Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
United States Power Security

US Government Warns Of 'Ongoing' Hacks Targeting Nuclear and Power Industries (reuters.com) 101

An anonymous reader quotes Reuters: The U.S government issued a rare public warning that sophisticated hackers are targeting energy and industrial firms, the latest sign that cyber attacks present an increasing threat to the power industry and other public infrastructure. The Department of Homeland Security and Federal Bureau of Investigation warned in a report distributed by email late on Friday that the nuclear, energy, aviation, water and critical manufacturing industries have been targeted along with government entities in attacks dating back to at least May. The agencies warned that hackers had succeeded in compromising some targeted networks, but did not identify specific victims or describe any cases of sabotage. The objective of the attackers is to compromise organizational networks with malicious emails and tainted websites to obtain credentials for accessing computer networks of their targets, the report said.
According to the report, the Department of Homeland Security "has confidence that this campaign is still ongoing and threat actors are actively pursuing their objectives over a long-term campaign."
This discussion has been archived. No new comments can be posted.

US Government Warns Of 'Ongoing' Hacks Targeting Nuclear and Power Industries

Comments Filter:
  • Well.. (Score:5, Interesting)

    by fluffernutter ( 1411889 ) on Saturday October 21, 2017 @09:13PM (#55411647)
    Isn't it too bad we do nothing but discourage intelligent local grads from going into the IT industry, by making it clear that salaries and compensation in the industry are to be limited by the economies of the very people who are attacking us.
    • Re: (Score:3, Insightful)

      by rmdingler ( 1955220 )
      Isn't it too bad we behave so poorly in the role of Superpower that several to many sovereign nations would be on the suspect list.?.?.?
      • Yeah, it's about time we gave that crap up. We did a piss-poor job, and neglected our own people to do it. You'd think spending $6 trillion dollars (that's $6,000,000,000) on international affairs would fix things, but they're as broken as ever. That money is spent, it's never coming back, and we badly need to fix our own country and help our own people. We need to stop meddling abroad and mind our own business. The world hates us for a reason.
        • by ls671 ( 1122017 )

          You'd think spending $6 trillion dollars (that's $6,000,000,000) on international affairs would fix things...

          LOL!

          https://www.google.by/search?q... [google.by]

          • Oops! Looks like six trillion is such a huge number that nobody even knows how to represent it without scientific notation. THAT'S how much money America could have spent improving itself, but didn't. Instead the money went to harm countries that totally hate us now, so our elites could play world police. It's high time it came to a screeching halt.
      • by rtb61 ( 674572 )

        You are really, really slow to catch up. This is way beyond governments, this is actual corporate wars. Take out a competitors computer system and you can seriously screw them up and cost them a ton of business which you can then grab.

        The idiots keep saying Russia this and China that and because they wanted to play stupid global political games, they ignored the reality, it was Russian Oligarchs and Chinese Oligarchs and of course US Oligarchs and EU Oligarchs and well, many corporations from all over the

      • Isn't it too bad we behave so poorly in the role of Superpower that several to many sovereign nations would be on the suspect list.?.?.?

        Your naivete would be charming if we weren't talking about international politics. You can't make all the other nations behave by just being nice. There is no nation on the planet which wouldn't be happy to pick the USA apart in order to get just a few percentage points stronger.

        • Re:Well.. (Score:4, Interesting)

          by rmdingler ( 1955220 ) on Sunday October 22, 2017 @08:15AM (#55412795) Journal

          You can't make all the other nations behave by just being nice.

          That's as true a statement as You can't make all the other nations behave.

          What we could do better is lead by example. The US is a microcosm of the World as a whole: many different nationalities, religions, races, ideas, and belief sets. I'd say working to make the melting pot work, instead of crippling ourselves with rabid partisan infighting, would be a great first step.

          If it can't be done here, in this unprecedented era of peace and prosperity, the World's prospects are bleak.

          • The "melting pot" is a discredited racist concept from the 1970s. It was long ago replaced by multiculturalism. Instead of immigrants losing their unique cultures and becoming generic "American", now we have a vibrant diversity where people keep their cultures after becoming US citizens. It doesn't do you any credit to keep beating dead horses like "melting pot'.
      • Re:Well.. (Score:4, Interesting)

        by blindseer ( 891256 ) <blindseer@noSPAm.earthlink.net> on Sunday October 22, 2017 @06:59AM (#55412629)

        What, precisely, did we do to these nations? I mean, why do you believe that they are attacking us?

