Slashdot Mirror
Hacking Group Presents 'Long-Standing' Threat To Japan (thestack.com)
An anonymous reader writes: Japanese energy, oil and gas, and transport industries have been among those targeted by a group of cyberattackers focusing its efforts on Japanese critical infrastructure. According to research at Cylance SPEAR, the cyber threat group had previously been targeting U.S. defence agencies but has recently turned its attention to East Asia. While SPEAR does not believe the criminals have yet conducted "destructive or disruptive" attacks, it argues that they have been patiently and persistently spying on a range of Japanese organisations, such as construction companies and financial firms. The researchers have dubbed the campaign Operation Dust Storm, and have identified phishing lures related to current affairs as the attackers' tool of choice. SPEAR noted that the cyberattack group has managed to stay under the radar by registering new domain names, relying heavily on Dynamic DNS, and using a range of customised backdoors – especially a number of second-stage backdoors with hardcoded proxy addresses and credentials. The group also adopted several Android backdoors to support its mobile operations.
Personally, I think lower case punishment will suffice.
Chinese hackers?
'The Prince' by Machiavelli...
Assassins should be used to eliminate such people.
In Japan - Ninjas.
In Russia - Mob Hit Men.
In China - ReEducation specialists.
In Africa - Tribal Hunters.
In the USA - Rednecks, pickups and a bounty....
Please don't use camelCase punishment. I feel sorry for the camels.
Nae king! Nae laird! Nae yurrupiean pressedent! We willna be fooled again!
oops, wrong camel. :)
Screw Japan, I don't work with PHP prostitutes.
"it argues that they have been patiently and persistently spying"
And how do they know this? Do they have tiny drones flying around, watching the hackers sit at their keyboards patiently and persistently spying?
So what about those in power who have been destroying the economy for over 20 years? Abenomics, anyone?
Where's their punishment? Where's the deterrent?
These people are actively plotting against the country and putting many people's lives in danger.
"These people" are probably a state-backed persistent threat, China or NK or (lol) NSA. You won't be given any opportunity to put them in a 'lectric chair or swing 'em til they're dead.
I do not want your cheap brainburning drugs. They are useless for work. And I am a working man today.
In the "new/reimagined/rebooted" Battlestar Galactica TV series, Commander Adama kept key computers on the ship isolated from each other to make it that much harder for the Cylons to take over the ship. As a result, they computers were a lot less useful than on most ships, where the computers worked together. But they were much safer from attack.
It's far past time for the world to adopt this "don't connect key networks to other networks" philosophy for industrial-control computers and other computers where "what could possibly go wrong" includes people dying or significant property damage as a direct result of a computer gone haywire.
This will mean some inconvenience and some major expenses.
For example:
For things like the electrical grid, traffic-control systems, and the like, it means replacing remote-controlled systems with systems that are controlled "on-site" when practical and using dedicated communications channels separate from the Internet and public-switched-telephone-network for remote-control systems when those aren't practical. You will still need to provide backup control facilities and all control channels will need to be encrypted and the physical wires or fiber-optic cables monitored to make attacks even more difficult to pull off and to make it possible to detect when a cable has been physically tampered with. This will be costly but less costly than having the grid go down or all traffic lights in a city go down because of a crook demanding ransom, a terrorist out to cause harm, or a "joker" (as in Batman) out for a laugh at everyone else's expense.
Another more "everyday" example:
The building supervisors in my office will have to turn off the "if you are working late, just dial this extension or go to this internal web site and tell the computer to keep the air conditioning on another 4 hours" feature.
It will have to either replace this with motion sensors or with some physical button I can press that is NOT connected to any network other than the isolated HVAC network.
Either that, or they will need put a very simple "one way firewall" between the phone or computer network and the HVAC network so if I go to a web site and say "I'm working late" the web site takes some physical action - like pushing a physical button or, more likely, turning on an LED or transmitting a specific RF signal - that the HVAC network detects and keeps the air conditioning on for me, just as if I had pushed a button on a wall.
Since the communication is one-way, and since there are no thermostats in the building attached to any network other than the isolated HVAC network, any "outside" attacker (one too far away to aim a heat sensor at the building) would have no way of knowing if his actions had any effect or not (he might ASSUME they worked as advertised, but he wouldn't know for sure). "Blinding the attacker" in this way makes it much more difficult for the attacker to discover bugs in the system, such as:
* Due to a bug that management forgot about long ago, the humidifiers don't work at all during non-business hours, if a bad guy working for the competition can hack into the corporate LAN and use that as a springboard to tell the heating system to keep the heat on throughout the long, cold Thanksgiving weekend, the air will become very dry and the resulting dry air will cause some of the experiments in the science lab to go into safety mode and shut down, which will mean your client will be able to get the big government contract instead of the company that occupies this building.
It's also far past time to make sure key equipment has hardware-based fail-safes that cannot be overwritten or over-ridden by software. We already do this to some degree today (think electrical fuses and circuit breakers) but it should be a key guiding engineering principle for any equipment that could hurt or kill someone or cause significant direct property damage if the software was compromised or for that matter had a non-malicious-but-still-destructive bug in it.
Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
Are we talking about state sponsored hacking by North Korea? Because both the article and the summary make every possible hint except for directly saying it.
Or is this one of those "we don't know, could be China, North Korea, anyone, it's the internet" type of situation?
It's China. Everyone knows it's China. Nobody should be surprised that it is, in fact China. In fact you, should be extremely surprised if it turns out not to be China.
China has been conducting a whole lot of saber rattling as they stretch out their newly found economic and military might. Right now it's a lot of grandstanding and rearranging deck chairs on barren useless islands and petty games involving dumping gravel on coral reefs and pretending that they're islands.
It's mostly a show for their own public and reminding everyone in SE Asia who's an up-and-coming power.. But China will become a real force in the future and they need to practice after all.
This is relevant because since the 80s the US has been encouraging Japan to re-arm and become their own independent force again. Japan will become the second largest military force in the region and is an absolute western ally.
Of course China wants to keep tabs on what's going on. Particularly industry and military-industry developments. It's the very basics of intelligence really.
I prefer the camel toe punishment myself.
I've been very naughty.
Lost at C:>. Found at C.
It's the Chinese
I know the turtle Gamera will save them!
"Japanese energy, oil and gas, and transport industries have been among those targeted by a group of cyberattackers focusing its efforts on Japanese critical infrastructure"
Have the Japanese considered not connecting their critical infrastructure directly to the Internet? Instead of introducing even more surveillance on the civilian population. Purely in the interests of catching the cyber attackers and protecting the critical infrastructure.
--
Cyber attack threat: did you actually use those terms on slashdot?
Sounds like a job for Public Security Section 9.