Slashdot Mirror
DHS Asked Gas Pipeline Firms To Let Attackers Lurk Inside Networks
wiredmikey writes "According to reports, which were confirmed Friday by ICS-CERT (PDF), there has been an active cyber attack campaign targeting the natural gas industry. However, it's the advice from the DHS that should raise some red flags. 'There are several intriguing and unusual aspects of the attacks and the U.S. response to them not described in Friday's public notice,' Mark Clayton wrote. 'One is the greater level of detail in these alerts than in past alerts. Another is the unusual if not unprecedented request to leave the cyber spies alone for a little while.' According to the source, the companies were 'specifically requested in a March 29 alert not to take action to remove the cyber spies if discovered on their networks, but to instead allow them to persist as long as company operations did not appear to be endangered.' While the main motive behind the request is likely to gain information on the attackers, letting them stay close to critical systems is dangerous. The problem lies in the complexities of our critical infrastructures and the many highly specialized embedded systems that comprise them."
DHS Actually Just Another Terrorist Organization; Few Surprised by Revelation
An enigma, wrapped in a riddle, shrouded in bacon and cheese
The conspiracy theorist in me says DHS.
Realworld equivalent: "Terrorist shows up at airport with bomb strapped to chest. Security waves him through, asks only that he not threaten anyone prior to detonation."
#fuckbeta #iamslashdot #dicemustdie
I wouldn't necessarily suspect that they were told to leave them alone to gather information. Perhaps it's pessimistic, but I read it "... so that we can use them to excuse passing CYBERWAR legislation like CISPA".
"Don't check your customers for IDs. Just sell them and we'll track the criminals across the Mexican border." - This policy resulted in many, many deaths that could have been prevented by not encouraging stores to break gun laws and sell to criminals.
Now it sounds like DHS is trying the same stupid strategy. Read more here: http://www.forbes.com/sites/realspin/2011/09/28/fast-and-furious-just-might-be-president-obamas-watergate/
My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
If you think about it, this could provide more information on your opponents. Though it is a bit of a gamble - can you get valuable information without too much risk? Or, is it worth the risk?
Think about the whole process of infiltration. Once you get your foot in the door you start gathering information and testing the waters to see what you can do. If you don't think you've been discovered, but you have, then the defenders have some good opportunities. They can feed you false intelligence, make you think you are burrowing into an important control system that's actually a honeypot, give them a false sense of accomplishing their goal, waste their time and resources. Done properly, this is very useful counter-intelligence.
Fooling the other guy is valuable. Tricking the other guy into thinking he's fooled you can be even more valuable. I think that's the core of what this is about. But as I said before, it's a risk, and could get out of control.
I work for the Department of Redundancy Department.
Don't worry that they are trying to trim your pubic hair with a weed-wacker - as long as they are only touching pubes your fine!!!
A computer once beat me at chess, but it was no match for me at kick boxing. Emo Philips
Just a suggestion looking at your signature - shouldn't it be "Two of my imaginary friends were fruitful and multiplied with negative results."
How come Slashdot never gets Slashdotted?
Trying to get more data from an intruder isn't a bad thing, and they did state as long as it was 'safe' to do so.. DHS was not asking the companies to let the attackers get into sensitive stuff and just twiddle their thumbs.
---- Booth was a patriot ----
This could be taken in any number of ways, but I'd go for two here:
1.) (Giving DHS the benefit of the doubt) -> They *want* the cyber-spies (what name, Industrial Espionage would fit better here) to find and copy some of the firm's software. Why? Because they (DHS) are going to ensure that the copies the spies get will have some small, but interesting changes to them. Something the CIA pulled with the Soviets a while back. Though I would be surprised that they would think that strategy would work again.
2.) (Not giving DHS the benefit of the doubt, *puts on tinfoil hat*) DHS needs to justify their (let's be honest) rather large and expensive budget, as well as the various civil rights that have been...temporarily re-purposed. As such, from a realpolitik approach, it's in their best interest to have a few 'terrorists' succeed from time to time; and if those 'terrorists' aren't bright enough, or capable enough, to pull something off, then the DHS is willing to give them a helping hand from time to time; all in the best interests of National Security, mind you. Their argument, if pressed, would be that they need to remain ever-vigilant if they are going to catch the really bad guys, and sometimes the cost of that vigilance is a few lives. The counter argument, of course, possibly made by any of the various Generals / Admirals of our military, would be that we would then be that we are specializing for only certain kinds of attacks, wasting valuable resources, and increasing the amount of 'noise,' possibly / probably resulting in us missing a weaker signal that might more foretelling of an unanticipated attack via a previously unknown vector.
Paranoia can be a dangerous thing.
I am John Hurt.
So there are a lot of folks who think that DHS is causing trouble to justify their own budget... could be, a little too obvious and Hollyweird for my taste but not outside the realm of possibility. My only question is that if in fact they're asking to not disturb the black hats so they can zero in on them...
1. Why is this taking so long? Isn't this their specific mandate, aren't they armed to the teeth to detect cyber-terrorism in our nation's infrastructure, I would think that they'd be frog marching bad guys to Gitmo mid-day April 1st?