        The USA has a large enough military to crush any nation it chooses and yet we don't. We have embassies all over the world, like any other nation. If some nation has a grievance against us they can start talks in these embassies in their own nation or that of a neutral third party. Have you actually listened to their demands?

        These nations don't ask that we leave them alone. They want us dead. Take North Korea as an example, what do they want? The Kim family wants to rule the world, and they can't do that so long as we have our troops in South Korea and Japan. Take your pick of Muslim nations, what do they want? They want the world to bow to Mecca. That's not going to happen so long as America is able to defend itself. What about Russia? They want to restore the Soviet Union, where the sun never sets on their empire.

        The USA is hated because we live free from their rule. They attack us over the internet because they cannot drop bombs on our heads. We've been fighting off Muslim invaders since before America was even a nation. The Barbary Wars were fought to keep these Muslims from taking American ships and enslaving the passengers and crew. They attacked us because they attacked everyone that didn't pay tribute.

        Tell me, how should the only megapower on Earth be acting right now? What do you believe we should be doing to stop their attacks? I believe these attacks will not stop so long as free people stand to oppose communism and Islam. We can stop the attacks but that would mean destroying them or submitting to their rule. I don't like the status quo but it's better than the alternatives.

        • Re:Well.. (Score:4, Informative)

          by rmdingler ( 1955220 ) on Sunday October 22, 2017 @08:19AM (#55412817) Journal

          The US does not represent the worst possible outcome for the rest of the World as its preeminent Superpower. Far from it.

          For starters, though, it would be nice to measure our worth by how much better we could be doing, as opposed to setting the bar at how much worse we could be.

          • Ah, yes, the good old "measure America against an imaginary Utopia, instead of measuring it against all the other countries that exist in reality." That argument never gets old, because it is literally unachievable and you never get to stop bashing America with it.

            Utopia literally means, "no place". It is impossible to get there no matter what.

        • The USA has a large enough military to crush any nation it chooses and yet we don't.

          You basically answered your own question. We don't crush them with our military because by conducting virtually anonymous cyberattacks disassociated from any official government, they have a chance at causing real harm risk free.

        • Who is naive believing were the only Super power on earth ?
          • The USA isn't a superpower. Hasn't been for a long time. It's a megapower, we've surpassed superpower status. And the USA is the only megapower.

            How many aircraft carriers are there in the world with a displacement over 100,000 tons? Eleven. How many of those does the USA own? Eleven. Each one carries about 60 jet fighters, and each jet can carry about 8 tons of weapons. That's just the start of the military power.

            To back up that military is an economic power that produces 20% of the world's wealth.

        • Your blind
  • Any bets the majority of compromised computers ran a version of windows? We need to stop using Windows in these environments.
    • by EzInKy ( 115248 )

      The old adage of putting all your eggs in one basket comes to mind here. No one in the US would be stupid enough to bet solely on one company.

    • Comment removed based on user account deletion
      • Is that your security philosophy? If that's the case then you're an idiot. Pulling a cable doesn't make something secure. You need an entire culture of security to do that.

        None whatsoever!

        Oh I see now you don't actually work in the industry. Sorry but there's a myriad of reasons that these systems need to be networked over a wide scale, the least of which isn't that they don't work otherwise.

        If you need constant monitoring of stuff, give someone a job to monitor.

        Err no. Get a clue.

        • Pulling the cable makes something more secure. It drastically diminishes the number of potential intruders. Having no physical connection is the best kind of firewall. Anything that doesn't need to be on the Internet shouldn't have a connection, so instead of a good firewall, you should chose the best firewall.
          This 'need to be networked' thing is nice on paper, but in fact, a lot of these 'needs' are not your own (company's) needs.
          If you think everything has to be on the Internet, then in your words 'you ar

          • Re:Pull that cable! (Score:4, Interesting)

            by thegarbz ( 1787294 ) on Sunday October 22, 2017 @06:17AM (#55412557)

            Pulling the cable makes something more secure. It drastically diminishes the number of potential intruders.

            Not necessarily. Quite often pulling the cable makes everything less secure as it breeds a culture of complacency at best and breeds a better kind of idiot at worst. Pulling a cable is absolutely no substitute for actually having security thought through in the organisation, and I'll take well thought out firewall / VPN infrastructure any day over the pull the cable approach which by its nature necessitates bypassing the airgap.

