Friday, July 10, 2009

Power Grid Trojan/Logic Bomb implanted by 'Cyber Cold War Opponents'.

President Obama has done nothing to straighten up military forces especially Air Force Space Command (aka has USAF Cyber command) on the grim situation that China and Russia now know our entire power grid infrastructure and may use blackouts as social engineering for their defense. So far the booby trapped trojans/logic bomb haven't done any collateral damage as it has a remote control fuse it seems. The President has been overly cowardly to not bring up this concern as he is too busy trying to make friends with the Europeans. China and Russia have this Asian pact where they give us Intelligence on terrorism, but they make up their loss of sheer political power in the cyber cold war it seems. It could be a social engineering game of cat and mouse with blackouts as severe as the Northeast Blackout of 2003 . (caused by UNIX glitch which put the plant into safe mode)



















President Obama has done nothing

to straighten up military forces especially Air Force Space Command (aka has

USAF Cyber command) on the grim situtation that China

and Russia now
href="http://www.telegraph.co.uk/news/worldnews/asia/china/5126584/China-and-Russia-hack-into-US-power-grid.html">know

our entire power grid infrastructure and may use blackouts as social

engineering for their defense. So far the booby trapped trojans/logic

bomb haven't done any collateral damage as it has a remote control fuse it

seems. The President has been overly cowardly to not bring up this concern as

he is too busy trying to make friends with the Europeans. China and Russia have

this Asian pact where they give us Intellegence on

terrorism, but they make up their loss of sheer political power in the cyber

cold war it seems. It could be a social enginnering

game of cat and mouse with blackouts as severe as the Northeast Blackout of

2003 . (caused by UNIX glitch which put the plant into safe mode)





The recent news about
href="http://www.nytimes.com/2009/03/29/technology/29spy.html?hp=&pagewanted=print">
class=SpellE>GhostNet, the suspected cyber espionage activity of the

Chinese government uncovered by The Information Warfare Monitor is alarming

news, to say the least. More than a thousand computers have been compromised

with apparent ease, many in high-value secure government offices. Researchers

revealed that the compromises were so sophisticated, that confidential

documents were removed, video cameras and microphones turned on to observe

events, and sophisticated key-loggers tracked everything that was typed.

According to two of my sources well-placed in government and computer security,

this is just the frightening tip of an enormous iceberg. Many will recall my

report on the FBI's concern about counterfeit network router hardware being

installed in businesses and government agencies all across the nation. Many

were concerned that the counterfeit routers contained code that allowed for a

broad range of back-doors into secure computer systems, as well as covert

kill-switches that would shut-down after receiving a remote signal. Indeed,

several analysts

found thousands of additional lines of machine code as compared to a

non-counterfeit. Since the counterfeit hardware originated in China, the
href="http://www.fbi.gov/pressrel/pressrel08/finch050908.htm">FBI was very

concerned, so much so that they responded to my report. Our work here, together

on abovetopsecret, broke that important story to the

world. I've recently spoken to two well-placed computer security experts who

firmly believe there is a frightening connection between GhostNet

and the counterfeit routers. Their fear is that we are mere months away from a

series of significant cyber attacks on key private sector businesses and

portions of our infrastructure. My first contact is a highly experienced

computer security expert who often works directly with law enforcement and intelligence

agencies. Asking for my assurances of complete confidence in his anonymity, he

revealed that there is a great deal of concern, both among his IT counterparts

and security experts within law enforcement, that GhostNet

is a sophisticate reconnaissance system designed to locate the counterfeit

routers. Many are speculating that the gHost RAT
class=SpellE>trojan (delivered via email and has been in broad use for

months) may be triggered by recognizing key attributes of the counterfeit

routers, and
href="http://www.scribd.com/doc/13731776/Tracking-GhostNet-Investigating-a-Cyber-Espionage-Network">reports

back the details of the exploitable network. Experts are concerned that the

number of infected systems discovered by The Information Warfare Monitor may

very well be a tiny percentage of networks that are known to be exploitable,

but not yet infected. GhostNet is cataloging

potential networks and refining the cyber weapons for the next round of

attacks. The activity seen thus far has been proof-of-concept tests of computer

take-over software in preparation for larger-scale attacks -- a weapons test if

you will. My second contact is an IT manager at a large financial products

company who tracked down and replaced a number of counterfeit routers in their

network. As their internal security team examined all systems connected to the

removed routers, he was alarmed at their findings. Nearly all of the

Windows-based computer systems connected to the routers contained some form of

malware. In comparison to other Windows computers on their network, only 10-20%

on average had any type of malware. He cautioned that all of the systems on the

counterfeit routers were new systems in public-facing installations (branch

offices), and a higher-than normal infection rate was expected. However, the

100% infection-rate was unusual. Both of these computer security professionals

are increasingly concerned about the convergence of these two items that appear

to point back to either the Chinese government, or Chinese state-
class=SpellE>sponosored cyber criminals. The report from Information

Warfare Monitor stops short of specifically naming the Chinese government, or

intelligence agencies within the government, as the culprit of these attacks.

However, we do know that their intelligence agencies and law enforcement units

have acted upon information obtained through GhostNet.

My contacts feel we (western nations) are mere months away from the second,

more serious wave, of attacks designed to harm key corporations and interrupt

vital infrastructure. The hope is that GhostNet is a

tool of cyber criminals -- after all, if that is the case, we're safe, no

criminal would cripple the networks that provide their bounty. What worries

them most, however, is the combination of our complete lack of preparation (the

U.S. DHS cyber security division is a joke), the stunning sophistication and

multi-tiered nature of these attacks, and the disturbing potential connection

to the Chinese government. To be clear, they feel a second wave of attacks are

not likely to be a national disaster that cripples the nation, that may be

reserved for the third wave. The conspiracy theorist in me observes a number of

causes for concern. (1) - The mainstream press appears to be working hard to

spike or avoid any connection of GhostNet back to the

counterfeit router issue. (2) - The media, especially US-based media, is

typically over-playing the "hacker criminal" aspect of this story so

as to avoid concern over state-sponsored cyber warfare -- they know we (western

nations) are at a disadvantage. (3) - The Chinese government has recently made

a great deal of noise voicing concern over the US dollar and the need for a

global currency. Causing harm to the US infrastructure through a well-placed

cyber attack may significantly weaken the dollar and hasten their financial

agenda. (4) - After all that has happened after September, 2001, especially the

increase in sophisticated Internet attacks as well as known state-sponsored

cyber terrorism, why has the government
href="http://online.wsj.com/article/SB123844579753370907.html">let us down?

These developments indicate the Internet equivalent of the 9/11 attacks may

very well be on the horizon. And again, we are not only not ready, we're

completely clueless















No comments:

Post a Comment