Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Cal-ISO Breach Revealed

timothy posted more than 13 years ago | from the breaking-and-entering dept.

Bug 158

HiredMan writes: "The LA Times says in a story that 'hackers' had penetrated the Cal-ISO, the California electric grid parent company, and were attempting to compile code to allow them penetrate the 'firewalls' to access the actual grid control computers. Apparently the 'hackers' -- who came through a Chinese server -- breached a development computer that wasn't hardened and the intrusion went undetected for over two weeks until the intruders brought too much attention to themselves. Trying to downplay the incident one official said, 'It was a compromise, not really an attack.'" An anonymous reader pointed to coverage at MSNBC as well.

Sorry! There are no comments related to the filter you selected.

Re:This needs to be investigated by the Feds ASAP (1)

Anonymous Coward | more than 13 years ago | (#163456)

I didn't say anything about military attacks, you ignorant karma whore.

"If the Chinese government is sponsoring these 'hacker attacks', this is an act of war and should be treated like one."

Declaring something as an act of war IS saying something about military attacks, specifically retaliation-wise. Lay off the caffine, k?

Re:shot, SCORE!!! (1)

Anonymous Coward | more than 13 years ago | (#163457)

But now it's 3-1! =D

So, If you hack into a power companies's computer, (4)

Anonymous Coward | more than 13 years ago | (#163460)

So, If you hack into a power companies's computer, you could reboot everyone else's systems

Re:Maybe everyone should set up networks like that (2)

dangermouse (2242) | more than 13 years ago | (#163465)

Oh GOD!! NOT FINGER!!!!

Sweet merciful crap! Every two-bit, pinheaded, self-proclaimed Security Expert has rehashed the Common Wisdom for years that fingerd is FUCKING DEADLY! And damned if you aren't going to trot right into line, am I right?

Tell me... aside from a hole in Joe Random's Nifty-Keeno New-Fangled Finger Daemon and Lemon Peeler (Debian exclusive! As Seen On TV!) this year, and FreeBSD's "oops, we let it read the filesystem... as *nobody*" bug last year, what evil lurks in the hearts of finger daemons that should strike terror into the hearts of men?

God... next you'll be bitching that people leave (horror of horrors!) telnetd running.

Re:Calm down, Cowboy :-) (2)

Ross C. Brackett (5878) | more than 13 years ago | (#163468)

Enough of your commie treason. Duffbeer703 has a point - if those hackers had been successful, a large chunk of California might have lost power for perhaps twenty or even thirty seconds before someone figured out that something was wrong with the computers and switched to manual override.

And if that momentary deprivation of electrical services isn't equivalent to the assasination of Archduke Francis Ferdinand, or the bombing of Pearl Harbor, I frankly don't know what is. A full-fledged atomic counterstrike is the only allowable course of action.

Re:If They'd Succeeded... (1)

Art Tatum (6890) | more than 13 years ago | (#163469)

It's kind of like the "Zero tolerance policies" in the school system. Parents scream and yell about the violence in schools, the school system "gets tough," innocent students are persecuted and the real bullies get off.

Re:That's downplaying? (1)

Art Tatum (6890) | more than 13 years ago | (#163470)

Maybe he meant "attack" in the sense of "malicious intent by evil Commie terrorists" and "compromise" in the sense of "kids screwin' around"?

Firewall??? Why not an airwall? (2)

Apuleius (6901) | more than 13 years ago | (#163471)

If the grid's monitoring and controlling
computers are actually connected to the net,
somebody in Cal-ISO needs to do some
prison time for criminal negligence.
This is inexcusable.

Money (1)

Accumulator (9389) | more than 13 years ago | (#163474)

Why the hell would important computers which control the power grid be accessable from the internet in any way.

It is cheaper than laying a dedicated net to all of the programmable power-controlling units. Remember that they must have an easy way to redirect the power (spare power is often sent to other countries buying it). But normally vital parts are strongly protected to ensure no outside interference. That is why heavy cryptography is commonly used in these businesses, and security is a big issue.

My father leads a power company. There they have a small dedicated net for the most vital parts, separate from the internet, which you have to call up using special routers. But his company is rather small compared to the system Cal-ISO controls.

Re:Limited resources make networks very trusting (1)

Accumulator (9389) | more than 13 years ago | (#163475)

Actually they probably have switches which can be configured for different VLANs, and then they won't have any extra costs for having them on a "separate" network.

Lousy security behind firewall too? (2)

Accumulator (9389) | more than 13 years ago | (#163476)

"That's really amazing on two counts: that there were computers not behind a firewall and it took 17 days to discover," said state Sen.

What's more, dozens of ports into the computer system were open, when only a handful should have been available.

It seems strange how professionals can install a system full of securityholes and have it online. Probably that means their default distro of the operating system (their not mentioning which) has these holes per default. Since they have a system like this online for a relative long period of time, why should it not be probable that they also has many such systems behind the firewall?

Obviously they are reliabiling 100% on the firewall. If the intruders had made it through the wall, they would no doubt have easy access to many of the systems there. And that would be scary, if they can't secure such vital systems in a proper way.

I'm glad I don't live in California.

Re:Close call (2)

RAruler (11862) | more than 13 years ago | (#163477)

Hahahahah! Imagine a blackout hitting a computer inside the power company! That's about as likely as Bill Gates inviting Linus over for drinks.

---

Anyone consider dedicated networks? (1)

Felinoid (16872) | more than 13 years ago | (#163478)

Ok good reason. The computers need to talk.
But this is still good for dedicated networking.

With the Internet you still have hacks, Access to critical systems etc.
Plus the Internet is not as reliable as a network could be. It's no technical falt. Simply the bulk of the systems are untrusted. Even back bones and ISPs aren't entirely trustworthy.
Add to the picture the other traffic. The Internet carrys my Slashdot news, your Quake traffic, your power grid data could be delayed at a critical moment.

