Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

DHS Asked Gas Pipeline Firms To Let Attackers Lurk Inside Networks

Soulskill posted about 2 years ago | from the what-could-possibly-go-wrong dept.

Security 114

wiredmikey writes "According to reports, which were confirmed Friday by ICS-CERT (PDF), there has been an active cyber attack campaign targeting the natural gas industry. However, it's the advice from the DHS that should raise some red flags. 'There are several intriguing and unusual aspects of the attacks and the U.S. response to them not described in Friday's public notice,' Mark Clayton wrote. 'One is the greater level of detail in these alerts than in past alerts. Another is the unusual if not unprecedented request to leave the cyber spies alone for a little while.' According to the source, the companies were 'specifically requested in a March 29 alert not to take action to remove the cyber spies if discovered on their networks, but to instead allow them to persist as long as company operations did not appear to be endangered.' While the main motive behind the request is likely to gain information on the attackers, letting them stay close to critical systems is dangerous. The problem lies in the complexities of our critical infrastructures and the many highly specialized embedded systems that comprise them."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered


NEWSFLASH: (5, Funny)

CanHasDIY (1672858) | about 2 years ago | (#39920177)

DHS Actually Just Another Terrorist Organization; Few Surprised by Revelation

Re:NEWSFLASH: (4, Funny)

Dyinobal (1427207) | about 2 years ago | (#39920239)

They should just rename it "Department of lets see if we can get more funding" Because in reality that is all they are trying to do. DOLSIWCGMF

Re:NEWSFLASH: (1, Insightful)

CanHasDIY (1672858) | about 2 years ago | (#39920277)

They should just rename it "Department of lets see if we can get more funding" Because in reality that is all they are trying to do. DOLSIWCGMF

Yea, but then they might end up getting mistaken for all the other 'alphabet agencies,' since that's essentially the purpose of, well, all of 'em.

Two possible source of attackers (1, Interesting)

Taco Cowboy (5327) | about 2 years ago | (#39922839)

1. Attackers who are from abroad, or hired by foreign governments, seeking information on how to disrupt/destroy gas distribution networks in USA, in order to destroy USA.

2. Attackers sent by DHS itself, seeking ways to destroy/disrupt gas distribution networks in USA, in order to justify EVEN MORE URGENT FUNDINGS from the congress


Anonymous Coward | about 2 years ago | (#39927607)

This is what idiots actually believe.

And who were the attackers? (3, Insightful)

Anonymous Coward | about 2 years ago | (#39920215)

The conspiracy theorist in me says DHS.

Re:And who were the attackers? (5, Informative)

daveschroeder (516195) | about 2 years ago | (#39920315)

Yes, it couldn't possibly be adversaries, and people want to do harm to the United States, in an environment where people like you firmly believe that everything must be a "false flag" operation designed to somehow take away your rights.


Or, it could be this:

Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation
http://www.uscc.gov/researchpapers/2009/NorthropGrumman_PRC_Cyber_Paper_FINAL_Approved%20Report_16Oct2009.pdf [uscc.gov]

Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage
http://www.uscc.gov/RFP/2012/USCC%20Report_Chinese_CapabilitiesforComputer_NetworkOperationsandCyberEspionage.pdf [uscc.gov]

How China Steals Our Secrets
http://www.nytimes.com/2012/04/03/opinion/how-china-steals-our-secrets.html [nytimes.com]

China's Cyber Thievery Is National Policy—And Must Be Challenged
http://online.wsj.com/article_email/SB10001424052970203718504577178832338032176-lMyQjAxMTAyMDAwOTEwNDkyWj.html [wsj.com]

FBI Traces Trail of Spy Ring to China
http://online.wsj.com/article_email/SB10001424052970203961204577266892884130620-lMyQjAxMTAyMDAwNzEwNDcyWj.html [wsj.com]

NSA: China is Destroying U.S. Economy Via Security Hacks
http://www.dailytech.com/NSA+China+is+Destroying+US+Economy+Via+Security+Hacks/article24328.htm [dailytech.com]

Chinese Espionage Campaign Targets U.S. Space Technology
http://www.businessweek.com/news/2012-04-18/chinese-espionage-campaign-targets-u-dot-s-dot-space-technology [businessweek.com]

Report: Hackers Seized Control of Computers in NASA’s Jet Propulsion Lab
http://www.wired.com/threatlevel/2012/03/jet-propulsion-lab-hacked/ [wired.com]
http://oig.nasa.gov/congressional/FINAL_written_statement_for_%20IT_%20hearing_February_26_edit_v2.pdf [nasa.gov]

Chinese hackers took control of NASA satellite for 11 minutes
http://www.geek.com/articles/geek-pick/chinese-hackers-took-control-of-nasa-satellite-for-11-minutes-20111119/ [geek.com]

Chinese hackers suspected of interfering with US satellites
http://www.guardian.co.uk/technology/2011/oct/27/chinese-hacking-us-satellites-suspected [guardian.co.uk]

Former cybersecurity czar: Every major U.S. company has been hacked by China
http://www.itworld.com/security/262616/former-cybersecurity-czar-every-major-us-company-has-been-hacked-china [itworld.com]

China Attacked Internet Security Company RSA, Cyber Commander Tells SASC
http://defense.aol.com/2012/03/27/china-attacked-internet-security-company-rsa-cyber-commander-te/ [aol.com]

