‘Anonymous’ Threat – Take down the whole internet!

From WebProNews

Anonymous just keeps on making grander threats, but they have finally made the greatest threat possible – shutting down the entire Internet.

In a pastebin post that we won’t link to for obvious reasons, a member of Anonymous posted a document called “Operation Global Blackout.” You may remember #OpGlobalBlackout from a previous Anonymous video that promised the take down of major Web sites, but this threat is a lot bigger.

Anonymous claims that they are going to take down the 13 root DNS servers that power the entirety of the Internet on March 31. They even list the IP addresses for the 13 servers to let other members join in on the attack.

They say that by cutting off these DNS servers, they will essentially disable the HTTP Internet. Anybody looking up something as simple as http://www.google.com will be met with an error page. They want to remind citizens, however, that they are not trying to kill the Internet, they just want to hit where it hurts most.

They outline the new tool that will be used to accomplish this goal. It’s called the Reflective DNS Amplification Tool. It will attack the root servers with static IP addresses that will allow them to keep on attacking the servers while the Internet is down.

They end the post with these words:

We know you wont’ listen. We know you won’t change. We know it’s because
you don’t want to. We know it’s because you like it how it is. You bullied us into your delusion. We have seen you brutalize harmless old womans who were protesting for peace. We do not forget because we know you will only use that to start again. We know your true face. We know you will never stop. Neither are we. We know.

We are Anonymous.
We are Legion.
We do not Forgive.
We do not Forget.
You know who you are, Expect us.

It’s hard to really tell if this is a true threat due to the decentralized nature of Anonymous. It could just be a baseless threat. We’ve reached out to one of the few confirmed Anonymous sources for comment, but have yet to hear back. If we do, we will update this story.

Sykipot Trojan – Accesses DoD

Editor’s Note – No need to knock. No need for identification. No need to be in uniform. Just swipe your security card through the reader and you’re in, in any government building, any military building, and on any highly secure location. How does this happen? HACKERS

Feeling safe?

US military access cards cracked by Chinese hackers

Access to buildings and intranets harvested by super-spy Trojan

By John Leyden

The Register – UK

A new strain of the Sykipot Trojan is been used to compromise the Department of Defense-sanctioned smart cards used to authorise network and building access at many US government agencies, according to security researchers.

Smart cards are a standard means of granting active duty military staff, selected reserve personnel, civilian employees and eligible contractors access to intranets at US Army, Navy and the Air Force facilities. They can be used to get into buildings or, when used in conjunction with a static password, to access networks.

Chinese hackers have adapted the Sykipot Trojan to lift card credentials from compromised systems in order to access classified military networks, according to researchers at security tools firm AlienVault. An adapted version of the Trojan targets PCs attached to smart card readers running ActivClient, the client application of ActivIdentity, in what’s been described as a ‘smart card proxy’ attack.

The Sykipot Trojan was first created three years ago and featured in a number of industrial espionage-style attacks. Researchers at AlienVault captured an adapted version of the malware – specifically designed to circumvent authentication technology supplied by ActivIdentity – in a honeypot around two weeks ago. Subsequent analysis suggests that hackers added a smart card module to existing malware around March 2011.

The development of super-spy software

AlienVault reckons the new strain of Sykipot Trojan was developed by the same Chinese authors that created earlier versions of the malware, first seen around three years ago. Previous builds of the Trojan were promoted by spammed messages that posed as information about the next-generation of US Air Force drones. In reality the message pointed at drive-by-download sites that featured the Sykipot Trojan as a payload and took advantage of various IE and Adobe Reader security flaws, as explained in more detail here.

The malware featured in targeted attacks against aerospace technology firms, among others, that were ultimately designed to extract commercially sensitive information from compromised systems.

The latest run of attacks also features spear phishing emails that attempt to trick marks into clicking on a link that deposits the Sykipot malware onto their machines. This time around the malware uses a key-logger to steal PINs associated with smart cards. Once attackers have authentication codes and associated PINs they gain the same level of trusted access to sensitive networks as the user whose credentials they have stolen.

The cyber-criminals behind the attack are using a version of Sykipot first baked in March 2011 that has featured in dozens of attacks since, according to AlienVault.

Jaime Blasco, AlienVault’s lab manager, told El Reg that Chinese messages in embedded code, the use of command and control servers in China as well as the use of exclusive use of the software in China all provide evidence that Chinese hackers are ultimately behind the attack. Blasco added that the use of dynamic tokens that offer two-factor authentication would thwart this particular line of attack.

