Tag Archives: government

[ISN] Hacking Critical Infrastructure: A How-To Guide

http://www.defenseone.com/technology/2015/07/hack-critical-infrastructure/118756/ By Patrick Tucker Defense One July 31, 2015 Cyber-aided physical attacks on power plants and the like are a growing concern. A pair of experts is set to reveal how to pull them off — and how to defend against them. How easy would it be to pull off a catastrophic cyber attack on, say, a nuclear power plant? At next week’s Black Hat and Def Con cybersecurity conferences, two security consultants will describe how bits might be used to disrupt physical infrastructure. U.S. Cyber Command officials say this is the threat that most deeply concerns them, according to a recent Government Accountability Office report. “This is because a cyber-physical incident could result in a loss of utility service or the catastrophic destruction of utility infrastructure, such as an explosion,” the report said. The most famous such attack is the 2010 Stuxnet worm, which damaged centrifuges at Iran’s Natanz nuclear enrichment plant. (It’s never been positively attributed to anyone, but common suspicion holds that it was the United States, possibly with Israel.) Scheduled to speak at the Las Vegas conferences are Jason Larsen, a principal security consultant with the firm IOActive, and Marina Krotofil, a security consultant at the European Network for Cyber Security. Larsen and Krotofil didn’t necessarily hack power plants to prove the exploits work; instead Krotofil has developed a model that can be used to simulate power plant attacks. It’s so credible that NIST uses it to find weakness in systems. […]




Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Intel Assessment: Weak Response to Breaches Will Lead to More Cyber Attacks

http://freebeacon.com/national-security/intel-assessment-obama-admin-response-to-cyber-encourages-more-attacks/ By Bill Gertz Follow @BillGertz Washington Free Beacon July 28, 2015 The United States will continue to suffer increasingly damaging cyber attacks against both government and private sector networks as long as there is no significant response, according to a recent U.S. intelligence community assessment. Disclosure of the intelligence assessment, an analytical consensus of 16 U.S. spy agencies, comes as the Obama administration is debating how to respond to a major cyber attack against the Office of Personnel Management. Sensitive records on 22.1 million federal workers, including millions cleared for access to secrets, were stolen by hackers linked to China’s government. U.S. officials familiar with the classified cyber assessment discussed its central conclusion but did not provide details. Spokesmen for the White House and office of the director of national intelligence declined to comment. Recent comments by President Obama and senior military and security officials, however, reflect the intelligence assessment. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Federal Employee May Have Been Cooking Meth at Government Agency’s Campus

http://www.govexec.com/oversight/2015/07/fbi-and-congress-are-investigating-if-meth-lab-exploded-federal-building/118751/ By Eric Katz Govexec.com July 30, 2015 A federal employee may have recently learned the hard way that cooking meth should be left to the chemistry experts. The FBI and a congressional committee are investigating whether a federal worker was manufacturing methamphetamine in a federal building after a room exploded earlier this month. After a July 18 explosion at a building at the National Institute of Standards and Technology’s Gaithersburg, Md., campus, authorities found many of the key ingredients for making meth and a recipe for the drug, according to News4, the NBC’s Washington, D.C., affiliate. The House Science, Space and Technology Committee is looking into whether a federal police lieutenant who was injured in the blast was involved in cooking the meth. The lieutenant resigned from NIST last week, according to The Washington Post. The officer originally told authorities the blast occurred after trying to refill a butane lighter. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] GAO: Defense installation utilities at risk of cyber attack

http://www.militarytimes.com/story/military/2015/07/24/utility-cyber-attack/30615033/ By Andrew Tilghman Staff writer Military Times July 25, 2015 The utility systems that provide water, electricity and other essential services to military installations worldwide have limited defenses against cyber-attacks, putting many bases at risk for a “serious mission-disabling event,” a new Government Accountability Office report says. A recent GAO investigation identified a disturbing vulnerability in the military’s network of “industrial control systems,” the computers that monitor or operate physical utility infrastructure. For example, “most” Navy and Marine Corps industrial control systems (ICS) “have very little in the way of security controls and cybersecurity measures in place,” according to government documents identified by the GAO. That leaves many installations exposed to a “cyber-physical effect” attack that could cause the “physical destruction of utility infrastructure controlled by an ICS,” the GAO said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] GAO: Defense installation utilities at risk of cyber attack

http://www.militarytimes.com/story/military/2015/07/24/utility-cyber-attack/30615033/ By Andrew Tilghman Staff writer Military Times July 25, 2015 The utility systems that provide water, electricity and other essential services to military installations worldwide have limited defenses against cyber-attacks, putting many bases at risk for a “serious mission-disabling event,” a new Government Accountability Office report says. A recent GAO investigation identified a disturbing vulnerability in the military’s network of “industrial control systems,” the computers that monitor or operate physical utility infrastructure. For example, “most” Navy and Marine Corps industrial control systems (ICS) “have very little in the way of security controls and cybersecurity measures in place,” according to government documents identified by the GAO. That leaves many installations exposed to a “cyber-physical effect” attack that could cause the “physical destruction of utility infrastructure controlled by an ICS,” the GAO said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] After Dodging the Bullet that Hit OPM, Interior ‘Owns’ Up to Cyber Problem

http://www.nextgov.com/cybersecurity/2015/07/after-dodging-bullet-hit-opm-interior-owns-cyber-problem/117904/ By Aliya Sternstein Nextgov.com July 15, 2015 Sometimes fear is the best motivator. At the Interior Department, this was the case when computer hackers stole millions of federal employee records from an Office of Personnel Management database stored inside one of Interior’s data centers. The assailants left Interior’s data unscathed. But point taken, Interior Chief Information Officer Sylvia Burns said Wednesday afternoon. The incident, part of a historic hack against the U.S. government, prompted the department to expedite a goal of eliminating wimpy passwords as the only safeguard when signing in to agency systems. The intruders, suspected Chinese spies, used a stolen password from an OPM contractor to copy OPM’s database, according to federal officials. From OPM’s network, the bad guys then scampered across the entire Interior facility’s IT environment, Burns said. All other data, however, was not compromised, she said. “When I, as a CIO for the department, learned of the intrusion, it was horrifying to me and since that time, my team and I have been on high alert working probably seven days a week, long hours to take our lessons learned and do a mitigation plan around it,” Burns said. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail

[ISN] Privacy talk at DEF CON canceled under questionable circumstances

http://www.csoonline.com/article/2947377/network-security/privacy-talk-at-def-con-canceled-under-questionable-circumstances.html By Steve Ragan Salted Hash CSO July 12, 2015 Earlier this month, several news outlets reported on a powerful tool in the fight between those seeking anonymity online, versus those who push for surveillance and taking it away. The tool, ProxyHam, is the subject of a recently canceled talk at DEF CON 23 and its creator has been seemingly gagged from speaking about anything related to it. Something’s off, as this doesn’t seem like a typical cancellation. Privacy is important, and if recent events are anything to go by – such as the FBI pushing to limit encryption and force companies to include backdoors into consumer oriented products and services; or the recent Hacking Team incident that exposed the questionable and dangerous world of government surveillance; striking a balance between law enforcement and basic human freedoms is an uphill struggle. Over the last several years, reports from various watchdog organizations have made it clear that anonymity on the Internet is viewed as a bad thing by some governments, and starting to erode worldwide. […]


Facebooktwittergoogle_plusredditpinterestlinkedinmail