by Fortuna's Corner
June 2014
June 2014
Source Link
UglyGuerilla Hack Of U.S. Utility Exposes Cyber War Threat; “Prepping The Battlefield”
http://www.fortunascorner.wordpress.com
Michael Riley and Jordan Robertson had an article on the Bloomberg News website on Friday, June 31, 2014 with the title above. They begin their article by noting that “somewhere in China, a man typed his username – “Ghost,” – and password – “Hijack,” and proceeded to rifle [through] the computers of a [major] utility company in the northeastern United States. He plucked schematics of its pipelines; copied security-guard patrol memos; sought access to the systems that regulate the flow of natural gas; and, cruised channels where keystrokes could cut off a cities heat or, make a pipeline explode,” — though the authors note that he did not appear to be intent on causing that kind of damage.
This individual, was one of the five Chinese military officers who were indicted last month by the U.S. Justice Department for cyber espionage/cyber theft, according to the authors. “The hacker called UglyGuerrilla, — invaded the utility on what was probably a scouting mission,” they say note, — looking for information that China might ultimately use in wartime — should China find itself in a confrontation with the United States in the not too distant future. If you read the unclassified Chinese literature on Total, Unrestricted War, you can see that China’s military sometimes conducts war games and military exercises “disconnected’ from the Internet.
“UglyGuerrilla, is one of the many hackers that the FBI has monitored,” according to Mr. Riley and Mr. Robertson, from hackers based in China, Iran and Russia (among others) — all apparently looking for weaknesses that could be employed to disrupt the delivery of water and electricity; as well as impede other functions critical to the economy,” according to U.S. Intelligence officials familiar with the investigation. These activities apparently spurred a debate within the Obama national security team — over whether and how to respond; and, raised alarm among members of Congress who had been briefed on these activities.“This is as big a national security threat as I have ever seen in the history of this country — that we are not prepared for,” said Representative Mike Rogers, a Michigan Republican; former FBI agent; and, Chairman of the House Intelligence Committee. “Your palms get a little sweaty thinking about what the outcome of those attacks might have been; [especially if the perpetrator had malicious intent] and, how close they came.”
Preparing Battlefields
“UglyGurerrilla’s surveillance sortie was one of dozens conducted on natural gas pipelines and utilities by People’s Liberation Army Unit 61398 over at least fourteen months in 2012 and 2013, according to documents obtained by Bloomberg News; as well as from people involved in the investigation who did not want to be identified — because they weren’t authorized to speak publicly.” “Unit members appeared to be performing the digital equivalent of mapping the dams or airfields, or fuel routes of a potential enemy, what’s known in the military as preparation of the battlefield. While that kind of spying has been standard practice for centuries, technology is scrambling the traditional rules of war, blurring the distinction between intelligence-gathering and aggression,” wrote Mr. Riley and Mr. Robertson. They add, “a satellite capturing image from 600 miles above Earth, doesn’t cross a line; a naval vessel that sails into another country’s water does. Hackers scanning infrastructure from inside computers that control it — are both gathering knowledge for use in combat; and, moving into a potential battlefield.”
‘They’re Practicing’
“Operatives vacuumed up caches of email, engineering PDFs and other documents, — but, it was their focus on supervisory control and data acquisition, or SCADA, systems in industrial computers that most concerned U.S. officials, according to people familiar with the incidents. Attackers could use SCADA systems to manipulate valves to build up pressure and burst pipes; or, shut down a power plant,” wrote Mr. Riley and Mr. Robertson.
“They’re practicing,” is how retired NSA Director and U.S. CYBERCOM Chief, General Keith Alexander put it to lawmakers in 2012,” according to a U.S. official who was present at these hearings; but, did not want to be identified because the briefing was private.
In many cases, by the time outside forces have breached a computer system, “they’ve already done everything they need to attack you,” said Michael Hayden, a former Director of both the NSA and CIA. “In addition to doing reconnaissance, and maybe being accepted intelligence practice, they’ve got a gun at your head.”
