Slashdot Mirror
Western Energy Companies Under Sabotage Threat
An anonymous reader writes In a post published Monday, Symantec writes that western countries including the U.S., Spain, France, Italy, Germany, Turkey, and Poland are currently the victims of an ongoing cyberespionage campaign. The group behind the operation, called Dragonfly by Symantec, originally targeted aviation and defense companies as early as 2011, but in early 2013, they shifted their focus to energy firms. They use a variety of malware tools, including remote access trojans (RATs) and operate during Eastern European business hours. Symantec compares them to Stuxnet except that "Dragonfly appears to have a much broader focus with espionage and persistent access as its current objective with sabotage as an optional capability if required."
I read The group behind the operation, called Dragonfly by Symantec as that Symantec had a group called Dragonfly, and they were performing the espionage.
And my thought processes didn't toss that out as being unreasonable.
I am Slashdot. Are you Slashdot as well?
Practically speaking, if you don't secure your network like you're under attack at all times, what the hell are they paying you for?
"...the group mostly worked between Monday and Friday, with activity mainly concentrated in a nine-hour period that corresponded to a 9am to 6pm working day in the UTC +4 time zone."
Which government has working days like that? Is it the Russians?
All rites reversed 2010
For crying out loud, there's an easy solution to the software security problem: just use OpenBSD!
OpenBSD has been designed and built from the ground up to be nearly impervious to malicious intent. It may not be 100% perfect, but it's about as damn close as you're ever going to get.
It isn't just secure, but it gives you a very capable UNIX-like environment, too! That's what's so great about it. You get great security, without having to resort to using a stupidly limited environment.
OpenBSD is where it's at if you give a damn about security.
I would have thought some of these should be airgapped for security reasons by design? Is it so hard to go to work these days that you have to hook it up to the outside?
People no longer have an expectation of privacy, according to Mark Zuckerberg.
Corporations are people, according to recent laws.
Ergo please stop whining, what goes around comes around, much like an enrichment centrifuge PLC : ).
"Kill 'em all and let Root sort 'em out"
Oh wait.
There is an obvious solution
Korma: Good
airgaps aren't foolproof. You can do an acoustic analysis of the sounds of the keystrokes used to authenticate to the gapped machine. It's not quite as easy as it being linked to the public network without a gap, but it's not secure in and of itself.
More probably Russia. The first rule of superpowers- spy on everyone, all the time. Presumably they had to do this themselves because the NSA doesn't bother spying on them (and Russia would certainly have backdoored the NSA's computers and data collection streams).
America patented this handy attack vector during the cold war. the CIA once destroyed a gas pipeline in 1982 by hacking malicious controls software into a system purchased by them from canada.The pipeline software that was to run the pumps, turbines and valves was programmed to go haywire, to reset pump speeds and valve settings to produce pressures far beyond those acceptable to the pipeline joints and welds.
Again, the US did this in 2010 in collusion with Israeli Mossad, who were at the time busy with bomb attacks against key nuclear scientists in Iran. Stuxnet was meant to sabotage the uranium enrichment facility at Natanz. The worm worked by first causing an infected Iranian IR-1 centrifuge to increase from its normal operating speed of 1,064 hertz to 1,410 hertz, causing repeated stress and ultimately failure.
now the cows have come home. America is finding itself on the receiving end of increasingly sophisticated attacks against its 60 year old reactors and control systems by proxy. smaller western nations use the same GE technology and concepts while arguably being 'under the radar' enough to avoid major investigation into penetrations that would result in increased security of these systems by the US, or so i suspect the prevailing theory would be. It is no longer a matter of if, but when we as a country will take a seat for one of our famous 'teachable moments'
Good people go to bed earlier.
It's Russia because
- UTC+4 is one time-zone east of moscow;
- it shifted to energy supplying firms with the beginning of the crisis in Ukraine (where Russia's gas delivieries are considered as the its only trump)
- it's either Russia or China in general
I work for a "western energy company."
We have dozens of sites, and a half dozen huge ones as they're power stations.
We have 3 network techs and 2 security people that are constantly traveling hundreds of miles to reach them all. But somehow we have 5 Sharepoint people... (God I hate management)
...needs work. This group is trying to commit sabotage and we give them a glamorous name like "Dragonfly"? These are the bad guys. What's wrong with names like "Stink Bug", "Sewer Rat", "Cockroach", or "Maggot"? If we are going to name these groups let's try not to make them sound like an elite group of super spies.
you know it's working by the buzz your production machinery makes on the other side of the office wall. well, almost more or a roar....
if this is supposed to be a new economy, how come they still want my old fashioned money?
Hmmm... Did anyone just say why don't we use this opportunity of reliance upon centralized power and the weakness thereof to get rid of the energy cartels and rely on decentralized power instead, thus making our nations stronger, more independent and resilient to both attacks and natural disasters ? Just food for thought on a day that Solar Power just got greener and not to mention cheaper http://www.geek.com/science/se... The fact that power companies are being "attacked" is old news - The right path to take in the light of these "attacks" is one of energy self reliance. That means "self powering" each building and furthermore securing such installations from infograbbing / controlling entities looking out for their own profits with no real concern for your needs or finances.
MS, ALS, Aphasia ? http://globability.org - Me http://einarpetersen.com
The problem is often that the operating manuals reside on the "back-office" side of the electric company. Even if the control system can't be accessed directly, the operator is fooled to click a link while using the control system, leading to a transfer of a malicious payload previously inserted into the back-office network. The operating procedures and the systems are fundamentally broken (essential components at the wrong side of the network) and humans are at fault.
... about the ones Symantec doesn't know about. :)
Also, I don't remember Symantec doing anything useful since like, forever. I remember them for purchasing Norton Utilities and turning them into a bloated mess. Should we trust them on this, or is their marketing department manufacturing a threat?
I apologize for the lack of a signature.
When I worked for a major defense contractor we had an employee that would occasionally sabotage projects we were working on. Really obvious stuff like going into labs and unhooking a bunch of stuff before demos and drilling holes in the circuit cards. It was obvious who it was because he was notorious for hopping around project teams and never really doing any work but didn't happen often enough that it looked like somebody just running around breaking stuff. At one point we had to go to security but they pretty much told us to get evidence that it was happening. They said if we didn't physically see it happening there was nothing that we or they could do. He just happened to be the only person that actively spoke arabic on the phone during work hours, and we all knew whatever project he joined would 1) not have what he was assigned to done ever and another engineer would need to hero it through or 2) the things other people did would routinely "break". We knew that this would be a huge discrimination issue for us engineers with super corporate HR people so we dealt with it because we were ultimately powerless.
Are we not worthy of even a tiny mention at the footnote? I feel like I live somewhere that has no influence on the global stage any more. That can't be right. Oh, wait ..
So the bad, bad, bad Russkies are the new BOGEYMAN.
But only if you eat their spam. Otherwise, it is a country which just does not submit itself to Banksters International - the folks who work hard to screw up YOUR life.
It never occurred to any of you to set up some spycams when he moved to a new project? You don't even need to buy overt cams, http://www.lavrsen.dk/foswiki/bin/view/Motion/WebHome will make every webcam that happens to have a view of the lab do the job.
autoplay.
NSA operations are spelt with capitals.
Oh, you mean western countries including the U.S., Spain, France, Italy, Germany, Turkey, and Poland are currently the victims of an ongoing cyberespionage campaign, launched by somebody apart from the NSA as well?
"The more prohibitions there are, The poorer the people will be" -- Lao Tse