Author
|
Topic: China Link Suspected in Lab Hacking (Read 1050 times) |
|
Walter Watts
Archon
Gender: 
Posts: 1571
Reputation: 8.24
Rate Walter Watts
Just when I thought I was out-they pull me back in
  
|
 |
China Link Suspected in Lab Hacking
« on: 2007-12-09 18:13:50 » |
 |
and the fun continues...........
"We have nothing to fear but fearmongers"
--Walter
---------------------------------------------------------------
The New York Times
December 9, 2007
China Link Suspected in Lab Hacking
By JOHN MARKOFF
SAN FRANCISCO, Dec. 8 — A cyber attack reported last week by one of the federal government’s nuclear weapons laboratories may have originated in China, according to a confidential memorandum distributed Wednesday to public and private security officials by the Department of Homeland Security.
Security researchers said the memorandum, which was obtained by The New York Times from an executive at a private company, included a list of Web and Internet addresses that were linked to locations in China. However, they noted that such links did not prove that the Chinese government or Chinese citizens were involved in the attacks. In the past, intruders have compromised computers in China and then used them to disguise their true location.
Officials at the lab, Oak Ridge National Laboratory in Tennessee, said the attacks did not compromise classified information, though they acknowledged that they were still working to understand the full extent of the intrusion.
The Department of Homeland Security distributed the confidential warning to computer security officials on Wednesday after what it described as a set of “sophisticated attempts” to compromise computers used by the private sector and the government.
Government computer security officials said the warning, which was issued by the United States Computer Emergency Response Team, known as US-CERT, was related to an October attack that was also disclosed last week by officials at the Oak Ridge laboratory.
According to a letter to employees written by the laboratory’s director, Thom Mason, an unknown group of attackers sent targeted e-mail messages to roughly 1,100 employees as part of the ruse.
“At this point, we have determined that the thieves made approximately 1,100 attempts to steal data with a very sophisticated strategy that involved sending staff a total of seven ‘phishing’ e-mails, all of which at first glance appeared legitimate,” he wrote in an e-mail message sent to employees on Monday. “At present we believe that about 11 staff opened the attachments, which enabled the hackers to infiltrate the system and remove data.”
In a statement posted on the laboratory’s Web site, the agency stated: “The original e-mail and first potential corruption occurred on October 29, 2007. We have reason to believe that data was stolen from a database used for visitors to the Laboratory.”
The laboratory said the attackers were able to gain access to a database containing personal information about visitors to the laboratory going back to 1990.
The US-CERT advisory, which was not made public, stated: “The level of sophistication and the scope of these cyber security incidents indicate that they are coordinated and targeted at private sector systems.”
The US-CERT memo referred to the use of e-mail messages that fool employees into clicking on documents that then permit attackers to plant programs in their computers. These programs are then able to copy and forward specific data — like passwords — to remote locations.
Despite improvements in computer security, phishing attacks are still a big problem. In the case of the Oak Ridge intrusion, the e-mail messages were made to seem authentic. One described a scientific conference and another referred to a Federal Trade Commission complaint.
Computer security researchers cautioned that despite the US-CERT description of the attacks as sophisticated, such threats are frequently undertaken by amateur computer hackers.
Classified federal computer networks are not supposed to be connected physically to the open Internet. Even so, sensitive data like employee e-mail databases can easily be compromised once access is gained to computers inside federal agencies.
Copyright 2007 The New York Times Company
|
Walter Watts
Tulsa Network Solutions, Inc.
No one gets to see the Wizard! Not nobody! Not no how!
|
|
|
Fritz
Adept
Gender:
Posts: 1746
Reputation: 7.92
Rate Fritz
|
|
Re:China Link Suspected in Lab Hacking
« Reply #1 on: 2008-03-24 01:44:43 » |
|
Looks like China is willing go to one on one, as well, in Cyber Space not just the high profile Federal stuff.
Humans using technology .... whatever happened to using Cyber Space for what it was designed ..... PORN .... oh yes and total mutual nuclear destruction.
Fritz
http://www.theregister.co.uk/2008/03/22/pro_tibetan_groups_targeted/
Cyber attacks target pro-Tibetan groups
Barrage of the trojans
By Dan Goodin in San Francisco → More by this author
Published Saturday 22nd March 2008 17:48 GMT
Groups sympathetic to anti-Chinese protesters in Tibet are under assault by cyber attackers who are embedding malware in email that appears to come from trusted colleagues.