Different Threat
The prevailing theory, according to two former, senior national security officials, is that the hackers were only testing their skills and stockpiling data, — preparing for a war their bosses may never wage, — much as the U.S. and Soviet Union built nuclear weapons inventories during the Cold War.
“What concerns U.S. defense officials,’ writes Mr. Riley and Mr. Robertson, “is that while nuclear weapons are so destructive, they haven’t been used in warfare since 1945, cyber weapons are alluring — because they’re versatile. An adversary could be tempted by a menu of options, from a subtle disruption of communications systems, to the chaos that would result if the power were shut down in Manhattan.”
Moreover, they note, “cyber weapons are far easier and cheaper to obtain than nuclear materials, and so is the data about vulnerabilities in industrial control systems that run the electrical grid and water purification plants. The data could be used to develop and experiment with more sophisticated attacks, according to people familiar with the operations.”
Remote Access
“Nation-state hackers are also often freelancers,” note the authors, “and the U.S. has identified cases where some employed by Russia and China provided their services to others for a price, according to [U.S.] intelligence officials. The data hackers collect isn’t difficult to sell to others either, as it is simple to transfer electronically; or, on a pocket-size storage device.” “Five guys wearing flip-flops, with the right capabilities in the basement — with enough juice — and you’ve got a real problem,” said Rogers, House Intelligence Committee Chairman. “That’s a very different threat now that we’ve ever really faced before.”
“The Chinese hackers targeted 23 natural gas pipeline companies, over seven months, beginning in December 2011; and, breached 10 of them,” according to a U.S. Department of Homeland Security (DHS) presentation to the energy industry at a conference the following year; 10 of the remaining 13 were still being investigated at the time of that event.” according to Mr. Riley and Mr. Robertson. The Christian Science Monitor previously reported some information from the presentation, including a number of targets, and cited a possible link to the People’s Liberation Army.
Serious Attack
According to Bloomberg, “FBI surveillance transcripts of the PLA unit and other documents related to the investigation obtained by the newspaper, show the attacks continued for at least eight more months; and, ranged more widely, including gas and electrical utilities — which would be of little interest for economic espionage. What alarmed DHS officials,” according to Bloomberg, “was the information seized: lists of field cites — such as block valve stations and compressors that could be manipulated remotely, as well as SCADA log-ons, and user manuals for servers.”
S.Y. Lee, a DHS spokesman, referred questions about the attacks to the U.S. Department of Justice. “Cyber threats to our nation’s critical infrastructure, most of which is within the private sector, are a significant concern,” said Marc Raimodi, a Justice Department spokesman. “The U.S. Government will continue to use all the tools at our disposal to disrupt and deter malicious activity.”
Fake Plant
They were “preparing a scenario where they might be able to perform a very serious attack,” said James Blasco, a [cyber] security researcher for AlienVault LLC, who as a consultant, aided the investigation into some of the natural gas [plant] breaches.
“Hackers are keenly interested in the U.S. utility infrastructure,” as Kyle Wilhoit, a threat researcher a the [cyber] security firm FireEye, discovered in an experiment last year when he worked at TrendMicro Inc. Wilhoit replicated the network of a municipal water system — by using specialized software and real industrial controllers. He built the system in his basement in St. Louis, but from the Internet, — it looked a water plant in Ashburn, Virginia.” Mr. Riley and Mr. Robertson added that, “the virtual utility was cased and raided within weeks by what Wilhoit said he believes was PLA unit 61398, based on the custom code used, and other evidence. The intruders stole passwords, engineering PDFs, and data that would let them back into computers through a remote access system for employees.”
Cyber ‘Red Line’
“During an expanded version of the exercise,” Wilhoit said, “hackers most of them from China, overrode controls in fake water plants in Asia and Europe. If a military performed those sorts of hacks, “that would certainly be crossing a red line in anybody’s book,” said Michael Assante, a former researcher at the Idaho National Laboratory near Idaho Falls — who specializes in control system attacks.”
