Entries in Cyber Attacks (4)


America's Failing Grade on Cyber Attack Readiness

iStockphoto/Thinkstock(WASHINGTON) -- The man in charge of America's cyber operations said that on a scale of one to 10, the nation's preparedness to deal with a major cyber attack on critical infrastructure sits at a dismal three.

"Somebody who finds vulnerability in our infrastructure could cause tremendous problems," Army Gen. Keith Alexander, Director of the National Security Agency and chief of U.S. Cyber Command, told audience members at the Aspen Institute's annual security forum late Thursday, according to multiple reports. Alexander said that since 2009, attempted cyber attacks on the nation's infrastructure systems have risen seventeen-fold.

"I'm worried most about power. I'm worried about water. I think those are the ones that need the most help," he said.

Top current and former U.S. security officials have for years been decrying vulnerabilities in the computer networks of critical infrastructure industries from water treatment centers to electric power plants -- largely facilities owned and operated by private entities. In his remarks, Alexander reportedly pushed for greater role of government, specifically the Department of Homeland Security, in regulating security measures across industries.

Two years ago, computer experts discovered Stuxnet, a cyber weapon of unprecedented power and complexity that was apparently designed to damage an Iranian nuclear facility. The worm had demonstrated what computer experts had long though possible but had never actually seen: computer code that was no longer confined to disrupting computer systems internally but could reach out and physically alter how a facility works, or potentially destroy it.

Before the worm was alleged to have been a creation of a joint U.S.-Israeli cyber operation, other U.S. officials quickly realized that such a powerful cyber tool may be turned on the homeland. In a Senate Homeland Security committee hearing in November 2010, committee chairman Joe Lieberman (D.-Connecticut) warned the worm could be used as a "blueprint" for other "malicious hackers."

Richard Clarke, former White House counterterrorism advisor, cyber security expert and ABC News consultant, said in January that since Stuxnet was a "plug-and-play" worm, other hackers or foreign governments could take it, modify it and turn it against the U.S.

"You can take out certain components and put in others and you have a very powerful weapon that could be used against the electric power grid or any other system that has computers telling machines what to do," he said. "The best cyber weapon in the world has been spread around for other people to have copies of… I think it's very likely that somebody could do this."

Months later, the Department of Homeland Security revealed that the original Stuxnet worm did manage to infiltrate a computer system in the U.S., but since it was only tailored to hit the Iranian nuclear facility, it didn't do any known damage to the American facility.

Sean McGurk, a former DHS official who is now senior policy officer at the Industrial Controls Systems Information Sharing and Analysis Center, told a radio show in early June that he had already seen hackers modifying Stuxnet for their own uses. He also noted that as one of the most computer-reliant nations on the planet, the U.S. is also one of the most vulnerable.

"Because everything from elevators to prison doors are controlled by computers in our country, these systems lend themselves to manipulation and potentially to destruction," he said.

Since Stuxnet's discovery, cyber experts have found two other highly-sophisticated cyber weapons: Duqu, a cyber program built in the style of Stuxnet but for espionage rather than offensive operations, and Flame, the largest espionage program in history designed to capture any keystroke, image and conversation even near the infected system. Based on stunning similarities in the code of all three programs, researchers said they believe they were all created by either the same team, or at least teams of computer experts with access to each other's original work.

Copyright 2012 ABC News Radio


Google to Warn Users of Possible State-Sponsored Cyber Attacks

ABC News(NEW YORK) -- Google has posted a note on its security blog informing users that there will now be a banner warning you if Google believes that a state-sponsored cyber attacker is trying to compromise your account or computer.

Eric Grosse, Google’s vice president of security engineering, wrote on, “When we have specific intelligence -- either directly from users or from our own monitoring efforts -- we show clear warning signs and put in place extra roadblocks to thwart these bad actors.”

The warning seen below will state: “Warning: We believe state-sponsored attackers may be attempting to compromise your account or computer. Protect yourself now.”

“If you see this warning it does not necessarily mean that your account has been hijacked. It just means that we believe you may be a target, of phishing or malware for example, and that you should take immediate steps to secure your account,” Grosse wrote in the blog posting.

The unusual security notice by Google may make users wonder how Google knows their accounts are potentially being probed.

“You might ask how we know this activity is state-sponsored. We can’t go into the details without giving away information that would be helpful to these bad actors, but our detailed analysis -- as well as victim reports -- strongly suggest the involvement of states or groups that are state-sponsored,” Grosse said in the blog posting.

In 2009 China tried to gain access to the Gmail accounts of dozens of Chinese dissidents and human rights activists.  It was part of a larger state-sponsored cyber attack targeting as many as 30 U.S. companies including Yahoo!, Adobe, Rackspace and Northrop Grumman. U.S. officials believe China was attempting to gain access to these firms’ networks to obtain intellectual property and source code information. Google disclosed the attack in January 2010.