Chinese Counterfeit Parts Keep Flowing
http://www.aviationweek.com/aw/generic/story_channel.jsp?channel=defense&id=news%2Fasd%2F2012%2F03%2F27%2F04.xml&headline=Chinese+Counterfeit+Parts+Keep+Flowing [aviationweek.com]

China Corporate Espionage Targets U.S. Firms
http://www.businessweek.com/news/2012-03-15/china-corporate-espionage-boom-knocks-wind-out-of-u-dot-s-dot-companies [businessweek.com]

U.S. Official on Cyber Attacks: "It's Getting Harder for China's Leaders to Claim Ignorance"
http://www.securityweek.com/uscc-commissioner-cyberattacks-getting-harder-chinas-leaders-claim-ignorance [securityweek.com]

China's Role In JSF's Spiraling Costs
http://www.aviationweek.com/aw/generic/story.jsp?id=news%2Fawst%2F2012%2F02%2F06%2FAW_02_06_2012_p30-419987.xml&channel=defense [aviationweek.com]

Iran 'mobilizing' for cyberwar with West: experts
http://news.yahoo.com/iran-mobilizing-cyberwar-west-experts-183507442.html [yahoo.com]

...nah, couldn't be anything like that.

Re:And who were the attackers? (0)

Anonymous Coward | about 2 years ago | (#39920419)

or both

Re:And who were the attackers? (3, Insightful)

moortak (1273582) | about 2 years ago | (#39920425)

Yeah, but China and Iran aren't the ones saying to let the attackers hang out for a while.

Re:And who were the attackers? (1)

poity (465672) | about 2 years ago | (#39921401)

That makes no sense as a rebuttal. I mean Hannibal didn't tell the Romans "let me hang out in the Italian countryside for a while" either. That doesn't mean he wasn't working towards Rome's downfall, or that Fabius didn't have a plan to counter him obliquely (or that Fabius wanted to enslave his fellow Romans with made up stories about Carthaginian boogeymen*).

*which is what I gather many slashdotters would have said back in the day.

Re:And who were the attackers? (1)

moortak (1273582) | about 2 years ago | (#39921801)

The reason people are suspicious is that a group with a bad track record is encouraging something dangerous. Sure the Chinese, the Iranians, hell the Canadians are looking to access systems in the US, but that isn't a reason to trust DHS. What we know about this one incident is that DHS made a rather unorthodox request.

Re:And who were the attackers? (0)

Anonymous Coward | about 2 years ago | (#39922711)

Umm... I'm not old enough to remember that. Can we get a car metaphor?

Re:And who were the attackers? (2, Insightful)

cpu6502 (1960974) | about 2 years ago | (#39920427)

The odds of death by terrorist are lower than death by a spacerock falling from the sky & hitting you on the head. Stop being afraid of unlikely events.

Re:And who were the attackers? (1)

daveschroeder (516195) | about 2 years ago | (#39920499)

Ok, I'll stop being afraid of unlikely events.

Since the events linked in my post have all actually occurred or are ongoing right now, and are easily provable to any reasonable person who takes an objective look at reality and the known doctrinal Chinese cyber warfare strategies advocated by the PLA's senior leadership [infosecisland.com] , I suggest we respond and defend appropriately.

That, or continue pretending they don't exist, or that when they do it's all a secret US government plot to oppress its citizens. Yeah, I'm sure that's somehow the better option.

Re:And who were the attackers? (0)

Anonymous Coward | about 2 years ago | (#39921283)

I wish the DHS and FBI would do something rational, like treat every drunk driver or violent criminal as a conspiring terrorist and disappear them to Guantanamo after their first offense. That would do more to protect American lives than most of the crap they do now.

Re:And who were the attackers? (3, Informative)

ArcherB (796902) | about 2 years ago | (#39920789)

The odds of death by terrorist are lower than death by a spacerock falling from the sky & hitting you on the head. Stop being afraid of unlikely events.

Source? Well over 3000 people have been killed by terrorists since 2000. How many have been killed by falling space rock?

Re:And who were the attackers? (0)

Anonymous Coward | about 2 years ago | (#39920961)

Should we include all the innocents killed in the (mostly US) military actions in Iraq & Afghanistan? That would put a few extra zeros on your number.

Re:And who were the attackers? (0)

Anonymous Coward | about 2 years ago | (#39921105)

that actually helps the "terrorism is more likely than you think" argument

Re:And who were the attackers? (2)

CubicleView (910143) | about 2 years ago | (#39926363)

Zero as far as I'm aware. The parent is definitely incorrect because of the requirement for the meteorite to hit you on the head.

When you don't specify a time span, or the direct cause of death it gets more complicated. I've read a lot of conflicting numbers, but on a given day a person might easily be more at risk from terrorist attack, since there may be more data available to support that possibility. In the future the reverse could be true since we likely will have the means to know with certainty if there is risk from an asteroid in the near future. Over a hundred years and assuming no future ability to deflect asteroids, the risk is widely reported to be at least in excess of 1 in 200,000 for asteroid impact and 1/1300 for terrorist attack. I imagine the terrorist attack figure could be lowered or raised significantly using specific data on the person, place of work, place of birth etc.

