Slashdot Mirror
DHS Asked Gas Pipeline Firms To Let Attackers Lurk Inside Networks
wiredmikey writes "According to reports, which were confirmed Friday by ICS-CERT (PDF), there has been an active cyber attack campaign targeting the natural gas industry. However, it's the advice from the DHS that should raise some red flags. 'There are several intriguing and unusual aspects of the attacks and the U.S. response to them not described in Friday's public notice,' Mark Clayton wrote. 'One is the greater level of detail in these alerts than in past alerts. Another is the unusual if not unprecedented request to leave the cyber spies alone for a little while.' According to the source, the companies were 'specifically requested in a March 29 alert not to take action to remove the cyber spies if discovered on their networks, but to instead allow them to persist as long as company operations did not appear to be endangered.' While the main motive behind the request is likely to gain information on the attackers, letting them stay close to critical systems is dangerous. The problem lies in the complexities of our critical infrastructures and the many highly specialized embedded systems that comprise them."
The conspiracy theorist in me says DHS.
They should just rename it "Department of lets see if we can get more funding" Because in reality that is all they are trying to do. DOLSIWCGMF
Yea, but then they might end up getting mistaken for all the other 'alphabet agencies,' since that's essentially the purpose of, well, all of 'em.
An enigma, wrapped in a riddle, shrouded in bacon and cheese
If you think about it, this could provide more information on your opponents. Though it is a bit of a gamble - can you get valuable information without too much risk? Or, is it worth the risk?
Think about the whole process of infiltration. Once you get your foot in the door you start gathering information and testing the waters to see what you can do. If you don't think you've been discovered, but you have, then the defenders have some good opportunities. They can feed you false intelligence, make you think you are burrowing into an important control system that's actually a honeypot, give them a false sense of accomplishing their goal, waste their time and resources. Done properly, this is very useful counter-intelligence.
Fooling the other guy is valuable. Tricking the other guy into thinking he's fooled you can be even more valuable. I think that's the core of what this is about. But as I said before, it's a risk, and could get out of control.
I work for the Department of Redundancy Department.
And then when something bad happens they'll blame it on incompetence and say they need better tools to prevent attacks like this and roll out the next round of cyber laws they have sitting in the drawer targeted at domestic citizens.
It could be any of that. It could be my neighbor, for all I know. DHS has cried wolf enough times that they can't be trusted anymore. Maybe they are honest some of the time - like you pointed out, that certainly could be the case here - but... meh.
"A US military spy plane illegally entered Chinese airspace and collided with a Chinese interceptor, killing the Chinese pilot."
Really?
That's not exactly correct. US surveillance aircraft do not violate China's sovereign airspace, but Chinese fighters would routinely harass US aircraft in what China claims as an "exclusive economic zone" in the South China Sea, not recognized by the US, and not considered sovereign airspace. "The PRC interprets the Convention as allowing it to preclude other nations' military operations within this area, while the United States maintains that the Convention grants free navigation for all countries' aircraft and ships, including military aircraft and ships, within a country's exclusive economic zone."
China's fighters routinely buzzed US EP-3's, and if you're actually asserting that an EP-3 is maneuverable enough to cause a collision with a Chinese J-8 fighter, then you are either deluded, or a member of the PRC's 50 Cent Party. The US EP-3 had to enter Chinese airspace in order to conduct an unauthorized emergency landing on Hainan Island, after which NSA's secure operating system was completely compromised by China, with a US Admiral later observing, “It was grim," and a US official responding to a question of whether China could be "that good" by saying, “they only invented gunpowder in the tenth century and built the bomb in 1965. I’d say, ‘Can you read Chinese?’ We don’t even know the Chinese pictograph for ‘Happy hour.’"
So yeah, go ahead and assert that China would somehow be a better global steward of human rights.
Not reacting immediately to advanced, targeted intruders is standard tactics, and recommended by most experts in the field. This is news to Slashdot because folks here usually only deal with mass criminal attacks, which are a different beast entirely.
This isn't a DHS conspiracy, not even one for new funding. It's just the government advocating reasonable measure even though I'm sure they knew they'd get pilloried for it. I rarely respect the DHS, but in this case I may make an exception.
No; real world equivalent; there are a bunch of possible terrorists wandering around the airport carrying things that look like bombs but you don't know if they really are or how they are triggered. Your visiting security experts have identified a few of them but you know there are many more. You quickly work out that the terrorists can go in and out of the building at will completely bypassing the security gate and have been doing so for weeks on end, but you don't know how. You tell the guy in charge of the security thugs at the door not to alert the terrorists until you have time to get back up and hopefully wait for a quieter gap between flight arrivals.
=~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();