Slashdot Mirror
DHS Asked Gas Pipeline Firms To Let Attackers Lurk Inside Networks
wiredmikey writes "According to reports, which were confirmed Friday by ICS-CERT (PDF), there has been an active cyber attack campaign targeting the natural gas industry. However, it's the advice from the DHS that should raise some red flags. 'There are several intriguing and unusual aspects of the attacks and the U.S. response to them not described in Friday's public notice,' Mark Clayton wrote. 'One is the greater level of detail in these alerts than in past alerts. Another is the unusual if not unprecedented request to leave the cyber spies alone for a little while.' According to the source, the companies were 'specifically requested in a March 29 alert not to take action to remove the cyber spies if discovered on their networks, but to instead allow them to persist as long as company operations did not appear to be endangered.' While the main motive behind the request is likely to gain information on the attackers, letting them stay close to critical systems is dangerous. The problem lies in the complexities of our critical infrastructures and the many highly specialized embedded systems that comprise them."
DHS Actually Just Another Terrorist Organization; Few Surprised by Revelation
An enigma, wrapped in a riddle, shrouded in bacon and cheese
The conspiracy theorist in me says DHS.
Realworld equivalent: "Terrorist shows up at airport with bomb strapped to chest. Security waves him through, asks only that he not threaten anyone prior to detonation."
#fuckbeta #iamslashdot #dicemustdie
I wouldn't necessarily suspect that they were told to leave them alone to gather information. Perhaps it's pessimistic, but I read it "... so that we can use them to excuse passing CYBERWAR legislation like CISPA".
is that DHS is asking them to allow the people to stay, but (typical /. fashion didnt RTFA) 1 how did DHS know that they were being attacked unless the companies told dhs, or dhs was already monitoring said companies to begin with.
have you seen my sig? there are many others like it but none that are the same
Have these folks never heard of the concept of a honey pot to trap the would-be intruder? This is just plain stupid to let these folks snoop around and install whatever malware they want in such important infrastructure. It's like smoking near the pumps at a fueling station and they station attendant is told to leave them be so longer as they don't get "too" close to the explosive vapors.
Two of my imaginary friends reproduced once
"Don't check your customers for IDs. Just sell them and we'll track the criminals across the Mexican border." - This policy resulted in many, many deaths that could have been prevented by not encouraging stores to break gun laws and sell to criminals.
Now it sounds like DHS is trying the same stupid strategy. Read more here: http://www.forbes.com/sites/realspin/2011/09/28/fast-and-furious-just-might-be-president-obamas-watergate/
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
If you think about it, this could provide more information on your opponents. Though it is a bit of a gamble - can you get valuable information without too much risk? Or, is it worth the risk?
Think about the whole process of infiltration. Once you get your foot in the door you start gathering information and testing the waters to see what you can do. If you don't think you've been discovered, but you have, then the defenders have some good opportunities. They can feed you false intelligence, make you think you are burrowing into an important control system that's actually a honeypot, give them a false sense of accomplishing their goal, waste their time and resources. Done properly, this is very useful counter-intelligence.
Fooling the other guy is valuable. Tricking the other guy into thinking he's fooled you can be even more valuable. I think that's the core of what this is about. But as I said before, it's a risk, and could get out of control.
I work for the Department of Redundancy Department.
What IS unusual and unprecedented, is that this was announced.
Don't worry that they are trying to trim your pubic hair with a weed-wacker - as long as they are only touching pubes your fine!!!
A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
Trying to get more data from an intruder isn't a bad thing, and they did state as long as it was 'safe' to do so.. DHS was not asking the companies to let the attackers get into sensitive stuff and just twiddle their thumbs.
---- Booth was a patriot ----
This could be taken in any number of ways, but I'd go for two here:
1.) (Giving DHS the benefit of the doubt) -> They *want* the cyber-spies (what name, Industrial Espionage would fit better here) to find and copy some of the firm's software. Why? Because they (DHS) are going to ensure that the copies the spies get will have some small, but interesting changes to them. Something the CIA pulled with the Soviets a while back. Though I would be surprised that they would think that strategy would work again.
2.) (Not giving DHS the benefit of the doubt, *puts on tinfoil hat*) DHS needs to justify their (let's be honest) rather large and expensive budget, as well as the various civil rights that have been...temporarily re-purposed. As such, from a realpolitik approach, it's in their best interest to have a few 'terrorists' succeed from time to time; and if those 'terrorists' aren't bright enough, or capable enough, to pull something off, then the DHS is willing to give them a helping hand from time to time; all in the best interests of National Security, mind you. Their argument, if pressed, would be that they need to remain ever-vigilant if they are going to catch the really bad guys, and sometimes the cost of that vigilance is a few lives. The counter argument, of course, possibly made by any of the various Generals / Admirals of our military, would be that we would then be that we are specializing for only certain kinds of attacks, wasting valuable resources, and increasing the amount of 'noise,' possibly / probably resulting in us missing a weaker signal that might more foretelling of an unanticipated attack via a previously unknown vector.
Paranoia can be a dangerous thing.
I am John Hurt.