Re:And who were the attackers? (1)

Ihmhi (1206036) | about 2 years ago | (#39927155)

Lots of people have been killed in airplane crashes too, but your odds of being in one are still pretty damn low.

Re:And who were the attackers? (1)

cpu6502 (1960974) | about 2 years ago | (#39928965)

Since we're talking about a LIFESPAN of a human being, not just one decade...... YES the number of Americans killed by falling meteorites over the last 80 years does exceed the 3000 killed on 9/11.

And of course your odds of death-by-terrorist go down dramatically if, like me, you rarely fly. Just as if you don't play baseball, you're less likely to get killed by a ball than if you are a professional player. Or if you live on a mountain, your odds of dying from tsunami are near-zero.

Let's face it: Most of us are going to die through bad blood circulation (heart, brain attack) or cancer or driving to work. THAT'S what we should be afraid of, not the near-zero risk of terrorists, and yet most of us stuff fat and sugar into our bodies as if we're trying to commit suicide. We are very good at fearing the wrong things.

Re:And who were the attackers? (1)

ep32g79 (538056) | about 2 years ago | (#39929279)

Since we're talking about a LIFESPAN of a human being, not just one decade...... YES the number of Americans killed by falling meteorites over the last 80 years does exceed the 3000 killed on 9/11.

Where in the hell do you get this stuff, the odds of being fatally hit by a meteorite is infinitesimal. There have only been a very small handful of individuals hit by meteorite in recent history and all of them survivors.

Re:And who were the attackers? (0)

Anonymous Coward | about 2 years ago | (#39921759)

The odds of death by terrorist are lower than death by a spacerock falling from the sky & hitting you on the head.

Islamic terrorists have carried out more than 18,848 deadly terrorist attacks since September 11, 2001, including 40 attacks last week that killed 220 people and critically injured 407. [thereligionofpeace.com] This does not count deaths by non-Islamic terrorists such as FARC or the IRA which recently had a quarter-ton truck bomb seized and defused that could have caused some damage if it went off.

Now it's your turn to provide the numbers for the larger number of people killed by cranial meteorite impact.

Re:And who were the attackers? (3, Insightful)

shmlco (594907) | about 2 years ago | (#39920493)

"According to reports, which were confirmed Friday by ICS-CERT, an active Phishing campaign is responsible for the U.S. Department of Homeland Security (DHS) issuing three warnings since the end of March that the natural gas industry has been under ongoing cyber attack."

A phishing campaign. Because companies shouldn't already be protecting against these.

More, "The specter of a cyber attack against critical infrastructure is a reality, but not because the DHS is guarding the Internet, but because the networks running the critical infrastructure are so poorly protected. It’s gotten to the point that simple Phishing attacks, things that proper email protection and awareness training cover, rate three separate warnings and alerts."

So it's obvious we need widespread and over encompassing legislation like CISPA that bypasses any and all existing laws and regulations regarding privacy, and that grants the NSA a legal mandate and access to any and all information collected... to protect against phishing attacks.

More: http://www.isights.org/2012/04/cispa-is-not-about-copyright-its-about-your-privacy-on-the-internet.html [isights.org]

Re:And who were the attackers? (1, Troll)

daveschroeder (516195) | about 2 years ago | (#39920561)

Just because content owners have their own motives doesn't invalidate legitimate cyber threats, nor does it mean that very real military [uscc.gov] , industrial, and academic [bloomberg.com] cyber threats don't exist. Also, anyone paying attention realizes that the lines between governments, criminals, espionage, and activists blurs in the cyber realm. Responding to cyber threats, no matter where they originate or why, takes the same form.

I'm sure it's better to have zero coordination because the slashdot crowd thinks it's a plot to take away their ability to pirate copyrighted content.

Re:And who were the attackers? (0)

Anonymous Coward | about 2 years ago | (#39920703)

You don't happen to work for a cyber-security company that works on government contracts by any chance?

Fast and furious (1)

fustakrakich (1673220) | about 2 years ago | (#39921425)

I'm sure it's better to have zero coordination because the slashdot crowd thinks it's a plot to take away their ability to pirate copyrighted content.

Wrong thread, bub.

Re:And who were the attackers? (1)

s.petry (762400) | about 2 years ago | (#39921559)

CISPA and other poor policies won't protect the infrastructure any better than what we have now. I worked at a DOD site for 8 years. We had weekly security bulletins, and very informed users. We had several well crafted spear phishing attacks every month, and 1 account was compromised out of 8,000 in roughly 4 years. That one breach was caught within a couple minutes, because the person and their coworkers communicated.

Is the infrastructure an absolute mess and disaster waiting to happen? Sure it is, nobody is fool enough to think it's not (unless they are getting paid to keep a blanket over their head).

How did it get so bad? Money, that's the reason. People that hold the purse strings said "cheap, not secure. I don't care what you say, I won't pay!"

Oppressive laws won't fix that, sorry. The infrastructure needs a lot of money to make it secure, and that takes money out of share holder's, executive's, and politician's pockets. Won't happen.

Re:And who were the attackers? (1)

dgatwood (11270) | about 2 years ago | (#39921795)

Laws certainly can fix that. It's called strict criminal liability. You hold out funds in such a way that it causes a critical system to be built without proper security, and you go to jail when somebody compromises it. If the people responsible for the money could be held liable for damages when withholding that money causes loss of life or limb, we would have a lot fewer problems (and a lot fewer rich people walking the streets).

