Re: [ISN] CIA official: North American power company systems hacked

From: InfoSec News (alerts@private)
Date: Tue Jan 22 2008 - 22:37:42 PST


Forwarded from: security curmudgeon <jericho (at) attrition.org>

Color me confused..

Many of us have seen the articles the past few days about this 
"incident", but as best I recall there hasn't been anything mentioning 
where this occured or when. The title of this article says it is a North 
American power company, but i'm wondering if Jill Aitoro confused 
something?

: http://www.govexec.com/dailyfed/0108/011808j1.htm
: By Jill R. Aitoro

: Hackers have targeted computers that operate power companies 
: worldwide, causing at least one widespread electricity outage, a 
: Central Intelligence Agency senior analyst told North American 
: government and public works representatives in New Orleans this week.

CIA told North American gov/com people..

: "We have information, from multiple regions outside the United States, 
: of cyber intrusions into utilities, followed by extortion demands,"

"outside the US" but no mention of North America (if true that really 
limits where it could have been)..

: benefit of inside knowledge," he said. "We have information that 
: cyberattacks have been used to disrupt power equipment in several 
: regions outside the United States. In at least one case, the 
: disruption caused a power outage affecting multiple cities. We do not 
: know who executed these attacks or why, but all involved intrusions 
: through the Internet."

"several regions outside the US", again no mention of North America

: computer networks that run water, power and chemical plants. In the 
: test, conducted last March, researchers from the Idaho National 
: Laboratories simulated a cyberattack on a power plant's control system 
: that caused a generator to self-destruct.
:
: Government and industry experts who testified at the hearing cited 
: flaws in regulations set by the North American Electric Reliability 
: Corporation, which is charged with improving the reliability and 
: security of the bulk of the power systems in North America through the 
: development and enforcement of reliability standards. Recognizing

This refers to a simulation test against North American power 
companies..

So, where do we get "North American power company systems hacked"? Big 
error in the title of this article, or is there information that wasn't 
included in the article? Or is the title cleverly hyping a simulation 
test conducted last March and mixing it in with the very recent news 
from the CIA that power plants were allegedly hacked and extorted after 
forced blackouts?

If it did happen in North America, and it isn't in the US, the following 
URL should help isolate where it happened in 'multiple cities' maybe:

http://en.wikipedia.org/wiki/List_of_power_outages


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Tue Jan 22 2008 - 22:49:47 PST