“The government’s indictment of UglyGuerrilla, whose real name is Wang Dong, and four other PLA hackers — charges them with stealing economic secrets from six U.S. companies, — indictments unrelated to the utility hacks. China’s government denied engaging in economic espionage; and, a spokesman for the Chinese Embassy in Washington — called the accusations against the officers absurd.” “The charges may in fact, been a way of alerting China that the U.S. knows everything Unit 61389 is up to,” said Chris Bank, Chairman of the Industrial Control System Information Sharing And Analysis Center, a non-profit in Orlando, Florida that coordinates the dissemination of cyber security threat data to critical-infrastructure operators.
Raiding Parties
“There are code messages that nations send each other all the time,” Blank said. “We want them to do these subtle things that allow both sides to save face.” “While Unit 61389 was at work,” wrote Mr. Riley and Mr. Robertson, “White House national security officials huddled with cyber security experts from across the government — to consider the options they could present to POTUS Obama. The team included representatives from the State Department, NSA, FBI, and the Pentagon, and directed by the National Security Council staff. The authors add that “sensitive facilities could be put under the protection of the NSA, whose own hackers could disrupt the digital raiding parties, — but, that would be a significant escalation; and, require changes to U.S. law. Instead, the officials considered ways to draw a red line around critical infrastructure,” according to three people briefed on the discussions.
Pentagon Veto
“None of the options was good,” according to Bloomberg. “The U.S. could enter into treaties prohibiting such activity; but, signatories could simply continue such activity through black operations. Sanctions were unenforceable, and the source of the attacks hard to prove. Trust but verify, was a phrase made popular by Ronald Reagan. We’re worse off here. Its more like “don’t trust, and can’t verify,” said Steven Chabinsky, a former Deputy Assistant Director in the FBI’s Cyber Division, who is now General Counsel and chief risk officer at CrowdStrike Inc. “We need to move past that — to de-escalate growing cyber tensions.” Mr. Riley and Mr. Robertson noted that, “as discussions continued, a huddle emerged from within the group’s own ranks. Proscribing cyber incursions would require the U.S. to forgo such activities, putting a potential adversary’s ports, communication networks, and transportation facilities — off limits. The Pentagon vetoed such proposals, the three people said, and no plan for responding to the hacks made it to POTUS Obama’s desk. Laura Lucas Magnuson, a White House spokeswoman, decline to comment, according to Bloomberg.
Classified Setting
“An effort to require utilities, chemical refineries, water plants and stock exchanges to improve [their cyber] security also failed. Lobbying by the U.S. Chamber of Commerce helped kill a Senate cyber security bill in August 2012 — by casting it as a regulatory burden — because it would have forced companies to install anti-hacking protections. Supporters couldn’t overcome a Republican-led filibuster against the measure — falling eight votes short. The briefing on Capital Hill that summer, — by then NSA Director General Keith Alexander — was part of a push by the Obama Administration to persuade Congress to pass the legislation. It appears to have been the first notification to lawmakers — outside a classified setting — that foreign hackers had penetrated sensitive U.S. infrastructure,” the official familiar with the event said.
The U.S. has few alternatives, said James Lewis, a Cyber Security Fellow at the Center For Strategic and International Studies in Washington. “You can engage intelligence operations to try and judge their capabilities and intent, or fall upon your knees and beg critical infrastructure to make themselves a harder target, and we’re doing both.”
SCADA Subfolder
Documents obtained by Bloomberg News, show how deeply U.S. investigators burrowed into foreign hackers’ organizations. In the case of Unit 61398, Bloomberg noted that “hackers typically used U.S. servers as staging points, which worked to the FBI’s advantage. “The agents issued subpoenas to tap those servers, including some of those by UglyGuerrilla, to hack a natural gas utility in the Northeast,” according to people familiar with the investigation. “Using specialized software, the FBI was able to record the commands going back and forth between his computer and his victim. It was like peering over UglyGerrilla’s shoulder, watching a keystroke, as he snaked through the utility’s computer banks,” according to transcripts of the surveillance session. The FBI scooped up his passwords as he typed them, and agents watched as he transferred data back to his computer. He dropped one set of files into a folder on his desktop labeled — “SCADA,” — inside a subfolder with a utility’s initials, part of his method for keeping multiple victims straight,” the transcripts show.