The Internet is best for NON CRITICAL information exchange. If you have critical information on critical systems put together a dedicated network. Same software same hardware as the Internet just dedicated equipment and a diffrent configuration.

Internet servers need to support 10 year old software pacages. Dedicated networks could reject packets at the backbone or service side that don't run the latest indent or what ever solution you pick.

When every server is "watching your back" it's much harder to hack and much easier to secure.

Close call (5)

Mike Schiraldi (18296) | more than 13 years ago | (#163479)

The hackers were this close to setting off their attack, but luckily before they could initiate the program, the rolling blackouts hit the server they were using.

--

Re:Limited resources make networks very trusting (2)

GC (19160) | more than 13 years ago | (#163480)

We have only a limited number of hubs

Who's "we"?

I'd be surprised if they're using hubs at all. Switches are better, they could implement VLANs to separate their mission critical networks from their "office" networks.

Your description is really scary - I hope your power companies have better IT/Network Operations departments...

Re:This is silly.... (2)

GC (19160) | more than 13 years ago | (#163481)

Hear Hear! Just drop the routes to unnecessery hosts - now that is real security measures - and they work!

Until someone compromises one of those trusted systems...

Re:Uh, why? (3)

GC (19160) | more than 13 years ago | (#163483)

Necessary data connections between the netwoks are randomly disconnected by a mechanical device. Even developers working in the bank have limited internet access by a slow modem to a secure proxy server (which might make it a crappy job but also a fine place to put your money in).

Randomly? Do they randomly deposit money in their customer accounts as well?

oh come on! I have never heard such clap trap - Do you have a URL, rather than these weird urban legend approaches to network security?

slow modem? They use modems? Banks? I just can't believe it. I seen the Network installations of many financial institutions and there were very few modems - plenty of Switches, Firewalls and Routers though.

And another thing (1)

KFury (19522) | more than 13 years ago | (#163484)

There isn't an 'energy shortage.' California as a state used 14% less energy this April than April 2000, while energy production in the country has increased in the same timeframe. Per capita energy consumption in California is lower than in 48 of the 49 other states in the union.

But Bush telling us that directing Federal agencies in the state to cut energy use by 10% will fix everything? That's an insult.

Kevin Fox
--

Re:What a dilemma for Bush (2)

KFury (19522) | more than 13 years ago | (#163485)

Sorry. Actually I won't.

The fact of the matter is Bush is catering to Texas energy companies he has a stake in, at the expense of California. Last week he came to our state and said he wouldn't impose price caps on energy costs in California because the prices were simply reflecting the law of supply and demand and that a spending cap wouldn't do any good. He stood on a podium next to our governor and insulted his intelligence by acting as if withholding natural gas to drive prices up for apopulation of 28 million people, and consequently cutting their power is not something the president has any reason to act upon.

Now let me tell you, you "ignorant fuck," that when I, through my utility, have to pay $1900 for a megawatt hour that goes for between $22 and $32 in Texas, New York, or Florida, that it's not because of supply and demand, but because of cartel price manipulation, so go fuck yourself before giving me any more shit.

Or if you actually think you're right, then explain why and don't be an Anonymous Coward.

Kevin Fox
--

What a dilemma for Bush (3)

KFury (19522) | more than 13 years ago | (#163487)

On one hand, I'm supposed to ignore California's energy problems. But I'm supposed to be hard on any Chinese retaliation against us. Damn, and Cheney took the weekend off. Umm. I know! I can call for more spy satellites! It'll justify my higher defense budget, and they're made in California, so the Cali's will be using more energy, which puts money back into Texas! Win-win!

Kevin Fox
--

Security job at cal-iso (1)

John Whorfin (19968) | more than 13 years ago | (#163488)

Funny, I don't know if it's still there but there was a Network Security Manager job opening at Cal ISO.

I'd have appied myself but the job description was IMHO very pooly written. I got the impression they were looking for a suit that could actually say a handfull of buzzwords but not much else.

Bet they're looking for someone a bit smarted now :).

Re:Wow, thats funny. (1)

Pahroza (24427) | more than 13 years ago | (#163489)

Given the rolling blackouts in California, I doubt anyone would have noticed even if they had succeeded :)

Why were the two nets even cconnected? (1)

That Bajan Guy (25703) | more than 13 years ago | (#163490)

Hasn't anyone gthere heard of an air gap style perimiter? I can't think of any reason why the grid control computers should even have ANY links to the "real world" networks. Sure, perhaps so that they can be controlled from workstations on your LAN, but IMO, that's not really smart.

Re:Lousy security behind firewall too? (1)

Rinikusu (28164) | more than 13 years ago | (#163491)

Well, it was a developmental computer. Sure, that's no excuse, but if you're a developer (and not a sysadmin), do *you* worry about the holes in the OS first thing? More than likely, you've got an itch to scratch and you set up the box and start CODING. The thought to "secure" the OS probably never even came around.

This is also an argument to get OS distributers to ship their OS in a pro-active security mode, ala OpenBSD. I'm sure if the money is right it'll happen.

Re:War Ethics (5)

Rinikusu (28164) | more than 13 years ago | (#163492)

You know, I seem to recall the US bombing the shit out of Serbian power infrastructure...

Cracking Power Grid = bad
Putting 5000 pound bomb on the generators = good

Hmmm.

Re:War Ethics (1)

ddstreet (49825) | more than 13 years ago | (#163498)

stopping genocide: good

If 'stopping genocide' requires unethical actions, why pretend that war is ethical at all?

qualified ethics : pointless

Re:This is silly.... (1)

QuantumG (50515) | more than 13 years ago | (#163501)

If you read the article you will see that they came in off machines in Santa Clara.