AlienVault supplies security event logging technology and does not compete with ActivIdentity. Blasco said it had not supplied either ActivIdentity nor the DoD with malware samples or notification of its research, which was first publicised via an article in the New York Times on Thursday. ActivIdentity’s smart cards are standard issue at the DoD and a number of other US government agencies. Other users include Monsanto, BNP Paribas and Air France, the NYT adds.

In response to AlienVault’s research, ActivIdentity said in a statement: “We are aware of the recent reports that purportedly identified a new attack method that could hijack smart card-based certificates.

“We take these reports very seriously and are working diligently to investigate the potential threat. At this time, we are confident that the purported threat poses no immediate risk to our customers.”

Infrastructure Open to Attacks by Hackers

Editor’s Note – It has come to the attention of DHS and the FBI that two separate consumer and business water systems have come under attack by hackers on the payroll of Russia. Both agencies are not releasing any formal alert on these events as no one knows exactly what happened or how to handle it, but be sure, there was hacking going on. This cyber assault was either by a virus or a worm in the software or of the telecom connectivity to SCADA. The result is pumping systems are failing and we deserve to know the real condition and threat. SUA has posted so much about Cyber-threats that is actually getting tiresome, but it is tantamount to understand who the hackers are, what they are doing, who is paying them, what the end-game is, and where our government is on safety and protection.

Second water utility reportedly hit by hack attack

Proof-of-concept intrusion

By Dan Goodin

Images posted online suggest that hackers may have gained unauthorized access to computers controlling a second water treatment facility, a claim that raises additional concerns about of the security of the US’s critical infrastructure.

City of South Houston Web Site Screen Shot

Five computer screenshots posted early Friday purport to show the user interface used to monitor and control equipment at the Water and Sewer Department for the City of South Houston, Texas. They were posted by someone calling himself pr0f to counter comments included in a Register article posted on Thursday in which a US Department of Homeland Security spokesman responded to reports of an attack on a separate water plant by saying there was no “credible corroborated data” indicating critical infrastructure was at risk.

Check out the vivid screen shots from the city of South Houston at these links:

“I dislike, immensely, how the DHS tend to downplay how absolutely FUCKED the state of national infrastructure is,” the post stated. “I’ve also seen various people doubt the possibility an attack like this could be done.”

pr0f went on to post what he claims is proof that internet-connected computers controlling other industrial equipment are easily accessible to unauthorized parties. The five pictures show what appears to be the HMI, or human machine interface, controlling highly sensitive equipment used by South Houston’s Water and Sewer personnel. One interface depicts an apparatus for monitoring and controlling the city’s waste-water treatment plant, including a power generator and what appear to be “blowers”, which control air flow.

The Register was unable to confirm claims that the images were obtained through the unauthorized access of the system. City officials have yet to confirm or deny pr0f’s claims, and representatives with DHS didn’t respond to an email seeking comment. The possibility that screen captures of the city’s industrial control systems were made by authorized employees for training or other purposes and later obtained by pr0f can’t be ruled out.

The posting comes a day after industrial control systems security expert Joe Weiss disclosed contents of a November 10 report from the Illinois Statewide Terrorism and Intelligence Center. It claimed that attackers destroyed a pump belonging to a regional water utility in that state by hackers who gained access to supervisory control and data acquisition systems that manage the utility’s machinery. That report remains unconfirmed, although the DHS spokesman said officials from his agency and the FBI are investigating.

While the events over the past two days have yet to be verified, there’s no denying that huge amounts of machinery used in gas refineries, power plants, and other industrial facilities are controlled by computers that are connected to the internet. This raises the specter of core parts of the nation’s infrastructure being taken over and sabotaged if hackers figure out ways to bypass their security controls. Officials are frequently aware of the risks, but financial constraints and personnel matters often trump those concerns.

“For folks with less resources available and tighter budgets, (there’s) web-based remote access,” said Michael Assante, a SCADA security expert and president of the National Board of Information Security Examiners, a nonprofit focused on security workforce training. Having controls available over the internet means many cash-strapped agencies don’t have to have dedicated SCADA engineers on premises around the clock, he explained. “They’re trying to use the technology to maximize the resources they have available to them.”

DHS says Cyber attacks are rising on industry and utilities

Editor’s Note – Not much is printed or taken seriously about cyber threats to America but, it should be known, just how fragile our way of life actually is as virtually every part of our infrastructure is tied to the Internet as are most communications and the military. For this reason, the DHS publishes a weekly events summary listing security breaches that requires our attention. The month of October is dedicated to the study of all segments of the internet and recommendations are made to keep some order and protection walls from cyber threats.