Industry Quarries
“While UglyGuerrilla accessed a gateway to systems that regulate the flow of natural gas, it wasn’t clear if he was probing the security of the system; or, trying to gain control of it,” according to a person briefed on the investigation. Allison Mahan, a spokeswoman for the FBI, declined to comment on the bureau’s surveillance of Unit 61398.
“Pipelines are perfect targets,” according to security experts. “The latticework of lines that deliver gas are at capacity; and, loaded with chokepoints,” said Saxon Burke, a former U.S. Department of Energy intelligence analyst. There just aren’t many workarounds — when it comes to these pipelines.”
Among UglyGuerrilla’s many industry quarries in 2012, were the email accounts of executives and managers at utilities in Pennsylvania, New Jersey, and Georgia, according to the documents. Among those on the list was Ray Codey, Administrator of the small borough of Madison, New Jersey — a bedroom community an hour’s train ride from New York City.”
Killing Power
“The FBI didn’t tell him he was targeted by a Chinese cyber spy, Codey said, and it’s not known whether the hacker successfully breached the municipality’s network. Codey said it wouldn’t be hard to guess why Madison was a target, because it’s one of just nine towns in New Jersey that operates its own electric utility. Madison’s electricity comes through two feeder lines owned by Jersey Central Power and Light. If the hackers figured out how to shut them down, they could kill power ti Madison’s 16k residents in an instant — a feat, Codey said, “that Hurricane Sandy had managed.”
A very comprehensive review of the infamous China hacking unit; and, no doubt a scenario and modus operandi practiced by Russia, Iran, North Korea, and others. V/R, RCP
UglyGuerilla Hack Of U.S. Utility Exposes Cyber War Threat; “Prepping The Battlefield”
http://www.fortunascorner.wordpress.com
Michael Riley and Jordan Robertson had an article on the Bloomberg News website on Friday, June 31, 2014 with the title above. They begin their article by noting that “somewhere in China, a man typed his username – “Ghost,” – and password – “Hijack,” and proceeded to rifle [through] the computers of a [major] utility company in the northeastern United States. He plucked schematics of its pipelines; copied security-guard patrol memos; sought access to the systems that regulate the flow of natural gas; and, cruised channels where keystrokes could cut off a cities heat or, make a pipeline explode,” — though the authors note that he did not appear to be intent on causing that kind of damage.
This individual, was one of the five Chinese military officers who were indicted last month by the U.S. Justice Department for cyber espionage/cyber theft, according to the authors. “The hacker called UglyGuerrilla, — invaded the utility on what was probably a scouting mission,” they say note, — looking for information that China might ultimately use in wartime — should China find itself in a confrontation with the United States in the not too distant future. If you read the unclassified Chinese literature on Total, Unrestricted War, you can see that China’s military sometimes conducts war games and military exercises “disconnected’ from the Internet.
“UglyGuerrilla, is one of the many hackers that the FBI has monitored,” according to Mr. Riley and Mr. Robertson, from hackers based in China, Iran and Russia (among others) — all apparently looking for weaknesses that could be employed to disrupt the delivery of water and electricity; as well as impede other functions critical to the economy,” according to U.S. Intelligence officials familiar with the investigation. These activities apparently spurred a debate within the Obama national security team — over whether and how to respond; and, raised alarm among members of Congress who had been briefed on these activities.“This is as big a national security threat as I have ever seen in the history of this country — that we are not prepared for,” said Representative Mike Rogers, a Michigan Republican; former FBI agent; and, Chairman of the House Intelligence Committee. “Your palms get a little sweaty thinking about what the outcome of those attacks might have been; [especially if the perpetrator had malicious intent] and, how close they came.”
