people trying to get something through airport security.

Unless... They're bringing the virus by plane!

From now on, all computers will have to be formatted to pass security.

Don't worry, the stewardesses will give you a Windows CD to reinstall the internet in your portable during flight.

Re:This is the new war. (1)

palegray.net (1195047) | more than 5 years ago | (#27500981)

As amusing as your post may be, the scary thing is how you might be right on some ways. I'd love to belief Homeland Security couldn't possibly be that idiotic, but they've pulled some pretty dumb crap in the past.

That said, I'm delighted to know that Microsoft is finally giving up on further Windows development and just putting the Internet right onto XP discs. I've always wanted my very own copy of the Internet.

Re:This is the new war. (1)

palegray.net (1195047) | more than 5 years ago | (#27500987)

s/belief/believe/

Gimme a break; it's early on the east coast :).

Re:This is the new war. (2, Insightful)

Opportunist (166417) | more than 5 years ago | (#27501109)

The threat is actually in consumer PCs, insecure and filled with malware. My fear is that, if we do not get those boxes secure soon, the Powers That Be will see them as a threat and, instead of requiring you, the user, to take responsibility for your box, demand that all boxes have to be made "secure", i.e. have some kind of mandatory surveillance available to them, or that you may only install whatever is approved and seen as ok by whatever entity your country may put in that place. All in the name of national security, of course. And while we're at it, a few kickbacks here or there may 'encourage' said entity to ensure some monopolies are set in stone.

Not a good thing if you ask me. I'd call for responsibility for your box. Because in the long run, either you're responsible what happens with your box, or that responsibility is taken out of your hands. And given the current political climate, where personal responsibility is shunned in favor of governmental meddling, I'm pretty sure we'd see the latter happening.

Who needs EMP? (0)

Anonymous Coward | more than 5 years ago | (#27501293)

If you can knock out the power grid via software, who needs the expense and difficulty of designing nuclear weapons to deliver an EMP?

You won't get as much disruption but the cost and ability to do it with less detection is much better.

No control structure is on internet (3, Insightful)

aepervius (535155) | more than 5 years ago | (#27500933)

AFAIK the whole remotely controlled stuff is not on internet or anything but on modem and similar box (can't remember their name) to which you have to directly dial in (non routable), and is separately powered from the power grid. If not I would fire the ass of the guy in responsibility: who in their right mind would put the control structure for a power grid, on something which can only be accessed when the same power grid is functioning. Also there are local control which override any possible remote control anyway.

Re:No control structure is on internet (1)

fluch (126140) | more than 5 years ago | (#27500979)

Now somewehere in the depths of the US power grid somebody reads the above comment and thinks silently ... "d'oh!"

Re:No control structure is on internet (1)

MichaelSmith (789609) | more than 5 years ago | (#27501241)

Now somewehere in the depths of the US power grid somebody reads the above comment and thinks silently ... "d'oh!"

Finally an appropriate Simpsons reference.

Re:No control structure is on internet (1)

TapeCutter (624760) | more than 5 years ago | (#27501203)

Thanks, I was looking for someone with a clue.

Re your sig; I first learnt the philosophy of science not from HS (which I dropped out of in '76) but from reading a book by Randi ~30yrs ago so I checked out your amazon link and lo and behold it's Sagan's masterpiece.

Seriously, genuine skeptcisim is a SKILL that needs constant practice but will serve you well in all aspects of daily life, I highly recommend the authors in aepervius' sig.

joe public (0)

Anonymous Coward | more than 5 years ago | (#27500937)

It's not rocket science. It called an air gap.
Why do people (invariably those in authority who have no idea of the consequences) have a perverse desire to hook everything up to the Internet? Iâ(TM)m not talking about John/Jane middle manager, I mean the muppets at the top âoedriving down costsâ. Was it so poorly managed prior to internet? Was there no cost effective alternative to internet connectivity? Will it in reality, after all these âoecyberâ hacks, have cost less in the long run using internet connectivity? Security through obscurity is no answer, but using networks that cannot be accessed by joe public does make life easier in the securing of national critical infrastructure. Those in authority keep banging on about how these systems are so important to US life, yet seem to do so little in enforcing the security

Why have they not hook up the Shuttle launch control system to the internet? Its simple. That answer is also not rocket science.

Re:joe public (0)

Anonymous Coward | more than 5 years ago | (#27501283)

The Shuttle isn't rocket science?

