Beta

Slashdot: News for Nerds

×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

CIA Claims Cyber Attackers Blacked Out Cities

ScuttleMonkey posted more than 6 years ago | from the say-g'night-dick dept.

Security 280

Dotnaught writes to tell us InformationWeek is reporting that the CIA admitted today that recent power outages in multiple cities outside the United States are the result of cyberattacks. "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."

cancel ×

280 comments

Why are systems like this hooked onto the internet (5, Insightful)

munrom (853142) | more than 6 years ago | (#22106196)

Am I the only one that thinks thats a really stupid thing to do?

Re:Why are systems like this hooked onto the inter (-1, Troll)

Anonymous Coward | more than 6 years ago | (#22106230)

It's like waving a big diamond around and screaming "HEY GUYS WHO WANTS IT?"

Re:Why are systems like this hooked onto the inter (1, Insightful)

Anonymous Coward | more than 6 years ago | (#22106380)

I thought the exact same thing. I'm no expert on power grids and how they're managed, but I think there are two possible reasons why their control systems were hooked up to the Internet:

1. There may be situations where the systems need to be remotely administered, and using the Internet is a much, much cheaper way to facilitate this than deploying a completely private network infrastructure just for this purpose, which probably isn't very practical (for both physical and financial reasons).

2. pr0n browsing.

Re:Why are systems like this hooked onto the inter (5, Informative)

Asmodai (13932) | more than 6 years ago | (#22106432)

That's why they invented out-of-band management tools long, long ago.
Given the nature of how the internet works, having a dial-up line to a management console (who then requires authentication) is much better for OOB management than using the Internet.

Re:Why are systems like this hooked onto the inter (2, Funny)

Psychotria (953670) | more than 6 years ago | (#22106478)

You're absolutely correct. Remote administration is the way to go. Until the power goes out, in which case it's a holiday for the workers.

OOB management isn't a panacea (3, Informative)

sshore (50665) | more than 6 years ago | (#22106564)

Wardialers are to OOB management as portscanners are to internet-connected management.

Re:OOB management isn't a panacea (1, Interesting)

QuantumG (50515) | more than 6 years ago | (#22106738)

Wardialers were popular because people often used security via obscurity to protect computer systems instead of proper authentication. "No-one knows the phone number, so we're safe."

Re:OOB management isn't a panacea (3, Interesting)

NerveGas (168686) | more than 6 years ago | (#22106810)

I don't think it's terribly different in power. Here, if you have central air, the power company asks you every month if they can install a gadget to let them turn your AC off whenever they feel like it, in "rolling blackout" fashion. They're not installing a dedicated line, which leaves either a signal over the powerline, or radio, either of which is likely to be VERY vulnerable.

It's been a looooong time since companies were interested in the best possible solution, these days when something like only making a 25% profit instead of a 27% profit can cause emotional investors to dump your stock, dropping the price, and causing your company a loss of net worth in the millions, they're mostly interested in just spending the least amount that they can.

Re:OOB management isn't a panacea (1)

jonwil (467024) | more than 6 years ago | (#22106750)

A wardialer wont work if the system has some kind of ringback (i.e you ring the modem and log in then the modem at the other end hangs up and calls you back on a pre-defined number)

Re:OOB management isn't a panacea (1)

sshore (50665) | more than 6 years ago | (#22106962)

Good point. OOB with callback is a good security measure, but certainly limits flexibility. It's a balance, I suppose.

I wonder, though - is "callback" ever used in in-band management software? That is, you connect to a service, it drops the connection and then connect to a predefined address. Possibly vulnerable to MITM. SSL with two-way certificate authentication plus password would be adequate, but would likely be impractical with the embedded devices we're considering. Even when it is practical, it can't replace OOB management, but it could make in-band management as secure as OOB.

Re:OOB management isn't a panacea (1)

Mr. Freeman (933986) | more than 6 years ago | (#22106858)

So.... quite useless then? I don't know much about this so correct me if I'm wrong but I was under the impression that port scans are worthless for actually doing anything. They can tell you if a vulnerable process is running, but if one isn't then you aren't getting in. A wardialer would have to find the phone number to dial which is presumably easily, but then they would actually have to get past whatever security measures the system has.

Re:OOB management isn't a panacea (1)

sshore (50665) | more than 6 years ago | (#22106980)

Exactly. The same security concerns that apply to network management interfaces apply to OOB management interfaces.

Re:Why are systems like this hooked onto the inter (5, Interesting)

baileydau (1037622) | more than 6 years ago | (#22106606)

I thought the exact same thing. I'm no expert on power grids and how they're managed, but I think there are two possible reasons why their control systems were hooked up to the Internet:

1. There may be situations where the systems need to be remotely administered, and using the Internet is a much, much cheaper way to facilitate this than deploying a completely private network infrastructure just for this purpose, which probably isn't very practical (for both physical and financial reasons).

