DHS Asked Gas Pipeline Firms To Let Attackers Lurk Inside Networks

wiredmikey writes "According to reports, which were confirmed Friday by ICS-CERT (PDF), there has been an active cyber attack campaign targeting the natural gas industry. However, it's the advice from the DHS that should raise some red flags. 'There are several intriguing and unusual aspects of the attacks and the U.S. response to them not described in Friday's public notice,' Mark Clayton wrote. 'One is the greater level of detail in these alerts than in past alerts. Another is the unusual if not unprecedented request to leave the cyber spies alone for a little while.' According to the source, the companies were 'specifically requested in a March 29 alert not to take action to remove the cyber spies if discovered on their networks, but to instead allow them to persist as long as company operations did not appear to be endangered.' While the main motive behind the request is likely to gain information on the attackers, letting them stay close to critical systems is dangerous. The problem lies in the complexities of our critical infrastructures and the many highly specialized embedded systems that comprise them."

And who were the attackers?

[Anonymous Coward]

The conspiracy theorist in me says DHS.

Re:NEWSFLASH:

[CanHasDIY]

They should just rename it "Department of lets see if we can get more funding" Because in reality that is all they are trying to do. DOLSIWCGMF

Yea, but then they might end up getting mistaken for all the other 'alphabet agencies,' since that's essentially the purpose of, well, all of 'em.

does actually make some sense

[v1]

If you think about it, this could provide more information on your opponents. Though it is a bit of a gamble - can you get valuable information without too much risk? Or, is it worth the risk?

Think about the whole process of infiltration. Once you get your foot in the door you start gathering information and testing the waters to see what you can do. If you don't think you've been discovered, but you have, then the defenders have some good opportunities. They can feed you false intelligence, make you think you are burrowing into an important control system that's actually a honeypot, give them a false sense of accomplishing their goal, waste their time and resources. Done properly, this is very useful counter-intelligence.

Fooling the other guy is valuable. Tricking the other guy into thinking he's fooled you can be even more valuable. I think that's the core of what this is about. But as I said before, it's a risk, and could get out of control.

Re:Headline

[Anonymous Coward]

And then when something bad happens they'll blame it on incompetence and say they need better tools to prevent attacks like this and roll out the next round of cyber laws they have sitting in the drawer targeted at domestic citizens.

Re:And who were the attackers?

[moortak]

Yeah, but China and Iran aren't the ones saying to let the attackers hang out for a while.

Re:And who were the attackers?

[cpu6502]

The odds of death by terrorist are lower than death by a spacerock falling from the sky & hitting you on the head. Stop being afraid of unlikely events.

Re:And who were the attackers?

[shmlco]

"According to reports, which were confirmed Friday by ICS-CERT, an active Phishing campaign is responsible for the U.S. Department of Homeland Security (DHS) issuing three warnings since the end of March that the natural gas industry has been under ongoing cyber attack."

A phishing campaign. Because companies shouldn't already be protecting against these.

More, "The specter of a cyber attack against critical infrastructure is a reality, but not because the DHS is guarding the Internet, but because the networks running the critical infrastructure are so poorly protected. It’s gotten to the point that simple Phishing attacks, things that proper email protection and awareness training cover, rate three separate warnings and alerts."

So it's obvious we need widespread and over encompassing legislation like CISPA that bypasses any and all existing laws and regulations regarding privacy, and that grants the NSA a legal mandate and access to any and all information collected... to protect against phishing attacks.

More: http://www.isights.org/2012/04/cispa-is-not-about-copyright-its-about-your-privacy-on-the-internet.html [isights.org]

It *could*, but is it?

[Anonymous Coward]

It could be any of that. It could be my neighbor, for all I know. DHS has cried wolf enough times that they can't be trusted anymore. Maybe they are honest some of the time - like you pointed out, that certainly could be the case here - but... meh.

Re:"Hainan Island Incident"

[daveschroeder]

"A US military spy plane illegally entered Chinese airspace and collided with a Chinese interceptor, killing the Chinese pilot."

Really?

That's not exactly correct. US surveillance aircraft do not violate China's sovereign airspace, but Chinese fighters would routinely harass US aircraft in what China claims as an "exclusive economic zone" in the South China Sea, not recognized by the US, and not considered sovereign airspace. "The PRC interprets the Convention as allowing it to preclude other nations' military operations within this area, while the United States maintains that the Convention grants free navigation for all countries' aircraft and ships, including military aircraft and ships, within a country's exclusive economic zone."

China's fighters routinely buzzed US EP-3's, and if you're actually asserting that an EP-3 is maneuverable enough to cause a collision with a Chinese J-8 fighter, then you are either deluded, or a member of the PRC's 50 Cent Party. The US EP-3 had to enter Chinese airspace in order to conduct an unauthorized emergency landing on Hainan Island, after which NSA's secure operating system was completely compromised by China [newyorker.com], with a US Admiral later observing, “It was grim," and a US official responding to a question of whether China could be "that good" by saying, “they only invented gunpowder in the tenth century and built the bomb in 1965. I’d say, ‘Can you read Chinese?’ We don’t even know the Chinese pictograph for ‘Happy hour.’"

So yeah, go ahead and assert that China would somehow be a better global steward of human rights.

Re:Wrong reason?

[McMuffin Man]

Not reacting immediately to advanced, targeted intruders is standard tactics, and recommended by most experts in the field. This is news to Slashdot because folks here usually only deal with mass criminal attacks, which are a different beast entirely.

This isn't a DHS conspiracy, not even one for new funding. It's just the government advocating reasonable measure even though I'm sure they knew they'd get pilloried for it. I rarely respect the DHS, but in this case I may make an exception.

Re:Headline

[rtfa-troll]

No; real world equivalent; there are a bunch of possible terrorists wandering around the airport carrying things that look like bombs but you don't know if they really are or how they are triggered. Your visiting security experts have identified a few of them but you know there are many more. You quickly work out that the terrorists can go in and out of the building at will completely bypassing the security gate and have been doing so for weeks on end, but you don't know how. You tell the guy in charge of the security thugs at the door not to alert the terrorists until you have time to get back up and hopefully wait for a quieter gap between flight arrivals.