Nation states responsible? (1)

Britz (170620) | more than 5 years ago | (#27500939)

I always thought that nation states would be much more careful than to leave anything behind and would also limit their activities very much in order not to be detected and possibly embarrass their government (diplomacy and all). Also this kind of actitvity could be considered as an act of war.
But since this kind of activity could very well be conducted by other entities than nation states. And they are. All the time. They are also very hard to trace.
Given those facts maybe nation states use this excuse and acutally conduct this kind of activity.

Anyone got a clue?

I couldn't resist... (1, Funny)

Anonymous Coward | more than 5 years ago | (#27501001)

In Soviet Russia... the Grid penetrates the Spies!

Sorry

Yea good luck... (0)

Anonymous Coward | more than 5 years ago | (#27501033)

Maybe they can figure out the tangled mess that is the US electrical grid.

Remember folks, (0)

Anonymous Coward | more than 5 years ago | (#27501059)

..internet is BAAAAD!!! We have to REGULATE it, internet access is like having a gun, we have to identify every single person on the net! ..except those hackers, who.. oh.. damn.

In other news: standing in cold weather with too little clothes on too long may result in death! Planet earth is attacking us!!!

Had to be done (3, Funny)

TechnoFrood (1292478) | more than 5 years ago | (#27501175)

Spy sappin' my generator.

Air conditioners... (1, Flamebait)

VinylRecords (1292374) | more than 5 years ago | (#27501179)

The time that power goes out most frequently where I live (New York City, Hudson Valley, Syracuse all year round) is during the summer on the hottest days. What is straining the electrical grid so much? Air conditioners. On the hottest days of the summer you will always experience brownouts, and sometimes, the days get to hot that a large section of our part of the country loses power.

Millions of New Yorkers depend on electricity in their daily lives. Prolonged power outages are not only a nuisance -- they are also potentially life-threatening and can cause major economic losses.

Power outages occur most often during the summer months, when residents run air conditioners and power usage is at its peak.

http://www.nyc.gov/html/oem/html/hazards/utilities_power.shtml [nyc.gov]
- - -
http://en.wikipedia.org/wiki/Northeast_Blackout_of_2003#Causes [wikipedia.org]
The 2003 Northeast blackout was caused by urban sprawl interacting with silvan areas. On hot days, wires can cause fires, especially when tree branches are resting on the electrical wires because we decided running power lines through wooded areas was good decision.

http://en.wikipedia.org/wiki/New_york_blackout#Cause [wikipedia.org]
Lightning can also cause fires, especially on hot days, resulting in damage so great that major areas like NYC lose power for an entire day. For this blackout there were three lightning strikes that took out power lines causing major damage to NYC's power supply.
- - - - -
The Wall Street Journal should be ashamed for printing such ridiculous and manipulating propaganda. Major power outages happen entirely because of over consumption of electricity during the hottest days of the years. There is no global anti-American electrical conspiracy that is possibly going to be more damaging than mother nature (lightning, fire) and human nature (needing to be cool on hot days aka mass air conditioner use).

Last year, a senior Central Intelligence Agency official, Tom Donohue, told a meeting of utility company representatives in New Orleans that a cyberattack had taken out power equipment in multiple regions outside the U.S. The outage was followed with extortion demands, he said.

In a chilling scenario reminiscent of James Bond and other action spy movies, the CIA has confirmed that Internet attackers have succeeded in compromising power grids outside the US in order to hold entire populations to ransom while make extortion demands. The utilities infrastructure security meeting was organized by information security training, certification and research group the SANS Institute and was held in New Orleans last week.

US Central Intelligence Agency senior analyst Tom Donohue told a gathering of 300 US, UK, Swedish, and Dutch government officials and engineers and security managers from electric, water, oil & gas and other critical industry asset owners from all across North America, that "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands." Mr Donohoe was not explicit as to whether the extortionist cyber attackers, which had brought down the power of entire cities, were terrorists with political motives or were criminals attempting to extort financial ransom. He also did not name the regions that had suffered attacks other than to say they were outside the US. "We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge," said Mr Donohue. "We have information that cyber attacks have been used to disrupt power equipment in several regions outside the United States.

In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet." According to Mr. Donohue, the CIA actively and thoroughly considered the benefits and risks of making this information public, and came down on the side of disclosure.

Could these lies be anymore vague and secretive? "We have information," aka "We have information that you don't," aka "We have (made up information) information (to scare you as a form of societal mind control)". Some parts of our government (and the media for reprinting their lies and manipulation) need to be removed from the planet.
http://www.itwire.com/content/view/16169/53/ [itwire.com]

Re:Air conditioners... (1)

MichaelSmith (789609) | more than 5 years ago | (#27501247)

We should require aircon systems to incorporate photovoltaic power supplies.