Re:And who were the attackers? (1)

s.petry (762400) | about 2 years ago | (#39922071)

While it sounds good, there is much wrong with your statement in practical terms. First point: There is well over 20 years of infrastructure to secure. Think about that for a while, laws won't fix that. Money will, and right now the US is broke. Second point: I like your idea, just like I think that the executives that got rich off the financial collapse (and continue to get richer) should be jailed. In reality, you won't pass anything of the sort. Just like there are no criminal actions against those that not only paid themselves, but stole from their "customers".

Money is the ruling party in the US, and until the people get rid of the filth we all get stuck with the stench.

Re:And who were the attackers? (1)

shmlco (594907) | about 2 years ago | (#39921841)

Sorry to keep linking to my own articles, but this was covered too.

"Have a hacker steal millions of financial records, health records, or credit card numbers, and as long as they were participating in CISPA, they were acting in "good faith" to secure their networks, and as such can not be sued for failing to protect their customer's personal data."

Complete and total excemption from privacy lawsuits? All for sharing a bit of data with the Feds?

That legal "out" more than pays for the "security" systems needed.

http://www.isights.org/2012/04/cispas-good-faith-carrot-needs-no-stick.html [isights.org]

Re:And who were the attackers? (1)

shmlco (594907) | about 2 years ago | (#39921805)

"Just because content owners have their own motives doesn't invalidate legitimate cyber threats..."

Content owners? Did I mention content owners? Doesn't the linked article say that CISPA is NOT about content?

Yes, there are legitimate threats. But let's craft legislation that actually helps to protect against those threats AND that's crafted with privacy concerns at its core. With safeguards. That require and demand warrants and due process. And let's not past hasty, thinly veiled attempts at allowing the government and the NSA to legally scan and record everything that we do and say and post and tweet and visit.

President Obama announced sanctions against Iran, Syria and those who help them use technology to perpetrate human rights abuses. The executive order creates sanctions against the government of Syria and Iran "and those who abet them, for using technologies to monitor, target and track its citizens..."

And yet we have CISPA. Who is going to sanction us?

See: http://www.isights.org/2012/04/obama-wants-sanctions-on-governments-who-repress-or-monitor-their-citizens.html [isights.org]

It *could*, but is it? (0, Insightful)

Anonymous Coward | about 2 years ago | (#39920519)

It could be any of that. It could be my neighbor, for all I know. DHS has cried wolf enough times that they can't be trusted anymore. Maybe they are honest some of the time - like you pointed out, that certainly could be the case here - but... meh.

"Hainan Island Incident" (-1)

Anonymous Coward | about 2 years ago | (#39920949)

A US military spy plane illegally entered Chinese airspace and collided with a Chinese interceptor, killing the Chinese pilot. This was more than 10 years ago and we STILL run spy missions against China.

When we (Americans) complain about Chinese espionage, the thing that's actually bothering us is that CHINA IS BETTER AT IT. We're not actually in a position of moral authority to lecture them about spying, torturing, violating other countries' sovereignty, military aggression, extrajudicial murder, or blatantly ignoring international law.

I'm an atheist, but I also think the Bible can teach us a few things about how we handle our international relations. In particular, "reap what you sow" and "remove the log from thine own eye" come to mind.

Re:"Hainan Island Incident" (3, Insightful)

daveschroeder (516195) | about 2 years ago | (#39921217)

"A US military spy plane illegally entered Chinese airspace and collided with a Chinese interceptor, killing the Chinese pilot."


That's not exactly correct. US surveillance aircraft do not violate China's sovereign airspace, but Chinese fighters would routinely harass US aircraft in what China claims as an "exclusive economic zone" in the South China Sea, not recognized by the US, and not considered sovereign airspace. "The PRC interprets the Convention as allowing it to preclude other nations' military operations within this area, while the United States maintains that the Convention grants free navigation for all countries' aircraft and ships, including military aircraft and ships, within a country's exclusive economic zone."

China's fighters routinely buzzed US EP-3's, and if you're actually asserting that an EP-3 is maneuverable enough to cause a collision with a Chinese J-8 fighter, then you are either deluded, or a member of the PRC's 50 Cent Party. The US EP-3 had to enter Chinese airspace in order to conduct an unauthorized emergency landing on Hainan Island, after which NSA's secure operating system was completely compromised by China [newyorker.com] , with a US Admiral later observing, “It was grim," and a US official responding to a question of whether China could be "that good" by saying, “they only invented gunpowder in the tenth century and built the bomb in 1965. I’d say, ‘Can you read Chinese?’ We don’t even know the Chinese pictograph for ‘Happy hour.’"

So yeah, go ahead and assert that China would somehow be a better global steward of human rights.

Re:"Hainan Island Incident" (2)

mspohr (589790) | about 2 years ago | (#39921897)

I just wonder how the US would react if China sent a bunch of aircraft carriers and started doing reconnaissance flights in the Gulf of Mexico of off the coast of Florida or New York or DC (in International waters).
Do you think the US would just leave them alone?

Re:"Hainan Island Incident" (0)

Anonymous Coward | about 2 years ago | (#39922197)

Did we Americans kill tens of millions of our own? (Mention "abortion" and watch them smoke their windings!)

