Slashdot Mirror

← Back to Stories (view on slashdot.org)

DHS Asked Gas Pipeline Firms To Let Attackers Lurk Inside Networks

Posted by Soulskill on from the what-could-possibly-go-wrong dept.

wiredmikey writes "According to reports, which were confirmed Friday by ICS-CERT (PDF), there has been an active cyber attack campaign targeting the natural gas industry. However, it's the advice from the DHS that should raise some red flags. 'There are several intriguing and unusual aspects of the attacks and the U.S. response to them not described in Friday's public notice,' Mark Clayton wrote. 'One is the greater level of detail in these alerts than in past alerts. Another is the unusual if not unprecedented request to leave the cyber spies alone for a little while.' According to the source, the companies were 'specifically requested in a March 29 alert not to take action to remove the cyber spies if discovered on their networks, but to instead allow them to persist as long as company operations did not appear to be endangered.' While the main motive behind the request is likely to gain information on the attackers, letting them stay close to critical systems is dangerous. The problem lies in the complexities of our critical infrastructures and the many highly specialized embedded systems that comprise them."

20 of 114 comments (clear)

  1. NEWSFLASH: by CanHasDIY · · Score: 5, Funny

    DHS Actually Just Another Terrorist Organization; Few Surprised by Revelation

    --
    An enigma, wrapped in a riddle, shrouded in bacon and cheese
    1. Re:NEWSFLASH: by Dyinobal · · Score: 4, Funny

      They should just rename it "Department of lets see if we can get more funding" Because in reality that is all they are trying to do. DOLSIWCGMF

  2. And who were the attackers? by Anonymous Coward · · Score: 3, Insightful

    The conspiracy theorist in me says DHS.

    1. Re:And who were the attackers? by daveschroeder · · Score: 5, Informative

      Yes, it couldn't possibly be adversaries, and people want to do harm to the United States, in an environment where people like you firmly believe that everything must be a "false flag" operation designed to somehow take away your rights.

      ...

      Or, it could be this:

      Capability of the People’s Republic of China to Conduct Cyber Warfare and Computer Network Exploitation
      http://www.uscc.gov/researchpapers/2009/NorthropGrumman_PRC_Cyber_Paper_FINAL_Approved%20Report_16Oct2009.pdf

      Occupying the Information High Ground: Chinese Capabilities for Computer Network Operations and Cyber Espionage
      http://www.uscc.gov/RFP/2012/USCC%20Report_Chinese_CapabilitiesforComputer_NetworkOperationsandCyberEspionage.pdf

      How China Steals Our Secrets
      http://www.nytimes.com/2012/04/03/opinion/how-china-steals-our-secrets.html

      China's Cyber Thievery Is National Policy—And Must Be Challenged
      http://online.wsj.com/article_email/SB10001424052970203718504577178832338032176-lMyQjAxMTAyMDAwOTEwNDkyWj.html

      FBI Traces Trail of Spy Ring to China
      http://online.wsj.com/article_email/SB10001424052970203961204577266892884130620-lMyQjAxMTAyMDAwNzEwNDcyWj.html

      NSA: China is Destroying U.S. Economy Via Security Hacks
      http://www.dailytech.com/NSA+China+is+Destroying+US+Economy+Via+Security+Hacks/article24328.htm

      Chinese Espionage Campaign Targets U.S. Space Technology
      http://www.businessweek.com/news/2012-04-18/chinese-espionage-campaign-targets-u-dot-s-dot-space-technology

      Report: Hackers Seized Control of Computers in NASA’s Jet Propulsion Lab
      http://www.wired.com/threatlevel/2012/03/jet-propulsion-lab-hacked/
      http://oig.nasa.gov/congressional/FINAL_written_statement_for_%20IT_%20hearing_February_26_edit_v2.pdf

      Chinese hackers took control of NASA satellite for 11 minutes
      http://www.geek.com/articles/geek-pick/chinese-hackers-took-control-of-nasa-satellite-for-11-minutes-20111119/

      Chinese hackers suspected of interfering with US satellites
      http://www.guardian.co.uk/technology/2011/oct/27/chinese-hacking-us-satellites-suspected

      Former cybersecurity czar: Every major U.S. company has been hacked by China
      http://www.itworld.com/security/262616/former-cybersecurity-czar-every-major-us-company-has-been-hacked-china

      China Attacked Internet Security Company RSA, Cyber Commander Tells SASC
      http://defense.aol.com/2012/03/27/china-attacked-internet-security-company-rsa-cyber-commander-te/

      Chinese Counterfeit Parts Keep Flowing

    2. Re:And who were the attackers? by moortak · · Score: 3, Insightful

      Yeah, but China and Iran aren't the ones saying to let the attackers hang out for a while.