The email is being sent to members of human-rights groups. The messages include attachments in PDF, Microsoft Word and Excel formats, that install keyloggers and other types of malware once they're opened. The malicious payloads have been disguised to evade detection by anti-virus scanners.
"Groups working for freedom of Tibet all over the world have been targeted," says anti-virus supplier F-Secure in blog post. "These emails have been sent to mailing lists, private forums and directly to persons working inside pro-Tibet groups. Some individuals have received targeted attacks like this several times a month."
Names of attached files include UNPO Statement of Solidarity.pdf, Daul-Tibet intergroup meeting.doc and tibet_protests_map_no_icons__mar_20.ppt. Once opened the files deliver documents that appear to contain legitimate content in support of the protests. Behind the scenes, though, the malware is installed.
The cyber attacks come amid riots in the Tibetan capitol of Lhasa between protesters and Chinese soldiers. According to the Tibetan government-in-exile, at least 99 people have been killed in the crackdown. Chinese officials put the official death toll at 19.
While the violence has flared up only recently, cyber attacks against critics of the Chinese government date back to at least 2002, according to SANS. Past targets include Falun Gong and the Uyghurs.
Reports of the attacks came as several news agencies said Chinese authorities placed "most wanted" posters of 21 rioters on Chinese web portals and television stations. According to some reports, the images ran for a time on the Chinese sites for both MSN and Yahoo. Two of the suspects have already been arrested. ®
|
Where there is the necessary technical skill to move mountains, there is no need for the faith that moves mountains -anon-
|
|
|
Fritz
Adept
Gender:
Posts: 1746
Reputation: 7.92
Rate Fritz
|
|
Re:"How to Take Down the Power Grid"
« Reply #2 on: 2008-04-10 12:50:00 » |
|
Security, Hacking, 'ya got ta luv it' and where is Bruce Willis when you need him :-) ... Interesting video at the site tied to the story.
Cheers
Fritz
http://www.news.com/8301-10784_3-9914896-7.html?tag=nl.e501
April 8, 2008 6:58 PM PDT
Breaking into a power station in three easy steps
Posted by Elinor Mills | 21 comments
"I will tell (you) how to break into a nuclear reactor," Ira Winkler, president of security firm ISAG said as he launched into his presentation on "How to Take Down the Power Grid" at RSA 2008 on Tuesday night.
"Frankly, it's really easy to break into the power grid," he said. "It happens all the time."
First, you set up a Web server that downloads spyware onto the computers that visit.
Second, you send an e-mail to people who work inside a power station that entices them to click on a hyperlink to the Web server with the spyware. Warning them that their human resources benefits are going to be cut and sending them to a Web site with "hr.com" in the domain would work, according to Winkler, who said he has done this several times in company-approved penetration tests.
Third, you wait as the recipients--and everyone else they forwarded the e-mail to--visit the server and get infected.
"Then we had full system control," he said. "Once the malware was downloaded onto their systems...we could see the screens and manipulate the cursors."
It took about a day to set up the attack and was effective within minutes, according to Winkler.
"It had to be shut down after a couple of hours because it was working too well," he said.
This is akin to social engineering attacks that happen all the time, but this attack has more far-reaching consequences than most such attacks.
Power stations running special SCADA control software have the perception that they are more secure than other networked systems. However, they are just as vulnerable because they are connected to the Internet and run on computers that also run Windows NT, he said.
"Things are really this bad," Winkler said. "I'm not exaggerating."
Below is a video showing a staged cyber attack on a power station that Winkler showed during his presentation:
.
video.....at site
|
Where there is the necessary technical skill to move mountains, there is no need for the faith that moves mountains -anon-
|
|
|
Fritz
Adept
Gender:
Posts: 1746
Reputation: 7.92
Rate Fritz
|
|
Re:China Link Suspected in Lab Hacking
« Reply #3 on: 2008-06-12 11:55:36 » |
|
Interesting how China seems to be, becoming 'the go to guy' of more and more of our ills; is this 'meming' ?
Cheers
Fritz
PS Hermit, Is this the formating you were hoping for ?
Chinese crackers blamed for US power blackouts
Lights go out, firewalls come tumbling down
By John Leyden → More by this author http://ttp://search.theregister.co.uk/?author=John%20Leyden
Published Monday 2nd June 2008 13:04 GMT
Chinese hackers have been blamed for two sets of cyber attacks that left US homes without electricity in recent years.