The problem is a long line of faulty jurisprudence arising from the Fourteenth Amendment to the US Constitution. China does not have that problem. So there are at least three million Chinese in the USA. A significant fraction are highly educated and wind up in sensitive employment. All that jurisprudence protecting them, including the spies. Another case of outsiders using our liberties against us.

America: Discriminate or Die!

Re:And who were the attackers? (1)

overbaud (964858) | about 2 years ago | (#39921679)

So basically the USA is *still* not taking steps to secure its critical infrastructure networks and other countries including China are still taking advantage of said lack of security. Wow! News at eleven. Meanwhile the US and her allies are doing the same thing back. Australias DSD motto is "Reveal their secrets, protect our own" http://www.dsd.gov.au/ [dsd.gov.au] I'm sure teams in the NSA and CIA have similiar mottos. The idea of good guys vs bad guys because of the lattitude and longitude of where your mothers uterus deployed you is stupid. Everyone is doing it... you just don't hear about your team because reporting on it would be unpatriotic and not in the national interest.

Re:And who were the attackers? (0)

Anonymous Coward | about 2 years ago | (#39922247)

What you have said in so many words is that your college degrees have become your passport and nationality. Prove otherwise.

Re:And who were the attackers? (1)

foobsr (693224) | about 2 years ago | (#39921681)

Or: Cover up for Incapability regards advancing innovative non lawsuit driven economies?


Re:And who were the attackers? (0)

Anonymous Coward | about 2 years ago | (#39922079)

What does that tell a reasonable individual about non-discrimination in employment, other that it is a suicide pact.

YANKEE WHITE, it's not just for working for the President anymore.

Re:And who were the attackers? (0)

Anonymous Coward | about 2 years ago | (#39924321)

The enemy is within.
General Motors is becoming China Motors:

Obvious question is obvious (0)

shiftless (410350) | about 2 years ago | (#39922073)

How the hell are "cyber attackers" getting into NATURAL GAS CONTROL NETWORKS in the first place?

I support your theory. (0)

Anonymous Coward | about 2 years ago | (#39923059)

Former Michigan Congressman, Governor candidate, and now US Senate candidate Pete Hoekstra (from the city where Slashdot was founded) was the highest ranking member on the House Permanent Select Committee on Intelligence had this to say at a Senatorial candidate debate on January 24 (before his xenophobic Super Bowl ad went viral):


He has a niche for not keeping his mouth shut:

Headline (4, Funny)

girlintraining (1395911) | about 2 years ago | (#39920265)

Realworld equivalent: "Terrorist shows up at airport with bomb strapped to chest. Security waves him through, asks only that he not threaten anyone prior to detonation."

Re:Headline (3, Insightful)

Anonymous Coward | about 2 years ago | (#39920393)

And then when something bad happens they'll blame it on incompetence and say they need better tools to prevent attacks like this and roll out the next round of cyber laws they have sitting in the drawer targeted at domestic citizens.

Re:Headline (1)

girlintraining (1395911) | about 2 years ago | (#39921125)

And then when something bad happens they'll blame it on incompetence and say they need better tools to prevent attacks like this and roll out the next round of cyber laws they have sitting in the drawer targeted at domestic citizens.

The government controls the media, and the media is the only way the citizens can keep tabs on the government, then they don't really even have to lie; They can do whatever they want, right out in the open, and anyone who provides evidence can simply be arrested for 'homeland security'.

Re:Headline (3, Insightful)

rtfa-troll (1340807) | about 2 years ago | (#39921779)

No; real world equivalent; there are a bunch of possible terrorists wandering around the airport carrying things that look like bombs but you don't know if they really are or how they are triggered. Your visiting security experts have identified a few of them but you know there are many more. You quickly work out that the terrorists can go in and out of the building at will completely bypassing the security gate and have been doing so for weeks on end, but you don't know how. You tell the guy in charge of the security thugs at the door not to alert the terrorists until you have time to get back up and hopefully wait for a quieter gap between flight arrivals.

Wrong reason? (3, Interesting)

DanTheStone (1212500) | about 2 years ago | (#39920271)

I wouldn't necessarily suspect that they were told to leave them alone to gather information. Perhaps it's pessimistic, but I read it "... so that we can use them to excuse passing CYBERWAR legislation like CISPA".

Re:Wrong reason? (5, Insightful)

McMuffin Man (21896) | about 2 years ago | (#39921391)

Not reacting immediately to advanced, targeted intruders is standard tactics, and recommended by most experts in the field. This is news to Slashdot because folks here usually only deal with mass criminal attacks, which are a different beast entirely.

This isn't a DHS conspiracy, not even one for new funding. It's just the government advocating reasonable measure even though I'm sure they knew they'd get pilloried for it. I rarely respect the DHS, but in this case I may make an exception.

hmmm.. what I find interesting.. (0)

ganjadude (952775) | about 2 years ago | (#39920297)

is that DHS is asking them to allow the people to stay, but (typical /. fashion didnt RTFA) 1 how did DHS know that they were being attacked unless the companies told dhs, or dhs was already monitoring said companies to begin with.