            Anything that doesn't need to be on the Internet shouldn't have a connection, so instead of a good firewall, you should chose the best firewall.

            You've lost. Everything needs a network connection somewhere, and every network eventually needs a connection to the internet. The key is segregation in the design stage. Otherwise you'll end up with what we call box-rot, a set of computer systems isolated constantly being connected to and from with various mechanisms or best yet, ignored completely with security issues more wide open than a $2 hooker.

            This 'need to be networked' thing is nice on paper

            That paper is often one of the following:
            - Legal requirement
            - Technical limitation
            - Geographical limitation
            - Operational limitation

            Most organisations would be unable to operate a local compressor without some access to a wider network let alone a country wide wind farm, energy grid, etc.

            If you think everything has to be on the Internet, then in your words 'you are an idiot'.

            But I repeat myself: Oh I see now you don't actually work in the industry.

            • Your whole post boils down to the false claim, "Everything needs a network connection somewhere, and every network eventually needs a connection to the internet."

              If you turn your conclusions into presumptions all you do is go in a circle like an idiot.

              • Your whole post boils down to the false claim

                The claim is only false outside of the industry and backed up by 4 key points you see coming up over and over again.

                But I repeat myself: Oh I see now you don't actually work in the industry. ... Wait you're not the OP, well then clearly there's more of you.

                • Oh I see now you don't actually work in the industry

                  What industry is that? I didn't mention it in this comment. Did you read the part I wrote that said

                  If you turn your conclusions into presumptions all you do is go in a circle like an idiot.

                  So you want to be more truthy by forming an idiotic belief about what industry I work in? That wouldn't make your comments any more considered.

                  What industry do you imagine a person would need to work in to know that "Everything needs a network connection somewhere, and every network eventually needs a connection to the internet" is a false statement? It seems actually that anybody who works in any industry th

            • >Quite often pulling the cable makes everything less secure as it breeds a culture of complacency at best and breeds a better kind of idiot at worst.
              Strawman. I didn't mean neglecting security patches or just any software upgrades. Upgrade offline, if you have a bug that is confirmed fixed by a patch. But never allow a 3rd party to issue a half-decent patch which will be silently applied on your production environment. Oh, wait, "i see you are not working in the industry"

              >That paper is often one of th

      • Pull the cable to the internet. There is NO excuse to hook up critical infrastructure to the internet. None whatsoever! If you need constant monitoring of stuff, give someone a job to monitor. Do not, I repear, do NOT hook your systems up to the internet just to save a quick buck!

        Articles like this would have you think that nuclear power plant control systems are connected to the internet, but they are not. The authors use intentionally vague wording.

      • by gtall ( 79522 )

        Brilliant, companies can damn well create their own private networks to manage their distributed systems. They should be able to recreate their own private internets in about, what, a year or two in your pink unicorn world? No doubt they'll be able to all hire the best network engineers to pull off this task. The fortune 100 companies can all create their own internets, 100 of them. That will surely lower the attack surface!!! Wow! Have you told these companies how to make their distributed systems secure?

    • Any bets the majority of compromised computers ran a version of windows? We need to stop using Windows in these environments.

      And THIS is the exact kind of thinking that causes big gaping security issues for companies. The idea that there's a single solution rather than an entire philosophy to security is not only absurd, it's absolutely downright dangerous.

      Not running Windows protects you from random online malware designed specifically to attack as large of an install base as possible to maximise return. It does NOTHING for a targeted attack. Have you learnt nothing from the likes of Stuxnet? A piece of malware coded specificall

      • And THIS is the exact kind of thinking that causes big gaping security issues for companies. The idea that there's a single solution rather than an entire philosophy to security is not only absurd

        I never suggested a single solution. I only commented that windows is a bad solution. It is less secure then other platforms. It is more vulnerable then bsd or osx. We need to move to more secure platforms. We need to stop making it easy for foreign hackers. I am not sure why you think Windows is a secure platform.

        Have you learnt nothing from the likes of Stuxnet?