Re:If They'd Succeeded... (1)

QuantumG (50515) | more than 13 years ago | (#163502)

or hell, mandate that banks have backup power generators.. like every other country on earth!

Re:Lousy security behind firewall too? (1)

QuantumG (50515) | more than 13 years ago | (#163503)

Everyone relies 100% on the firewall. My security consulting work goes to waste every time I recommend tightening up "internal security". They want me to break the firewall.

Re:Maybe everyone should set up networks like that (2)

QuantumG (50515) | more than 13 years ago | (#163505)

I'll tell you about suffering! One day I had to stand outside in the California sun waiting to bank my pay check cause they were only letting people into the bank two at a time (no power == no aircon) and when I did finally get inside they couldn't look up my account number cause they didn't even have a backup generator for their mission critical computer systems.

turn down the flame thrower (2)

QuantumG (50515) | more than 13 years ago | (#163506)

you need to chill home boy. totally. read the paper I linked to, it quite clearly establishes that all is not fair in war, and that there have been rules in war for about the last 2000 years.

Re:You must be kidding me (2)

QuantumG (50515) | more than 13 years ago | (#163507)

Alternatively we could just come to the often stated conclusion that the US is the sploiled brat of the world and doesn't know how to play fairly. After all, attacking civilians has never been a problem for your army. You should hang your head in shame, not stand up and say that is the way it should be.

Re:Don't change the subject (2)

QuantumG (50515) | more than 13 years ago | (#163508)

The subject? I thought the "subject" was whether a (cyber)attack on a power grid was ethical or not. You're the one that has changed the subject to one of whether or not this is a big conspiracy manufactured by the government. My post simply states that there is no justification for taking down a civil power grid -- even if it is in war time. Go have your everyone is out to get me argument with someone else.

Re:Oh how pathetic (2)

QuantumG (50515) | more than 13 years ago | (#163509)

All is fair in war no matter what your own beliefs are.

The only relevant thing you have posted before you went off on a tangent. What is your supporting evidence for this? Oh, the US doesn't respect the universally accepted laws of war (primarily that you dont attack indescriminately) so it must be alright. Was your argument about conspiracy and "world government" meant to support your case that the US should be the ethical model for the world or what?

Re:Blind or stupid which are you? (2)

QuantumG (50515) | more than 13 years ago | (#163510)

News Flash: You have no point. The actions of the US government is not the best place to start debating the ethics of war. Your government is lame, what are you trying to say? When AC's start questioning what the fuck you are on about it is time to stop replying.

War Ethics (4)

QuantumG (50515) | more than 13 years ago | (#163511)

This is disturbing because even if China was at war with the US this would not be an honourable attack. From this paper [army.mil] :

Since a control system is the portion of the electrical grid most vulnerable to computer network attack, and since it disrupts the transmission and distribution systems serving all consumers, such an attack is indiscriminate except in one isolated, hypothetical case. If it were possible to disrupt only the electricity to those targets which are proper for iron bombs (e.g., military facilities and defense industry targets making only war materiel), then, and only then, would such an attack be discriminate. Until such a capability exists, however, one must assume that an attack on electrical power facilities is an attack on noncombatants, including facilities such as hospitals, specifically excluded from attack by numerous treaties.

The widespread effects of electrical grid attacks are so devastating to a modern society that they are neither humane nor proportional to the military effect achieved. Iraq's experience after the Gulf War is an example. Neither water treatment plants nor sewage treatment plants were operational due to the long-term electricity outages. These combined to produce a major health crisis. During the year after the Gulf War, some estimates linked as many as 70,000 to 90,000 Iraqi deaths to the higher-order effects of life without electricity.[26] In Iraq, the outages were long-term in nature because the large, obvious generator halls were a favorite target of allied airmen, and these are more time-consuming and expensive to repair than distribution yards.[27] The efficacy of these attacks also has been called into question because many, if not most, military targets have backup power from dedicated generators, making them independent from the public power utilities. Thus, evidence from past wars suggests that air attack of electricity grids produces only a limited effect on the outcome of a conflict.[28] In such a scenario the military advantage would not outweigh the harm to civilians from reduced hospital capacity, diminished agricultural capacity, and reduced medical refrigeration capability. Indeed, "customary law" protects foodstuffs, crops, and medicines during time of war.[29] Attacking the political stability of an enemy by cutting off his electricity clearly is devastating to the civilian population and thus bears no resemblance to a discriminate attack.

The fedz are right to call these punks "terrorists."

Maybe the hackers know something.... (1)

Munky (59338) | more than 13 years ago | (#163513)

the cal-iso doesn't and can keep our power on...

power to the people (1)

joq (63625) | more than 13 years ago | (#163515)

What I think happened was, the Chinese were so pissed off at the United States, they figured that Bush [antioffline.com] and other politicians would be pissed if they actually gave Californians power as opposed to monopolizing it. Well one would have to know about Kenneth Lay of Enron being Dubya's biggest campaign contributor. (no wonder they won't cap electric costs)

You must be kidding me (2)

joq (63625) | more than 13 years ago | (#163516)


First off Parameters is for ROTC school kiddies in training, and articles like that are nothing more than propaganda. If you take a look at history as you state sure there are rules, and those rules are always broken. Take a close look at what we (the United States) did in Serbia. We cause an ecological disaster with the warfare, water is polluted, air is polluted, etc. Sure you can think the Geneva Treaty is something glorious but its nothing more than more propaganda.

Facts are facts, and the fact is the military would never practiced what's preached in publicly available documents, everything is gonna look pretty for the people, but when you dig deeper the shit always comes out. I suggest you keep a sharp eye out for "Operation Dragonlord" should they ever release it via the FOIA, and you'll see exactly how shady the US government is in regards to China.

