Malicious virus shuttered power plant: DHS

page: 1
9
<<   2 >>

log in

join

posted on Jan, 16 2013 @ 05:40 PM
link   

Malicious virus shuttered power plant: DHS


uk.reuters.com

A computer virus attacked a turbine control system at a U.S. power company last fall when a technician unknowingly inserted an infected USB computer drive into the network, keeping a plant off line for three weeks, according to a report posted on a U.S. government website.

The Department of Homeland Security report did not identify the plant but said criminal software, which is used to conduct financial crimes such as identity theft, was behind the incident.
(visit the link for the full news article)


Related News Links:
wkzo.com
www.i4u.com




posted on Jan, 16 2013 @ 05:40 PM
link   

It was introduced by an employee of a third-party contractor that does business with the utility, according to the agency.


So nothing to get too worried over right? I was half expecting Iran or some other "rogue" nation to be the culprit, however it was just a proxy employee.

Within certain aspects though, that is even scarier. Without knowing this guy's credentials and/or technical abilities it is still worrisome that "an average Joe" (figuratively speaking) could get even this far past the cyber security. The whole article is rather unnerving imho.


Interest in the area has surged since 2010 when the Stuxnet computer virus was used to attack Iran's nuclear program. Although the United States and Israel were widely believed to be behind Stuxnet, experts believe that hackers may be copying the technology to develop their own viruses.


This is all we need, is some pissed off script kiddies shutting down our Power Plants. Does this make anyone else want to go buy a generator?

uk.reuters.com
(visit the link for the full news article)



posted on Jan, 16 2013 @ 05:44 PM
link   
Nice find and all I can say is that USB drives should not be allowed in any sensitive operations like in your thread.

S&F
Regards, Iwinder



posted on Jan, 16 2013 @ 05:58 PM
link   


criminal software, which is used to conduct financial crimes such as identity theft, was behind the incident.


So, how does that shut down a turbine. Three weeks to clean up one to a few PCs? I think this might be an exaggeration and the outage was based on more than this item.



posted on Jan, 16 2013 @ 05:58 PM
link   
reply to post by Iwinder
 


Yes add more soviet centralized surviellance. That's the answer.
There are no threats people this is a scare tactic used by DHS to legitimize a soviet-style police state.


Maybe they set someone up that way?

They plant a virus on an unknowing patsy's USB drive. Idiot public eat up the fake terror threat as usual.

So easy to set someone up that way.



posted on Jan, 16 2013 @ 06:00 PM
link   
I guess they made the List

or more likely, they were already on it.

Pretty sad that power plants are still running Win2K and XP.



posted on Jan, 16 2013 @ 06:02 PM
link   

Many critical infrastructure control systems run on Windows XP and Windows 2000, operating systems that were designed more than a decade ago.


Why these morons are running windoze is beyond me. That's their first problem.

Want security? Spend the extra cash and higher some GNU/Linux professionals. It's a damn power planet for crying out loud, not a bakery.



posted on Jan, 16 2013 @ 06:02 PM
link   
reply to post by Iwinder
 



Nice find and all I can say is that USB drives should not be allowed in any sensitive operations like in your thread.


There is software readily available to prohibit the use of thumb drives on PC's. It just costs money and the power plants are rolling the dice.



posted on Jan, 16 2013 @ 06:04 PM
link   
reply to post by roadgravel
 



Three weeks to clean up one to a few PCs?


Yeah I found that odd. Back in my hay day, I would get nailed with a virus (old IRC play days), OS went kah-put, I was reformatted and back in a matter of hours with a fresh install. Of course I had back-ups so it made the task much simpler.

They do create back-ups...right?



posted on Jan, 16 2013 @ 07:25 PM
link   

Originally posted by UberL33t
reply to post by roadgravel
 



Three weeks to clean up one to a few PCs?


Yeah I found that odd. Back in my hay day, I would get nailed with a virus (old IRC play days), OS went kah-put, I was reformatted and back in a matter of hours with a fresh install. Of course I had back-ups so it made the task much simpler.

They do create back-ups...right?


Well, it's a nuclear facility so I am positive they have critical data to store, which means off site backups and redundancy backups etc.

But what really pops my bubblewrap is an apparent lack of virus protection.

Or that a USB access point is connected to mission critical systems and there is no "Don't you stick your junk in my port !" signs or warnings or rules that result in the boss screaming at you for a week if you ignore it.

You can imagine the technical dilemma it would be to determine the exact severity of the infection, in combination with having to compartmentally close down a nuke plant to do so, would take some time.

3 weeks. Maybe not, but I don't operate one, and I'd rather read 3 weeks to clean a virus, than 3000000 years because some goober infected the nuke plant and no one cared enough to clean it properly.



posted on Jan, 16 2013 @ 08:01 PM
link   
What is the source of it being a nuclear plant? The articles I read said unnamed plant and no type was given.



posted on Jan, 16 2013 @ 08:26 PM
link   
This was a test, only a test, if this had been an actual attack it would have been far worse, and more widespread.

The Iranians are advancing in both their espionage and cyberwarfare capabilities.

Impressive display.



posted on Jan, 16 2013 @ 08:32 PM
link   
By the way, don't forget to disable Java on all systems, as the inherent vulnerabilities can be exploited and can contribute to threats like this.

Actually, it's too late...

