Monday, November 21, 2011

Annals of Cyber-Warfare

The intriguing news that a well-designed virus with destructive capabilities had managed to infiltrate the computers that were installed in Iran's nuclear facilities were a cause for celebration among those who consider the country's drive to succeed in achieving a nuclear presence for the purpose of constructing a nuclear-warhead. The Stuxnet worm was reported to have set back Iran's nuclear program considerably.

Speculation about the genesis of the worm ran rampant in the news media; that it was a group of brilliant Israeli IT specialists, that it was a collaborative result of Israeli and American computer experts working together. No one can be certain other than those who know of a certainty and as far as most people know, they're not telling. Successive worms that were built upon the infrastructure of Stuxnet have further caused problems for Iran's program.

Now a baffling turn of events has occurred, that raises doubt of the Stuxnet program having a U.S. origin, because it appears that its operating premise has been used to corrupt a U.S. utility system through cyber-hacking. Perhaps as a test. It occurred in a small town in central Illinois. Clearly, if it could happen in a small town close to the state capital of Springfield, it could happen elsewhere.

Whoever the attackers were they managed to obtain access to the water utility's network. And they did this through gaining credentials software from a company that makes that software which is used to control industrial systems. Workers on that utility now realize that things had been going wrong, with small glitches showing up here and there, since September, before the current attack that shut down their system.

The U.S. Department of Homeland Security and the Federal Bureau of Investigation are now involved in looking into the event. "At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety", said an FBI spokesman. That could be reassuring, but it could possibly not be credibly reassuring.

As far as cyber-security experts are concerned this is a living example of the risks faced by critical infrastructure systems. The attackers, even on that small scale, demonstrated their capability of breaking into Supervisory Control and Data Acquisition systems. Those are the computer systems controlling water treatment facilities, chemical plants, nuclear reactors, gas pipelines, dams and switches on train lines.

The havoc that can be wrought is stupendous. If Stuxnet was able to infiltrate Iran's uranium enrichment facilities, we celebrated. If there is a like potential to interrupt our electrical grid system, gas pipeline distribution, water distribution plants and other critical civil and military infrastructure, we're in big trouble.

Industrial espionage and the problems that result from successful infiltration make war obsolete. These break-ins and interruptions can bring a nation to its knees. It's been done on a small scale. And, remarkably, the most IT-savvy countries of the world with top expertise in cyber-defence, have been shown to be vulnerable, with military computer systems, and security establishment systems hacked.

So where are the enemies intent on that kind of infiltration that constitutes an effective warning that they are capable of entering and disrupting the most critical infrastructure of a country's important civil and military maintenance? Russia and China come readily to mind, do they not? They are already - China, in particular - well known to have an established presence in the sinister underworld of cyber-espionage.

Infiltration has been expertly tracked back to China, although Beijing strenuously denies any such thing. As for the Illinois water utility; their computer logs identify an Internet address of a Russian computer, relating to the attack. "Sometime during the day of Nov.8, a water district employee noticed problems with the SCADA [Supervisory Control and Data Acquisition' system; it was going on and off, resulting in the burnout of the pump."

A technician found that "the system had been remotely hacked into from an IP address located in Russia", after checking the SCADA system logs. As for China, ever inquisitive and acquisitive respecting military and commercial espionage opportunities, hackers assumed to be operating from China stole access data from RSA Security Solutions, which provides secure remote computer access to defence contractors and government agencies.

Some companies, as it happens, which use RSA devices were found to be hacked, obviously with the assistance of that very same stolen information. Trending toward cyber-war.

Labels: , , ,

posted by Pieface @ Monday, November 21, 2011

Follow @rheytah Tweet