[ISN] California hack points to possible IT surveillance threat

From: InfoSec News (isnat_private)
Date: Tue Jun 12 2001 - 22:55:53 PDT

  • Next message: InfoSec News: "[ISN] Industry Criticizes Internet Security Plans"

    June 12, 2001
    The revelation that hackers broke into computer systems owned by
    California's primary electric power grid operator and remained
    undetected for 17 days this spring highlights a growing fear on the
    part of federal officials that such intrusions could be part of
    long-term intelligence-gathering activities.
    The intent of the network break-in at the Folsom, Calif.-based
    California Independent System Operator (Cal-ISO) isn't clear. But
    security analysts said the lack of apparent damage indicates that it
    was conducted either by an unsophisticated group of hackers or by
    attackers whose intent was merely to collect information about how the
    systems work and to document their vulnerabilities.
    The incident, which took place between April 25 and May 11, is being
    investigated by the FBI. While Cal-ISO officials said they managed to
    trace the attack to a system in China, experts said current security
    technology can't help users differentiate the noise of so-called
    "script kiddies" from the more nefarious goals of hacking sponsored by
    governments or terrorists.
    "You still don't know if you're dealing with a kid, organized crime,
    an intelligence service or an economic competitor," said Frank
    Cilluffo, a senior policy analyst at the Center for Strategic &
    International Studies and co-chairman of a task force that the
    Washington-based thinktank has set up to study future cyberthreats.
    However, government officials and security researchers have documented
    a significant increase in Internet probes and server scans this year.
    A large percentage of the probes, they said, could be part of an
    organized effort by foreign intelligence services and other groups to
    map potential security holes in important systems.
    A report released last month by the Defense Science Board, an industry
    and academic group convened by the U.S. Department of Defense,
    confirmed that the current state of the art in cyberattacks launched
    by governments or terrorists includes preliminary intrusions into
    various critical infrastructure networks. "Defenses must be probed,
    vulnerable systems reconnoitered, logic bombs planted," the report
    stated. "We should be watching intently for just such activities."
    The primary threat to the most critical networks in the U.S. currently
    comes from foreign countries that are actively mapping the Internet
    for vulnerabilities, said Richard Clarke, national coordinator for
    security, infrastructure protection and counterterrorism at the
    National Security Council. "And they know more about our national
    architecture than many of us do," Clarke said while speaking last
    month at an Internet security conference in Washington (see story).
    Cal-ISO is a not-for-profit company that was created by California's
    government to run the bulk of the state's electricity grid, and its
    systems are tightly integrated with the major power distribution
    network serving the entire western U.S. Grids such as Cal-ISO's are
    managed using highly proprietary technology known as Supervisory
    Control and Data Acquisition (SCADA) systems.
    Potential vulnerabilities associated with SCADA systems, particularly
    those being used to manage the flow of electricity, have been widely
    known for years and were documented in a 1996 report by a presidential
    commission. But the available information about the vulnerabilities
    isn't detailed enough for hackers to easily take advantage of,
    analysts said.
    "There's a tremendous learning curve for [infiltrating] SCADA
    systems," said Tim Belcher, chief technology officer at Riptech Inc.,
    a security consulting firm in Alexandria, Va. "This leads me to
    believe that [the Cal-ISO break-in] wasn't an extremely sophisticated
    attack, because with 17 days' worth of access [to the systems there],
    I know what we could have done."
    Cal-ISO spokesman Greg Fishman also downplayed the impact of the
    incident. The intruders "never really got close at all to our
    operational systems that run the grid," Fishman said. But the incident
    "was an attempt to breach our security, and we take that very
    seriously," he added. "We are in the midst of an investigation with
    the FBI."
    Chris Rouland, director of the X-Force vulnerability research unit at
    Internet Security Systems Inc. in Atlanta, said his company has
    documented "a consistent widescale probing of the Internet taking
    place." But technology can't tell "a hacker sitting in a Chatahoochee,
    Fla., high school from a crime syndicate in Beijing or [alleged
    terrorist] Osama Bin Laden," said Rouland.
    That's something the Defense Department and U.S. intelligence agencies
    would like to be able to do. But critics charge that bureaucratic
    roadblocks to information sharing among those groups and law
    enforcement agencies, such as the FBI's National Infrastructure
    Protection Center, are clouding the government's picture of what is
    happening on the Internet.
    "Gathering information about the kinds of attacks now being launched
    is the crucial first step of any defensive effort," the Defense
    Science Board's report concluded. "But the effort to begin this task
    has become the subject not of effective initiative, but of continuing
    political and bureaucratic conflict."
    ISN is hosted by SecurityFocus.com
    To unsubscribe email isn-unsubscribeat_private

    This archive was generated by hypermail 2b30 : Wed Jun 13 2001 - 00:25:23 PDT