Last month they sent out warnings of a massive attack set to take place. Something which never happened. Why? Simple, create animosity between Americans, and the intended target, makes things simpler when you have to take action, and that's the bottom line.

Don't change the subject (2)

joq (63625) | more than 13 years ago | (#163517)


Stick to facts, I can dish em out to point out why I think the way I do. Wow what how ironic this happens when the United States is hoping that the European Cybercrime Treaty [cryptome.org] is being finalized. An incidence like this would surely make politicians think twice about taking away a certain amount of rights from the people in order to maintain National Security wouldn't they?

Hell this could be what is meant by "justifying world government [theregister.co.uk] ." See if the treaty goes through it would mean the United States LEA's would not have to depend on the liberties given to the people here, they could simply have their German counterparts subpoena things they've been denied in American courts. What power they'd have.

Look I'm in no way flaming you so don't take it that way, there's always two sides to every single issue. One thing that's certain is China's networking infrastructure is harsh on rules, and laws, so it'd mean harsh punishment for someone even trying to do things, and their up shit's creek so I personally feel they'd be reluctant to pull this off. Now on a technical level if the system was compromised do you know how easy it is to manipulate log records? Hell I could make you think Elvis or Tupac compromised that host. So for someone to say the Chinese did this, I could always come back and say oh yea, well someone using Nemesis [packetninja.net] , or HailStorm [clicktosecure.com] replayed a session to impose a Chinese did this.

Oh how pathetic (2)

joq (63625) | more than 13 years ago | (#163518)

Go have your everyone is out to get me argument with someone else.

Is that what you think for someone who posts a different view of what may be happening? I could care less about government, I don't hide from anyone especially using anonyminity. As stated I posted a substantialy documented rebuttal, and sadly you have no answer only a pathetic message.

Blind or stupid which are you? (2)

joq (63625) | more than 13 years ago | (#163519)

My supportive evidence?

Army accused of cover-up in Kosovar Albanian's death [freerepublic.com]

Government Watchdog Agency for human medical experiments under investigation [199.45.69.176]

Hydrazine Sulfate Cancer Coverup [heall.com]

THE COVER-UP OF GULF WAR SYNDROME -- A QUESTION OF NATIONAL INTEGRITY [gulfwarvets.com]

The United States and Biological Warfare [zolatimes.com]

THE UNITED STATES SINCE 1968 [jmu.edu]

MKUltra, Uranium, Unsolved Homicide, Possible Genocide [antioffline.com]

My bad everyone must be wrong the government is such a great watcher and keeper of the peace. Maybe if you took the time to see things in an unbiased way you would actually have a clue. Me on the other hand I love government, and I truly love many of the policies they've created, but I would never turn a blind eye because they did one good thing so this enables them to perform 20 bad things in return. Fsck that.

Oh give me a break from the dramatics (3)

joq (63625) | more than 13 years ago | (#163520)

All is fair in war no matter what your own beliefs are. Lest we forget how the "fedz" tried to hire a Russian hacker to infiltrate the Russian Federal infrastructure.

|http://www.wired.com/news/politics/0,1283,42998 ,0 0.html [wired.com] |

So if it was some Chinese hackers so be it, on the other hand what makes you think this couldn't be something like the government falsely reporting to bring up animosity amongst Americans towards Asians in case they wanted to wage a war? I suggest you see read what they had planned for Cuba [antioffline.com] before you think the feds are so fine and glorious

Get real no one knows truly what happened yet, and I'd be skeptical to jump the gun and believe the first thing written about the whole case. And as for your "fedz have the right to call these punks terrorists" you better wake up and smell the coffee there, if your not 100% pro government including all of their FUD/Errata/Schemes [1 [slashdot.org] , 2 [antioffline.com] ] then your considered just as much a terrorist as anyone else.

Re:Uh, why? (1)

leucadiadude (68989) | more than 13 years ago | (#163522)

Actually, they have their own internal networks for grid control, they needed this ability years ago, and since at that time there wasn't an "internet" yet, they were forced to build their own.

Re:Uh, why? (2)

leucadiadude (68989) | more than 13 years ago | (#163525)

They're most likely not. It is very handy to have the ability to *display* grid information to selected authorized PC's, but the actual control network is something totally different. Usually the control network is mostly run on the high power lines themselves or selected microwave links. A lot of this pre-dates the internet as we know it. If you know what DDSMS stands for, then you know what I'm talking about. I seriously doubt anyone could control equipment on the grid remotely through an internet connection. But maybe I'm just ignorant.

Re:Uh, why? (2)

leucadiadude (68989) | more than 13 years ago | (#163526)

I can't speak to number (1) except to say that it's my impression that the vitual private networks are over their own network not the general internet. The replacement of really old non-networked stations I believe was done with an internal network that (again my impression) uses a proprietary protocol. And (3) I think you are confusing the system that remotely controls power output of some of the (usually smaller) power generators to match load moment by moment (frequency and VAR loading) with a separate system that controls grid switching. Also, all the really critical stations (switching centers) are all manned stations, with manual switching controls (usually). And these stations can remotely operate the smaller stations near them. I don't believe you can operate power circuit breakers from some anonymous PC on the internet. I believe it would be done from a control board at a switching center with a direct link to equipment at a smaller unmanned station it is responsible for. Not using a conventional PC. And except for emergencies, under the direct orders of the grid control center/grid operation center (Cal-ISO).

Re:Uh, why? (3)

leucadiadude (68989) | more than 13 years ago | (#163527)

They do indeed have their own fiberoptic capacity. Plus there are indeed methods and equipment to carry control signals on the lines themselves. All the data that you mention is available from servers specifically setup to supply it, these servers have no ability to generate control signals, that (AFAIK) is done with separate equipment. So other than the compromise of operating data, I don't see what else could have happened. I admit I'm probably ignorant. But I'm looking at a grid display right now, and I'm an authorized person, and *I* can't cause anything to actuate even if I wanted to. The data display stuff is simply not set up to do that. But like I said I'm most likely ignorant of all the clever ways to get around stuff. Sigh.