2. How is this story hitting the air before bad guys are being captured?
3. How critical does an asset have to be, before someone says "Shut those terrorists down right now!!!"? Trains and planes? Nuclear power plant cooling? Air Force One? Trash service in Greenwich, CT?
There are two good reasons for doing this.
1) Just because you've identified attacker(s) in one part of the system, doesn't mean that they aren't in other parts. They could retaliate for that action.
2) You can gain valuable intelligence about who they are and how they're doing it.
Now the good reasons *not* to.
Items 1 through 1,000,000) They were in critical infrastructure equipment, and have retrieved an unknown amount of information. Every second they are in, it increases the risk of what they might acquire, or they might do.
1,000,001) There should be a policies and procedures manual which says any machine which is potentially compromised should immediately be disconnected from the network, and a trained computer forensics team should immediately begin evaluating the situation.
2 vs 1,000,001.. It's a tough call.
Serious? Seriousness is well above my pay grade.
I am not a DHS apologist, but this is exactly the same approach Clifford Stoll used to catch Markus Hess, and Stoll is no dummy. You can read about it in The Cuckoos Egg (Ironic Caveat: Stoll took this approach only after trying to use other approaches and failing to get cooperation from numerous government agancies.)
Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
While the main motive behind the request is likely to gain information on the attackers
I have my doubts about that, after all what's more important, catching these people (who are most likely in non-extradition countries) or protecting the people of this country?
I also have my doubts about the competence of the DHS, HLS, TSA and all the other "security" agencies that have suddenly sprung up after 9/11.
Now stare at your phone and step into traffic...
"If any question why we died, Tell them because our fathers lied."
This is what happens when you treat hacking as warfare and make the military responsible for security.
"A US military spy plane illegally entered Chinese airspace and collided with a Chinese interceptor, killing the Chinese pilot."
Really?
That's not exactly correct. US surveillance aircraft do not violate China's sovereign airspace, but Chinese fighters would routinely harass US aircraft in what China claims as an "exclusive economic zone" in the South China Sea, not recognized by the US, and not considered sovereign airspace. "The PRC interprets the Convention as allowing it to preclude other nations' military operations within this area, while the United States maintains that the Convention grants free navigation for all countries' aircraft and ships, including military aircraft and ships, within a country's exclusive economic zone."
China's fighters routinely buzzed US EP-3's, and if you're actually asserting that an EP-3 is maneuverable enough to cause a collision with a Chinese J-8 fighter, then you are either deluded, or a member of the PRC's 50 Cent Party. The US EP-3 had to enter Chinese airspace in order to conduct an unauthorized emergency landing on Hainan Island, after which NSA's secure operating system was completely compromised by China, with a US Admiral later observing, “It was grim," and a US official responding to a question of whether China could be "that good" by saying, “they only invented gunpowder in the tenth century and built the bomb in 1965. I’d say, ‘Can you read Chinese?’ We don’t even know the Chinese pictograph for ‘Happy hour.’"
So yeah, go ahead and assert that China would somehow be a better global steward of human rights.
Most likely the affected companies told DHS to pound sand. It's in their interest to protect their networks, it's in DHS's interest to catch the purps.
I'm sure it's better to have zero coordination because the slashdot crowd thinks it's a plot to take away their ability to pirate copyrighted content.
Wrong thread, bub.
“He’s not deformed, he’s just drunk!”
I just wonder how the US would react if China sent a bunch of aircraft carriers and started doing reconnaissance flights in the Gulf of Mexico of off the coast of Florida or New York or DC (in International waters).
Do you think the US would just leave them alone?
I don't read your sig. Why are you reading mine?
1. Attackers who are from abroad, or hired by foreign governments, seeking information on how to disrupt/destroy gas distribution networks in USA, in order to destroy USA.
2. Attackers sent by DHS itself, seeking ways to destroy/disrupt gas distribution networks in USA, in order to justify EVEN MORE URGENT FUNDINGS from the congress
Muchas Gracias, Señor Edward Snowden !
Because some of the targeted companies discovered the attacks and alerted the DHS. These reports have been shared with gas companies for months, including details about the phishing emails, the malware processes, and the C&C domains involved.
Have gnu, will travel.
Those people trying to put nukes on meteors aren't real, that was a movie.
I was promised a flying car. Where is my flying car?
there's DOHs!! Ooooh someone's shutting down the generators for cooling. Oh no matter look big lovely donuts. Mmmmm :)
When shit hits the fan get some of these https://youtu.be/pY-GncsZ-UE
Stoll was an individual, with few resources and no authority to require information from anyone. DHS is a large well-funded national agency with serious authority.
They should have left that intrusion alone just long enough to get it traced.
To a Lisp hacker, XML is S-expressions in drag.
ENDANGER GAS PIPELINES
(picture of a dog)
CATCH SOME BORED IDIOT
Contrary to the popular belief, there indeed is no God.
Sure it's dangerous. However, I'm sure the Allies let their own occasional ship get sunk rather than save it and thus reveal that they had cracked the enemies' codes.
You have to look at the bigger picture.
(-1: Post disagrees with my already-settled worldview) is not a valid mod option.
Critical infrastructure is accessible from the public internet. DERP DERP DERP DERP.
@Mindless Drivel: 100% of Twitter posts ever Tweeted.