Mobile Version
Free Internet Press
  Uncensored News For Real People


FIP Year In Review

FIP Month in Review

FIP Archive Search




2014-07-09
R.I.P. William 'Bill' Herbert Kelder - Intellpuke

2013-11-28
Gamers Donate 37,500 Pounds Of Food To Needy

2013-09-30
Statement From The Whitehouse Regarding The Government Shutdown

2013-09-29
An Open Response To 'Organizing for Action'

2013-08-26
Bayou Corne: The Biggest Ongoing Disaster In The U.S. You Have Not Heard Of

2013-04-21
Boston Mayor Hopes Feds 'Throw the Book' at Marathon Bombing Suspect

2013-04-19
Boston Police Closing In On Suspects

2013-04-15
2 Explosions At Boston Marathon. 2 Dead, Many Injured.

2013-01-03
The Press vs Citizens Rights and Privacy - Act 3

2012-12-30
CBS News - Year In Review 2012

Nature.com - 366 Days: 2012 In Review

The Guardian - 2012 In Review: An Interactive Guide To The Year That Was

TruTV - The Biggest Conspiracy Theories of 2012

Colbert Nation: 2012: A Look Back

FIP Year In Review(s?)

2012-12-25
Happy Holidays

2012-12-21
Welcome To A New Era!

2012-12-16
An Open Letter To United Health Care, Medcom, And The Medical Insurance Industry In General

2012-11-17
Whitehouse Petition To Remove "Under God" and "In God" From Currency And The Pledge.

2012-11-15
December 21, 2012

2012-11-11
If Hillary Clinton Ran For President, She Would Probably Be The Best-prepared Candidate In American History

2012-11-10
CIA Director David Petraeus Resigns After FBI Investigation Uncovers Affair With High-Profile Journalist

FIP Format Update

2012-11-07
Thank you for voting.

2012-11-06
Live Election Results

2012-09-30
FIP In Hiatus

2012-09-18
U.S.-Afghan Military Operations Suspended After Attacks

Iran Nuclear Chief Says IAEA Might Be Infiltrated By 'Terrorists And Saboteurs'

Romney Stands By Gaffe

2012-09-17
President Obama Says China Trade Practices Harm American Auto Parts Workers


Alerts Say Major Cyber Attack Aimed At Natural Gas Pipeline Industry
2012-05-07 03:23:13 (129 weeks ago)
Posted By: Intellpuke

A major cyber attack is currently under way aimed squarely at computer networks belonging to U.S. natural gas pipeline companies, according to alerts issued to the industry by the U.S. Department of Homeland Security.

At least three confidential "amber" alerts – the second most sensitive next to "red" – were issued by DHS beginning March 29, all warning of a "gas pipeline sector cyber intrusion campaign" against multiple pipeline companies. The wave of cyber attacks, which apparently began four months ago – and may also affect Canadian natural gas pipeline companies – is continuing.

That fact was reaffirmed late Friday in a public, albeit less detailed, "incident response" report from the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT), an arm of DHS based in Idaho Falls. It reiterated warnings in the earlier confidential alerts made directly to pipeline companies and some power companies.

The ICS-CERT is charged with helping secure the nation's industrial control systems – computerized systems that open and close valves, switches and factory processes vital to the chemical, industrial, and power sectors. Their "fly away" teams visit factories, power plants, and pipeline companies to investigate cyber intrusions.

"ICS-CERT has recently identified an active series of cyber intrusions targeting natural gas pipeline sector companies," the confidential April 13 alert warns. "Multiple natural gas pipeline organizations have reported either attempts or intrusions related to this campaign. The campaign appears to have started in late December 2011 and is active today."

(story continues below)




Safeguarding industrial control systems from cyber attack is a major point of debate right now in Congress, which has been wrangling over whether to grant the federal government authority to require that vital sectors like the electric utility, oil and gas, and chemical industries meet certain levels of cyber security.

Approximately 200,000 miles of these interstate natural gas transmission pipelines in the U.S. supply 25 percent of the nation's energy. Pipeline safety has been a major issue in recent years, highlighted by the San Bruno, California, pipeline explosion that killed eight people and destroyed 38 homes in the Bay Area in September 2010.

In yesterday's public warning, ICS-CERT re-affirms that its "analysis of the malware and artifacts associated with these cyber attacks has positively identified this activity as related to a single campaign from a single source. It goes on to broadly describe a sophisticated "spear-phishing" campaign – an approach in which cyber attackers attempt to establish digital beachheads within corporate networks.

Spear phishing has become one of the attack vectors of choice for cyber spies intent on infiltrating corporate networks. In such an attack, a specific person in the organization is researched, often using social networking sites like Facebook or LinkedIn in order to carefully craft a convincing e-mail that appears to be from a close associate.

The benign-seeming e-mail typically contains a malicious software attachment or link. Once clicked on or opened, the malware or link creates a back-door for a hacker to then gain entry and begin prowling for valuable data.

Yet there are several intriguing and unusual aspects of the attacks and the U.S. response to them not described in Friday's public notice. One is the far greater level of detail in these alerts than in past alerts. Another is the unusual if not unprecedented request to leave the cyber spies alone for a little while.

Each of the three alerts, for instance, includes detailed descriptions of the cyber threat – far more detailed than previous ICS-CERT warnings over the years, cyber security experts who have seen the alerts say. Those private warnings included computer file names, computer IP addresses and other key information that a company's cyber security experts could use to check and see if their networks have been infiltrated.

"This was far more detail than we've ever received in the past – and the number of alerts in succession was unusual," says one security expert who requested anonymity because he was sharing sensitive material. "It indicated to me this was pretty serious.

Amazingly, he says, companies were also specifically requested in a March 29th alert not to take action to remove the cyber spies if discovered on their networks, but to instead allow them to persist as long as company operations did not appear endangered.

"In essence they were saying: 'Do not put in any mitigation or blocks against these active intruders,’" says the individual who has seen all three confidential alerts. "But if you're telling an investor owned utility not to do anything, that's pretty unheard of. Step one is always block these guys and get them off the system. It's pretty unusual in the commercial world to just let them collect data. Heaven forbid that the intruders gains control. It kind of looks like out intel guys were trying to get more information."

Beyond indicating that multiple companies were targeted and some other systems compromised, neither the alerts nor the public notice indicate just how many companies have been infiltrated. The documents also do not indicate that any companies' pipeline operations – or their vital computerized industrial control systems that run pumps – have yet been affected.

Other cyber security experts familiar with the alerts warn that access to a company's corporate system can eventually allow a hacker to wind through a corporate network and into the vital industrial control processes. Those systems, if infiltrated, could allow hackers to manipulate pressure and other control system settings, potentially reaping explosions or other dangerous conditions.

"There's not enough information available yet to tell exactly what is the target or goal here," says Jonathan Pollet, founder of Red Tiger Security, who specializes in industrial control system security and who has worked extensively in the oil and gas industry. "But it's a concern because if they access the corporate network it's often just a short step to the next level and right into their control system network."

One reason ICS-CERT may have acted, he believes, is because of the large number of companies discovering attackers on their networks. As many as 20 companies have already come forward to tell ICS-CERT of the infiltrations, says Pollet. That number could not be independently verified. A DHS spokesman was unavailable to comment at press time Saturday.

Even so, there is at least some support for Pollet's assertion.

Sanaz Browarny, chief, intelligence and analysis, of the control systems security program at DHS, told a security conference last month that “on a daily basis, the U.S. is being targeted.” In her presentation, as reported in Homeland Security News Wire, she said that ICS-CERT’s response team had taken 17 trips to private utilities last year, seven of those as a direct result of sophisticated spear-phishing attacks. She did not, however, indicate the attacks were against a specific type of utility.

There are also signs the threat could extend across North American. A Canadian cyber security expert told the Monitor authorities in his country also are on alert since the U.S. warnings, although it is not clear if any Canadian companies are affected, he said.

At least one confidential U.S. alert, a portion of which was obtained by the Monitor, urged companies to remain on guard – and send back information.

"ICS-CERT has received additional reports involving targeted and compromised organizations within the gas pipeline sector," according to the April 13 alert. "Analysis from those reports, including the analysis of hard drives and logs, has yielded new indicators of compromise…. Organizations are strongly encouraged to review this report and contact ICS-CERT to report their findings."
Intellpuke:
You canr ead this article by Christian Science Monitor journalist Mark Clayton in context here: www.msnbc.msn.com/id/47310697/ns/technology_and_science-christian_science_monitor/#.T6dxXlLh7No
This article first appeared on CSMonitor.com.

Email To A Friend
Email this story to a friend:
Your Name:
Their Email:
 
Readers Comments
Add your own comment.
(Anonymous commenting now enabled.)

Creative Commons License
Free Internet Press is licensed under a Creative Commons Attribution 3.0 United States License. You may reuse or distribute original works on this site, with attribution per the above license.

Any mirrored or quoted materials may be copyright their respective authors, publications, or outlets, as shown on their publication, indicated by the link in the news story. Such works are used under the fair use doctrine of United States copyright law. Should any materials be found overused or objectionable to the copyright holder, notification should be sent to editor@freeinternetpress.com, and the work will be removed and replaced with such notification.

Please email editor@freeinternetpress.com with any questions.

Our Privacy Policy can be viewed at https://freeinternetpress.com/privacy_policy.php

XML/RSS/RDF Newsfeed Syndication XML/RSS/RDF Newsfeed Syndication: http://freeinternetpress.com/rss.php

XML/RSS/RDF Newsfeed Syndication XML News Sitemap