Re:hmmm.. what I find interesting.. (2)

CowTipperGore (1081903) | about 2 years ago | (#39923337)

Because some of the targeted companies discovered the attacks and alerted the DHS. These reports have been shared with gas companies for months, including details about the phishing emails, the malware processes, and the C&C domains involved.

Never heard of a honey pot? (0)

Nethemas the Great (909900) | about 2 years ago | (#39920299)

Have these folks never heard of the concept of a honey pot to trap the would-be intruder? This is just plain stupid to let these folks snoop around and install whatever malware they want in such important infrastructure. It's like smoking near the pumps at a fueling station and they station attendant is told to leave them be so longer as they don't get "too" close to the explosive vapors.

Re:Never heard of a honey pot? (1)

avgjoe62 (558860) | about 2 years ago | (#39920401)

Just a suggestion looking at your signature - shouldn't it be "Two of my imaginary friends were fruitful and multiplied with negative results."

Re:Never heard of a honey pot? (0)

Anonymous Coward | about 2 years ago | (#39920719)

That is why Benjamin Franklin let the French whores visit and try to get information out of him. He never did believe in the illusion of security anyway.

Sounds like Fast & Furious (1, Interesting)

cpu6502 (1960974) | about 2 years ago | (#39920337)

"Don't check your customers for IDs. Just sell them and we'll track the criminals across the Mexican border." - This policy resulted in many, many deaths that could have been prevented by not encouraging stores to break gun laws and sell to criminals.

Now it sounds like DHS is trying the same stupid strategy. Read more here: http://www.forbes.com/sites/realspin/2011/09/28/fast-and-furious-just-might-be-president-obamas-watergate/ [forbes.com]

Re:Sounds like Fast & Furious (0)

Anonymous Coward | about 2 years ago | (#39921987)

Sounds more like the Republican response to anything done by the Obama administration.

Take one perfectly normal act, declare it an utter failure, hysterically run around as if it never happened before or as if it was some great conspiracy.

Do you really think any of those deaths you attribute to that operation would have been avoided otherwise?

I have never noticed that Mexican gangs lacked guns. Besides, doesn't the NRA argue against any gun control by saying that criminals will always get guns, and that the laws don't prevent crime?

does actually make some sense (3, Insightful)

v1 (525388) | about 2 years ago | (#39920341)

If you think about it, this could provide more information on your opponents. Though it is a bit of a gamble - can you get valuable information without too much risk? Or, is it worth the risk?

Think about the whole process of infiltration. Once you get your foot in the door you start gathering information and testing the waters to see what you can do. If you don't think you've been discovered, but you have, then the defenders have some good opportunities. They can feed you false intelligence, make you think you are burrowing into an important control system that's actually a honeypot, give them a false sense of accomplishing their goal, waste their time and resources. Done properly, this is very useful counter-intelligence.

Fooling the other guy is valuable. Tricking the other guy into thinking he's fooled you can be even more valuable. I think that's the core of what this is about. But as I said before, it's a risk, and could get out of control.

Re:does actually make some sense (1)

Anonymous Coward | about 2 years ago | (#39920451)

Agree, it's not obvious from the summary that DHS acted in an irresponsible manner.

One principal of warfare is to keep the enemy off guard. If the attackers can detect within hours that they've been discovered, that makes their jobs that much easier. They should be concerned that they've already been detected and may be under close watch.

Re:does actually make some sense (0)

Anonymous Coward | about 2 years ago | (#39927203)

This! Those who have actually worked in the intelligence field know that this is a common practice. As long as the value of the intelligence being gathered is greater than the damage being caused, it's better to leave them in the network. If we simply shut them down at the gateways, we can't always tell what they exploited to get there in the first place. Once they know we are on to them, they simply "go dark" for week or months. They'll also change their tactics, techniques & procedures such that we cannot readily counter them again, if at all.

Neither unusual or unprecidented (0)

Anonymous Coward | about 2 years ago | (#39920369)

What IS unusual and unprecedented, is that this was announced.

Makes sense to me (1)

nurb432 (527695) | about 2 years ago | (#39920447)

Trying to get more data from an intruder isn't a bad thing, and they did state as long as it was 'safe' to do so.. DHS was not asking the companies to let the attackers get into sensitive stuff and just twiddle their thumbs.

Fascinating (1)

lightknight (213164) | about 2 years ago | (#39920509)

This could be taken in any number of ways, but I'd go for two here:

1.) (Giving DHS the benefit of the doubt) -> They *want* the cyber-spies (what name, Industrial Espionage would fit better here) to find and copy some of the firm's software. Why? Because they (DHS) are going to ensure that the copies the spies get will have some small, but interesting changes to them. Something the CIA pulled with the Soviets a while back. Though I would be surprised that they would think that strategy would work again.

2.) (Not giving DHS the benefit of the doubt, *puts on tinfoil hat*) DHS needs to justify their (let's be honest) rather large and expensive budget, as well as the various civil rights that have been...temporarily re-purposed. As such, from a realpolitik approach, it's in their best interest to have a few 'terrorists' succeed from time to time; and if those 'terrorists' aren't bright enough, or capable enough, to pull something off, then the DHS is willing to give them a helping hand from time to time; all in the best interests of National Security, mind you. Their argument, if pressed, would be that they need to remain ever-vigilant if they are going to catch the really bad guys, and sometimes the cost of that vigilance is a few lives. The counter argument, of course, possibly made by any of the various Generals / Admirals of our military, would be that we would then be that we are specializing for only certain kinds of attacks, wasting valuable resources, and increasing the amount of 'noise,' possibly / probably resulting in us missing a weaker signal that might more foretelling of an unanticipated attack via a previously unknown vector.

