Isn't this the kind of stuff Bruce Willis takes care of??

[ABSTRUSE]

CIA Says Hackers Have Cut Power Grid Robert McMillan, IDG News Service




Criminals have been able to hack into computer systems via the Internet and cut power to several cities, a U.S. Central Intelligence Agency analyst said this week.

Speaking at a conference of security professionals on Wednesday, CIA analyst Tom Donahue disclosed the recently declassified attacks while offering few specifics on what actually went wrong.


Criminals have launched online attacks that disrupted power equipment in several regions outside of the U.S., he said, without identifying the countries affected. The goal of the attacks was extortion, he said.


"We have information, from multiple regions outside the United States, of cyber intrusions into utilities, followed by extortion demands," he said in a statement posted to the Web on Friday by the conference's organizers, the SANS Institute. "In at least one case, the disruption caused a power outage affecting multiple cities. We do not know who executed these attacks or why, but all involved intrusions through the Internet."


"According to Mr. Donahue, the CIA actively and thoroughly considered the benefits and risks of making this information public, and came down on the side of disclosure," SANS said in the statement.


One conference attendee said the disclosure came as news to many of the government and industry security professionals in attendance. "It appeared that there were a lot of people who didn't know this already," said the attendee, who asked not to be identified because he is not authorized to speak with the press.


He confirmed SANS' report of the talk. "There were apparently a couple of incidents where extortionists cut off power to several cities using some sort of attack on the power grid, and it does not appear to be a physical attack," he said.


Hacking the power grid made front-page headlines in September when CNN aired a video showing an Idaho National Laboratory demonstration of a software attack on the computer system used to control a power generator. In the demonstration, the smoking generator was rendered inoperable.


The U.S. is taking steps to lock down the computers that manage its power systems, however.


On Thursday, the Federal Energy Regulatory Commission (FERC) approved new mandatory standards designed to improve cybersecurity.


CIA representatives could not be reached immediately for comment.

 

[rgraham666]

In the future I made for a cyberpunk role playing game I designed, hackers don't do this shit.

Because when big time crime bosses lose their power they get pissed off. And when big time crime bosses get pissed off someone dies.

 

[cantdog]

CIA Says Hackers Have Cut Power Grid Robert McMillan, IDG News Service




Criminals have been able to hack into computer systems via the Internet and cut power to several cities, a U.S. Central Intelligence Agency analyst said this week.
< snip >
CIA representatives could not be reached immediately for comment.

Look, pardon my asking, but what in the fuck is a computer like that doing on line? If they need to communicate, fine. Have some other computer for that, and leave the control units the hell off line. How many kinds of stupid do you have to be to set this up?

 

[rgraham666]

Look, pardon my asking, but what in the fuck is a computer like that doing on line? If they need to communicate, fine. Have some other computer for that, and leave the control units the hell off line. How many kinds of stupid do you have to be to set this up?

The cheap kind.

 

[neonlyte]

Didn't Bruce go down with that asteroid? I sent his daughter flowers.

 

[MagicaPractica]

In the future I made for a cyberpunk role playing game I designed, hackers don't do this shit.

Because when big time crime bosses lose their power they get pissed off. And when big time crime bosses get pissed off someone dies.

Love it! Do we really have big time crime bosses now though? I'm a little concerned the world has gotten too big and decentralized.

Look, pardon my asking, but what in the fuck is a computer like that doing on line? If they need to communicate, fine. Have some other computer for that, and leave the control units the hell off line. How many kinds of stupid do you have to be to set this up?

Because it is big business and the grid is controlled from some fairly centralized locations. I can tell you that the people who run the computer security are pretty damn serious about they're jobs. They were before 9/11 and things locked down harder after that. What can I say? The same thing I say every time it comes up. Power should never have been deregulated.

 

[3113]

Didn't Bruce go down with that asteroid? I sent his daughter flowers.

He got better. Didn't you see Live Free or Die Hard?

 

[TheeGoatPig]

He got better. Didn't you see Live Free or Die Hard?

I don't know about neon, but I refuse to pay money to see that one.

 

[The_Fool]

I don't know about neon, but I refuse to pay money to see that one.

Watched it on DVD. It was entertaining.