Preparing Battlefields
“UglyGurerrilla’s surveillance sortie was one of dozens conducted on natural gas pipelines and utilities by People’s Liberation Army Unit 61398 over at least fourteen months in 2012 and 2013, according to documents obtained by Bloomberg News; as well as from people involved in the investigation who did not want to be identified — because they weren’t authorized to speak publicly.” “Unit members appeared to be performing the digital equivalent of mapping the dams or airfields, or fuel routes of a potential enemy, what’s known in the military as preparation of the battlefield. While that kind of spying has been standard practice for centuries, technology is scrambling the traditional rules of war, blurring the distinction between intelligence-gathering and aggression,” wrote Mr. Riley and Mr. Robertson. They add, “a satellite capturing image from 600 miles above Earth, doesn’t cross a line; a naval vessel that sails into another country’s water does. Hackers scanning infrastructure from inside computers that control it — are both gathering knowledge for use in combat; and, moving into a potential battlefield.”
‘They’re Practicing’
“Operatives vacuumed up caches of email, engineering PDFs and other documents, — but, it was their focus on supervisory control and data acquisition, or SCADA, systems in industrial computers that most concerned U.S. officials, according to people familiar with the incidents. Attackers could use SCADA systems to manipulate valves to build up pressure and burst pipes; or, shut down a power plant,” wrote Mr. Riley and Mr. Robertson.
“They’re practicing,” is how retired NSA Director and U.S. CYBERCOM Chief, General Keith Alexander put it to lawmakers in 2012,” according to a U.S. official who was present at these hearings; but, did not want to be identified because the briefing was private.
In many cases, by the time outside forces have breached a computer system, “they’ve already done everything they need to attack you,” said Michael Hayden, a former Director of both the NSA and CIA. “In addition to doing reconnaissance, and maybe being accepted intelligence practice, they’ve got a gun at your head.”
Different Threat
The prevailing theory, according to two former, senior national security officials, is that the hackers were only testing their skills and stockpiling data, — preparing for a war their bosses may never wage, — much as the U.S. and Soviet Union built nuclear weapons inventories during the Cold War.
“What concerns U.S. defense officials,’ writes Mr. Riley and Mr. Robertson, “is that while nuclear weapons are so destructive, they haven’t been used in warfare since 1945, cyber weapons are alluring — because they’re versatile. An adversary could be tempted by a menu of options, from a subtle disruption of communications systems, to the chaos that would result if the power were shut down in Manhattan.”
Moreover, they note, “cyber weapons are far easier and cheaper to obtain than nuclear materials, and so is the data about vulnerabilities in industrial control systems that run the electrical grid and water purification plants. The data could be used to develop and experiment with more sophisticated attacks, according to people familiar with the operations.”
Remote Access
“Nation-state hackers are also often freelancers,” note the authors, “and the U.S. has identified cases where some employed by Russia and China provided their services to others for a price, according to [U.S.] intelligence officials. The data hackers collect isn’t difficult to sell to others either, as it is simple to transfer electronically; or, on a pocket-size storage device.” “Five guys wearing flip-flops, with the right capabilities in the basement — with enough juice — and you’ve got a real problem,” said Rogers, House Intelligence Committee Chairman. “That’s a very different threat now that we’ve ever really faced before.”
“The Chinese hackers targeted 23 natural gas pipeline companies, over seven months, beginning in December 2011; and, breached 10 of them,” according to a U.S. Department of Homeland Security (DHS) presentation to the energy industry at a conference the following year; 10 of the remaining 13 were still being investigated at the time of that event.” according to Mr. Riley and Mr. Robertson. The Christian Science Monitor previously reported some information from the presentation, including a number of targets, and cited a possible link to the People’s Liberation Army.