2. pr0n browsing.
Actually here in Australia, the power generation company (at least in my state) does have it's own control network. It used to be Copper, but a while back they replaced it with fibre. They ended up with so much excess bandwidth that they wholesale it to companies. I assume they have their fibres separated from everyone else's.

Option 2 may cut into their profits a bit though :P

I haven't read TFA yet, but an attack from the Internet should *never* happen to something as important as this.

Where I work, we have an In-Confidence network and some Protected stuff. Each level is ONLY allowed to connect to ONE level lower and then only via approved security mechanisms. So the In-Confidence can access the (Unclassified) Internet, but the Protected stuff can't talk to the Internet at all. Actually in our case we don't bother connecting the Protected stuff even to our In-Confidence network.

I would assume a power control system would be much higher security than In-Confidence (that's pretty low - any decent business should be at least that level in reality), and thus not allowed to talk to the Unclassified Internet.

This of course is for Government networks. The US power companies (as are most in Australia) are privately owned, so they don't have to worry about such trivial things as security rules.

On a side note, I'm constantly amazed at the expectation of vendors and PHBs that we will automatically open up our network so that some stray vendor can remotely debug their dodgy application. Yea sure, we'll let you in from your totally unknown network that has only knows what security holes and stuff going on inside it to access our server(s) with elevated privileges. Especially when everyone working in our IT department has gone through a security clearance, and they have whoever they snagged off the street.

Actually I've just had a look at TFA, and it doesn't have any sort of details on what / where (not USA) / when (well vaguely - recently) / why (profit ???) / how these attacks occurred.

Re:Why are systems like this hooked onto the inter (1)

Moonpie Madness (764217) | more than 6 years ago | (#22106716)

Of course you've nailed it on the head. It so some moron engineer manager can check the status on his laptop at home and then tweak something he doesn't need to tweak remotely. I bet it looks cool, too.

Why not let the status report over the internet but have some kind of private connection standard to tweak in emergency? I guess it just wouldn't do to have to call the plant operators. But come on, man. This could be a 2400 baud completely original modem that you can dial from your cell phone, but only works with its own archaic system. Even that's risky.

Re:Why are systems like this hooked onto the inter (1, Interesting)

Anonymous Coward | more than 6 years ago | (#22106462)

Why are systems like this hooked onto the internet
Am I the only one that thinks thats a really stupid thing to do?
Current schema calls for putting everything on one massive grid, reading meters from the offices and generating from numerous locations then load balancing to supply the needs and not imbalance the generators. While this to many seems like a magnificient idea, particularly since it appears to open the market to competition from suppliers, however it could also be taken down in one fell swipe. With any controls/servers hooked to the intenet it would be too inviting a target, for foreign governments, internal protest groups and anyone who is just trying to show off.

Individual production with such a backbone in place for backup instead of primary supplier would be far more secure and with renewable electrical generation it would be greener too. Selling excess to the grid distributors however has the potential to bring back the family farm, reduce city costs of dealing with wastes and so on.

IANEE, IANME, nor an English major as you probably already guessed from the weak sentence structure.

Re:Why are systems like this hooked onto the inter (3, Interesting)

kongit (758125) | more than 6 years ago | (#22106632)

My dad is an engineer working for a power company. Whenever this topic comes up he normally just shrugs and says won't work or that it isn't as green as you think it would be. First of all not every home has the ability to produce power by solar, wind, or other means. Of course in some areas like AZ it would have a good chance of working but then you have to consider the second point. To produce solar panels or wind turbines one must exert energy and also cause pollution. Santa Claus does not deliver them magically. Of course once a framework of solar or wind power is created the energy cost is not longer as much of a factor. The pollution however could very well be. To make solar panels involves complex chemicals and is usually based off of petroleum products. While the pollutants from making solar panels are not necessarily released into the air, they could very well be worse for the environment then that of gas or oil fired plants. Of course I have not made any study into this claim, but I ask people who are very strongly in support of solar power about it. Most of them don't even realize that in order to make the solar panels some factory somehwere has to make pollutants. I guess since they can't see the pollutants at their house it doesn't matter to them. Additionally I would be willing to bet that the pollution control on electrical generating plants is of a much higher degree than that of the solar or wind turbine producing factory. So while I don't know the exact facts I don't just blindly say that hey solar and wind power is green. You got to get that solar panel or wind turbine from somewhere. I hope that solar and wind power can become dominant not because of the environmental side, but because the oil supply will someday run out and I don't like being dependent on foreign nations for oil. As to your schema it would be more effective to have a couple more smaller plants and more redundant wiring. Of course the problem is cost and until it makes financial sense or the government forces them to, the power companies won't be over concerned about rare power outages. And as for the topic, stupid companies that are not secure from external threats over the internet are just that stupid. There are many ways to stop this and it has nothing to do with the structure or the grid, just from lazy management or IT.

everything I said is hearsay and might be wrong from bad memory, but I do know that somebody who knows about this stuff says it isn't all its cracked up to be.

