PDA

View Full Version : Hacking A U.S. Nuclear Power Plant



Conley
09-07-2011, 09:42 PM
The first time Scott Lunsford offered to hack into a nuclear power station, he was told it would be impossible. There was no way, the plant's owners claimed, that their critical components could be accessed from the Internet. Lunsford, a researcher for IBM's Internet Security Systems, found otherwise.

"It turned out to be one of the easiest penetration tests I'd ever done," he says. "By the first day, we had penetrated the network. Within a week, we were controlling a nuclear power plant. I thought, 'Gosh. This is a big problem.'"

http://www.forbes.com/2007/08/22/scada-hackers-infrastructure-tech-security-cx_ag_0822hack.html

This article is from 2007 but I wonder how much has changed? America's backbone seems very vulnerable to this type of hacking -- air traffic control, power grids, and nuclear plants worst of all.

Juggernaut
09-08-2011, 04:32 AM
The China Syndrome is easier than the Feds want us to know. Newt Gingrich may not have a chance but he's right, we need to declare gov hacking as cyber terrorism. Go Cold War and take the fucks out, you can defend the republic better with a smile and a gun than you can with just a smile. ;D

MMC
09-08-2011, 06:36 AM
The first time Scott Lunsford offered to hack into a nuclear power station, he was told it would be impossible. There was no way, the plant's owners claimed, that their critical components could be accessed from the Internet. Lunsford, a researcher for IBM's Internet Security Systems, found otherwise.

"It turned out to be one of the easiest penetration tests I'd ever done," he says. "By the first day, we had penetrated the network. Within a week, we were controlling a nuclear power plant. I thought, 'Gosh. This is a big problem.'"

http://www.forbes.com/2007/08/22/scada-hackers-infrastructure-tech-security-cx_ag_0822hack.html

This article is from 2007 but I wonder how much has changed? America's backbone seems very vulnerable to this type of hacking -- air traffic control, power grids, and nuclear plants worst of all.


Even the DOD has been hacked. Police Stations. FBI and the Armed Services. Each Branch. Vets were sent letters at the time when they breached by the Veterans Admin. Which was before 2007. What makes it worse now are these groups who are just coming out and straight up telling us who they are going to hack next.

I think to there was an article up on the Fed busting some of these hackers. The age range was like 16-40. But moreso to the younger ages. I think it was all across the country too. Then there was something about the Fed putting some of them to work for us.

Plus we know they can get into to private corporations as well. Which I think we will start hearing more of that type of hacking.

Conley
09-09-2011, 11:11 AM
Ah yeah I see you guys replied to this last night when I was MIA.

As bad as the US hackers are, I expect this kind of thing to happen all the time with people across borders where we can't get to them. Mostly the Chinese but it could be anywhere. Criminal prosecution will only work for the homeland, we need to shore this stuff up ASAP but like everything else it costs money. Why would a terrorist bother sneaking a nuke across the border when the can hack a few nuclear plants at once and we end with a situation like Japan after the tsunami? They might not have the tech to do it but they have the money thanks to oil to pay someone with those skills in China, India, former Soviet Bloc, etc.

MMC
09-09-2011, 11:27 AM
Ah yeah I see you guys replied to this last night when I was MIA.

As bad as the US hackers are, I expect this kind of thing to happen all the time with people across borders where we can't get to them. Mostly the Chinese but it could be anywhere. Criminal prosecution will only work for the homeland, we need to shore this stuff up ASAP but like everything else it costs money. Why would a terrorist bother sneaking a nuke across the border when the can hack a few nuclear plants at once and we end with a situation like Japan after the tsunami? They might not have the tech to do it but they have the money thanks to oil to pay someone with those skills in China, India, former Soviet Bloc, etc.


That or just walk up to water supplies and bada-bing. Major damage. Some toxin dropped into around major urban areas. Can you imagine the death toll? None that I see are guarded. Other than by a Camera.

Conley
09-09-2011, 11:28 AM
Ah yeah I see you guys replied to this last night when I was MIA.

As bad as the US hackers are, I expect this kind of thing to happen all the time with people across borders where we can't get to them. Mostly the Chinese but it could be anywhere. Criminal prosecution will only work for the homeland, we need to shore this stuff up ASAP but like everything else it costs money. Why would a terrorist bother sneaking a nuke across the border when the can hack a few nuclear plants at once and we end with a situation like Japan after the tsunami? They might not have the tech to do it but they have the money thanks to oil to pay someone with those skills in China, India, former Soviet Bloc, etc.


That or just walk up to water supplies and bada-bing. Major damage. Some toxin dropped into around major urban areas. Can you imagine the death toll? None that I see are guarded. Other than by a Camera.


Yeah that is a really good point too. That would probably be the easiest of all ways to f with people...imagine the hysteria that would come about. :-\

Only thing is I would guess that you would need a lot of whatever it was you were dumping to hurt a large number of people. Transport could be a problem.

Juggernaut
09-09-2011, 07:39 PM
Ah yeah I see you guys replied to this last night when I was MIA.

As bad as the US hackers are, I expect this kind of thing to happen all the time with people across borders where we can't get to them. Mostly the Chinese but it could be anywhere. Criminal prosecution will only work for the homeland, we need to shore this stuff up ASAP but like everything else it costs money. Why would a terrorist bother sneaking a nuke across the border when the can hack a few nuclear plants at once and we end with a situation like Japan after the tsunami? They might not have the tech to do it but they have the money thanks to oil to pay someone with those skills in China, India, former Soviet Bloc, etc.


We're at war with the ChiComs. Things are so bad that google links sometimes redirect to dangerous sites with spyware or worse. The Air Force, DIA and CIA are fighting this but its getting worse with Anonymous and Juilan Assanges thugs drafting more aholes. Cold war tactics time!

waltky
12-15-2016, 06:20 PM
Granny says, "Dat's right - dey could blow up the world...
http://www.politicalforum.com/images/smilies/icon_grandma.gif
UN: Threat of a hacking attack on nuclear plants is growing
Dec 15,`16 -- The "nightmare scenario" is rising for a hacking attack on a nuclear power plant's computer system that causes the uncontrolled release of radiation, the United Nations' deputy chief warned Thursday.


Deputy Secretary-General Jan Eliasson told a Security Council meeting that extremists and "vicious non-state groups" are actively seeking weapons of mass destruction "and these weapons are increasingly accessible." Non-state actors can already create mass disruption using cyber technologies - and hacking a nuclear plant would be a "nightmare scenario," he said. The open council meeting focused on ways to stop the proliferation of nuclear, chemical and biological weapons by extremist groups and criminals. Members unanimously approved a resolution to strengthen the work of the council committee monitoring what countries are doing to prevent "non-state actors" from acquiring or using weapons of mass destruction, known as WMDs.

Eliasson said there are legitimate concerns about the security of stockpiles of radioactive material suitable for making nuclear weapons but that are outside international regulation. In addition, he said, "scientific advances have lowered barriers to the production of biological weapons." "And emerging technologies, such as 3D printing and unmanned aerial vehicles, are adding to threats of an attack using a WMD," Eliasson said. He said the international community needs robust defenses to stay ahead of this technological curve. "Preventing a WMD attack by a non-state actor will be a long-term challenge that requires long-term responses," Eliasson said.

U.N. disarmament chief Kim Won-soo said the new resolution recognizes "the growing threats and risks associated with biological weapons" and the need for the 193 U.N. member states, international groups and regional organizations to step-up information sharing on these threats and risks. Kim said it is important that the Security Council keep up its focus on preventing deadly weapons from getting into the hands of extremists and criminals, but it also needs to study how to respond if prevention fails. "The consequences of an attack would be disastrous and we must be prepared," he said.

http://hosted.ap.org/dynamic/stories/U/UN_UNITED_NATIONS_EXTREMISTS_AND_DEADLY_WEAPONS?SI TE=AP&SECTION=HOME&TEMPLATE=DEFAULT&CTIME=2016-12-15-17-03-53

waltky
12-31-2016, 04:37 AM
Russians goin' after our electric grid...
http://www.politicalforum.com/images/smilies/icon_omg.gif
Vermont utility finds malware code attributed to Russians
December 30, 2016 — A state electric utility confirmed on Friday it had found on one of its laptops a malware code the U.S. government says is used by Russian hackers.


The Burlington Electric Department said U.S. utilities were alerted by the Department of Homeland Security on Thursday of a malware code used in Grizzly Steppe, the name Homeland Security has applied to a Russian campaign linked to recent hacks. Burlington Electric, which is municipally owned, said it detected the malware in a laptop not connected to its grid systems. It said it took "immediate action to isolate the laptop and alerted federal officials." "Our team is working with federal officials to trace this malware and prevent any other attempts to infiltrate utility systems," it said in an emailed statement.

It said it had briefed state officials and would fully support an investigation into the potential Russian hack. Russia, which has been accused of interfering in the U.S. presidential election by hacking American political sites and email accounts, has denied hacking U.S. systems. Democratic Gov. Peter Shumlin said his administration had been in touch with the federal government and the state's utilities. "Vermonters and all Americans should be both alarmed and outraged that one of the world's leading thugs, (Russian President) Vladimir Putin, has been attempting to hack our electric grid, which we rely upon to support our quality-of-life, economy, health, and safety," he said in a statement.