Serious Attack
According to Bloomberg, “FBI surveillance transcripts of the PLA unit and other documents related to the investigation obtained by the newspaper, show the attacks continued for at least eight more months; and, ranged more widely, including gas and electrical utilities — which would be of little interest for economic espionage. What alarmed DHS officials,” according to Bloomberg, “was the information seized: lists of field cites — such as block valve stations and compressors that could be manipulated remotely, as well as SCADA log-ons, and user manuals for servers.”
S.Y. Lee, a DHS spokesman, referred questions about the attacks to the U.S. Department of Justice. “Cyber threats to our nation’s critical infrastructure, most of which is within the private sector, are a significant concern,” said Marc Raimodi, a Justice Department spokesman. “The U.S. Government will continue to use all the tools at our disposal to disrupt and deter malicious activity.”
Fake Plant
They were “preparing a scenario where they might be able to perform a very serious attack,” said James Blasco, a [cyber] security researcher for AlienVault LLC, who as a consultant, aided the investigation into some of the natural gas [plant] breaches.
“Hackers are keenly interested in the U.S. utility infrastructure,” as Kyle Wilhoit, a threat researcher a the [cyber] security firm FireEye, discovered in an experiment last year when he worked at TrendMicro Inc. Wilhoit replicated the network of a municipal water system — by using specialized software and real industrial controllers. He built the system in his basement in St. Louis, but from the Internet, — it looked a water plant in Ashburn, Virginia.” Mr. Riley and Mr. Robertson added that, “the virtual utility was cased and raided within weeks by what Wilhoit said he believes was PLA unit 61398, based on the custom code used, and other evidence. The intruders stole passwords, engineering PDFs, and data that would let them back into computers through a remote access system for employees.”
Cyber ‘Red Line’
“During an expanded version of the exercise,” Wilhoit said, “hackers most of them from China, overrode controls in fake water plants in Asia and Europe. If a military performed those sorts of hacks, “that would certainly be crossing a red line in anybody’s book,” said Michael Assante, a former researcher at the Idaho National Laboratory near Idaho Falls — who specializes in control system attacks.”
“The government’s indictment of UglyGuerrilla, whose real name is Wang Dong, and four other PLA hackers — charges them with stealing economic secrets from six U.S. companies, — indictments unrelated to the utility hacks. China’s government denied engaging in economic espionage; and, a spokesman for the Chinese Embassy in Washington — called the accusations against the officers absurd.” “The charges may in fact, been a way of alerting China that the U.S. knows everything Unit 61389 is up to,” said Chris Bank, Chairman of the Industrial Control System Information Sharing And Analysis Center, a non-profit in Orlando, Florida that coordinates the dissemination of cyber security threat data to critical-infrastructure operators.
Raiding Parties
“There are code messages that nations send each other all the time,” Blank said. “We want them to do these subtle things that allow both sides to save face.” “While Unit 61389 was at work,” wrote Mr. Riley and Mr. Robertson, “White House national security officials huddled with cyber security experts from across the government — to consider the options they could present to POTUS Obama. The team included representatives from the State Department, NSA, FBI, and the Pentagon, and directed by the National Security Council staff. The authors add that “sensitive facilities could be put under the protection of the NSA, whose own hackers could disrupt the digital raiding parties, — but, that would be a significant escalation; and, require changes to U.S. law. Instead, the officials considered ways to draw a red line around critical infrastructure,” according to three people briefed on the discussions.
Pentagon Veto
“None of the options was good,” according to Bloomberg. “The U.S. could enter into treaties prohibiting such activity; but, signatories could simply continue such activity through black operations. Sanctions were unenforceable, and the source of the attacks hard to prove. Trust but verify, was a phrase made popular by Ronald Reagan. We’re worse off here. Its more like “don’t trust, and can’t verify,” said Steven Chabinsky, a former Deputy Assistant Director in the FBI’s Cyber Division, who is now General Counsel and chief risk officer at CrowdStrike Inc. “We need to move past that — to de-escalate growing cyber tensions.” Mr. Riley and Mr. Robertson noted that, “as discussions continued, a huddle emerged from within the group’s own ranks. Proscribing cyber incursions would require the U.S. to forgo such activities, putting a potential adversary’s ports, communication networks, and transportation facilities — off limits. The Pentagon vetoed such proposals, the three people said, and no plan for responding to the hacks made it to POTUS Obama’s desk. Laura Lucas Magnuson, a White House spokeswoman, decline to comment, according to Bloomberg.