I think it would be difficult to find a corporate computer that is NOT connected to the Internet. Computers that are not accessible from the Internet are almost unsupportable. The thing is, the last number I saw what that 70% of all hacks come from the inside rather than the outside. Even though it came from the Internet, I would be focusing my attention on the inside of the network first, to determine if someone deliberately left a door open.

 

[DesertPirate]

Watched it on DVD. It was entertaining.



I think it would be difficult to find a corporate computer that is NOT connected to the Internet. Computers that are not accessible from the Internet are almost unsupportable. The thing is, the last number I saw what that 70% of all hacks come from the inside rather than the outside. Even though it came from the Internet, I would be focusing my attention on the inside of the network first, to determine if someone deliberately left a door open.

Smart man
There is always a likelyhood of an inside assist
A computer like this wouldn't need to be online though, most patches are for vulnerabilities caused by net access.
If it's not online there would be very few patches needed and those can be applied from a thumb drive

 

[rgraham666]

Love it! Do we really have big time crime bosses now though? I'm a little concerned the world has gotten too big and decentralized.

In my game the Yakuza ruled the criminal underworld. Although crime is the wrong word since there isn't much law. Most of the world's governments collapsed about twenty years from now. And you need law before what you do can actually do something illegal.

But things like prostitution, drugs, extortion etc. are run by the Yakuza.

Technically there's a lot less crime in my future. Because there's a lot fewer people. About two billion is the best guess because things aren't well organized enough to get a count.

 

[Jenny_Jackson]

Frankly, this sounds like more bullshit spin from the Bush Adminstration. Which cities? When did it happen? This is supposed to be a "recently declassified" document. Who wrote it? Which department?

If it smells like horseshit. I'd suggest you don't step in it.

 

[Zeb_Carter]

Watched it on DVD. It was entertaining.



I think it would be difficult to find a corporate computer that is NOT connected to the Internet. Computers that are not accessible from the Internet are almost unsupportable. The thing is, the last number I saw what that 70% of all hacks come from the inside rather than the outside. Even though it came from the Internet, I would be focusing my attention on the inside of the network first, to determine if someone deliberately left a door open.

I was reading a article on internet access in the Department of the Interior...they don't have any, especially in the Department of Indian Affairs! It seems the GAO cut their access to the internet due to lax security. So you see not every government computer is connected, nor are a lot of Corporate computers.

There are companies that do not allow their employees access to the internet. They have kiosks setup around the office for them to send email or due research on the net.

 

[cloudy]

I was reading a article on internet access in the Department of the Interior...they don't have any, especially in the Department of Indian Affairs! It seems the GAO cut their access to the internet due to lax security.

BIA is a mass of corruption, so this doesn't surprise me in the least.

 

[cantdog]

Love it! Do we really have big time crime bosses now though? I'm a little concerned the world has gotten too big and decentralized.



Because it is big business and the grid is controlled from some fairly centralized locations. I can tell you that the people who run the computer security are pretty damn serious about they're jobs. They were before 9/11 and things locked down harder after that. What can I say? The same thing I say every time it comes up. Power should never have been deregulated.

To avoid having an employee there, in other words. They deserve it then. Penny wise, pound foolish.

Any technical construct, as for instance a line in a manufacturing mill, is also 'controlled' from a central place. Doesn't mean it has to be online. Control takes many forms. They could as easily have sent orders to a person who then executed those orders by controlling the machines. Persons are also corruptible, I suppose, but having everyone's electricity on line is wicked dumb.

 

[The_Fool]

As an additional blip. A computer doesn't necessarily have to have Internet access to be accessible from the Internet.

 

[MagicaPractica]

To avoid having an employee there, in other words. They deserve it then. Penny wise, pound foolish.

Any technical construct, as for instance a line in a manufacturing mill, is also 'controlled' from a central place. Doesn't mean it has to be online. Control takes many forms. They could as easily have sent orders to a person who then executed those orders by controlling the machines. Persons are also corruptible, I suppose, but having everyone's electricity on line is wicked dumb.

Which is what I mean when I say power should not have been deregulated. Things were done a lot differently before profit became the driving force behind decision making.