Google, in its posting, advises users to have strong, unique passwords, update their Internet browsers and software, and avoid clicking on attachments that could contain malware.  Google says the banner may stay up on a user’s page for several days to remind users to take the necessary security steps.

“We believe it is our duty to be proactive in notifying users about attacks or potential attacks so that they can take action to protect their information. And we will continue to update these notifications based on the latest information,” Grosse wrote in the blog posting.

Copyright 2012 ABC News Radio


Federal Worker Savings Plan Computers Hit in Cyber-Attack

iStockphoto/Thinkstock(WASHINGTON) -- Last month the FBI notified the Thrift Savings Plan, the contribution retirement savings plan for Federal employees, that a contractor’s computer systems had been breached in a complex cyber-attack with 123,000 Social Security numbers being compromised.

According to the Federal Retirement Thrift Investment Board (FRTIB) the FBI discovered the breach last month but it was not disclosed until Friday. The hacking was targeted against computers of Serco Inc., the company that runs the computer systems for the TSP.  Initial information indicates that the hacking incident took place in July 2011.

While the company and the FBI don’t believe any funds were compromised, the intrusion resulted in the theft of the 123,000 social security numbers. Among that group, approximately 43,587 individuals had their name, address and Social Security number compromised.

According to the FRTIB, a separate group of 79,614 people had their Social Security numbers and some Thrift Savings Plan information taken.

“In April of 2012, the Federal Bureau of Investigation (FBI) informed the FRTIB and Serco that in July of last year, a computer belonging to Serco, a third party service provider used in support of the TSP, was subjected to an unauthorized access incident. This incident resulted in the unauthorized access to the personal information of 123,201 TSP participants and payees. When the TSP learned of the cyber attack, we took immediate steps to investigate and notify our participants and other affected individuals,” the Thrift Savings Plan noted in a news release posted on their website.

The FBI’s Cyber Division and The Bureau’s Washington Field Office are investigating the breach. The FBI has provided extensive forensic information to Serco and the FRTIB to determine which accounts had been impacted.

“Serco regrets this incident and the inconvenience it may cause to some Thrift Savings Plan participants and payees whose personal data was involved.  We have fortified our information security measures and cyber defenses. We are committed to supporting the FRTIB in its mission of providing world-class retirement management solutions for current and former federal employees, members of the uniformed services, and their families,” said Ed Casey, Chairman and CEO of Serco Inc.

“We sincerely, regret that this event occurred and will provide assistance and support to the affected individuals through a call center and credit monitoring,” said Greg Long, executive director of the FRTIB.

The thrift Savings Plan has posted information and a list of frequently-asked questions on their website to help individuals who may have had their information compromised.

Copyright 2012 ABC News Radio


DHS: Hackers Mounting Organized Cyber Attack on US Gas Pipelines

iStockphoto/Thinkstock(WASHINGTON) -- For the past six months, an unidentified group of hackers has been mounting an ongoing, coordinated cyber attack on the control systems of U.S. gas pipelines, prompting the Department of Homeland Security to issue alerts.

According to U.S. officials, it's unclear if a foreign power is trying to map the gas systems or if hackers are attempting to harm the pipelines. A previous attack on the oil and gas sector seemed to originate in China.

The hackers are using a technique called "spear-phishing," according to the DHS, in hopes of stealing passwords and gaining access to the pipelines' control systems. Spear-phishers send targeted emails to specific individuals that seem to come from friends or associates, and when opened, attachments or links in the emails release malware into the victim's computer.

"Various sources provided information to the Industrial Control Systems Cyber Emergency Response Team," stated the DHS in a recent newsletter, "describing targeted attempts and intrusions into multiple natural gas pipeline sector organizations. Analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign with spear-phishing activity dating back to as early as December 2011."

According to the DHS, the spear-phishers, who were first detected in March, have targeted a small, select group of employees at U.S. gas companies.

DHS officials and a spokesman have acknowledged they are working with the FBI to find out who may be behind the intrusions and malicious emails.

"The cyber intrusion involves sophisticated spear-phishing activities targeting personnel within the private companies," DHS spokesman Peter Boogaard said in a statement. "DHS is coordinating with the FBI and appropriate federal agencies, and DHS's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) is working with affected organizations to prepare mitigation plans customized to their current network and security configurations to detect, mitigate and prevent such threats."

Boogaard said ICS-CERT has been working with "critical infrastructure owners" in the oil and gas industry since March 2012 to combat the cyber attacks. According to Homeland Security officials, in recent weeks ICS-CERT has held several classified briefings with oil and gas sector companies and organizations to share information about the intrusions.

The oil and gas sector has been targeted before. In February 2011 the computer security firm McAfee discovered a computer intrusion labeled "Night Dragon" that was traced to China. As part of that attack, individuals tried to obtain sensitive data and financial documents from the oil and gas companies about bids and future drilling exploration projects.

The FBI declined to comment on the case when contacted by ABC News.

Copyright 2012 ABC News Radio

ABC News Radio