This is silly.... (2)

Jailbrekr (73837) | more than 13 years ago | (#163529)

Think about it for a second.

Why would anyone outside of North America need to access computer systems, or firewalls, or routers leading to Public Utility companies? Why haven't these systems/firewalls/routers/tincans-on-a-string not been programmed to block any traffic coming from overseas? It isn't secure, by any means, but it *will* make it more difficult for these overseas hackers to gain access.....

Re:Limited resources make networks very trusting (2)

JordanH (75307) | more than 13 years ago | (#163530)

How do we know they don't run separate networks?

But, as the article points out, they crackers were trying to break through a firewall. So, there could have been VLANs connected at some point by a firewall.

Face it, if you have a secure control network, you'll really really also want some access to that network from the less-secure office network. Otherwise, generating reports and stuff on operations requires people running tapes around. There's also a strong motivation to get email in and out of a secure network.

They should have also had better security in place for their office network. My guess is that they had rooted the unsecure machine and were putting together some executables to spoof the users into giving up the firewall access. If the control system firewall used secure key cards, this would make things more difficult, but not impossible.

Running a private network for the secure systems isn't difficult. Making it completely isolated from other networks is difficult for political reasons. There's just such a temptation to allow some kinds of access through. With proper security, you should be able to pull it off.

Re:If They'd Succeeded... (1)

Kidbro (80868) | more than 13 years ago | (#163534)

Maybe we'd even see some laws passed mandating secure systems for companies that should require security, such as banks and power companies.

I doubt it. More likely, we'd see a more paranoid law enforcement, and even harsher penalties to those kids who get cought while playing around. I'd certainly doubt it would have the effect you want it to have.

Just for the record btw: I do not want to defend the attackers. I do think, however, that the penalties often applied to "hackers" are insane, to say the least.

--

If They'd Succeeded... (4)

Greyfox (87712) | more than 13 years ago | (#163535)

We might start seeing people with no computer background (PHBs, the guy on the street, etc) taking security seriously. Maybe we'd even see some laws passed mandating secure systems for companies that should require security, such as banks and power companies.

Of course, if they'd succeeded in California chances are no one would have noticed.

Re:This needs to be investigated by the Feds ASAP (2)

Punto (100573) | more than 13 years ago | (#163537)

Yes. we should send the best under cover agent on the british secret service.

Chinese communist hacker: After we complete our attack to the electric grid, we will bring chaos to the ENTIRE WORLD!! HAHAHAHAHAHA
James Bond (trapped on a complicated mechanism designed to kill him after 40 minutes): You will never get away with this !!!
Chinese communist hacker: See you in hell Mr. Bond. HAHAHAHAHAHA (and leaves the room)

--

Re:This needs to be investigated by the Feds ASAP (1)

UnifiedTechs (100743) | more than 13 years ago | (#163538)

Mr. Sample is certainly correct in stating that the hackers could have appeared from anywhere. But it is rather suspicious that such an attack which COULD have originated in China would occur at the height of a Sino-US diplomatic crisis. I don't know who did this, but if it was me then China would be the perfect place to run this through since we are having problems with them now. Some NSA or FBI leader quik to take credit for solving the crime see's China come across as a location that part of the attack originates at and BANG that must be it!! Leaving me hi and dry, and all our resources directed at China, and when they cannot solve it they blame it on China not cooperating. I do not crack nor condone cracking.

That's downplaying? (2)

kreyg (103130) | more than 13 years ago | (#163539)

Trying to downplay the incident one official said, 'It was a compromise, not really an attack.

He said that in an attempt to downplay the incident? Does he actually understand what either of those words mean? How is it better to have people actually break into your system (compromise) than to have them trying, but failing (attacking)?

impossible? (2)

Arctic Fox (105204) | more than 13 years ago | (#163540)

Anyone who has worked on control systems knows that most run their own proprietary networks and communications protocols.
So even if these guys got through, they might not even know what they're looking at.
And that could only happen if the automation network has contact points with the other networks. (hopefully unlikely, unless they are stupid).

Re:Limited resources make networks very trusting (1)

MajroMax (112652) | more than 13 years ago | (#163541)

network as computers that are. The reason for this is simple: We have only a limited number of hubs, and there simple aren't enough to maintain two entirely seperare networks. Since the gradebook boxes do have to talk to each other, that means they have to share hubs with Internet machines. Could that be what happened in California?

IANANE (I Am Not A Networking Expert), but couldn't two seperate networks be theoreticially accomplished over the same wires via creative assignments of IP addresses & subnet masks?

IE, if one set of computers was 121.128.0.x, and the other was 121.0.0.x, and the subnet mask was 255.128.0.0.0 (forgive me if I get this wrong, I forget whether subnet masks are negative or positive), the computers might not be able to talk to each other, especially without a gateway set on the internal ones.

Re:Lousy security behind firewall too? (1)

e7 (117450) | more than 13 years ago | (#163542)

Probably that means their default distro of the operating system (their not mentioning which) has these holes per default.
No, actually, the holes were patched in later.

Re:Uh, why? (3)

zunix (117687) | more than 13 years ago | (#163543)

I hear you, sister!

Shouldn't the state put such a thing in the license of the power company?

Banks in Israel started providing service through the internet about two years ago. The Israeli bank-supervisor forced them to put it on a seperate network than the bank interior network. Necessary data connections between the netwoks are randomly disconnected by a mechanical device. Even developers working in the bank have limited internet access by a slow modem to a secure proxy server (which might make it a crappy job but also a fine place to put your money in).