It could be any of that. It could be my neighbor, for all I know. DHS has cried wolf enough times that they can't be trusted anymore. Maybe they are honest some of the time - like you pointed out, that certainly could be the case here - but... meh.
So there are a lot of folks who think that DHS is causing trouble to justify their own budget... could be, a little too obvious and Hollyweird for my taste but not outside the realm of possibility. My only question is that if in fact they're asking to not disturb the black hats so they can zero in on them...
1. Why is this taking so long? Isn't this their specific mandate, aren't they armed to the teeth to detect cyber-terrorism in our nation's infrastructure, I would think that they'd be frog marching bad guys to Gitmo mid-day April 1st?
2. How is this story hitting the air before bad guys are being captured?
3. How critical does an asset have to be, before someone says "Shut those terrorists down right now!!!"? Trains and planes? Nuclear power plant cooling? Air Force One? Trash service in Greenwich, CT?
There are two good reasons for doing this.
1) Just because you've identified attacker(s) in one part of the system, doesn't mean that they aren't in other parts. They could retaliate for that action.
2) You can gain valuable intelligence about who they are and how they're doing it.
Now the good reasons *not* to.
Items 1 through 1,000,000) They were in critical infrastructure equipment, and have retrieved an unknown amount of information. Every second they are in, it increases the risk of what they might acquire, or they might do.
1,000,001) There should be a policies and procedures manual which says any machine which is potentially compromised should immediately be disconnected from the network, and a trained computer forensics team should immediately begin evaluating the situation.
2 vs 1,000,001.. It's a tough call.
Serious? Seriousness is well above my pay grade.
I am not a DHS apologist, but this is exactly the same approach Clifford Stoll used to catch Markus Hess, and Stoll is no dummy. You can read about it in The Cuckoos Egg (Ironic Caveat: Stoll took this approach only after trying to use other approaches and failing to get cooperation from numerous government agancies.)
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
While the main motive behind the request is likely to gain information on the attackers
I have my doubts about that, after all what's more important, catching these people (who are most likely in non-extradition countries) or protecting the people of this country?
I also have my doubts about the competence of the DHS, HLS, TSA and all the other "security" agencies that have suddenly sprung up after 9/11.
Now stare at your phone and step into traffic...
"If any question why we died, Tell them because our fathers lied."
This is what happens when you treat hacking as warfare and make the military responsible for security.
This approach should be warmly received here in Slashdotlandia, where we've spent more than a decade learning how "security through obscurity" is doubleplusungood. And what could possibly be less obscure than letting black-hats coexist within your network? Obscuring your internal network from them is just going to fail anyway. Your system should be designed in such a way that any Khalid al Shaboom Mahfouzbal could openly have root and everything will still work fine.
KUDOS DHS!!
"A US military spy plane illegally entered Chinese airspace and collided with a Chinese interceptor, killing the Chinese pilot."
Really?
That's not exactly correct. US surveillance aircraft do not violate China's sovereign airspace, but Chinese fighters would routinely harass US aircraft in what China claims as an "exclusive economic zone" in the South China Sea, not recognized by the US, and not considered sovereign airspace. "The PRC interprets the Convention as allowing it to preclude other nations' military operations within this area, while the United States maintains that the Convention grants free navigation for all countries' aircraft and ships, including military aircraft and ships, within a country's exclusive economic zone."
China's fighters routinely buzzed US EP-3's, and if you're actually asserting that an EP-3 is maneuverable enough to cause a collision with a Chinese J-8 fighter, then you are either deluded, or a member of the PRC's 50 Cent Party. The US EP-3 had to enter Chinese airspace in order to conduct an unauthorized emergency landing on Hainan Island, after which NSA's secure operating system was completely compromised by China, with a US Admiral later observing, “It was grim," and a US official responding to a question of whether China could be "that good" by saying, “they only invented gunpowder in the tenth century and built the bomb in 1965. I’d say, ‘Can you read Chinese?’ We don’t even know the Chinese pictograph for ‘Happy hour.’"
So yeah, go ahead and assert that China would somehow be a better global steward of human rights.
Most likely the affected companies told DHS to pound sand. It's in their interest to protect their networks, it's in DHS's interest to catch the purps.
A lot of software used in Government comes from Russia. Veeam and Kapersky are examples. Shouldn't this be a concern?
I'm sure it's better to have zero coordination because the slashdot crowd thinks it's a plot to take away their ability to pirate copyrighted content.
Wrong thread, bub.
“He’s not deformed, he’s just drunk!”
I just wonder how the US would react if China sent a bunch of aircraft carriers and started doing reconnaissance flights in the Gulf of Mexico of off the coast of Florida or New York or DC (in International waters).
Do you think the US would just leave them alone?
I don't read your sig. Why are you reading mine?
How the hell are "cyber attackers" getting into NATURAL GAS CONTROL NETWORKS in the first place?
I had a 3 meaty burritos and black Beans for lunch with a fifth of Patron. If anyone would like to gain information on my Natural Gas Line please let me know. Trust me I'll leave you alone. And so will my dog and the neighbors.
Did we Americans kill tens of millions of our own? (Mention "abortion" and watch them smoke their windings!)
