Wednesday, April 8, 2009

Cyberspies Could Threaten our Electricity Supply

It's been known for sometime that hackers could bring America to it's knees if they knocked out our electrical grids. And since our government has spent all it's time concentrating on al Qaeda, other forms of terror could destroy our country. The problem is that we have a corrupt government that no longer protect us. We are on our own.

Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, the Wall Street Journal reported on Wednesday.

The spies came from China, Russia and other countries, and were believed to be on a mission to navigate the U.S. electrical system and its controls, the newspaper said, citing current and former U.S. national security officials.

The intruders have not sought to damage the power grid or other key infrastructure but officials said they could try during a crisis or war, the paper said in a report on its website.

"The Chinese have attempted to map our infrastructure, such as the electrical grid," a senior intelligence official told the Journal. "So have the Russians."

The espionage appeared pervasive across the United States and does not target a particular company or region, said a former Department of Homeland Security official.

"There are intrusions, and they are growing," the former official told the paper, referring to electrical systems. "There were a lot last year."

The administration of U.S. President Barack Obama was not immediately available for comment on the newspaper report.

Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, "If we go to war with them, they will try to turn them on."

This was from May of last year:
Investigators have found numerous instances in which the nation's largest public power company, the Tennessee Valley Authority (TVE), is "vulnerable to disruption" by cyberintrusions. The concern: Hackers could seize control of critical operations in TVA's many electric plants—including those that are nuclear powered—as well as its transmission grid, flood control, and water systems.

A report by the Government Accountability Office (GAO), identified as 08-459SU and marked "for limited official use only," includes 73 specific recommendations for security fixes so sensitive they are to be withheld today when the GAO releases a public version with 19 general recommendations, all of which TVA agrees with.

The report's findings alarmed TVA's own executives. At a May 2 meeting with congressional investigators and U.S. Homeland Security Dept. officials, TVA urged GAO, the investigatory arm of Congress, to modify wording and make public few details rather than raise public concerns or risk providing a road map for hackers. The public version of the report, which was requested by Republicans and Democrats on congressional homeland security committees to follow up on previous concerns about cyberthreats, is to be released at a May 21 hearing at 2 p.m. ET.

TVA, which has 52 facilities, plays a significant underlying role in the economy of the southeastern U.S. Besides providing power in Tennessee, Mississippi, Kentucky, Alabama, Georgia, North Carolina, and Virginia, TVA manages one of the largest electricity transmission systems in North America and the fifth-largest river system in the U.S. Security experts say that, too, could be manipulated in ways that might cause flooding or affect water quality.

Cybersecurity specialists and government officials, speaking anonymously for fear of the impact on their careers, say the threat is far from theoretical or confined to small nations such as Estonia. They say owners and operators of other U.S. and Western European utilities also are vulnerable to network break-ins by a variety of hackers, including some who may be acting on behalf of other governments.

This from Time Magazine in 2005. The article is entitle, "The Invasion of the Chinese Cyberspies (And the Man Who Tried to Stop Them)":
It was another routine night for Shawn Carpenter. After a long day analyzing computer-network security for Sandia National Laboratories, where much of the U.S. nuclear arsenal is designed, Carpenter, 36, retreated to his ranch house in the hills overlooking Albuquerque, N.M., for a quick dinner and an early bedtime. He set his alarm for 2 a.m. Waking in the dark, he took a thermos of coffee and a pack of Nicorette gum to the cluster of computer terminals in his home office. As he had almost every night for the previous four months, he worked at his secret volunteer job until dawn, not as Shawn Carpenter, mid-level analyst, but as Spiderman--the apt nickname his military-intelligence handlers gave him--tirelessly pursuing a group of suspected Chinese cyberspies all over the world. Inside the machines, on a mission he believed the U.S. government supported, he clung unseen to the walls of their chat rooms and servers, secretly recording every move the snoopers made, passing the information to the Army and later to the FBI.

The hackers he was stalking, part of a cyberespionage ring that federal investigators code-named Titan Rain, first caught Carpenter's eye a year earlier when he helped investigate a network break-in at Lockheed Martin in September 2003. A strikingly similar attack hit Sandia several months later, but it wasn't until Carpenter compared notes with a counterpart in Army cyberintelligence that he suspected the scope of the threat. Methodical and voracious, these hackers wanted all the files they could find, and they were getting them by penetrating secure computer networks at the country's most sensitive military bases, defense contractors and aerospace companies.

Carpenter had never seen hackers work so quickly, with such a sense of purpose. They would commandeer a hidden section of a hard drive, zip up as many files as possible and immediately transmit the data to way stations in South Korea, Hong Kong or Taiwan before sending them to mainland China. They always made a silent escape, wiping their electronic fingerprints clean and leaving behind an almost undetectable beacon allowing them to re-enter the machine at will. An entire attack took 10 to 30 minutes. "Most hackers, if they actually get into a government network, get excited and make mistakes," says Carpenter. "Not these guys. They never hit a wrong key."

Goaded by curiosity and a sense that he could help the U.S. defend itself against a new breed of enemy, Carpenter gave chase to the attackers. He hopped just as stealthily from computer to computer across the globe, chasing the spies as they hijacked a web of far-flung computers. Eventually he followed the trail to its apparent end, in the southern Chinese province of Guangdong. He found that the attacks emanated from just three Chinese routers that acted as the first connection point from a local network to the Internet.

It was a stunning breakthrough. In the world of cyberspying, locating the attackers' country of origin is rare. China, in particular, is known for having poorly defended servers that outsiders from around the world commandeer as their unwitting launchpads. Now Chinese computers appeared to be the aggressors.