[ISN] Schneier: Cyber-extortion on the rise

From: InfoSec News (alerts@private)
Date: Thu Jan 24 2008 - 22:27:35 PST


http://news.zdnet.co.uk/security/0,1000000189,39292357,00.htm

By Tom Espiner  
ZDNet.co.uk
23 Jan 2008

The security expert has warned of an increase in cyber-extortion, but 
added there is no need for panic about attacks on critical national 
infrastructures

Security expert Bruce Schneier has warned that cyber-extortion is on the 
rise, but gave the caveat that it mainly affects "fringe" industries, 
such as online gambling, rather than critical national infrastructure 
organisations.

Schneier wrote in a blog post on Tuesday that the security company he 
founded, Counterpane, has seen proof of attack capability followed by 
extortion demands but said the attacks he had seen had not been against 
power companies. He wrote the blog post in response to a CIA statement, 
reported by security training body the Sans Institute, that a 
cyberattack had caused a power blackout in multiple cities in a country 
outside the US. The CIA also said it had evidence of blackmail demands 
following demonstrations of successful "intrusions through the 
internet".

"Cyber-extortion is certainly on the rise; we see it at Counterpane," 
Schneier wrote. "Primarily it's against fringe industries online 
gambling, online gaming, online porn operating offshore in countries 
like Bermuda and the Cayman Islands. [Cyber-extortion] is going 
mainstream, but this is the first I've heard of it targeting power 
companies."

Schneier counselled calm, saying that it was not known whether 
supervisory control and data acquisition (Scada) arrays, which many 
critical national infrastructure organisations use to control and 
measure systems, had been compromised.

"This CIA titbit tells us nothing about how the attacks happened," 
Schneier wrote. "Were they against Scada systems? Were they against 
general-purpose [computers] maybe Windows machines? Insiders may have 
been involved, so was this a computer security vulnerability at all? We 
have no idea. I'd like a little bit more information before I start 
panicking."

Alan Paller, director of research for the Sans Institute, told 
ZDNet.co.uk on Tuesday that Tom Donahue the CIA analyst who reported the 
attack to a Sans Institute conference a week ago had not divulged the 
countries involved, nor the method of attack, nor when the attacks had 
occurred. However, Paller confirmed that US power companies had not been 
involved.

"All we know from Tom [Donahue] is that it was not US companies [that 
were attacked]," Paller wrote in an email exchange with ZDNet.co.uk. 
"The CIA is involved because Tom [Donahue] is the person responsible for 
the US cyberthreat analysis, and he and his management chain must have 
felt the risk to US companies was elevated because it had happened for 
real in other countries, and because the quality of security in many US 
utilities needs immediate and substantial improvement."


___________________________________________________      
Subscribe to InfoSec News
http://www.infosecnews.org/mailman/listinfo/isn 



This archive was generated by hypermail 2.1.3 : Thu Jan 24 2008 - 22:39:46 PST