The problem is a long line of faulty jurisprudence arising from the Fourteenth Amendment to the US Constitution. China does not have that problem. So there are at least three million Chinese in the USA. A significant fraction are highly educated and wind up in sensitive employment. All that jurisprudence protecting them, including the spies. Another case of outsiders using our liberties against us.
America: Discriminate or Die!
I manage a small wireless ISP and a server on one of our remote networks was hacked and used to launch attacks against the Department of Navy. After the FBI showed up we had NCIS come and ask to place a network monitor device between the server and network so they could monitor what they were doing. We were also asked not to patch the system so the attack would continue. I didn't have a big issue with it since that server was about to be decommissioned until I found that they had installed their device between the router and switch so they were able to monitor ALL customer communications.
HACK THE FRACK
1. Attackers who are from abroad, or hired by foreign governments, seeking information on how to disrupt/destroy gas distribution networks in USA, in order to destroy USA.
2. Attackers sent by DHS itself, seeking ways to destroy/disrupt gas distribution networks in USA, in order to justify EVEN MORE URGENT FUNDINGS from the congress
Muchas Gracias, Señor Edward Snowden !
Former Michigan Congressman, Governor candidate, and now US Senate candidate Pete Hoekstra (from the city where Slashdot was founded) was the highest ranking member on the House Permanent Select Committee on Intelligence had this to say at a Senatorial candidate debate on January 24 (before his xenophobic Super Bowl ad went viral):
http://www.youtube.com/watch?v=amcDOyDaT3Q&t=49m50s
He has a niche for not keeping his mouth shut:
http://www.huffingtonpost.com/2009/11/11/rachel-maddow-takes-on-pe_n_353706.html
Have gnu, will travel.
Those people trying to put nukes on meteors aren't real, that was a movie.
I was promised a flying car. Where is my flying car?
The 'news' about a, gasp, advanced underware bomber from Yemen, and how DHS responded and now DHS again reads that FBI is running a False-Flag operation against the Department of Homland Security. FBI, and others as well as US citizens are fed-up with the security theater of her majisty Napolitano and her lap dog Pistol. Their excapade in the motel-6 north of Dallas at tax-payer expense was the last straw for the poor General Accounting Office poor souls.
Adding hurt on injury is the French Revolution that culminated in H'olland becoming the new President of France. He has pledged to remove French Troops from Afganistan, and money and supplied and bank accounts and credit cards ...., so
one can imagine how royally PISSED Obama and the Unelected Element of the USA government are feeling right about now.
On top of that, the Greece Vote!
The Mer-kozi Austrity Accord on the southern EU-front is dead! Good Ridense!
Things will really snow-ball when President H'orlland removes the troops, and the Bank Funding for the Illegal War in Afganistan (funding for the USA extradition-touture prison). Good Ridense Obama-boy! Gone gone gone and leveled on the ash-heap of history with a shoe up your ass to boot.
LoL
there's DOHs!! Ooooh someone's shutting down the generators for cooling. Oh no matter look big lovely donuts. Mmmmm :)
When shit hits the fan get some of these https://youtu.be/pY-GncsZ-UE
Stoll was an individual, with few resources and no authority to require information from anyone. DHS is a large well-funded national agency with serious authority.
They should have left that intrusion alone just long enough to get it traced.
To a Lisp hacker, XML is S-expressions in drag.
Evidence suggest that DHS Sec Napolitano and her lap dog Pistol have been in direct communication with Yemen-based Al Quida organizations for the intrustion and destruction of US based Airline carriers.
Evidence obtained during the FBI False-Flag operation damns Napolitano and Pistol in first person.
Just goes to show that the biggst security threat is from the top of the Non-Elected US Government and directed by the President of the United States of America no other..
ENDANGER GAS PIPELINES
(picture of a dog)
CATCH SOME BORED IDIOT
Contrary to the popular belief, there indeed is no God.
The problem lies in the complexities of our critical infrastructures and the many highly specialized embedded systems that comprise them."
With the average Homey Security Possem being pretty thick I would find that a real bad idea.
We your friendly alphabet agencies are probing your networks posing as intruders, so please do not disturb us while we at work, thank you.
The last time something like that happened, drug cartels ended up with thousands of guns.
Sure it's dangerous. However, I'm sure the Allies let their own occasional ship get sunk rather than save it and thus reveal that they had cracked the enemies' codes.
You have to look at the bigger picture.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
One of my "fav" reads in fact, & you're correct/spot-on, on how & WHY he did what he did (w/ the printer too), after alerting law enforcement agencies (who kept "passing the buck" until a military installation in Richmond Hill Ga. was compromised iirc - then, the story changed & he got interest from law enforcement).
APK
P.S.=> Good point & good tale to use for an analogy here - it should be mandatory "required reading" for anyone interested in security of computer systems imo @ least... apk
Critical infrastructure is accessible from the public internet. DERP DERP DERP DERP.
@Mindless Drivel: 100% of Twitter posts ever Tweeted.
China is after our money and our jobs, why would they want to turn out our lights or wreck our power plants, especially if we're one of their largest customers for just about anything electronic? This isn't some religious crusade based on a long list of grievances like what's happening in the Middle East.