Re:Why are systems like this hooked onto the inter (4, Insightful)

Tablizer (95088) | more than 6 years ago | (#22106492)

Am I the only one that thinks thats a really stupid thing to do?

It takes only a single breach. The story mentioned it may be an inside job, which means somebody may have put a single little link between the two systems, breaking the separation.
   

Air-gap security FTW. (0, Redundant)

jcr (53032) | more than 6 years ago | (#22106532)

You're right. Putting any kind of control system for critical public utilities on the internet is gross negligence.

-jcr

willful negligence vs gross negligence (5, Funny)

SgtChaireBourne (457691) | more than 6 years ago | (#22106814)

You're right. Putting any kind of control system for critical public utilities on the internet is gross negligence.

And if MS Windows is involved, then it escalates to willful negligence.

Re:Why are systems like this hooked onto the inter (0)

Anonymous Coward | more than 6 years ago | (#22106900)

The use of the internet to carry SCADA data is fine if you use a public key infrastructure with TLS connections.

All you'd really have to worry about is denial of service, which could be solved by having a backup dial-in modem.

Re:Why are systems like this hooked onto the inter (2, Interesting)

Evil Pete (73279) | more than 6 years ago | (#22106982)

I really liked the last paragraph in the article:

Citing two Government Accountability Office reports on SCADA security, Paller said that people have been adding wireless and Windows to SCADA systems without really thinking about security. "They're gotten radically unsafe," he said.

Windows + wifi + scada + power_grid = fun_and_games

Just in time... (3, Informative)

subl33t (739983) | more than 6 years ago | (#22106198)

... for US Federal elections. Coincidence?

Re:Just in time... (1)

Gregb05 (754217) | more than 6 years ago | (#22106310)

Considering that it's January, and the general elections are in November, and that most people won't give a damn, and that most candidates haven't said a word about security of infrastructure...
Yes, coincidence.

Re:Just in time... (2)

Gregb05 (754217) | more than 6 years ago | (#22106354)

Also, considering what was said at the bottom of the article, I have to say that I doubt the political nature of this announcement, Unless we think Windows is good here...

Paller said that people have been adding wireless and Windows to SCADA systems without really thinking about security. "They're gotten radically unsafe," he said.

Re:Just in time... (1, Insightful)

do_kev (1086225) | more than 6 years ago | (#22106502)

Just in time... ... for US Federal elections. Coincidence?

FUD.

Re:Just in time... not how you think (2, Interesting)

commodoresloat (172735) | more than 6 years ago | (#22106572)

FTFA:

Donahue said that the CIA had thoroughly weighed the pros and cons of making this information public, according to Paller.
And then decided that it should be made public but only after 5 pm on a Friday so that by the time most people notice, it's old news.

Re:Just in time... (1)

commodoresloat (172735) | more than 6 years ago | (#22106582)

The article says that extortion attempts followed the cyber-attacks, which suggests this is criminal, not political. Not that they can't be both of course, but someone trying to disrupt elections probably wouldn't call in a monetary demand until after they really succeeded in their goal.

Re:Just in time... (1, Funny)

Anonymous Coward | more than 6 years ago | (#22106770)

It's probably terrorists.

Or worse, Ron Paul supporters.

i smell... (2, Insightful)

Anonymous Coward | more than 6 years ago | (#22106202)

a thinly-veiled excuse to get all george orwell up in your internets. this is the same CIA that found weapons of mass destruction in iraq...

15% solution (0)

Harmonious Botch (921977) | more than 6 years ago | (#22106214)

Howard Schmidt...a government cybersecurity adviser, mentioned ongoing concerns about the vulnerabilities of SCADA systems and noted that 85% of the U.S. critical infrastructure is controlled by the private sector. "No one should be minimizing this issue," he said.
He says this - or so I read it - as if that 85% is a problem. I think it is the solution.

In the public sector, you can start a war with insufficient justification and get thousands of US citizens killed, and there are no consequences because you are a civil servant. You can mismanage FEMA and let a major city turn into a swamp and there are no consequences because you are a civil servant. You can have voting machines that are inaccurate - maybe even deliberately so - and there are no consequences because you are a civil servant.

But, if you are in the private sector and you really screw up, you are likely to lose your job, maybe your pension. Private sector people, overall, are more likely to be responsible.

Let's make 100% of critical infrastructure controlled by the private sector.

Re:15% solution (1)

masdog (794316) | more than 6 years ago | (#22106252)

It sounds like an excuse that some would use to nationalize certain industries.

Re:15% solution (1)

BungaDunga (801391) | more than 6 years ago | (#22106324)

Tell that to the guys at Blackwater. 100% private army? No thank you. I've heard all sorts of stories where private soldiers in Iraq murder someone, then are quickly spirited out of the country and never prosecuted. The Army may screw up but at least (in theory...) the president can ultimately be held accountable.

