Cyber-Attacks?

Galahad2 writes "The Washington Post has a lengthy article about the Bush administration's fears of an Al Qaeda cyber attack on the nation's infrastructure. Though we have all seen this sort of attack as a possiblity for a long time, I'm having a hard time believing that Al Qaeda is capable of anything along these lines." You're not the only one. The article does cite an example of the only known infrastructure attack, a case in Australia where a consultant used his inside knowledge of a local sewage treatment system to dump raw sewage, hoping for a contract to solve the problem he created.

Re:The Obvious Question

[guttentag]

What kind of fscking imbecile allows critical infrastructure control systems to be connected to the Internet?

I don't know, maybe the same kind of person who would code infrastructure control systems to rely on only the last two digits of a date's year.

I'm sure there are people who have a Web interface set up for some seemingly non-critical facet (though there probably aren't many cases of "Look Honey, I can manage the dam's intake system from my iBook in the backyard!"), but there is probably a greater number of people who use the Internet for some communication/reporting feature ("Hey, I'm encrypting all transmissions, I'm using port 18937, I'm not publishing this info on a Web site and I'm not controlling the infrastructure in any way through this interface, so I should be safe."). Should such people be running infrastructure control systems? No. Does that mean they're not running these systems? No.

I think the article's primary purpose is to send a "Hey, infrastructure engineers, this means YOU" (or "does that guy who works for you have infrastructure controls connected to the Internet? Ask him.") message to people who think they're already covered.

Utter shite

The subject of this article is such rabid FUD that it needs dispelling, quickly. The technically savvy readers of Slashdot, if not already aware of the state of power-plant security, need to catch up to what reality is, because they will be the ones that the non-technicals will look to for answers and reassurance.

The idea that critical systems of a power-plant of any kind would be on-line and accessible via the web or dial-up is so preposterous as to defy reason. The idea is surely suggested by ignorant kooks, and snatched up and carried into daylight by "journalists" who would rather see their name in a byline than verify the information in the stories they rush to press. In short, someone has seen one to many USA Channel Sunday Night Movies.

Having worked on nuclear plant monitoring systems software, I can tell you for a fact that the critical systems not only can not be tripped from off-site, but also can not be accessed from anything but specific, highly secure and redundant systems.

These systems have physical switches that often require two hands to operate. They are designed to prevent insider sabotage, so no wanker with a laptop, sitting in a cave or boardroom half a world a way can do anything. The only action that can be caused by any local anomaly is a controlled, safe shut-down. The only thing that a remote action will result in is a line-item in the logs, period. A plant shutdown may be costly and greatly inconvenient, but hardly lethal, and absolutely not catastrophic. The "terrorists" will have better luck flying a 747 into the Hoover Dam.

The notion that someone with access from outside could trip a plant or cause anything but the generation of a non-critical statistics report to be generated is lunacy. Yes, some aspects of some systems may be monitored from outside, but this is only for informational purposes only.

Rise in UNIX Targetted Attacks

[Nishi-no-wan]

Off topic, I know, but there's been a serious increase in attempts to hijack my web site since the Gobbles' proof of break-in-ability code for the Apache hole was released last week. It's probably the work of out of school script kiddies rather than that cad Al, but I'd like to know if other sys-admins have notice an increase in UNIX targetted attacks (specifically geared toward Apache) in the past week.

The usual attack pattern goes:

1. Enter the site on a "powered by freebsd" google search reference
2. Cause an error ("GET ../.." or a "GET / HTTP/1.0" request) to get the web server name and version.
3. If the version is a vulnerable version of Apache, an attack commenses with a different tool.

If everyone hasn't upgraded Apache to a safe version yet, I strongly suggest you do. It's not just a Microsoft hole any more.

because it needs to be?

[Xtifr]

I'm sure that many government computers are safely isolated from any public nets, but many of them have the sole purpose of serving information to the Internet, and would be pretty useless if they were isolated! Furthermore, it's not just government installations that are at risk. The 9-11 attacks weren't just aimed at the Pentagon. Or perhaps you forgot about the WTC?

The major US backbones of the Internet itself could be considered part of our national infrastructure. I hope you're not going to ask why the backbones are on the Internet!

Re:Have you learned nothing?

[CrosseyedPainless]

While the point of your post is quite valid, I'd like to correct one thing: absurdly tight border restrictions

The (approximately) 9,000 km border with Canada is completely uncontrolled except at major highways and urban areas. The 3,300 km border with Mexico is somewhat more controlled, but is readily penetrated in remote areas. Add in the lightly patrolled coastlines, and the immense and basically uninhabited border of Alaska, and one has what is essentially unimpeded access to the US. (Pre 9-11, anyway; things may have changed.)

Re:Smart Move...

[thelaw]

i'm not so sure that this is the case. i've been following washingtonpost.com's cyber-attack stories for quite some time (very much pre-september-11), and just about every story they do has a slightly sensationalist bent. this one, ironically, is the most fact-based story i've seen them do since i started reading them.

jon