Iranian Hackers Claim Cyber Attack on New York Dam

It's been 14 years since 9-11 and the start of the talk of increasing security for infrastructure.

Outsource much of US IT and add loads of near bogus security people and end up with the almost the same situation as day 1.

originally posted by: ReadLeader
The (not so) funny thing is - the hackers claimed they kept quiet for 2 FRIGGIN years; this just shows and tells us ALL how far behind the 8 ball we really are-

We've known how vulnerable this stuff is for a long time. I remember back in 2004 stories were breaking that proof was found that Russia could remotely shut down our entire power grid at will.

Every nation has cyber weapons these days, the US is no different... remember Stuxnet was also a cyber weapon and the US developed it.

They're the great equalizer really, even more so than nuclear weapons. They do just as much damage but unlike nukes just about every nation has them, and they're all pointed at everyone else.

I refuse to believe it was an Iranian "group"...maybe "department of the military" is more accurate. And people wonder why some are against giving them over 100 billion dollars when they pull crap like this. One well planned, thought out attack on such resources could be devastating.

And to the previous poster...I agree. Why the hell are such computers reachable over the internet or any such communications? These should be closed, custom operating systems maybe even written in a top-secret programming language built for security first. It isn't that difficult...really!!!

originally posted by: WeAreAWAKE
I refuse to believe it was an Iranian "group"...maybe "department of the military" is more accurate. And people wonder why some are against giving them over 100 billion dollars when they pull crap like this. One well planned, thought out attack on such resources could be devastating.

And to the previous poster...I agree. Why the hell are such computers reachable over the internet or any such communications? These should be closed, custom operating systems maybe even written in a top-secret programming language built for security first. It isn't that difficult...really!!!

Part of having a national power grid means that power plants in different areas need to talk to each other and adjust their power output. Power plants buy and sell energy from each other all the time. With the way our power grid is set up this is pretty much required.

To fix it would require rebuilding our entire power grid, and then also increasing local power generation ability by x% everywhere in order to meet demand spikes. For example when demand spikes on the east coast right now such as around 8pm, we can increase power production on the west coast and transmit that power east. By the time demand has spiked on the west coast, power usage has dropped off in the east and they can send power west.

a reply to: Aazadan

Understood...and yes, it would take infrastructure changes. But there is no "need" to be accessible via the internet. A country wide intranet that is locked from external access not simply by devices (which can be hacked) but actual connectivity is not only possible, but likely required in this "new world" we live within. The idea that I can cause damage to a nuclear facility from my home, Windows PC is a bit too compromising.

We can lay new cabling and protect it for secure facilities. But you are correct...it won't be cheap. But maybe cheaper than a nuclear melt down.

originally posted by: WeAreAWAKE
a reply to: Aazadan

Understood...and yes, it would take infrastructure changes. But there is no "need" to be accessible via the internet. A country wide intranet that is locked from external access not simply by devices (which can be hacked) but actual connectivity is not only possible, but likely required in this "new world" we live within. The idea that I can cause damage to a nuclear facility from my home, Windows PC is a bit too compromising.

We can lay new cabling and protect it for secure facilities. But you are correct...it won't be cheap. But maybe cheaper than a nuclear melt down.

It's not usually done from Windows, it's done from Linux. Not sure what the current popular OS for that stuff is, the best OS for penetration when I used to mess with that stuff a few years ago was Backtrack.

The main issue with our power grid isn't really the power plants anyways, it's that taking down a few key transformers could take down the entire nation. It's the distribution cables that are our weak point.

Resurrecting this old thread for an update:

DOJ to announce charges against several Iranians in 2013 hacking of New York dam

Iranians in 2013 hacking of New York dam By Matthew Dean Published March 23, 2016 FoxNews.com Now Playing Report: Iranian hacker hacked dam near New York City The Department of Justice will announce charges against as many as five individuals with ties to the Iranian government for computer hacking-related crimes in connection with the 2013 hacking of a New York dam, a law enforcement source told Fox News Wednesday.

And yet, our government gave Iran billions and a deal that don't stop them from shooting missiles and could end up with them getting nuclear weapons after time limits are up.

Well it looks like the DOJ is going to issue indictments to the seven hackers.......IN IRAN. I'm sure they're shaking in their boots at this point.

www.newsjs.com...
Hacks and codes: DOJ to indict Iranian hackers - RT


In an effort to confront foreign cyber-attacks, the Obama administration is expected to hold Iranian hackers responsible for a series of coordinated attacks on multiple US banks and a New York dam in 2012 and 2013. The Department of Justice (DOJ) plans ...

Wed, 23 Mar 2016 21:30:11 -0700 - RTHacks and codes: DOJ to indict Iranian hackersRTIn an effort to confront foreign cyber-attacks, the Obama administration is ...

I have went through ATS search and only found this thread on the issue. I have been searching for articles on Google on this issue prior to December 2015 when it appears, the public was informed of the incident(s). So far I haven't found any info closer to the incident dates. Two instances in 2012, 2013 we have Iranian hackers breaching our infrastructure, very little news at the time if any. AAAAAANNNNNDDDD, we signed a 'deal' with these people.

I guess the DOJ wasn't too hot to trot on the issue because nothing bad happened. From what I've been able to tell, the hacking was a "test" to see if it could be done. I sure hope steps have been taken to prevent this from happening again. Since the US seems to be more reactive than proactive, especially on infrastructure, I guess we should consider ourselves lucky......instead of smart. Either way, we dodged a bullet.

ETA, I see BlueAjah beat me to it. Hadn't read all the way to the bottom.

I'm going to add a bit more here, I can't find a date of the article but it must be older:

While there’s no apparent damage related to the hack, it’s alarming for a number of reasons. The scariest bit is that it reportedly took investigators a long time to figure out exactly which dam had been infiltrated.

Analysts discovered the hack while monitoring IP addresses associated with disruptions to websites of US banking institutions. They found computers trawling the internet for vulnerable industrial infrastructure, and a couple of IP addresses were linked to a “Bowman” dam. The trouble? There are 31 dams with the name Bowman in the United States, and they didn’t know which one it was.

[SNIP]

At this time the hack is classified and unconfirmed.

It’s scary enough that much of our infrastructure is connected to the internet somehow, and that, as the WSJ notes, it’s all pretty much hanging out there insecurely. What really gets me about this is that once analysts figured out that there was a hack, they still couldn’t really figure out where it was.

It isn't an older article. It appears the hack wasn't discovered for YEARS. Who exactly are they indicting?