Re:15% solution (1)

schnikies79 (788746) | more than 6 years ago | (#22106424)

That is the governments fault, not the fault of blackwater (as an organization). It's up the government if they should be prosecuted, but instead they spirited out of the country, by the government.

They basically have a free pass. Hold them to the exact same laws that our military personnel are held to. See how fast they shape up.

Aside from that, I do believe that utilities should be privately controlled.

Re:15% solution (1)

LaskoVortex (1153471) | more than 6 years ago | (#22106672)

It's up the government if they should be prosecuted, but instead they spirited out of the country, by the government.
100% Public Judicial system? No thanks!

Re:15% solution (5, Insightful)

QuickFox (311231) | more than 6 years ago | (#22106500)

but at least (in theory...) the president can ultimately be held accountable.
That's extremely theoretical. In practice, he got reelected.

Re:15% solution (0)

Anonymous Coward | more than 6 years ago | (#22106410)

Yeah, let's privatize the entire US government! You neoliberal wacko!

Re:15% solution (2, Insightful)

Anonymous Coward | more than 6 years ago | (#22106496)

Yeah, something like Enron could never happen in the private sector.

Re:15% solution (1)

milsoRgen (1016505) | more than 6 years ago | (#22106504)

You can mismanage FEMA and let a major city turn into a swamp


You can mismanage FEMA and let a major turn back into a swamp

There fixed that for ye.

Re:15% solution (1)

4D6963 (933028) | more than 6 years ago | (#22107054)

You can mismanage FEMA and let a major city turn back into a swamp

The, fixed it for you. Oh the irony.

Re:15% solution (1)

LaskoVortex (1153471) | more than 6 years ago | (#22106636)

You can mismanage FEMA and let a major city turn into a swamp

I'm risking getting OT here, and I love to bash Bush as much as the next guy (trust me on that), but you must be more nuts than me (see any of my previous posts to calibrate your nut-meter) to believe that mismanagement of FEMA was in any way related to the levies in New Orleans breaking.

Re: 15% solution (1)

Black Parrot (19622) | more than 6 years ago | (#22106700)

Private sector people, overall, are more likely to be responsible.
lol. Back here in reality, people in the private sector tend to do whatever they think they can get away with.

Re:15% solution (1)

KDR_11k (778916) | more than 6 years ago | (#22106838)

Neither the public nor the private sector will punish an employee for an act the lead approves of (well, there may be PR firings but nothing serious). A corporation wouldn't fire anyone for killing thousands if that killing was in the intent of the leadership (of course few corps have the power to actually wage war but if you gave it to them you'd see the same or even worse wars). Do you think MS fired anyone over all those antitrust violations they've been racking up lately? Illegal or immoral does not equal unwanted.

Besides, those inaccurate voting machines were made by the private sector and Diebold didn't fire the responsible people either, instead they're continuing with the machines and try to make as many people use them as they can

Re:15% solution (1)

LKM (227954) | more than 6 years ago | (#22106872)

You've got it backwards. In a real democracy, there are repercussions for fucking up. Most obvious, you don't get re-elected. In the private industry, there's jack shit people can do. As long as a company makes money, all's good for them - even if they make money at the expense of the public good.

Wars don't get started for political reasons, but for economic reasons.

But then, I think your post was meant to be ironic, anyway.

Re:15% solution (1)

sumdumass (711423) | more than 6 years ago | (#22106992)

You a little biased in your rant there. First, no matter what the politician wanted, it took an act of congress to get us into that war. Second, the levies and resulting flood had nothing to do with FEMA. It had more to do with corupt state and local authorities funneling funding for the levies to bonus projects to fund their buddies who got them elected. And even without that, it wasn't FEMA's job to do anything about the flooding, they are supposed to tend to the people afterwards. You can say that was all fucked up and I can show you where it really wasn't their fault either but that point is mute.

Finally, you do realize that there is no standards for voting machines outside a state level right? All machines are entirely up to the states to approve, acquire and do anything with. how and where you vote is outside the scope of the federal government. The reason why no one is being held accountable is because no one knew how insecure they were or believed that they actually posed a threat.

As for the private sector, it really isn't that much different within the same context. You really have to break a law or screw something up so bad that it hits the backbone of the country in order to fear loosing your job over it and seeing a serious punishment. Nothing you have mentioned, when you take the Biased I have that side of politics out of it and look at the facts, would warrant someone getting fired.

Die Hard 4.0 (3, Funny)

slyn (1111419) | more than 6 years ago | (#22106218)

Is there really any excuse of convenience that justifies connecting the nations major utilities to the internet?

At least if there is a firesale Justin Long and Bruce Willis will be there to save us. Coincidence that Mac Guy would be the one to save us? I think not.

Re:Die Hard 4.0 (1)

Bob54321 (911744) | more than 6 years ago | (#22106248)

You mean it wasn't factual that they had to go to the site to shut down the power. My belief in documentaries has just plummeted.