Paranoia can be a dangerous thing. [youtube.com]

Hmmmm. (1)

Genda (560240) | about 2 years ago | (#39920535)

So there are a lot of folks who think that DHS is causing trouble to justify their own budget... could be, a little too obvious and Hollyweird for my taste but not outside the realm of possibility. My only question is that if in fact they're asking to not disturb the black hats so they can zero in on them...

1. Why is this taking so long? Isn't this their specific mandate, aren't they armed to the teeth to detect cyber-terrorism in our nation's infrastructure, I would think that they'd be frog marching bad guys to Gitmo mid-day April 1st?

2. How is this story hitting the air before bad guys are being captured?

3. How critical does an asset have to be, before someone says "Shut those terrorists down right now!!!"? Trains and planes? Nuclear power plant cooling? Air Force One? Trash service in Greenwich, CT?

Re:Hmmmm. (1)

CowTipperGore (1081903) | about 2 years ago | (#39923375)

1. The spear phishing emails were sent five or six months ago but the attacks using the malware didn't start until about two months ago.
2. I imagine the story broke because someone at a gas company leaked one of the several emails sent to us the last week or so.
3. All reports thus far indicate that the attackers were merely poking around and doing nothing destructive or particularly intrusive.

Good vs bad reasons (1)

JWSmythe (446288) | about 2 years ago | (#39920541)

    There are two good reasons for doing this.

    1) Just because you've identified attacker(s) in one part of the system, doesn't mean that they aren't in other parts. They could retaliate for that action.

    2) You can gain valuable intelligence about who they are and how they're doing it.

    Now the good reasons *not* to.

    Items 1 through 1,000,000) They were in critical infrastructure equipment, and have retrieved an unknown amount of information. Every second they are in, it increases the risk of what they might acquire, or they might do.

    1,000,001) There should be a policies and procedures manual which says any machine which is potentially compromised should immediately be disconnected from the network, and a trained computer forensics team should immediately begin evaluating the situation.

    2 vs 1,000,001.. It's a tough call.

Re:Good vs bad reasons (0)

koan (80826) | about 2 years ago | (#39920699)

Response to point #1 see response to point #2
Response to point #2 Why the fuck are these systems on-line and accessible from foreign countries or anyone else on the Internet in the first place?

Hint: I already know the answer to Response to #2.

Re:Good vs bad reasons (1)

JWSmythe (446288) | about 2 years ago | (#39929593)

    I don't get why they're accessible to **ANYONE**. Hell, on my personal servers, if they need to be reached by port 80, so be it. For machines that I do my own stuff on, they're locked down to specific IPs on an as-needed basis. If I need someone else on one, I open it up to their IP only.

    I'm switching my stuff up, so you simply can't log into anything not specifically authorized. You can VPN in, but that list is strict (me and a couple friends).

    I cringe every time I hear that someone broke into some critical infrastructure system. It's like they treat them like a hobby that no one is interested in, and it doesn't really matter if someone gets in.

    I used to laugh when some TV show or movie would show someone hacking in to shut down power to a block or a city. "That'd never happen, they have people like me working it, they must have serious restrictions". Then another news story like this comes out.

    I was always told that when critical infrastructure organizations needed data between locations, they operated on their own leased circuits, that weren't accessible from other networks. I have to wonder if the ever were, or if they've gotten cheap and lazy and just get lowest bidder Internet service.

    Critical systems shouldn't have public IPs, or be attached to the public Internet.

    But, I'm preaching to the choir.

Re:Good vs bad reasons (1)

Ambitwistor (1041236) | about 2 years ago | (#39920905)

Have you checked the numbers on your cost-benefit analysis? Are you sure it's not 1,000,000,000,000,000,eleventygazillion reasons not to do this?

Cuckoo or not? (2)

Zero__Kelvin (151819) | about 2 years ago | (#39920647)

I am not a DHS apologist, but this is exactly the same approach Clifford Stoll used to catch Markus Hess, and Stoll is no dummy. You can read about it in The Cuckoos Egg [wikipedia.org] (Ironic Caveat: Stoll took this approach only after trying to use other approaches and failing to get cooperation from numerous government agancies.)

Precisely (1)

alispguru (72689) | about 2 years ago | (#39923671)

Stoll was an individual, with few resources and no authority to require information from anyone. DHS is a large well-funded national agency with serious authority.

They should have left that intrusion alone just long enough to get it traced.

Excellent TRUE story (0)

Anonymous Coward | about 2 years ago | (#39926893)

One of my "fav" reads in fact, & you're correct/spot-on, on how & WHY he did what he did (w/ the printer too), after alerting law enforcement agencies (who kept "passing the buck" until a military installation in Richmond Hill Ga. was compromised iirc - then, the story changed & he got interest from law enforcement).