Oh well, there are worse things out there...



posted on Jan, 16 2013 @ 08:37 PM
link   
DHS reports this...hmmm
"they" don't want us to have internet
could this be propaganda...you think???
makes me think of these videos...enjoy if ya do...


edit on 16-1-2013 by lasvegasteddy because: (no reason given)



posted on Jan, 17 2013 @ 02:03 AM
link   

Originally posted by UberL33t
...unknowingly inserted an infected USB computer drive into the network...


Um, anybody else smell BS here?

Is that anything akin to unkowingly going around cutting up taped conversations between Air Traffic Control and Pilots with scissors and putting them into seperate trash cans on 9-11 despite direct orders to retain them?
I don't know much about it but it begs the question, What the hell are we doing putting the operational software for our power plants on a computer network anyway?



posted on Jan, 17 2013 @ 02:13 AM
link   
DHS saves the day AGAIN




posted on Jan, 17 2013 @ 02:42 AM
link   
The system altered was not a windows based application. 100'S of millions have been spent on security since then. Linux is used to check any flash drives allowed inside and it's very rare with extensive security checks. It's like Fort Knox now.

www.npr.org...

edit on 17-1-2013 by buffetw because: update link



posted on Jan, 17 2013 @ 12:06 PM
link   

Originally posted by buffetw
The system altered was not a windows based application. 100'S of millions have been spent on security since then. Linux is used to check any flash drives allowed inside and it's very rare with extensive security checks. It's like Fort Knox now.


Don't underestimate the real threat of a major widespread cyber attack, or make the dangerous assumptions that critical systems are secure.... In fact, such an attack can be potentially far more devastating than many here could comprehend. Not only that, it is not just likely, but IMO... Imminent. But only a component in a multi-phase attack plan aimed to have major impact on the economy, and to deliver a much more devastating blow to this nation. These potential attacks will give "war" a whole new meaning, and is a method our enemy can use effectively while they are unable to confront us with conventional military operations, their potential for devastating attack is their most likely method of retaliation IF the USA chooses to attack them preemptively first.

Good luck!



posted on Jan, 17 2013 @ 12:57 PM
link   
reply to post by buffetw
 



The system altered was not a windows based application. 100'S of millions have been spent on security since then. Linux is used to check any flash drives allowed inside and it's very rare with extensive security checks. It's like Fort Knox now.


You can't know that for sure, as neither the system, nor the operator were divulged. It was likely a user's laptop running windows paired with poor network design/security.

Additionally, you might be surprised how difficult it is to upgrade O/S's on aging systems. You can't just go out and buy the latest version of Windows, pop it in, and have everything work. It's often cheaper just to pay the fines rather than disrupt operations.



posted on Jan, 17 2013 @ 05:42 PM
link   
Science fiction has been suggesting for years that the wars of the future will not be fought between nations and powerblocks, but between companies and institutions, at a level so shadowy as to render them on a par, or even more clandestine than those battles fought between the intelligence services of rival nations.

The theme has run through all science fiction writing, be it for films, books, or computer games, Deus Ex, and its sequel Deus Ex: Human Revolution, for example. There are older, and wider known variations on that theme as well. Sometimes , we are told, life seems to imitate art. But in this case, I believe those who have already imagined the dark future that will accompany an increase in this manner of behavior among companies in the world, are merely performing a simple computation. They saw thier times, and what was happening in them, and pushed the behavior of various companies, to thier logical conclusions, and in so doing saw these times coming.

No horoscopes required, nor pre-cognition of future events, bought on by some quirk of genetics and learning. Just simple observations and cogitation. I believe we will witness the first real opening salvos of these wars as the years progress, and that they will become far more frequent, until the rattle of thier delivery becomes not a punching shock in the night, but begins to resemble the white noise of a constant rain.

This introduction of a virus into a vital piece of infrastructure , represents in my veiw, a very irresponsible act. It also means that a certain amount of intelligence about the facility and its systems must have been accessed by the offending party or parties, in order for them to have constructed a targeted virus, with the intent of creating the circumstance which eventually prevailed at the plant. Without understanding a certain amount about the system that the virus was designed to thrive in, it would have been difficult to create something that would be effective.

This suggests to me that the information security at this particular plant, was not up to par in any way at all. Although I am sure that the secret services keep a weather eye on this stuff, it seems somewhat strange to me that they are not more careful to prevent this sort of thing. Mind you, security is going to be difficult to maintain from the governments point of veiw. These facilities might well be vital parts of the infrastructure of the US, but they are not owned or controlled by the government, instead being owned and run by private organisations who answer to the dollar before all other things.

Unless the first loyalty of everyone involved with an enterprise which is vital to the smooth running of the nation, is to the nation itself, security at such installations will always have more holes in it than a swiss cheese thats been rolled through a gun range. If a mans loyalty can be bought, or he can be bought to a state of confusion about who precisely he answers to, then security becomes a joke at the facility he is employed at. This is why I would recommend that the US government re-distributes its budget for intelligence, with a greater focus on watching rival companies, industry lobbies, and financial structures.

If these corperations are going to war with one another, then thier greed and irresponsible pursuit of fortune, forsaking all else, could turn out to be just about the most dangerous threat that the US, nay, the world has ever faced. They certainly pose a much greater risk long term than do the scattered cells of the so called terror networks. More to the point, if these mad corperate intelligence organisations are going to fight it out, then this opens up the entire infrastructure of the US power network, not only to insane corperate warfare, but also being accessed, during the confusion, by the very people that the US has spent the last decade or so fighting.

This is serious business, and there can be no half measures in putting this genie back in the bottle.





new topics
top topics
 
9
<<   2 >>

log in

join