Re:Die Hard 4.0 (1)

slyn (1111419) | more than 6 years ago | (#22106314)

I'm confused as to what you are asking, but it says in the article:

Paller said that Donahue presented him with a written statement that read, "We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands. We suspect, but cannot confirm, that some of these attackers had the benefit of inside knowledge. We have information that cyberattacks have been used to disrupt power equipment in several regions outside the United States. In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."
If your referring to the part of the movie where they went to the natural gas plant, and your joking that DH4.0 was a documentary I suppose what you just posted makes (some) sense. Otherwise color me puzzled, or purple, or something like that.

Where and When? (3, Interesting)

imemyself (757318) | more than 6 years ago | (#22106250)

I actually did skim the article, but I didn't see anything pertaining to when these attacks/outages happened or where (other than outside the US). Does anyone have an idea about what power outages they are refering to?

Re:Where and When? (3, Interesting)

FriendSite.com (1208220) | more than 6 years ago | (#22106286)

We had power outages here in Vancouver, various blocks went out... but it was reported in the media that it was due to the high winds... hmmm, strange that only a few random blocks downtown were affected?

Re:Where and When? (1)

do_kev (1086225) | more than 6 years ago | (#22106484)

We had power outages here in Vancouver, various blocks went out... but it was reported in the media that it was due to the high winds... hmmm, strange that only a few random blocks downtown were affected?

As if, perhaps, a power line was down due to high winds?

Re:Where and When? (0)

Anonymous Coward | more than 6 years ago | (#22106644)

And only a window [google.ca] or two was ripped lose. Who knew those hax0r avian carrier waves could be so effective.

Los Angeles (2, Insightful)

commodoresloat (172735) | more than 6 years ago | (#22106686)

LA has been getting them over the past few weeks pretty regularly. Entire sections of Hollywood down for several hours at a time (maybe a dozen blocks at a time), and then a couple days later it will be a section starting a few blocks away. Seems to have stopped a couple weeks ago (or was it last week?) But of course I can't tell, I haven't been driving up and down LA to check if it's still happening. But it seemed really weird and random, and the cops were not directing traffic right away (which suggests they were caught off-guard); after a while there were electrician types in groups at certain corners digging through wiring or whatever and looking confused. I noticed it 2 or three times at night, and then it hit my neighborhood in the afternoon on a weekend.

Re:Los Angeles (1)

commodoresloat (172735) | more than 6 years ago | (#22106704)

LOL I just re-read the article and you're right, the attacks are said to have all happened outside the US; I thought I had read that they were coming from outside the US, not that the power went out outside the US. Oh well, I guess Los Angeles really is outside the US in so many ways....

Re:Where and When? (0)

Anonymous Coward | more than 6 years ago | (#22106708)

Vancouver is in the USA? When was Canada invaded?

Re:Where and When? (1)

Hucko (998827) | more than 6 years ago | (#22106718)

When you say a few blocks ... I don't believe they have switches at the transformer for x blocks that are connected to the internet (possible just expensive and probably uneconomical . I was an electrician and have worked in the local power supply division of an Australian power company at a remote mining community. The stuff I was working with was mostly 40+ years old, but we were updating some aspects of the distribution. It would be the switch yard that has the switching and rapid interrupt devices that are connected to a controller that obviously is connected to the internet. That would take out at the very least take out most of a suburb i.e. 20+ blocks or 5 - 10 transformers (hypothetically). In some parts of Australia it could take out virtually the entire town. Hey, switching yards here tend to be small and old + extensions.

NOAA/NWS problems? (1)

Wilson_6500 (896824) | more than 6 years ago | (#22106922)

Does anyone remember the issues the NWS forecasting website was having the other day? I had thought it said something about server problems due to ice.I wish I remembered it the situation more clearly.

first bong hit (-1, Offtopic)

Anonymous Coward | more than 6 years ago | (#22106256)

legalize marijuana

watch bill hicks and open your third eye

nature should not be illegal

Re:first bong hit (0, Troll)

schnikies79 (788746) | more than 6 years ago | (#22106306)

I know the rule, don't feed the trolls, but I had to reply to this one.

There is nothing, I repeat, nothing natural about smoking anything. Thats pretty much the opposite of nature.

Re:first bong hit (1)

Psychotria (953670) | more than 6 years ago | (#22106428)

Indeed. Nature also produces nasty things like cyanide and strychnine, so the OP's argument is even more insane, even disregarding the smoking bit.

Re:first bong hit (1)

insertwackynamehere (891357) | more than 6 years ago | (#22106454)

what about eating :P

Re:first bong hit (1)

schnikies79 (788746) | more than 6 years ago | (#22106540)

haha, I knew someone was going to say that..

Do you honestly know anyone that eats it? I know plenty of pot users and none eat it, except for one that swallowed a bit so customs wouldn't catch him. That was a good while ago though.