Classified Setting
“An effort to require utilities, chemical refineries, water plants and stock exchanges to improve [their cyber] security also failed. Lobbying by the U.S. Chamber of Commerce helped kill a Senate cyber security bill in August 2012 — by casting it as a regulatory burden — because it would have forced companies to install anti-hacking protections. Supporters couldn’t overcome a Republican-led filibuster against the measure — falling eight votes short. The briefing on Capital Hill that summer, — by then NSA Director General Keith Alexander — was part of a push by the Obama Administration to persuade Congress to pass the legislation. It appears to have been the first notification to lawmakers — outside a classified setting — that foreign hackers had penetrated sensitive U.S. infrastructure,” the official familiar with the event said.
The U.S. has few alternatives, said James Lewis, a Cyber Security Fellow at the Center For Strategic and International Studies in Washington. “You can engage intelligence operations to try and judge their capabilities and intent, or fall upon your knees and beg critical infrastructure to make themselves a harder target, and we’re doing both.”
SCADA Subfolder
Documents obtained by Bloomberg News, show how deeply U.S. investigators burrowed into foreign hackers’ organizations. In the case of Unit 61398, Bloomberg noted that “hackers typically used U.S. servers as staging points, which worked to the FBI’s advantage. “The agents issued subpoenas to tap those servers, including some of those by UglyGuerrilla, to hack a natural gas utility in the Northeast,” according to people familiar with the investigation. “Using specialized software, the FBI was able to record the commands going back and forth between his computer and his victim. It was like peering over UglyGerrilla’s shoulder, watching a keystroke, as he snaked through the utility’s computer banks,” according to transcripts of the surveillance session. The FBI scooped up his passwords as he typed them, and agents watched as he transferred data back to his computer. He dropped one set of files into a folder on his desktop labeled — “SCADA,” — inside a subfolder with a utility’s initials, part of his method for keeping multiple victims straight,” the transcripts show.
Industry Quarries
“While UglyGuerrilla accessed a gateway to systems that regulate the flow of natural gas, it wasn’t clear if he was probing the security of the system; or, trying to gain control of it,” according to a person briefed on the investigation. Allison Mahan, a spokeswoman for the FBI, declined to comment on the bureau’s surveillance of Unit 61398.
“Pipelines are perfect targets,” according to security experts. “The latticework of lines that deliver gas are at capacity; and, loaded with chokepoints,” said Saxon Burke, a former U.S. Department of Energy intelligence analyst. There just aren’t many workarounds — when it comes to these pipelines.”
Among UglyGuerrilla’s many industry quarries in 2012, were the email accounts of executives and managers at utilities in Pennsylvania, New Jersey, and Georgia, according to the documents. Among those on the list was Ray Codey, Administrator of the small borough of Madison, New Jersey — a bedroom community an hour’s train ride from New York City.”
Killing Power
“The FBI didn’t tell him he was targeted by a Chinese cyber spy, Codey said, and it’s not known whether the hacker successfully breached the municipality’s network. Codey said it wouldn’t be hard to guess why Madison was a target, because it’s one of just nine towns in New Jersey that operates its own electric utility. Madison’s electricity comes through two feeder lines owned by Jersey Central Power and Light. If the hackers figured out how to shut them down, they could kill power ti Madison’s 16k residents in an instant — a feat, Codey said, “that Hurricane Sandy had managed.”
A very comprehensive review of the infamous China hacking unit; and, no doubt a scenario and modus operandi practiced by Russia, Iran, North Korea, and others. V/R, RCP
No comments:
Post a Comment