P.S.=> Good point & good tale to use for an analogy here - it should be mandatory "required reading" for anyone interested in security of computer systems imo @ least... apk

I have my doubts (1)

koan (80826) | about 2 years ago | (#39920667)

While the main motive behind the request is likely to gain information on the attackers

I have my doubts about that, after all what's more important, catching these people (who are most likely in non-extradition countries) or protecting the people of this country?
I also have my doubts about the competence of the DHS, HLS, TSA and all the other "security" agencies that have suddenly sprung up after 9/11.

Now stare at your phone and step into traffic...

Starting the "cyberwarfare" (1)

Hentes (2461350) | about 2 years ago | (#39920727)

This is what happens when you treat hacking as warfare and make the military responsible for security.

Finally: Slashdot approves of the DHS (0)

Anonymous Coward | about 2 years ago | (#39920879)

This approach should be warmly received here in Slashdotlandia, where we've spent more than a decade learning how "security through obscurity" is doubleplusungood. And what could possibly be less obscure than letting black-hats coexist within your network? Obscuring your internal network from them is just going to fail anyway. Your system should be designed in such a way that any Khalid al Shaboom Mahfouzbal could openly have root and everything will still work fine.


Gas Companies' Response? (1)

tomhath (637240) | about 2 years ago | (#39921383)

Most likely the affected companies told DHS to pound sand. It's in their interest to protect their networks, it's in DHS's interest to catch the purps.

Foreign Software ? (0)

Anonymous Coward | about 2 years ago | (#39921397)

A lot of software used in Government comes from Russia. Veeam and Kapersky are examples. Shouldn't this be a concern?

My response (0)

Anonymous Coward | about 2 years ago | (#39922113)

I had a 3 meaty burritos and black Beans for lunch with a fifth of Patron. If anyone would like to gain information on my Natural Gas Line please let me know. Trust me I'll leave you alone. And so will my dog and the neighbors.

We have had a similar request before (0)

Anonymous Coward | about 2 years ago | (#39922389)

I manage a small wireless ISP and a server on one of our remote networks was hacked and used to launch attacks against the Department of Navy. After the FBI showed up we had NCIS come and ask to place a network monitor device between the server and network so they could monitor what they were doing. We were also asked not to patch the system so the attack would continue. I didn't have a big issue with it since that server was about to be decommissioned until I found that they had installed their device between the router and switch so they were able to monitor ALL customer communications.

idea for a hactivist slogan (0)

Anonymous Coward | about 2 years ago | (#39922611)


DHS wants a call ... (1)

PPH (736903) | about 2 years ago | (#39923359)

... whenever an intruder is detected. But they don't want them stopped? Something makes me think that this is some branch of the gov't conducting industrial espionage. If you spot us, let us know. So we can hide better the next time.

False-Flag Op By FBI on DHS (0)

Anonymous Coward | about 2 years ago | (#39923597)

The 'news' about a, gasp, advanced underware bomber from Yemen, and how DHS responded and now DHS again reads that FBI is running a False-Flag operation against the Department of Homland Security. FBI, and others as well as US citizens are fed-up with the security theater of her majisty Napolitano and her lap dog Pistol. Their excapade in the motel-6 north of Dallas at tax-payer expense was the last straw for the poor General Accounting Office poor souls.

Adding hurt on injury is the French Revolution that culminated in H'olland becoming the new President of France. He has pledged to remove French Troops from Afganistan, and money and supplied and bank accounts and credit cards ...., so
one can imagine how royally PISSED Obama and the Unelected Element of the USA government are feeling right about now.

On top of that, the Greece Vote!

The Mer-kozi Austrity Accord on the southern EU-front is dead! Good Ridense!

Things will really snow-ball when President H'orlland removes the troops, and the Bank Funding for the Illegal War in Afganistan (funding for the USA extradition-touture prison). Good Ridense Obama-boy! Gone gone gone and leveled on the ash-heap of history with a shoe up your ass to boot.


Where there's fire... (1)

Julz (9310) | about 2 years ago | (#39923607)

there's DOHs!! Ooooh someone's shutting down the generators for cooling. Oh no matter look big lovely donuts. Mmmmm :)

DHS Will Fall (0)

Anonymous Coward | about 2 years ago | (#39924549)

Evidence suggest that DHS Sec Napolitano and her lap dog Pistol have been in direct communication with Yemen-based Al Quida organizations for the intrustion and destruction of US based Airline carriers.

Evidence obtained during the FBI False-Flag operation damns Napolitano and Pistol in first person.

Just goes to show that the biggst security threat is from the top of the Non-Elected US Government and directed by the President of the United States of America no other..

WTF? (0)

Anonymous Coward | about 2 years ago | (#39925817)

The problem lies in the complexities of our critical infrastructures and the many highly specialized embedded systems that comprise them."

With the average Homey Security Possem being pretty thick I would find that a real bad idea.

Just the alphabets again (0)

Anonymous Coward | about 2 years ago | (#39925885)

We your friendly alphabet agencies are probing your networks posing as intruders, so please do not disturb us while we at work, thank you.

AGAIN? (0)

Anonymous Coward | about 2 years ago | (#39926337)

The last time something like that happened, drug cartels ended up with thousands of guns.

Axis and Allies, quite a game (1)

Impy the Impiuos Imp (442658) | about 2 years ago | (#39926391)

Sure it's dangerous. However, I'm sure the Allies let their own occasional ship get sunk rather than save it and thus reveal that they had cracked the enemies' codes.

You have to look at the bigger picture.

Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account