Re:first bong hit (0)

Anonymous Coward | more than 6 years ago | (#22106614)

Many people that I know have moved almost exclusively to tinctures actually, either by itself or added to food or drink. It seems especially common with medical marijuana patients who don't have problems with nausea, and people who don't mind sitting aside a few ounces to soak in everclear for weeks or months on end.

Re:first bong hit (1)

milsoRgen (1016505) | more than 6 years ago | (#22106530)

There is nothing, I repeat, nothing natural about smoking anything. Thats pretty much the opposite of nature.


Yes but that does not mean nature has not put in place mechanisms for dealing with particulate inhalation. Granted we probably over doing what our bodies can handle by many times over. The fact of the matter saying smoke inhalation is completely unnatural 'or the opposite of nature' is a little short sighted, yo.

That being said one can always make use of marijuana in other more controlled ways.

Re:first bong hit (1)

sumdumass (711423) | more than 6 years ago | (#22107062)

You advocacy of marijuana puts your sig into an enlightening perspective.

CIA and Cyber Hackers? (0, Troll)

tristian_was_here (865394) | more than 6 years ago | (#22106288)

I have read shit on the internet and I think the CIA themselfs are responsible. Its a good job the UK government don't do such things.

Im a little paranoid bear with me ;)

Re:CIA and Cyber Hackers? (1, Insightful)

Anonymous Coward | more than 6 years ago | (#22106364)

If anyone believes anything that the CIA tells you then I fear for the future of the human race. It sounds like another political hobgoblin created to add to the never ending list of hobgoblins that is being created nowadays. I am just waiting for the next opportune announcement that provides the next lame excuse to invade another country and commit another round of genocide. 'Intelligence' Agency? A contradiction in terms.

Re:CIA and Cyber Hackers? (1)

commodoresloat (172735) | more than 6 years ago | (#22106610)

I'm not sure which is worse -- the paranoia about the CIA or your seemingly unsarcastic gratitude that the UK government would never pull an intelligence caper.

Why not use air-gap firewalls? (2, Insightful)

schnikies79 (788746) | more than 6 years ago | (#22106292)

There is no better security than just not being connected, end of story.

Where does this idea that every computer that exists must be plugged into the net come from?

Re:Why not use air-gap firewalls? (0)

Anonymous Coward | more than 6 years ago | (#22106320)

Where does this idea that every computer that exists must be plugged into the net come from?

movies

Re:Why not use air-gap firewalls? (3, Interesting)

ecavalli (1216014) | more than 6 years ago | (#22106460)

Where does this idea that every computer that exists must be plugged into the net come from?


Microsoft, Linksys, Google, Yahoo ... I could go on, but the I don't want to test the theory that these text boxes have finite character limits.

Re:Why not use air-gap firewalls? (1)

Z00L00K (682162) | more than 6 years ago | (#22106806)

Works for standalone equipment, but an electrical grid is normally centrally controlled from a control center and they are either using radio links, leased lines or VPN to connect. VPN over a DSL connection is the cheapest alternative today. And any VPN needs some firewalls and if the firewalls leaks... You may have an intrusion.

Something smells. (5, Interesting)

David McBride (183571) | more than 6 years ago | (#22106360)

Why are we hearing about this from the CIA, of all places? I thought counter-intelligence was the purview of the FBI, and signals intelligence the role of the NSA.

Now add the fact that the US Director of National Intelligence has indicated that he wants to obtain the ability to monitor all Internet traffic data [arstechnica.com] :

"[...] the government must have the ability to read all the information crossing the Internet in the United States in order to protect it from abuse."

Contrast this with a second Ars article from yesterday, where the US Federal Energy Regulation Commission has just approved new security regulations [arstechnica.com] for the organizations (mostly private) that run the US electrical grid. Rather than blaming evil foreign hackers, Ars reports that:

"FERC notes, in its usual bureaucratic style, that "poor vegetation management" has caused most of the problems relating to past regional blackouts."

This all just sounds like an excuse to install packet loggers everywhere.

(And it's not just the US authorities who want to lock down and control the Internet; the UK also recently indicated a desire to install censorship devices at the ISP level [theregister.co.uk] . Good luck with that.)

Re:Something smells. (2, Informative)

Solandri (704621) | more than 6 years ago | (#22106884)

Why are we hearing about this from the CIA, of all places? I thought counter-intelligence was the purview of the FBI, and signals intelligence the role of the NSA.
The FBI has jurisdiction over intelligence matters inside the U.S. and occasionally involving U.S. citizens and property abroad. The CIA has jurisdiction over intelligence matters outside the U.S. So investigating induced power outages in foreign cities would be a CIA task.