      --
      Xavier Rabourdin for president 2012
    3. Re:And who were the attackers? by cpu6502 · · Score: 2, Insightful

      The odds of death by terrorist are lower than death by a spacerock falling from the sky & hitting you on the head. Stop being afraid of unlikely events.

      --
      My AC stalker: " I personally agree with your posts most of the time, but that won't keep me from modding you troll"
    4. Re:And who were the attackers? by shmlco · · Score: 3, Insightful

      "According to reports, which were confirmed Friday by ICS-CERT, an active Phishing campaign is responsible for the U.S. Department of Homeland Security (DHS) issuing three warnings since the end of March that the natural gas industry has been under ongoing cyber attack."

      A phishing campaign. Because companies shouldn't already be protecting against these.

      More, "The specter of a cyber attack against critical infrastructure is a reality, but not because the DHS is guarding the Internet, but because the networks running the critical infrastructure are so poorly protected. It’s gotten to the point that simple Phishing attacks, things that proper email protection and awareness training cover, rate three separate warnings and alerts."

      So it's obvious we need widespread and over encompassing legislation like CISPA that bypasses any and all existing laws and regulations regarding privacy, and that grants the NSA a legal mandate and access to any and all information collected... to protect against phishing attacks.

      More: http://www.isights.org/2012/04/cispa-is-not-about-copyright-its-about-your-privacy-on-the-internet.html

      --
      Any sect, cult, or religion will legislate its creed into law if it acquires the political power to do so.
    5. Re:And who were the attackers? by ArcherB · · Score: 3, Informative

      The odds of death by terrorist are lower than death by a spacerock falling from the sky & hitting you on the head. Stop being afraid of unlikely events.

      Source? Well over 3000 people have been killed by terrorists since 2000. How many have been killed by falling space rock?

      --
      There is no "I disagree" mod for a reason. Flamebait, Troll, and Overrated are not substitutes.
    6. Re:And who were the attackers? by another_twilight · · Score: 2

      I have a tiger-repelling rock you may be interested in ...

    7. Re:And who were the attackers? by CubicleView · · Score: 2
      Zero as far as I'm aware. The parent is definitely incorrect because of the requirement for the meteorite to hit you on the head.

      When you don't specify a time span, or the direct cause of death it gets more complicated. I've read a lot of conflicting numbers, but on a given day a person might easily be more at risk from terrorist attack, since there may be more data available to support that possibility. In the future the reverse could be true since we likely will have the means to know with certainty if there is risk from an asteroid in the near future. Over a hundred years and assuming no future ability to deflect asteroids, the risk is widely reported to be at least in excess of 1 in 200,000 for asteroid impact and 1/1300 for terrorist attack. I imagine the terrorist attack figure could be lowered or raised significantly using specific data on the person, place of work, place of birth etc.

  3. Headline by girlintraining · · Score: 4, Funny

    Realworld equivalent: "Terrorist shows up at airport with bomb strapped to chest. Security waves him through, asks only that he not threaten anyone prior to detonation."

    --
    #fuckbeta #iamslashdot #dicemustdie
    1. Re:Headline by Anonymous Coward · · Score: 3, Insightful

      And then when something bad happens they'll blame it on incompetence and say they need better tools to prevent attacks like this and roll out the next round of cyber laws they have sitting in the drawer targeted at domestic citizens.

    2. Re:Headline by rtfa-troll · · Score: 3, Insightful

      No; real world equivalent; there are a bunch of possible terrorists wandering around the airport carrying things that look like bombs but you don't know if they really are or how they are triggered. Your visiting security experts have identified a few of them but you know there are many more. You quickly work out that the terrorists can go in and out of the building at will completely bypassing the security gate and have been doing so for weeks on end, but you don't know how. You tell the guy in charge of the security thugs at the door not to alert the terrorists until you have time to get back up and hopefully wait for a quieter gap between flight arrivals.