Well, so much for all those electric cars . . . (1)

PolygamousRanchKid (1290638) | more than 5 years ago | (#27501189)

I'd better stick to a gasoline powered vehicle, those damn foreign Cyberspies with be monkeying around which the electricity switch

. . . and wow, does the Internet need electricity to run? I hope those foreign Cyberspies now what they will be starting, when they cut off the US supply of porn.

It ain't gonna be pretty. Maybe we can convert the Internet to run on gasoline?

Why they don't kill the Electric Grid (1)

Danathar (267989) | more than 5 years ago | (#27501195)

Cause they hold all our debt and killing our economy means we can't pay them back....

Re:Why they don't kill the Electric Grid (1)

Hognoxious (631665) | more than 5 years ago | (#27501387)

Then I hope they don't get the idea that we couldn't (or wouldn't) anyway.

If I couldn't get my money back, at least I'd like a bit of entertainment.

Critical/Sensitive systems on the internet? (-1, Redundant)

erroneus (253617) | more than 5 years ago | (#27501263)

Why are connections to these systems even on the internet at all? I read through the article and am left with more questions than answers. Forget about asking why critical and sensitive systems are running under Windows, why are they connected at all to the internet? There should be no need for it and really good reasons for them not to be.

I have my doublts. (1)

w0mprat (1317953) | more than 5 years ago | (#27501297)

I'm doubting the veracity of these claims. We lack the technology to send spies down mains wires.

From The Internet (1)

dword (735428) | more than 5 years ago | (#27501323)

It sounds to me like someone needs to try and grab more control over that Internet thing. First pedophiles, then terrorists, it seems that you can start whole revolutions [slashdot.org] (linked in case anyone missed yesterday's news) using it and now THIS? The government must find a way to control it or we're all doomed! AAAaaaaaaaaaaaaaaaa!!!!!!!!!!

Old news - real, but old (1)

keraneuology (760918) | more than 5 years ago | (#27501325)

From time to time they have conducted mock attacks and it has been demonstrated more than once that an external agent could destroy various pieces of equipment by ordering them to perform out of spec. And there are other weak points as well - hack into the railroads and instruct the train to deliver the coal to the wrong place, for example. But here's a story from August 13 2001 in the LA Times [jammed.com]

For two weeks last spring, hackers wormed their way inside a computer system that plays a key role in moving electrical power where it is needed around the state. The computers belong to the California Independent Service Operator, an agency that oversees much of the state's electricity transmission grid--including the massive complex of power plants and transmission lines. Cal-ISO patched the flaw that allowed hackers to roam through portions of its network before power supplies were affected. But the episode sent shock waves throughout the energy industry.
The crux of the issue is that the system is vulnerable - recall 2003 when a single tree branch killed power across several states for a week? That is not indicative of a healthy and robust grid system. And if the system is that vulnerable to an accident what would happen if somebody with malice aforethought (and a degree in EE) decided to spice things up a bit?
Unless the utility companies make explicit plans to correct things a macro-catastrophe is inevitable. Personally I think that a solar storm is more likely than a terrorist attack but it *WILL* happen and tens of millions of people will lose their grid indefinitely (probably several years to restore full access). (I further predict that the system will be rebuilt to the old specs because it will be cheaper and easier to do it that way, flushing an opportunity to build a hardened grid).
This is your transformer [alfatransformer.com] . (note that this company claims to be able to repair your transformer in less than 30 weeks - that means that)
This is your transformer after a solar storm [noaa.gov] . Yes, the sun did this.
This is the transformer with which most geeks are more familiar [howstuffworks.com] .

Why is this stuff connected to the Internet? (1)

dpbsmith (263124) | more than 5 years ago | (#27501359)

I don't get it.

Why is this stuff connected to the Internet?

Who decided to connect it to the Internet?

When did they start connecting it to the Internet? They always used to tell us not to worry, because it wasn't.

Can't these guys afford a few leased lines?

False panic spreading... (0)

Anonymous Coward | more than 5 years ago | (#27501383)

This is not news, this is crap.

It comes from unnamed sources, reflects unspecified incidents, and reveals a danger that seems obvious, if you know how to use your brain, that is. I didn't know Wall Street Journal was a tabloid.

I just got seriously annoyed and had to write something.. Will my comment, in the end, just help this piece of trash stay on the main page list? :/

American government is so pridictable (0)

Anonymous Coward | more than 5 years ago | (#27501399)

I guess it's another 'coincidence' this FUD comes to us on the heels of legislation seking to install a 'Cybersecurity Czar'.

Shocking! (1)

MeNotU (1362683) | more than 5 years ago | (#27501415)

Just absolutely Shocking!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>