Re:Something smells. (1)

Jonner (189691) | more than 6 years ago | (#22106892)

Since these alleged attacks happened outside the US, and may have involved people on the inside of the plants, it would seem to be within the CIA's realm, which has traditionally put a high priority on human assets. At least, neither the FBI nor the NSA should be snooping around outside the US. If this is intended as FUD to help the US government watch all Internet traffic, I think it's a waste of resources, since those who want to communicate covertly will just use strong encryption. I know I will if I suspect the CIA, NSA, or FBI is watching, regardless of the legal status of my communication.

yeah, it's a powergrab justification (1)

SethJohnson (112166) | more than 6 years ago | (#22106924)



This is another brick in the case the feds have been building to justify ballooning budgets for cyber-defense operations. Conveniently, increasing 'cyber defense' also grants the feds more abilities to inspect civilian communications, etc. Meanwhile, they ignore the meatspace threat of people physically attacking power centers. Increasing budgets for staffing people protecting physical power transmission doesn't get the feds anywhere they want to go.

If some foreign entity wanted to wreak havoc on America's power grid, they could simply deploy agents with .50 cal rifles to drive throughout major cities shooting transformers on power poles. We don't see the feds talking about this threat because protecting against it wouldn't mean an extension of their power. It would require an increase in local law enforcement.

Seth

Who is going to benefit from this? (1)

seeker_1us (1203072) | more than 6 years ago | (#22106370)

So a power grid is not going to be isolated from the internet? Come on. This is just so ridiculous it sounds like another story to make people afraid... to get more money and power.

We don't have TIME!!! (3, Funny)

Duncan Blackthorne (1095849) | more than 6 years ago | (#22106382)

Quick, somebody call Jack Bauer, he'll know what to do!

Re:We don't have TIME!!! (3, Funny)

Psychotria (953670) | more than 6 years ago | (#22106446)

You are correct. He will capture the nasty people, torture them and make them confess under duress... err wait

This is really serious! (2, Insightful)

no-body (127863) | more than 6 years ago | (#22106398)

You must have clicked the box: "Always trust news from CIA"

BS (4, Interesting)

dotancohen (1015143) | more than 6 years ago | (#22106404)

I call BS on this one. I was in the US just two weeks ago. The airport was at security level 4 out of 5. I asked an officer what the threat was, and he told me that in the four years that he had been working there, the threat level had not budged from level 4. That means that there are effectively only two levels of threat: 4 and 5. This also means that the officers are authorized to perform 'checks' and other violations of the rights that I know Americans used to hold dear. This is a temporary situation, I understand, however the temporary situation has been in effect for over four years it seems! I believe that the CIA 'admitting' that the power outages are attacks are a way to drum up public support for more 'checks' and ways to survey the public. If they were real attacks then I doubt the CIA would make that public. I also doubt that the CIA would be the agency to do make that public. I don't subscribe to the many conspiracy theories that populate Reddit, but from the little that I did see in the US in the three days that I was there, things have changed since 1999 (last time I was there). People are now scared. People _want_ their government to invade their lives. That is scary. I was thinking of Winston Smith the whole time.

I don't think so (5, Interesting)

commodoresloat (172735) | more than 6 years ago | (#22106642)

This information was released at a major security conference. If they wanted to just scare everyone they would have released this info more directly to the public rather than at a meeting of specialists who could see through a line of BS. And if they were really going for the fear factor they'd leak this on a monday or tuesday morning, not at 6pm on the friday before a long weekend. It sounds to me like they want to diminish any possible panic, not amp it up. Notice they're not blaming terrorists or enemies either; the strong implication is organized crime with some kind of inside connections. I tend to be pretty skeptical of CIA but based on the little info that is here I'm guessing they're not making this up, and they probably are hoping that letting people know who are responsible for computer security at more localized levels will make it more likely for them to trace the perps.

Re:I don't think so (1)

dotancohen (1015143) | more than 6 years ago | (#22106684)

And if they were really going for the fear factor they'd leak this on a monday or tuesday morning, not at 6pm on the friday before a long weekend. It sounds to me like they want to diminish any possible panic, not amp it up.
Obviously they don't want to cause public panic. Just 'public awareness'.

Re:BS (3, Funny)

deimtee (762122) | more than 6 years ago | (#22107052)

Winston Smith has now never existed.
Thinking of unpersons is doubleplusungood.

Pfffft (5, Funny)

Tablizer (95088) | more than 6 years ago | (#22106416)

That's ridiculous. Power and services don't just suddenly cu
     

Re:Pfffft (3, Funny)

jamesh (87723) | more than 6 years ago | (#22106888)

That's ridiculous. Power and services don't just suddenly cu

At least when they do cut out, the residual power left in the system enables you to submit your incomplete slashdot message posting. What an age to be alive!

