Network Vulnerabilities Continue to Worry Security Experts

Irrational’ hackers are growing U.S. security fear

Reuters

Article Courtesy of:  Jim Finkle | Reuters

(Reuters) – Cybersecurity researcher HD Moore discovered he could use the Internet to access the controls of some 30 pipeline sensors around the country that were not password protected.

Homeland Security - Investigative Database

A hacking expert who helps companies uncover network vulnerabilities, Moore said he found the sensors last month while analyzing information in huge, publicly available databases of Internet-connected devices.

“We know that systems are exposed and vulnerable. We don’t know what the impact would be if somebody actually tried to exploit them,” said Moore, chief research officer at the security firm Rapid7.

U.S. national security experts used to take comfort in the belief that “rational” super powers like China or Russia were their main adversaries in cyber space. These countries may have the ability to destroy critical U.S. infrastructure with the click of a mouse, but they are unlikely to do so, in part because they fear Washington would retaliate.

Now, concerns are growing that “irrational” cyber actors – such as extremist groups, rogue nations or hacker activists – are infiltrating U.S. systems to hunt for security gaps like the one uncovered by Moore.

These adversaries may not be as resourceful, but like Timothy McVeigh’s bombing of an Oklahoma federal building in 1995, it is the element of surprise that is as concerning.

DHS Secretary Michael ChertoffPhoto by Greg Henshall / FEMA

Former DHS Secretary Michael Chertoff – Photo by Greg Henshall / FEMA

Former U.S. Homeland Security Secretary Michael Chertoff said he was worried the first destructive cyber attack on U.S. soil might resemble the Boston Marathon bombings in the sense that the suspects were not on the government’s radar.

“You are going to get relatively modest-scale, impact attacks from all kinds of folks – hactivists, criminals, whatever,” Chertoff said at the Reuters Cybersecurity Summit last week. “Are they going to take down critical infrastructure? They might.”

Emerging cyber actors that security experts say they are most concerned about include Iran, believed to be behind the ongoing assaults on U.S. banking websites, as well as a devastating attack on some 30,000 PCs at Saudi Arabia’s national oil company last year.

North Korea is also quickly gaining cyber skills, experts say, after hackers took down three South Korean broadcasters and two major banks in March.

Another emerging actor is the Syrian Electronic Army, an activist group that has claimed responsibility for hacking the Twitter accounts of major Western media outlets, such as the Associated Press last month, when its hackers sent a fake tweet about explosions at the White House that briefly sent U.S. stocks plunging.

UNRELENTING ATTACKS

The U.S. power grid is the target of daily attempted cyber attacks, according to a report by California Representative Henry Waxman and Massachusetts Representative Ed Markey released at the House Energy and Commerce Committee’s cybersecurity hearing on Tuesday.

More than a dozen utilities report daily, constant or frequent attempted attacks, ranging from unfriendly probes to malware infection, according to the report. (To read the report, see http://r.reuters.com/sej38t)

Gerry Cauley, chief executive of the North American Electric Reliability Corp, told the Reuters Cybersecurity Summit that computer viruses have been found in the power grid that could be used to deliver malicious software to damage plants. NERC is a non-profit agency that oversees and ensures the reliability of bulk power system in the region.

Experts say that with so many unknown hackers trying to infiltrate U.S. industrial control systems, they fear someone somewhere – perhaps even an amateur – will intentionally or unintentionally cause damage to power generators, chemical plants, dams or other critical infrastructure.  “Even if you don’t know how things actually work, you can still wreak havoc by crashing a device,” said Ruben Santamarta, a senior security consultant with IOActive. “Probably in the near future we may face an incident of this type, where the attackers will not even know what they are doing.”

Santamarta has identified hundreds of Internet-facing control systems — on the grid, at water treatment facilities and heating and ventilation systems for buildings including hospitals. He has also uncovered bugs built into industrial control equipment.

The Department of Homeland Security’s Industrial Control Systems Cyber Emergency Response Team, known as ICS-CERT, last week warned of a flaw that Santamarta found in equipment from Germany’s TURCK, which is used by manufacturers and agriculture firms in the United States, Europe and Asia.

The agency said attackers with “low” hacking skills could exploit the flaw, letting them remotely halt industrial processes. It advised customers to install a patch that would protect them against such attacks.

Director of National Intelligence James Clapper told a Senate committee in March that “less advanced, but highly motivated actors” could access some poorly protected control systems. They might cause “significant” damage, he warned, due to unexpected system configurations, mistakes and spillovers that could occur between nodes in networks.

For the Complete Article:  CLICK HERE

Reuters

Big Data & the Boston Marathon Probe

Extracting Key Investigative Data from the “Noise”

Over Ten Terabytes of Data did not overwhelm federal, local and state investigators.  

What follows is a fascinating story involving advanced data access, tracking and retrieval technologies. 

FCW - The Business of Federal Technology

Boston probe’s big data use hints at the future

By Frank Konkel – Article Courtesy of:  FCW

The One Fund Boston

Donate to “The One Fund Boston 2013

Less than 24 hours after two explosions killed three people and injured dozens more at the April 15 Boston Marathon, the Federal Bureau of Investigation had compiled 10 terabytes of data in hopes of finding needles in haystacks of information that might lead to the suspects.

The tensest part of the ongoing investigation – the death of one suspect and the capture of the second – concluded four days later in part because the FBI-led investigation analyzed mountains of cell phone tower call logs, text messages, social media data, photographs and video surveillance footage to quickly pinpoint the suspects.

A big assist in this investigation goes the public, which presented perhaps the best illustration of a crowd-sourced investigation in recent memory.

Not only did the public respond to the FBI’s request for information – the agency ultimately received several thousand tips and loads of additional photographs and video footage – but a citizen’s tip ultimately led to the capture of the surviving suspect.

Still, the investigation showed a glimpse of what big data and data analytics can do — and highlighted how far we yet have to go.

Knowledge is power

Big data is a relatively new term in technology and its definition varies amongst early practitioners, but the main goal of any big data project is to pull insights from large amounts of data.

Prominent statistician Nate Silver describes it as “pulling signal from the noise” – noise that can be a veritable smorgasbord of different kinds of information. The noise can be big, too – some datasets within the federal government are measured in petabytes, each of which is one million gigabytes or 1,000 terabytes.

So the 10 terabytes gathered by investigators is not a large data collection even in today’s relatively early stages of big data technology.

But the investigation’s processes still presented officials with a data crunch due to the volume, variety and complexity, according to Bradley Schreiber, vice president of Washington operations for the Applied Science Foundation for Homeland Security.

To get a sense for the initial complexities of combining various data sets in the early moments of the investigation, consider this: In the aftermath of the bombing, cellular networks in the area were taxed beyond their capacity. AT&T put out a tweet urging those in the area to “please use text & we ask that you keep non-emergency calls to a minimum.”

There was speculation that the bombs could have been triggered remotely by mobile phones, prompting interest in traffic logs from area cell towers to try to get a fix on the culprits.

That geo-location information could then be cross-checked against surveillance video and eyewitness photography – just another layer of data available to law enforcement when trying to stitch together a detailed and textured version of events.

For the complete story and a GREAT READ… CLICK HERE