 

[Weird Harold]

It seems the GAO cut their access to the internet due to lax security. So you see not every government computer is connected, nor are a lot of Corporate computers.

I don't know about the particulars of the department of the interior, but I'd be willing to bet that there is still "Wide Area Network" access from those computers to every USDI office in the country and if that's true, then the dedicate WAN they're connected to is probably running through the same physical computer network as the Internet uses.

And that's the real problem -- The power grid and other critical infrastructure has gone from direct dedicated communications lines to packet-switched communications through the internet's infrastructure. It isn't precisely "internet access" or an "internet connection" but it IS command and control information packets mixed in with and being handled like "just another Internet packet."

Even a return to direct, dedicated communications lines would be vulnerable to "internet hackers" because the long distance phone system is also (or soon will be) entirely packet-switched digital distribution technology. The only completely secure method of linking the many separate locations of thepower grid would be to build a dedicated, hard-wired, system parallel to and separate from the commercial phone and internet systems.

 

[Roxanne Appleby]

F'ing Hollywood incompetence is endangering our society. Everyone knows Bruce Willis can't be everywhere to take down all the bad guys, and the answer couldn't be simpler: Add a clone-element to the plot line and replicate him! Lots of him! Then we'll be all be safe again.

I mean, Duh!

 

[Caitano]

Which is what I mean when I say power should not have been deregulated. Things were done a lot differently before profit became the driving force behind decision making.

I agree. But it's not high on anyone's priorities to fix that.

Did you see that the goal of the disruption was extortion? All I could think of was Doctor Evil, demanding One Million Dollars.

 

[cantdog]

Back in the day...

Yep! I remember when Wells Fargo used to always say, "What internet?"

They refused to hook on because it was in no way secure. But, Weird has the handle, as usual: You can't stay off it, now, hardly. They could lay their own fiber, but who is going to?

 

[oggbashan]

...
Even a return to direct, dedicated communications lines would be vulnerable to "internet hackers" because the long distance phone system is also (or soon will be) entirely packet-switched digital distribution technology. The only completely secure method of linking the many separate locations of thepower grid would be to build a dedicated, hard-wired, system parallel to and separate from the commercial phone and internet systems.

One of the intentions of the originators of the internet was to create a system that was immune to physical attack because it could be routed in multiple ways.

Defence systems used to have hard-wired networks, buried, armoured and with built-in redundancy so that if one part of the network was damaged, other parts could replace it. Given the military's inertia, they probably still have them.

Now the internet is universal, destroying even a major trunk cable would cause little more than slight inconvenience.

Og

 

[Zeb_Carter]

One of the intentions of the originators of the internet was to create a system that was immune to physical attack because it could be routed in multiple ways.

Defence systems used to have hard-wired networks, buried, armoured and with built-in redundancy so that if one part of the network was damaged, other parts could replace it. Given the military's inertia, they probably still have them.

Now the internet is universal, destroying even a major trunk cable would cause little more than slight inconvenience.

Og

The military in the US still has their own network and actually the internet was part of that network in the beginning.

 

[Weird Harold]

The military in the US still has their own network and actually the internet was part of that network in the beginning.

Hardware-wise, I'm pretty sure that the military network (what used to be "arpanet" or "darpanet") is still the core of the "internet." It's actually a military funded network of public university computers in addition to military/government owned systems.

As Ogg pointed out, the whole "darpanet" concept was to disperse the channels so widely they can't be disrupted by any physical means. Once the digital packet-switching web is established even classified information can be transmitted in relative security by insuring that no two consecutive encrypted packets take the same route through the system.

Theproblem is that a system large enough to be secure from physical attack and to hide classified encrypted packets on different routings, is too expensive for even a government to maintain on it's own -- thus the civilian spread of the Internet and networking of "gateway services" like AOL, Prodigy and Compuserve. (the latter two are just fading memories now, but they were essential to the financing of a system widespread enough for the military to depend on (hard-ware wise.)

 

[cantdog]

I remember the text based 'net. Prodigy was a killer app at the time. A step away from the GUI-less library systems on UNIX-- Archie, Gopher, and all that. We were digital islands in an analog sea, then.

Ahem. Sorry, carry on.