Two blackouts in Florida and the Northeast were at least partially caused by Chinese crackers, computer security experts told http://tp://www.nationaljournal.com/njmagazine/cs_20080531_6948.php the National Journal Magazine.
The magazine bases its claims principally on Tim Bennett, former president of the Cyber Security Industry Alliance, who said that US spooks told him back in 2003 that crackers working on behalf of the Chinese National Liberation Army had gained access to the network controlling power plants in the north eastern US.
This intrusion "may have precipitated" a power outage that affected large swathes of the US in August 2003. The blackout - which affected New York, Michigan, Ohio and parts of Canada - hit 50 million homes and was officially blamed on a cascading failure arising from a failure to deal with the outage of a set of high-voltage lines, which had a knock-on affect on around 100 power plants.
The spread of the Blaster worm at the time may have hampered communications, hampering efforts to fix the problem.
Bennett also blames a February blackout in south Florida that left three million homes without electricity on computer hackers. A second security consultant, speaking anonymously, said that the Florida hack was down to a Chinese PLA hacker who made a mistake while attempting to produce a map of Florida Power & Light’s systems. Power & Light blames an error by an engineer who disabled backup systems while making repairs on the outage. An official inquiry is ongoing.
Joel Brenner, the government’s senior counterintelligence official, was quizzed by the National Journal Magazine on the issue and said such attacks might be possible. Targeted Trojan attacks against senior executive and government officials in the West have been widely blamed on China, but attacks on utilities would be far more difficult to pull off.
Back in January CIA senior analyst Tom Donahue created controversy with claims that crackers have blackmailed foreign governments after disrupting the operating of utilities. Skeptics said the unspecified claims lack credibility, although other security experts subscribe to the possibility of attacks against Supervisory Control And Data Acquisition (SCADA) systems seriously.
SCADA systems lie at the heart of utility control networks. The devices allow utilities, such as electricity plants, to remotely control and monitor generation equipment and substations over phone lines, radio links and, in more and more cases, IP networks.
Interconnection between SCADA environments and corporate networks introduce new security risks that weren't so much of a concern in the previous era of closed control networks.
Reports of successful cyber attacks on utility systems are rare but not unprecedented.
Seven years ago a disgruntled ex-employee of an Australian hotel hacked http://://www.theregister.co.uk/2001/10/31/hacker_jailed_for_revenge_sewage/into a water control system and swamped the grounds with sewage. In Russia, malicious crackers managed to take control http://w.theregister.co.uk/2000/04/27/russia_welcomes_hack_attacks/ of a gas pipeline for around a day in 1999. Closer to home, in the case of the latest US blackouts, the Slammer worm affected the corporate network at Ohio's inactive Davis-Besse nuclear plant and disabled http://ttp://www.theregister.co.uk/2003/08/20/slammer_worm_crashed_ohio_nuke/ a safety monitoring system for nearly five hours in January 2003. ®
|
Where there is the necessary technical skill to move mountains, there is no need for the faith that moves mountains -anon-
|
|
|
Hermit
Archon
Posts: 4289
Reputation: 8.50
Rate Hermit
Prime example of a practically perfect person
|
|
Re:China Link Suspected in Lab Hacking
« Reply #4 on: 2008-06-12 13:16:21 » |
|
[Fritz] PS Hermit, Is this the formating you were hoping for ?
[Hermit]
Taking, as an example, just this line:
[Fritz] By John Leyden → More by this author http://search.theregister.co.uk/?author=John%20Leyden
I suspect it currently looks like this:
Code:| By John Leyden → More by this author [url]http://search.theregister.co.uk/?author=John%20Leyden[/url] |
Where I would have made it look like this:
Code:| [b]Authors: [/b][url=http://search.theregister.co.uk/?author=John%20Leyden]John Leyden[/url] |
Yielding:
Authors: John Leyden
Helpful?
Kind Regards
Hermit
|
With or without religion, you would have good people doing good things and evil people doing evil things. But for good people to do evil things, that takes religion. - Steven Weinberg, 1999
|
|
|
Fritz
Adept
Gender:
Posts: 1746
Reputation: 7.92
Rate Fritz
|
|
Re:formating posts
« Reply #5 on: 2008-06-12 13:26:52 » |
|
Thx Hermit .... got it. Cheers Fritz (clearly RTFM on my part) 
|
Where there is the necessary technical skill to move mountains, there is no need for the faith that moves mountains -anon-
|
|
|
|
Logged
