10/09/2015 / By usafeaturesmedia
(Cyberwar.news) As the modern world increasingly becomes “wired,” more critical systems and infrastructure are being linked via the Internet. And while that has given rise to incredible new technologies that boost efficiency and capability, it has also meant that countries are more vulnerable to hacking and cyber attack.
Most nations do their best to defend their critical networks against hackers, DDoS (denial of service) attacks and outright cyber assaults. But not all systems are well-protected; some, in fact, are incredibly vulnerable.
In recent months a report by Tripwire listed some of the most recent cyber attacks on various infrastructure in several countries:
— In December 2014, amid the uproar over the massive hack of Sony Pictures, allegedly by North Korea in retaliation for a movie whose central theme was the assassination of North Korea leader Kim Jong Un, the German government released a report describing a successful cyber attack that infiltrated the industrial controls of a German steel mill that was not specifically identified. The report (in German) said that the attack caused “massive” damage by making it impossible to shut off a blast furnace.
— Also in December, a report by Bloomberg News noted that a cyber attack in 2008 caused a gas pipeline to explode in Turkey. At the time, the BP-owned Baku-Tbilisi-Ceyhan pipeline was thought to be one of the most secure pipelines in the world. Still, hackers were able to use a wireless network to hack into the system controlling the pipeline and cause massive damage.
— In November 2014, NSA Director Navy Adm. Michael Rogers told the House Permanent Select Committee on Intelligence that a number of foreign governments had already managed to penetrate U.S. energy, water and fuel distribution systems, which has potential to damage essential services.
“This is not theoretical,” Rogers said. “This is something real that is impacting our nation and those of our allies and friends every day.”
— And in May 2014, the Department of Homeland Security and its Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) said in a report that several known attacks had occurred against U.S. utilities during the first quarter of 2014.
The report cited details of an unnamed utility that had been breached while warning other U.S. utilities to be on the lookout for additional breaches.
“Is your control system accessible directly from the Internet? Do you use remote access features to log into your control system network? Are you unsure of the security measures that protect your remote access services? If your answer was yes to any or all these questions, you are at increased risk of cyber attacks including scanning, probes, brute force attempts and unauthorized access to your control environment,” the ICE-CERT report said.
Vulnerable systems
Every bit of U.S. infrastructure – from power grids to dams to air and ground traffic control to water treatment plants and our financial institutions – are all accessible online. And while these systems are defended, some are still more vulnerable than others.
As Tripwire noted, some 48 percent of U.S. utilities surveyed said they needed additional cyber protection; 20.1 percent said they “didn’t know” (an alarming figure in and of itself).
In August 2012 Natural News reported that a cyber security specialist discovered a flaw in the software that allows hackers to spy on and attack the communication of critical infrastructure operators of power plants, water systems, dams and more, and gain access to the credentials of computer systems which control those critical systems .
Justin W. Clarke, an expert in securing industrial control systems, said a conference in Los Angeles earlier that month he had discovered a way to spy on traffic moving into and out of networking equipment manufactured by RuggedCom, a division of Siemens.
Clarke said his discovery is disturbing to the extent that hackers who are able to spy on communications of infrastructure operators could then also gain credentials allowing access to computer systems that control power and water plants, as well as electric grids and other critical infrastructure.
“If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you,” Clarke told Reuters.
Follow Cyberwar.news editor Jon E. Dougherty on Twitter and Google+.
Stay updated with alternative news stories at AlternativeNews.com
See also:
Tagged Under: