|
|
 |
|
|
Exclusive: cyberattacks on us natural-gas pipeline companies,evidence points to china by efvf thbtn
|
|
|
Exclusive: cyberattacks on us natural-gas pipeline companies,evidence points to china by EFVF THBTN
|
|
| Article Posted: 11/05/2012 |
| Article Views: 57 |
| Articles Written: 1207 - MORE ARTICLES FROM THIS AUTHOR |
| Word Count: 1111 |
| Article Votes: 0 |
|
Exclusive: cyberattacks on us natural-gas pipeline companies,evidence points to china |
|
|
|
|
|
Business,Business News,Business Opportunities
|
|
Along with the alerts, DHS supplied the pipeline industry and itssecurity experts with digital signatures, or "indicators ofcompromise" (IOCs). Those indicators included computer filenames, computer IP addresses, domain names, and other keyinformation associated with the cyberspies, which companies coulduse to check their networks for signs they ve been infiltrated. Two independent analyses have found that the IOCs identified by DHSare identical to many IOCs in the attack on RSA, the Monitor haslearned. RSA is the computer security division of EMC , a Hopkinton, Mass. , data storage company.
Discovery of the apparent link between the gas-pipeline and RSAhackers was first made last month by Critical Intelligence, acybersecurity firm in Idaho Falls , Idaho . The unpublished findings were separately confirmed this week byRed Tiger Security, based in Houston . Both companies specialize in securing computerized industrialcontrol systems used to throw switches, close valves, and operatefactory machinery. "The indicators DHS provided to hunt for the gas-pipelineattackers included several that, when we checked them, turned outto be related to those used by the perpetrators of the RSAattack," says Robert Huber, co-founder of CriticalIntelligence. "While this isn't conclusive proof of aconnection, it makes it highly likely that the same actor wasinvolved in both intrusions." Mr.
Huber would not release details about the indicators, becauseaccess is restricted by DHS. Jonathan Pollet, founder of Red Tiger Security, has arrived atsimilar conclusions. "The indicators from each source are a match," says Mr.Pollet, whose company has extensive experience in the oil and gasindustry. "This does not directly attribute them to the samethreat actor, but it shows that the signatures of the attack wereextremely similar.
This is either the same threat actor, or the twothreat actors are using the same command and control' serversthat control and manage the infected machines." Among several DHS indicators with links to the RSA campaign, Hubersays, is an Internet "domain name" a humanlyrecognizable name for a computer or network of computers connectedto the Internet. Scores of computer-server "hosts"associated with that domain were already known to have participatedin the RSA attack, Critical Intelligence found. Alone, the domain-name finding was strongly suggestive. But alongwith many other indicators he's checked, a link between the RSA andpipeline-company attacks is clear, Huber says. "I don't think there's much question that the attackers goingafter the pipelines are somehow connected to the group that wentafter RSA," he says.
So who went after RSA? Gen. Keith Alexander , chief of US Cyber Command , who also heads the NSA, told a Senate committee in March thatChina was to blame for the RSA hack in March 2011. The infiltration of RSA by cyberspies is widely considered one ofthe most serious cyberespionage attacks to date on a nondefenseindustry company. Its SecurID system helps to secure many defensecompanies, government agencies, and banks. Information stolen fromRSA has since been reported to have been used in attacks againstdefense companies Lockheed Martin , Northrop Grumman , and L-3 Communications.
Cyberspies attacked RSA using a spear-phishing e-mail thatcontained an Excel spreadsheet with an embedded malicious insert. Similarly, the gas-pipelineattacks have seen spear-phishing e-mails with an attachment ortainted link. Nothing in cyberespionage is for sure, Huber and Pollet say especially since identifying perpetrators is difficult or sometimesimpossible because of the layers of digital obfuscation that spossible for attackers. But as other security firms check andconfirm the findings, it could reveal important things, the twoexperts agree. First, it would show that the same group hacking the gas-pipelinecompanies is also interested in high-tech companies that have afocus on cryptography and cybersecurity.
Second, the question arises: Why did DHS provide the indicators tothe industry, but didn t identify the apparent link between thegas-pipeline and RSA attacks? Finally, there's also the question of why DHS officials, in theiralerts, requested companies that detected the intruders to onlyobserve them and report back to DHS but not act to remove orblock them from their networks. Some speculate that blocking theintruders would have short-circuited intelligence gathering. (A DHSspokesman refused comment on the issue.) This last point has raised consternation among security personnelat some pipeline companies. For a year now, big cybersecuritycompanies like McAfee have had digital defenses that could bedeployed against the RSA hack. In fact, they might have been atleast partially effective against the new pipeline hack, Hubersays.
Has DHS s advice to only observe the intruders come at the expenseof allowing the cyberspies to become more deeply embedded oncompany networks? Marty Edwards, director of the DHS Control Systems SecurityProgram, which issued the alerts, referred questions topublic-affairs officials. DHS s Industrial Control Systems Cyber Emergency Response Team[ICS-CERT] has been working since March 2012 with criticalinfrastructure owners and operators in the oil and natural gassector to address a series of cyber intrusions targeting naturalgas pipeline companies," Peter Boogaard, a DHS spokesman, saidin an e-mailed statement. "The cyber intrusion involves sophisticated spear-phishingactivities targeting personnel within the private companies,"he continued. "DHS is coordinating with the FBI and appropriate federal agencies, and ICS-CERT is working withaffected organizations to prepare mitigation plans customized totheir current network and security configurations to detect,mitigate and prevent such threats. But if anything, questions are growing about China's role eitherdirectly or through its cyber militia in vacuuming up proprietary,competitive data on US corporate networks as well as possiblymapping critical infrastructure networks.
Sen. Carl Levin (D) of Michigan queried Alexander about "China's aggressive and relentlessindustrial espionage campaign through cyberspace" and askedhim to provide some unclassified examples. Alexander's first namedexample was RSA. "We are seeing a great deal of DOD -related equipment stolen by the Chinese," he replied.
"Ican't go into the specifics here, but we do see that from defenseindustrial companies throughout. There are some very public ones,though, that give you a good idea of what's going on. The mostrecent one, I think, was the RSA exploits." "The exploiters," he continued, "took many of thosecertifications and underlying software" from RSA, renderingthe security system insecure until updated. Chinese officials regularly pour cold water on such accusations. APentagon press conference on Monday with Defense Secretary Leon Panetta and Chinese Defense Minister Gen.
Liang Guanglie was intended to show US-Chinese cooperation on cybersecurity. ButLiang took the opportunity to condemn claims that Chinesecyberspies are the predominant actors in cyberspying on USnetworks. "I can hardly agree with [that] proposition," said Liang,as reported by The Hill's DefCon blog. "During the meeting,Secretary Panetta also agreed on my point that we cannot attributeall the cyberattacks in the United States to China.". I am an expert from Auto Electronics, usually analyzes all kind of industries situation, such as flexible braided hose , flexible vacuum hose.
Related Articles -
flexible braided hose, flexible vacuum hose,
|
Rate This Article  |
|
|
|
|
|
Do you Agree or Disagree? Have a Comment? POST IT!
| Reader Opinions |
|
|
|
|
|
|
|
|
|
| Author Login |
|
|
 |
Advertiser Login
ADVERTISE HERE NOW!
Limited Time $60 Offer!
90 Days-1.5 Million Views
|
|
TIM FAY
After 60-plus years of living, I am just trying to pass down some of the information that I have lea...more
|
|
|
|
|
GENE MYERS
Author of four books and two screenplays; frequent magazine contributor. I have four other books "in...more
|
|
|
|
|
DONNIE LEWIS
I'm an avid consumer of a smoothie a day living, herbs, vitamins and daily dose of exercise. I'm 60...more
|
|
|
|
|
ADRIAN JOELE
I have been involved in nutrition and weight management for over 12 years and I like to share my kn...more
|
|
|
|
|
LAURA JEEVES
At LeadGenerators, we specialise in content-led Online Marketing Strategies for our clients in the t...more
|
|
|
|
|
SUSAN FRIESEN
Located in the lower mainland of B.C., Susan Friesen is a visionary brand strategist, entrepreneur, ...more
|
|
|
|
|
STEPHEN BYE
Steve Bye is currently a fiction writer, who published his first novel, ‘Looking Forward Through the...more
|
|
|
|
|
STEVE BURGESS
Steve Burgess is a freelance technology writer, a practicing computer forensics specialist as the pr...more
|
|
|
|
|
ALEX BELSEY
I am the editor of QUAY Magazine, a B2B publication based in the South West of the UK. I am also the...more
|
|
|
|