This is basic stuff, but I guess people care more about their bank account than their electric bill. Let them back to the caves.

slashdot rules!
--- "How to Kiss Ass", chapter twelve.

surprising? (1)

RennieScum (118197) | more than 13 years ago | (#163544)

"That's really amazing on two counts: that there were computers not behind a firewall and it took 17 days to discover," said state Sen. Debra Bowen (D-Marina del Rey), who chairs her chamber's Energy Committee.

Not condiering it was a new system. They got victimized, and it sounds like it wsa a cae of lucky best hacker finding a machine open during a portscan. Id bet the OS was fresh out of the box and configuring for security...they probably were 'gonna do it soon'. So they got busted.

17 days: these things can go unnoticed for lots longer thean that. Sounds like they were doing a monthy security audit, and when 'Uh-oh, we gotta big mes to clean up." That, or they wondered who wsa runnning make :P

Re:Uh, why? (1)

RennieScum (118197) | more than 13 years ago | (#163545)

Because they want/need the ability to remote control their hardware. OK, you're doing rolling blackouts, youcan

1) man a staff to sit b each of the switches and hope they do theri jobs properly, and don't, say, blackout their ex-units neighborhood all day

2) Use computers, but string up your -own- pipe. Wait for the project to complete. Explain to taxpayers why this is a multi-million dollar project.

They probably have leased lines and/or use tunneling and encryption for their MC apps, if not their entire network. If not, we'd know about it sooner ;)

Wow, thats funny. (1)

BiggestPOS (139071) | more than 13 years ago | (#163549)

The chinese, what a bunch off characters! Always trying to undermine US security.... If they had gone unnoticed for a bit longer, and somehow shutdown a portion of the grid, would we of etalliated?

Re:Maybe everyone should set up networks like that (1)

[wy1d] (166365) | more than 13 years ago | (#163553)

Let's see... a dev machine in front of the firewall but with internal network access... no tripwire, promiscuous ports all over the place... wow. Wish I could do that. Think about it for a second. If everyone set up their machines like this, ...

Run NMAP on your local college's net......Some of the boxes at a certain college around here *cough*GSU*cough* still run the FINGER daemon, for gods sake..

Re:Read the WHOLE article (1)

maunleon (172815) | more than 13 years ago | (#163557)

But well, the Chinese hackers already declared war on the american infrastructure. Kinda makes sense, no?

If you drive by your ex wife's house every morning yelling "I'm going to kill you", and one day they find her dead, guess who's going to be on Cops?

Re:Calm down, Cowboy :-) (2)

duffbeer703 (177751) | more than 13 years ago | (#163558)

Chinese government officials stated about two months ago that the Chinese people were "very angry at the US spy plane situation and many retaliate by attacking US computers"

Two months later we find out that a critical piece of US infrastructure was hacked.

The fact that China is a black hole as far as law enforcement is concerned, and that Chinese authorities tightly control internet access makes it worthwhile to investigate whether or not there is any Chinese involvement.

Re:This needs to be investigated by the Feds ASAP (2)

duffbeer703 (177751) | more than 13 years ago | (#163559)

I didn't say anything about military attacks, you ignorant karma whore.

Here is the complete text of my post:

"If the Chinese government is sponsoring these 'hacker attacks', this is an act of war and should be treated like one."

I had assumed that an intelligent human being would be able to reason what exactly the word 'If' means. 'If' implies that some sort of investigation would determine who exactly carried out these attacks.

Since many of the servers originated in China, and Chinese government officals recently stated publicly that 'angry chinese citizens' would likely launch such an attack in the wake of the US spy plane crisis, it stands to reason that the Chinese government may have had some involvement.

I'm glad that you were not attempting to ridicule me, because you completely failed to do so. Instead you displayed your own ignorant knee-jerk reaction to the term 'act of war' by implying that I am some sort of ignorant militarist straight out of The Manchurian Candidate calling for a shooting war with China.

Re:This needs to be investigated by the Feds ASAP (2)

duffbeer703 (177751) | more than 13 years ago | (#163560)

I'm sure you won't heel to any argument, but I'll try anyway.

According to the article, the main security report stated that "the main attack was routed through China Telecom from someone in Guangdong province in China"

James Sample, the Computer Security Officer at ISO stated "You don't know where people are really from".

Mr. Sample is certainly correct in stating that the hackers could have appeared from anywhere. But it is rather suspicious that such an attack which COULD have originated in China would occur at the height of a Sino-US diplomatic crisis.

This is especially suspicious given that fact that the article specifically states that "In early May, there were hundreds of publicly reported computer attacks apparently originating from China."

And my government is not feeding me propaganda regarding some imaginary Chinese cabal. The Los Angeles Times is not an agency of the United States government. The ISO is a public authority chartered by the State of California and also not an organ of the Federal Government.

I would humbly suggest that you drop the anti-government conspiracy theories and pay attention to facts.

Re:War Ethics (4)

duffbeer703 (177751) | more than 13 years ago | (#163561)

Are you crazy? This is Slashdot!

These 'hackers' were just bored geeks. In fact, the chances are high that they were 'white hats' and simply wanted to let the administrators know there was a problem!

was the server...... (1)

ebola_elvis (178289) | more than 13 years ago | (#163562)

......running windows?

Re:Securing operating systems (1)

chompz (180011) | more than 13 years ago | (#163563)

are you suggesting that they don't run an operating system? They probally don't run a traditional operating system, its a special use machine, and frankly wouldn't benifit from having internet explorer (uh, I mean win2k).

Re:Uh, why? (2)

chompz (180011) | more than 13 years ago | (#163564)

hold the phone --- They have thier power lines running all over hell and back, couldn't they just run a small chunk of fiber optic line with it for communication and controls?