        I learned a lot from stuxnet. These attacks are a beachhead. They might not be directly connected to critical infrastructure, but they have information about said infrastructure. It is fe

    • Lots of control systems incorporate HMIs and other software that not only requires Windows; they often require very specific back-versions of Windows supplied by the systems vendors themselves. It's easy to say "don't run Windows" or "if you must run Windows, keep it updated and patched," but that's not realistic. And that's for some very good reasons: software that controls machines simply must be tested to a far higher standard than software that humans will use, because machines aren't as adaptable as hu

  • No different than the supposed power plant attacks during the election last year?
    • by gtall ( 79522 )

      Errmmm....you mean the Ukranian power plants? They got zapped or did you not get the memo?

  • by turkeydance ( 1266624 ) on Saturday October 21, 2017 @09:34PM (#55411675)
    pics or it didn't happen
  • by Anonymous Coward

    When read stories like this I wonder:
    Why were these facilities ever hooked up to the Internet at all?
    Why did they not use a computing system that is compatible with anything else?
    Answers
    1. There are benefits to adding computers and internet connections to such facilities, probably a long list a very big benefits
    2. A proprietory or unique computing system would lose out the benefits of ongoing major advances in computing occurring is 'mainstream' computing, driven by billions of dollars and millions of human

    • How would a nuclear power plant have "benefits of ongoing major advances in computing" that would involve a computer controlling the power plant?
    • by AHuxley ( 892839 )
      AC The thinking was to replace a lot of union workers working in shifts all along the networks with more regional computers.
      A person with the required skills could watch an entire network.
      That would free up spending on wages, pensions and having to deal with unions.
      The result was a rush to use contractors to network entire regions. Contractors vs 24/7 union workers.
      The air gapped protections and workers on site got replaced with new internet facing networks.
      Years later reality sets in. The random int
  • Our infrastructure is old. How can we even tell if it has been compromised.
  • Don't worry I'm sure that retard APK will tell us about how his hosts file will stop all this.

  • EMP attacks on the grid were too difficult to do right.

    • by Anonymous Coward

      Why would you assume that? It's a major escalation to accomplish that kinetically. To do so in "unattributed" hackerspace and then play pussy is much less risky.

      Donald Trump can't deny a bomb, even if he can (pretend to be dumb enough to) deny Putin is an adversary otherwise.

  • by Anonymous Coward

    I'd like to see many more honeypots set up. Make 'em think they're doing something, and put the real stuff on highly encrypted VPNs and stuff.

  • Start a fight... (Score:5, Insightful)

    by VeryFluffyBunny ( 5037285 ) on Saturday October 21, 2017 @10:24PM (#55411791)
    Why did the NSA and CIA start a cyber arms race when the USA is the most vulnerable to the kinds of attacks it's creating and therefore provoking from non-USA aligned countries?
    • Why did the NSA and CIA start a cyber arms race when the USA is the most vulnerable to the kinds of attacks it's creating and therefore provoking from non-USA aligned countries?

      Hacking doesn't necessarily favor the poor, underdeveloped, cash-strapped nation-states; yet, it does level the playing field a bit.

      A relatively small fraction of a Superpower's military budget can be allocated to achieve successful cyber disruption.

    • by gtall ( 79522 )

      Errr...because other countries were going to do it regardless of what the U.S. did?

  • by EzInKy ( 115248 )

    The US has been waging war against its citizenry since its inception. Free thought itself is even outlawed in its very Constitution. Read Article 1, Section 8, Clause 8 if you don't believe the government doesn't want to regulate freedom of thought in the country.

  • Come and try ti hack the power company here in Puerto Rico. You will fail miserably!!!

  • I'm assuming that critical energy infrastructure is airgapped from the Internet. Any single large-scale generating plant is easy to isolate, because all the maintenance is being done by permanent onsite staff.

    But how do you isolate the grid itself? It inherently has to be controlled as a network, which you dutifully isolate at the outset from all other networks. Still, the vast array of spread-out components in a grid comes into close contact with possible malefactors at many points, most of which are unma

  • I might be naive bot would not a big paty of theese concerns be mittigated if we removed the controll systems from publikly accessable networks (yes this includes pstn/isdn, Isolated network on dedicated fiber. correct me if Im wrong but if a system cannot be accessewd from the outside you atacjk surface is gratly reduced
  • Have the ever considered not connecting their critical infrastructure devices directly to the Internet and instead use VPNs running on embedded hardware.

Ocean: A body of water occupying about two-thirds of a world made for man -- who has no gills. -- Ambrose Bierce

Working...