I looked at this on Firehouse (1)

milsoRgen (1016505) | more than 6 years ago | (#22106464)

I was looking at this in Firehouse. It's interesting. But I wonder are our utilities set up in the same fashion? ie are our utilities hooked to the 'net? I'm fairly certain the answer is yes. as I can recall reading articles years ago which talked about this very thing. But I would like to know for sure, because aside from billing what business does a utility have conntecting critical infrastructure to the internet at large? I mean I understand billing... but that should be wholly separate from critical networks, and as a government granted monopoly they can easily raise the funds needed to run a fully separate network for whatever mission critical needs they may have.

errrr (1)

Psychotria (953670) | more than 6 years ago | (#22106510)

What is firehouse?

Imaginationland hits the lime-light (0, Offtopic)

Secret Rabbit (914973) | more than 6 years ago | (#22106560)

Tonight I just watched the South Park episodes I, II and III and when reading the summary I got the distinct impression that this is what's going on. Perhaps we should nuke America's imagination?

Better news report (4, Informative)

greg1104 (461138) | more than 6 years ago | (#22106566)

Presuming that InformationWeek had their typical lame coverage here, a quick search found a much better article about this at Forbes [forbes.com] (they even know to ask Bruce Schneier about it!) where they link to a nice background article [forbes.com] about these SCADA systems.

Claims require evidence (0, Flamebait)

Nomen Publicus (1150725) | more than 6 years ago | (#22106624)

I have zero confidence in this claim by the CIA. If they have evidence, present it so all the utility companies can make any necessary changes to their systems.

Without evidence, anybody can claim anything. For example, the reason there have been no recent terrorist attacks in New York is the invisible magic power I spread around the city -- disprove it if you can.

Deja lu--not the kind you're thinking of, either (1)

Wilson_6500 (896824) | more than 6 years ago | (#22106630)

I'm not saying this is a dupe, but I have the weirdest feeling that I've read this same summary with the same comments, even, a few years ago.

This is the biggest pile of BS ever (2, Insightful)

Anonymous Coward | more than 6 years ago | (#22106656)

This ain't Whiz Kids people, everything isn't connected, hackable, and DoS-able - and since when does the CIA say anything, much less in a press release? This is plain old simple psy-ops on dummmy Americans, who will say, "Yes, something must be done...for the children...", and then we'll all have a bunch more bullshit internet 'enhancing', privacy 'upholding', aptly named laws like the JESUS WRAPPED IN A FLAG Act.

Dear CIA, If you're so concerned, go unplug the router, and don't waste your breath and insult the intelligence of 14 year olds with your 'teh Chinas hackin teh Gibson!' line of crap.

All your base are belong to us (0)

Anonymous Coward | more than 6 years ago | (#22106664)

You have no chance to survive, make your time

Zimbabwe (1)

Rinkhals (930763) | more than 6 years ago | (#22106690)

Hah! I knew it!

People in Zimbabwe are blaming chronic economic mismanagement and a system of rampant cronyism and nepotism whereby Government parastatial utilities and other property, mines and industries are allocated to ruling party supporters.

Fools! It is obviously the work of the former colonial masters using cyber-criminals in there desperate efforts to unseat his Excellency President-for-Life Robert Gabriel Mugabe!

(Power cuts are endemic in Zimbabwe)

Re:Zimbabwe (1)

flyingfsck (986395) | more than 6 years ago | (#22106714)

What? They have electricity in Zimbabwe?

Re:Zimbabwe (1)

bruce_the_loon (856617) | more than 6 years ago | (#22106786)

Only during the hours when South Africa doesn't have it. :)

This is a real risk (2, Interesting)

Z00L00K (682162) | more than 6 years ago | (#22106776)

And it is often caused by the fact that many control systems today depends on operating system from the same vendor as all other machines, namely Microsoft. In one way it's useful to have the machines on the net. This because it's cheap and easy to get a DSL line to the remote unmanned locations. The problem is that even if you do a VPN connection there is still a risk that the firewalls can be penetrated. (misconfiguration etc.)

There is always a balance between cost and protection and it's easy to cut back the costs, since the risks are very hard to weigh. Many companies calculates with a certain amount of downtime caused by "unforseen" events. What's in this category also depends on the amount of money put into the security bag. They are just comparing the agreements with their customers and the cost for protection and are figuring out that "OK, we can allow to have a day or more downtime without violating our customer agreements".

It's all about money, but sometimes you may think that there are people as mean as Marwin Meathead [hermanhedning.com] .

We are Microsoft. We own you. (0)

Anonymous Coward | more than 6 years ago | (#22106784)

Duh ... doesn't everyone know by now that you have to connect the Windows box to the Internet so Microsoft can own all your bases? (or in this case power plants) And I guess it's not Microsoft owning all the power plants, just making it easy for those who have always wanted one to have one.

TFA is leaving out the most important information (1)

Wolfier (94144) | more than 6 years ago | (#22106796)

WHICH bloody cities???

Re:TFA is leaving out the most important informati (4, Informative)

Wolfier (94144) | more than 6 years ago | (#22106832)

From some articles it seems that the affected cities are from Central and South America, including some in Mexico.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Create a Slashdot Account

Loading...