Uh, why? (5)

chompz (180011) | more than 13 years ago | (#163565)

Why the hell would important computers which control the power grid be accessable from the internet in any way. I realize everyone wants to look at thier porn while they are at work, but bring it on CD god damn it! Repeat after me: Mission critical systems which to not explicitly require internet access should not have internet access or be on the same network as machines with internet access. Its all about which machines can be trusted, and as far as I am concerned, any machine which is accessable from the internet or has internet access is not to be trusted.

Won't somebody please think of the children?! (1)

ChrisCampbell47 (181542) | more than 13 years ago | (#163566)

Won't somebody please think of the children?!

Re:Wow, thats funny. (2)

perlyking (198166) | more than 13 years ago | (#163568)

Chinese servers are notoriously insecure, it is more likely that the hackers are from elsewhere and used compromised chinese servers as an extra hop to help obscure their true identity.


--

Re:This needs to be investigated by the Feds ASAP (1)

PinkyAndThaBrain (206650) | more than 13 years ago | (#163571)

The feds can investigate till their blue in the face but you aint going to find any evidence worth a damn by internal investigations... if you really wanted this to be investigated you would have to use the CIA too.

This stuff shouldnt be linked to the internet... (4)

PinkyAndThaBrain (206650) | more than 13 years ago | (#163572)

There should be no link between the internetnet and this, not even people logging in remotely should be allowed to have their computer on the internet at the same time. Preferrably no computer which ever had been used to get on the internet should be allowed to access their network... but thats kinda hard to enforce. Still it should be easy enough to ensure that they dont have a truly direct link to the internet, there is just no good reason which justifies the risk IMO.

Re:War Ethics (1)

awptic (211411) | more than 13 years ago | (#163573)

These hackers probably weren't anywhere near china... The article said the some of the logs showed activity from other parts of the world. Hacking into a foreign computer and using it as a means to hack into another network anonymously isn't uncommon, actually, just about every so called hacker/cracker with ANY experience does this.

What the hell?!?!? (1)

James Foster (226728) | more than 13 years ago | (#163574)

How do they know hackers did it and it wasn't a bunch of jocks?!? They haven't seen the suspects responsible so how can they blame a specific group? This is like a murder occurring and police saying "Well, noone has seen the suspect but we bet it was a black male aged in his 20s".

Re:Uh, why? (1)

mother_superius (227373) | more than 13 years ago | (#163575)

You'd think they could use something besides TCP-IP.

-----

Re:Limited resources make networks very trusting (1)

mother_superius (227373) | more than 13 years ago | (#163576)

Your school is not a company, like Cal-ISO. They've got tons of revenue for this. They buy their computers; they're not donated. This was simply a dumb mistake. This could possibly be the fault of a dumb sysadmin. Companies aren't always so good when selecting sysadmins.

-----

Re:Maybe everyone should set up networks like that (1)

(H)elix1 (231155) | more than 13 years ago | (#163577)

Isn't that what the cable modems do? Plenty of noise out there with all sorts of Win9x boxes - course my Linux / CS server got cracked the other day, so I guess I can not cast stones here....

Maybe everyone should set up networks like that... (2)

tulare (244053) | more than 13 years ago | (#163578)

Let's see... a dev machine in front of the firewall but with internal network access... no tripwire, promiscuous ports all over the place... wow. Wish I could do that.
Think about it for a second. If everyone set up their machines like this, the hackers wouldn't be able to pick out a target amid all the noise! Of course, that would be the end of online shopping, but that's overrated :-)
Shame on the irresponsible people who would so ignorantly play Russian Roulette with the California electrical grid. The power system is dangerous as it is, and the potential exists for real human suffering if it should collapse. No need for more incompetence (on top of the legislators who created the mess in the first place) to help bring the whole thing down. I hope that the person whose machine that was is aware of just how bad they fscked up.

Re:This needs to be investigated by the Feds ASAP (2)

tulare (244053) | more than 13 years ago | (#163579)

Ok, duffbeer703 [mailto] , you may have a point. I guess I was responding to the brief, abrupt way you were making an if:then statement involving acts of way. Such words are not to be bandied about loosely, even in flamewars.

Re:This needs to be investigated by the Feds ASAP (2)

tulare (244053) | more than 13 years ago | (#163580)

Er... I meant to say acts of war. I think acts of way would have an entirely different meaning :)

Re:This needs to be investigated by the Feds ASAP (5)

tulare (244053) | more than 13 years ago | (#163581)

Great. So let me see... is this how it goes?
[BUZZWORD]..hack attack... [BUZZWORD]...Chinese servers... {Knee suddenly jerks}"What? How dare they? Call the cops! Write my congressmen! Facts be damned - we can ask questions after everyone's dead! We have do DO something, right now!"
Silly. We don't even know what part of the world the attacks came from - just that some of the servers were in China. Did you notice that some of them were in Oklahoma, too? Maybe California should start a pr blitz on that account - "Oklahoma is not ok!" Of course that would be ridiculous. Just about as bad as blaming an entire country for one script kiddie who may have been operating out of it.
My point isn't to ridicule you, but to strongly encourage you to think before you talk about military attacks. Nobody wins when a country goes to war. The first time somebody dies, everyone loses, simply because we know better, or should.

Read the WHOLE article (5)

metalhed77 (250273) | more than 13 years ago | (#163582)

no no no, the attack came through several servers, one of which was chinese, the others were in the US. They mentioned china, cuz of their political significance

----------
www.shockthemonkey.org [shockthemonkey.org]

How to Wage Wars in the Future (1)

PostmanPat (256518) | more than 13 years ago | (#163583)

People seem to be ignoring the security issues. One cannot be safe enough, and if we don't watch it we will be in the hands of people who can (and maybe will) shut down entires cities, only because the can. Imagine an army of crackers attack a single nation in an attempt to knock out the power grid prior to a traditional attack. Freaky.