DHS – Report for September 30, 2011

The world banking system, corporations, power grid, and water systems, as well as most of our industries are tied to Internet communications. With the ubiquitous viruses, worms and malware, the Idaho National Laboratory for example is armed with cyber experts that are dedicated to responding and assisting to minimize and stop cyber interference.

Watch the video below, then please read the article from Fox News:

Utilities and Industries Face Rising Number of Cyber Break-Ins, DHS Says

From Fox News

U.S. utilities and industries face a rising number of cyber break-ins by attackers using more sophisticated methods, a senior Homeland Security Department official said during the government’s first media tour of secretive defense labs intended to protect the U.S. power grid, water systems and other vulnerable infrastructure.

Acting DHS Deputy Undersecretary Greg Schaffer told reporters Thursday that the world’s utilities and industries increasingly are becoming vulnerable as they wire their industrial machinery to the Internet.

“We are connecting equipment that has never been connected before to these global networks,” Schaffer said. Disgruntled employees, hackers and perhaps foreign governments “are knocking on the doors of these systems, and there have been intrusions.”

According to the DHS, Control System Security Program cyber experts based at the Idaho National Laboratory responded to 116 requests for assistance in 2010, and 342 so far this year.

Department officials declined to give details about emergency response team deployments, citing confidentiality agreements with the companies involved. Under current law, the reporting of cyber attacks by private organizations is strictly voluntary.

The Obama administration has proposed making reporting mandatory, but the White House could find the idea difficult to sell at a time when Republicans complain about increased regulation of business.

Officials said they knew of only one recent criminal conviction for corrupting industrial control systems, that of a former security guard at a Dallas hospital whose hacking of hospital computers wound up shutting down the air conditioning system. The former guard was sentenced to 110 months in prison in March.

The Homeland Security Department’s control system program includes the emergency response team, a Cyber Analysis Center where systems are tested for vulnerabilities, a malware laboratory for analyzing cyber threats and a classified “watch and warning center” where data about threats are assessed and shared with other cyber security and intelligence offices.

The offices are located at nondescript office buildings scattered around Idaho Falls. No signs announce their presence.

Marty Edwards, chief of the control system security effort, said the malware lab analyzed the Stuxnet virus that attacked the Iranian uranium enrichment facility in Natanz last year. He did not describe the group’s findings in detail, except to say that they confirmed that it was “very sophisticated.”

Edwards said that several years ago he had asked the German company Siemens to study the same kind of industrial controllers used at Natanz for vulnerabilities to attack, because they were so widely used in industry.

But he said the study was not part of any effort to target the controllers with malware, and said his program’s work on the controllers could not have helped Stuxnet’s designers.

A senior Homeland Security cyber official, who spoke on condition of anonymity because of the sensitivity of the topic, said the Stuxnet worm exploited well-known design flaws common to many system controllers, vulnerabilities that in general can’t be patched.

Many independent experts and former government officials suspect that Stuxnet was created by the United States, perhaps with the help of IsraelBritain and Germany.

The U.S. and other nations believe Iran is building a nuclear weapons program, but Tehran insists it is interested only in the peaceful uses of nuclear technology.

While U.S. officials talk frequently about the threat of cyber attacks to America, they seldom discuss the country’s offensive cyber weapons capability. The U.S. is thought to be the world’s leader in cyber warfare, both defensive and offensive.

U.S. officials and others long have feared that future wars will include cyber assaults on the industries and economies of adversaries, and the potential targets include power plants, pipelines and air traffic control systems.

Foreign nations could also target military control systems, including those used for communications, radar and advanced weaponry.

Because of its advanced industrial base and large number of computer controlled machines connected to the Internet, the U.S. is thought to be highly vulnerable to a cyber attack on its infrastructure.

In a 2007 test at the Idaho National Laboratory, government hackers were able to break into the control system running a large diesel generator, causing it to self-destruct.

A video of the test, called Aurora, still posted on YouTube, shows parts flying off the generator as it shakes, shudders and finally halts in a cloud of smoke.

James Lewis, a former State Department official now with the Center for Strategic and International Studies in Washington, said in an interview that the Aurora test ushered in a new era of electronic warfare.

Before the test, he said, the notion of cyber warfare “was mainly smoke and mirrors. But the Aurora tests showed that, you know what? We have a new kind of weapon.”

Homeland Security officials said they have not conducted such a test on that scale since. But they demonstrated Thursday how a hacker could tunnel under firewalls in computer systems to take command of industrial processes.

“All systems deployed have vulnerabilities,” Edwards said.