[ISN] Disgruntled techie attempts Californian power blackout

From: InfoSec News (alerts@private)
Date: Sun Apr 22 2007 - 22:16:22 PDT


http://www.theregister.co.uk/2007/04/20/terrorists_among_us_flee_flee/

By Lewis Page
20th April 2007

A cheesed-off American IT worker was seized by an FBI Joint Terrorism 
Task Force on Wednesday for attacking the Californian electric power 
grid.

Lonnie Charles Denison, of Sacramento, allegedly meddled with computers 
at the California Independent System Operator (ISO) agency. He is also 
accused of making a malicious bomb threat against the organisation. ISO 
controls the state's power transmission lines and runs its energy 
trading markets.

According to the feds, Denison became upset last week after a dispute 
with his employer, Science Applications International. Science 
Applications provides IT services to ISO.

Denison first attempted a remote attack against the ISO data centre on 
Sunday, but this was unsuccessful. He then reverted to simpler means, 
and entered the facility physically using his security card key late on 
Sunday night. Once inside, he smashed the glass plate covering an 
emergency power cut-off, shutting down much of the data centre through 
the early hours of Monday morning. This denied ISO access to the energy 
trading market, but didn't affect the transmission grid directly. Nor 
did his emailed bomb threat, delivered later on Monday, though it did 
lead to the ISO offices being evacuated and control passed to a 
different facility.

However, the feds reckon that if Denison had carried out his data-centre 
attack during normal business hours, "electric consumers in the Western 
United States would have experienced disruptions in their electrical 
supply". After arresting Denison they slapped him with a felony rap, 
destruction of an energy facility. The disgruntled techie, if found 
guilty, could be looking at the wrong end of a maximum five-year 
stretch, or perhaps a $5,000 fine.

This case could be another sign that America's terrorist threats can 
come from within as well as from beyond its borders. Denison is the 
second American IT worker to appear before federal beaks in recent days 
for sabotaging key US computers, joining Richard F Sylvestre.

Sylvestre's vandalism could have resulted in a nuclear-submarine 
collision and landed him in the jug for a decade, but in the end he got 
sent away for just 12 to 18 months. Denison could get off relatively 
lightly too, if he receives similar treatment.

It'll be interesting to compare the two Americans' cases with that of 
Gary McKinnon, the UFO-fancying Scottish hacker currently being 
extradited by the US to face trial for a string of computer intrusions 
some years ago. He doesn't seem to have threatened any power blackouts 
or sub wrecks, though he is accused of causing $700k-worth of damage to 
various US-government systems. America has hinted that he won't be 
treated as a terrorist, however.

Based on Sylvestre's short sentence and Denison's worst-case five years, 
McKinnon might not be compelled to enjoy the feds' hospitality for all 
that long a time assuming that US justice is consistent.


__________________________
Subscribe to InfoSec News
http://www.infosecnews.org



This archive was generated by hypermail 2.1.3 : Sun Apr 22 2007 - 22:31:01 PDT