He said the hacking episode should highlight the urgent need for the federal government to "vigorously pursue and put an end to this sort of Russian meddling." Burlington Electric, which says it's "at the forefront of the green energy revolution," is one of the state's two largest electric utilities. The other, Colchester-based Green Mountain Power, said its systems were secure. "Our teams have done a complete systems check and found no security concerns," it said.
Green Mountain Power, which serves about 265,000 residential and business customers, said it recently was thoroughly reviewed for safety by Homeland Security. It said it would continue to rigorously monitor its systems and "remain vigilant."

http://www.whio.com/technology/vermont-utility-finds-malware-code-attributed-russians/nkytHXJXO4SOC9GJCf9aPO/

See also:

Behind Russia’s Cyber Strategy
Dec. 30, 2016 - A 2013 article by Russian Gen. Valery Gerasimov emphasized importance of cyberwarfare


Russia’s military laid out what is now seen as a blueprint for cyberwarfare with a 2013 article in a professional journal by Gen. Valery Gerasimov, the chief of Russia’s General Staff. Cyberspace, wrote Gen. Gerasimov, “opens wide asymmetrical possibilities for reducing the fighting potential of the enemy.” At the time, Russia’s military was absorbing the lessons of the Arab Spring, when social media played a key role in mobilizing leaderless protests that upended the political order across North Africa and the Middle East. “In North Africa, we witnessed the use of technologies for influencing state structures and the population with the help of information networks,” the article stated. “It is necessary to perfect activities in the information space, including the defense of our own objects.”

Now that doctrine is likely to come under more scrutiny following new U.S. sanctions that target Russia’s military intelligence agency, the Main Intelligence Directorate, or GRU, as well as the country’s Federal Security Service, the successor to the Soviet-era KGB. The Obama administration accused Russia’s intelligence agencies of “tampering, altering or causing the misappropriation of information” with the goal of interfering with the 2016 presidential election. And the U.S. Treasury Department named a number of companies it alleged were linked to the hack, shedding new light on the links between the Russian military and security services and the country’s IT sector.

In the 2013 article, Gen. Gerasimov elaborated on the Russian military’s desire to hone its hacking skills as an extension of conventional warfare and political conflict. Experts say that since then, Russia has used cyberattacks as part of its arsenal against neighboring countries and as a political weapon, Western officials and security researchers said. In Washington’s defense and national security circles, Russia’s use of masked invasions on the ground and difficult-to-attribute attacks in cyberspace have become examples of what is now known as the “Gerasimov doctrine,” in reference to the 2013 article.

At the Pentagon, the effort to ward off such a threat from Russia became a matter of high priority for Secretary of Defense Ash Carter and the nation’s top military generals. In an August appearance at the Washington-based Center for Strategic and International Studies, Gen. Robert Neller, Commandant of the Marine Corps and member of the Joint Chiefs of Staff, said he had read Gen. Gerasimov’s article three times. “He talks about what he calls fighting a war without fighting a war—use of information, social media, disinformation, deception,” Gen. Neller said.

MORE (http://www.wsj.com/articles/behind-russias-cyber-strategy-1483140188)

Related:

Microsoft says Russia-linked hackers exploiting Windows flaw
November 1, 2016 - Microsoft Corp said on Tuesday that a hacking group previously linked to the Russian government and U.S. political hacks was behind recent cyber attacks that exploited a newly discovered Windows security flaw.


The software maker said in an advisory on its website there had been a small number of attacks using "spear phishing" emails from a hacking group known Strontium, which is more widely known as "Fancy Bear," or APT 28. Microsoft did not identify any victims. Microsoft's disclosure of the new attacks and the link to Russia came after Washington accused Moscow of launching an unprecedented hacking campaign aimed at disrupting and discrediting the upcoming U.S. election. The U.S. government last month formally blamed the Russian government for the election-season hacks of Democratic Party emails and their subsequent disclosure via WikiLeaks and other entities. Russia has denied those accusations.

Microsoft said a patch to protect Windows users against the newly discovered threat will be released on Nov. 8, which is Election Day. It was not clear whether the Windows vulnerability had been used in any of the recent U.S. political hacks. Representatives of the FBI and the Department of Homeland Security could not immediately be reached for comment. A U.S. intelligence expert on Russian cyber activity said that Fancy Bear primarily works for or on behalf of the GRU, Russia’s military intelligence agency, which U.S. intelligence officials have concluded were responsible for hacks of Democratic Party databases and emails.


https://www.yahoo.com/sy/ny/api/res/1.2/xu_IBHJpg6ztsLIbfgsc3A--/YXBwaWQ9aGlnaGxhbmRlcjtzbT0xO3c9NDUwO2g9MzIwO2lsPX BsYW5l/http://media.zenfs.com/en_us/News/Reuters/2016-11-01T202948Z_1_LYNXMPECA02W6_RTROPTP_2_MICROSOFT-RESULTS.JPG.cf.jpg
The logo of Microsoft is pictured in Issy-les-Moulineaux, France

In spear phishing, an attacker sends targeted messages, typically via email, that exploit known information to trick victims into clicking on malicious links or open tainted attachments. Microsoft said the attacks exploited a vulnerability in Adobe Systems Inc's Flash software and one in the Windows operating system. Adobe released a patch for that vulnerability on Monday, when security researchers with Google went public with details on the attack.

Microsoft chided rival Google for going public with details of the vulnerabilities before it had time to prepare and test a patch to fix them. "Google’s decision to disclose these vulnerabilities before patches are broadly available and tested is disappointing, and puts customers at increased risk," Microsoft said. A Google representative declined to comment on Microsoft's statement.

MORE (https://www.yahoo.com/news/microsoft-says-russia-linked-hackers-exploiting-windows-flaw-202948695--finance.html?ref=gs)