Re:This needs to be investigated by the Feds ASAP (1)

Voltaire99 (265100) | more than 13 years ago | (#163585)

As others have explained to you in this thread, the use of a server in China implies nothing about the Chinese government. If a Chinese hooker gives you the clap, do you blame Beijing?

But what does deserve scrutiny is why we've even been told that a Chinese server was used. Given the recent contretemps over US spying, you might use a bit of imagination and ask why your own government might like you to reach the kneejerk conclusion that you so ploddingly have.

Cool (5)

Ayende Rahien (309542) | more than 13 years ago | (#163588)

Now the Californian can blame *someone* for their power problems.


--

Two witches watch two watches.

Re:This needs to be investigated by the Feds ASAP (1)

fors (310930) | more than 13 years ago | (#163589)

I happen to know for a fact that there are still Chinese hackers carrying on attacks against US computer systems. I can't give the details but I know of some systems that are still under attack.

Re:This needs to be investigated by the Feds ASAP (1)

SpeelingChekka (314128) | more than 13 years ago | (#163591)

If the Chinese government is sponsoring these 'hacker attacks'

I simply cannot believe how thoroughly brainwashed Americans seem to be. I hope that it is only a minority. If it is, it is certainly quite a vocal minority.

Re:What the hell?!?!? (1)

Magumbo (414471) | more than 13 years ago | (#163598)

"Well, noone has seen the suspect but we bet it was a black male aged in his 20s".

And odds are they'd be right.

Assuming of course that these police are in Zimbabwe.

--

Re:War Ethics (1)

haruharaharu (443975) | more than 13 years ago | (#163604)

I guess that makes the US terroristic as well.

Re:Uh, why? (1)

blang (450736) | more than 13 years ago | (#163605)

hold the phone --- They have thier power lines running all over hell and back, couldn't they just run a small chunk of fiber optic line with it for communication and controls? They most likely already do. In fact, they even get good enough bandwith for simple device control through th erpower lines themselves.

But that does not eliminate their need to exchange information with other computers on the outside. Information about market prices, supply amd demand, estimated consumption, short term contracts, planned and unplanned maintenance, external capacity, metherological data, is all crucial information to the operation of a power grid.

A lot of the work that used to be done by humans, and sneakernets, now has to happen in realtime. It is technically possible to create a proprietary network for the 100's or 1000's of companies participating in this information exchange, but a requirement like that would have delayed the deregulation efforts by many years.

I am sure most critical systems have alternative routes than internet between them, otherwise any scriptkiddie could easily shut down the grids.

Re:Uh, why? (1)

blang (450736) | more than 13 years ago | (#163606)

Someone mod up this guy please. He's actually providing genuine facts as opposed to me, who is assuming half and guessing the rest.

Re:Uh, why? (5)

blang (450736) | more than 13 years ago | (#163607)

Because the internet exists.

Power generating companies, power distribution companies, power exchanges all need to talk to each other. In the old ages that may have been done by dedicated links, faxes, phone calls and many other ways. Standards for information exchange have existed for a long time (for example EDIFACT). The bank world has it own worldwide network for bank transactions, but that network existed before the internet tok off.

Computers at the core of the powergrid control need inputs from computers on the outside. It's not like the old days anymore, where all you needed was a control center with dials, lights and switches, and a handful of information from the outside. These days, systems are connected, and if the security job is not done well, systems will be compromised.

I don't know the network topology for CAL-ISO, but it should be possible to achieve decent security if the job is well done. I don't think the power industry is going to build their own proprietary network.

If indescriminate attacks are bad... (1)

ColGraff (454761) | more than 13 years ago | (#163608)

Then how come we (USA) put such stringent embargoes on food imports to Iraq? They don't affect the high command - heck no - but they starve the citizens on the streets. If this is "right", what's wrong with attacking a power grid? And if it isn't right, why are we doing it?

Calm down, Cowboy :-) (2)

ColGraff (454761) | more than 13 years ago | (#163609)

One of several servers through which the attack was routed was located in China. Big deal. They could have routed through a server in Zaire or Sweden or any country you care to name, ping permitting. The geographical location of a server does NOT imply the complicity of any particular government. You might as well say we should investigate the possibility of a chinese conspiracy because the crud sound system you bought was built in china.

Just wanted to make sure no /.ers nuked Beijing as "retaliation". You never know who has a /. account, after all...

Limited resources make networks very trusting (2)

ColGraff (454761) | more than 13 years ago | (#163610)

I don't know if this is what happened in this case, but a lot of computers in my school that have "mission-critical information" (gradebooks, student records) do not need to be on the Internet for any reason, but are on the same network as computers that are. The reason for this is simple: We have only a limited number of hubs, and there simple aren't enough to maintain two entirely seperare networks. Since the gradebook boxes do have to talk to each other, that means they have to share hubs with Internet machines. Could that be what happened in California?

Re:Read the WHOLE article (1)

Grim Trigger (455109) | more than 13 years ago | (#163611)

I always read the article before posting, but I'm starting to think I should read the article before reading the comments too.

The summary is so often misleading, I'd hate it to give me the wrong idea about something.

Kinda like how if you say "I heard some kids were throwing cherry bombs into peoples cars, so make sure your windows are rolled up" even if it's totally false, it still effects people's opinions about kids.

Re:Uh, why? (2)

mrm677 (456727) | more than 13 years ago | (#163612)

I don't think so. Even though it isn't cost-effective, these systems should not be on the Internet. Not even a VPN.

I used to work for GE, and they refused to use the Internet, and instead built their own world-wide Intranet. I asked why? They said 1) security, and 2) reliability

They also own the entire 3.x.x.x IP address range!
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?