      --
      =~ s,(.*),<sarcasm>$1</sarcasm>,g if any_point_you_wish();
  4. Wrong reason? by DanTheStone · · Score: 3, Interesting

    I wouldn't necessarily suspect that they were told to leave them alone to gather information. Perhaps it's pessimistic, but I read it "... so that we can use them to excuse passing CYBERWAR legislation like CISPA".

    1. Re:Wrong reason? by McMuffin+Man · · Score: 5, Insightful

      Not reacting immediately to advanced, targeted intruders is standard tactics, and recommended by most experts in the field. This is news to Slashdot because folks here usually only deal with mass criminal attacks, which are a different beast entirely.

      This isn't a DHS conspiracy, not even one for new funding. It's just the government advocating reasonable measure even though I'm sure they knew they'd get pilloried for it. I rarely respect the DHS, but in this case I may make an exception.

  5. does actually make some sense by v1 · · Score: 3, Insightful

    If you think about it, this could provide more information on your opponents. Though it is a bit of a gamble - can you get valuable information without too much risk? Or, is it worth the risk?

    Think about the whole process of infiltration. Once you get your foot in the door you start gathering information and testing the waters to see what you can do. If you don't think you've been discovered, but you have, then the defenders have some good opportunities. They can feed you false intelligence, make you think you are burrowing into an important control system that's actually a honeypot, give them a false sense of accomplishing their goal, waste their time and resources. Done properly, this is very useful counter-intelligence.

    Fooling the other guy is valuable. Tricking the other guy into thinking he's fooled you can be even more valuable. I think that's the core of what this is about. But as I said before, it's a risk, and could get out of control.

    --
    I work for the Department of Redundancy Department.
  6. Cuckoo or not? by Zero__Kelvin · · Score: 2

    I am not a DHS apologist, but this is exactly the same approach Clifford Stoll used to catch Markus Hess, and Stoll is no dummy. You can read about it in The Cuckoos Egg (Ironic Caveat: Stoll took this approach only after trying to use other approaches and failing to get cooperation from numerous government agancies.)

    --
    Guns don't kill people; Physics kills people! - John Lithgow as Dick Solomon on Third Rock From The Sun
  7. Re:"Hainan Island Incident" by daveschroeder · · Score: 3, Insightful

    "A US military spy plane illegally entered Chinese airspace and collided with a Chinese interceptor, killing the Chinese pilot."

    Really?

    That's not exactly correct. US surveillance aircraft do not violate China's sovereign airspace, but Chinese fighters would routinely harass US aircraft in what China claims as an "exclusive economic zone" in the South China Sea, not recognized by the US, and not considered sovereign airspace. "The PRC interprets the Convention as allowing it to preclude other nations' military operations within this area, while the United States maintains that the Convention grants free navigation for all countries' aircraft and ships, including military aircraft and ships, within a country's exclusive economic zone."

    China's fighters routinely buzzed US EP-3's, and if you're actually asserting that an EP-3 is maneuverable enough to cause a collision with a Chinese J-8 fighter, then you are either deluded, or a member of the PRC's 50 Cent Party. The US EP-3 had to enter Chinese airspace in order to conduct an unauthorized emergency landing on Hainan Island, after which NSA's secure operating system was completely compromised by China, with a US Admiral later observing, “It was grim," and a US official responding to a question of whether China could be "that good" by saying, “they only invented gunpowder in the tenth century and built the bomb in 1965. I’d say, ‘Can you read Chinese?’ We don’t even know the Chinese pictograph for ‘Happy hour.’"

    So yeah, go ahead and assert that China would somehow be a better global steward of human rights.

  8. Re:"Hainan Island Incident" by mspohr · · Score: 2

    I just wonder how the US would react if China sent a bunch of aircraft carriers and started doing reconnaissance flights in the Gulf of Mexico of off the coast of Florida or New York or DC (in International waters).
    Do you think the US would just leave them alone?

    --
    I don't read your sig. Why are you reading mine?
  9. Re:hmmm.. what I find interesting.. by CowTipperGore · · Score: 2

    Because some of the targeted companies discovered the attacks and alerted the DHS. These reports have been shared with gas companies for months, including details about the phishing emails, the malware processes, and the C&C domains involved.