President Obama has done nothing
to straighten up military forces especially Air Force Space Command (aka has
USAF Cyber command) on the grim situtation that China
and Russia now
href="http://www.telegraph.co.uk/news/worldnews/asia/china/5126584/China-and-Russia-hack-into-US-power-grid.html">know
our entire power grid infrastructure and may use blackouts as social
engineering for their defense. So far the booby trapped trojans/logic
bomb haven't done any collateral damage as it has a remote control fuse it
seems. The President has been overly cowardly to not bring up this concern as
he is too busy trying to make friends with the Europeans. China and Russia have
this Asian pact where they give us Intellegence on
terrorism, but they make up their loss of sheer political power in the cyber
cold war it seems. It could be a social enginnering
game of cat and mouse with blackouts as severe as the Northeast Blackout of
2003 . (caused by UNIX glitch which put the plant into safe mode)
The recent news about
href="http://www.nytimes.com/2009/03/29/technology/29spy.html?hp=&pagewanted=print">
class=SpellE>GhostNet, the suspected cyber espionage activity of the
Chinese government uncovered by The Information Warfare Monitor is alarming
news, to say the least. More than a thousand computers have been compromised
with apparent ease, many in high-value secure government offices. Researchers
revealed that the compromises were so sophisticated, that confidential
documents were removed, video cameras and microphones turned on to observe
events, and sophisticated key-loggers tracked everything that was typed.
According to two of my sources well-placed in government and computer security,
this is just the frightening tip of an enormous iceberg. Many will recall my
report on the FBI's concern about counterfeit network router hardware being
installed in businesses and government agencies all across the nation. Many
were concerned that the counterfeit routers contained code that allowed for a
broad range of back-doors into secure computer systems, as well as covert
kill-switches that would shut-down after receiving a remote signal. Indeed,
several analysts
found thousands of additional lines of machine code as compared to a
non-counterfeit. Since the counterfeit hardware originated in China, the
href="http://www.fbi.gov/pressrel/pressrel08/finch050908.htm">FBI was very
concerned, so much so that they responded to my report. Our work here, together
on abovetopsecret, broke that important story to the
world. I've recently spoken to two well-placed computer security experts who
firmly believe there is a frightening connection between GhostNet
and the counterfeit routers. Their fear is that we are mere months away from a
series of significant cyber attacks on key private sector businesses and
portions of our infrastructure. My first contact is a highly experienced
computer security expert who often works directly with law enforcement and intelligence
agencies. Asking for my assurances of complete confidence in his anonymity, he
revealed that there is a great deal of concern, both among his IT counterparts
and security experts within law enforcement, that GhostNet
is a sophisticate reconnaissance system designed to locate the counterfeit
routers. Many are speculating that the gHost RAT
class=SpellE>trojan (delivered via email and has been in broad use for
months) may be triggered by recognizing key attributes of the counterfeit
routers, and
href="http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network">reports
back the details of the exploitable network. Experts are concerned that the
number of infected systems discovered by The Information Warfare Monitor may
very well be a tiny percentage of networks that are known to be exploitable,
but not yet infected. GhostNet is cataloging
potential networks and refining the cyber weapons for the next round of
attacks. The activity seen thus far has been proof-of-concept tests of computer
take-over software in preparation for larger-scale attacks -- a weapons test if
you will. My second contact is an IT manager at a large financial products
company who tracked down and replaced a number of counterfeit routers in their
network. As their internal security team examined all systems connected to the
removed routers, he was alarmed at their findings. Nearly all of the
Windows-based computer systems connected to the routers contained some form of
malware. In comparison to other Windows computers on their network, only 10-20%
on average had any type of malware. He cautioned that all of the systems on the
counterfeit routers were new systems in public-facing installations (branch
offices), and a higher-than normal infection rate was expected. However, the
100% infection-rate was unusual. Both of these computer security professionals
are increasingly concerned about the convergence of these two items that appear
to point back to either the Chinese government, or Chinese state-
class=SpellE>sponosored cyber criminals. The report from Information
Warfare Monitor stops short of specifically naming the Chinese government, or
intelligence agencies within the government, as the culprit of these attacks.
However, we do know that their intelligence agencies and law enforcement units
have acted upon information obtained through GhostNet.
My contacts feel we (western nations) are mere months away from the second,
more serious wave, of attacks designed to harm key corporations and interrupt
vital infrastructure. The hope is that GhostNet is a
tool of cyber criminals -- after all, if that is the case, we're safe, no
criminal would cripple the networks that provide their bounty. What worries
them most, however, is the combination of our complete lack of preparation (the
U.S. DHS cyber security division is a joke), the stunning sophistication and
multi-tiered nature of these attacks, and the disturbing potential connection
to the Chinese government. To be clear, they feel a second wave of attacks are
not likely to be a national disaster that cripples the nation, that may be
reserved for the third wave. The conspiracy theorist in me observes a number of
causes for concern. (1) - The mainstream press appears to be working hard to
spike or avoid any connection of GhostNet back to the
counterfeit router issue. (2) - The media, especially US-based media, is
typically over-playing the "hacker criminal" aspect of this story so
as to avoid concern over state-sponsored cyber warfare -- they know we (western
nations) are at a disadvantage. (3) - The Chinese government has recently made
a great deal of noise voicing concern over the US dollar and the need for a
global currency. Causing harm to the US infrastructure through a well-placed
cyber attack may significantly weaken the dollar and hasten their financial
agenda. (4) - After all that has happened after September, 2001, especially the
increase in sophisticated Internet attacks as well as known state-sponsored
cyber terrorism, why has the government
href="http://online.wsj.com/article/SB123844579753370907.html">let us down?
These developments indicate the Internet equivalent of the 9/11 attacks may
very well be on the horizon. And again, we are not only not ready, we're
completely clueless
Friday, July 10, 2009
Power Grid Trojan/Logic Bomb implanted by 'Cyber Cold War Opponents'.
President Obama has done nothing to straighten up military forces especially Air Force Space Command (aka has USAF Cyber command) on the grim situation that China and Russia now know our entire power grid infrastructure and may use blackouts as social engineering for their defense. So far the booby trapped trojans/logic bomb haven't done any collateral damage as it has a remote control fuse it seems. The President has been overly cowardly to not bring up this concern as he is too busy trying to make friends with the Europeans. China and Russia have this Asian pact where they give us Intelligence on terrorism, but they make up their loss of sheer political power in the cyber cold war it seems. It could be a social engineering game of cat and mouse with blackouts as severe as the Northeast Blackout of 2003 . (caused by UNIX glitch which put the plant into safe mode)