Information Security News
mailing list archives
California hack points to possible IT surveillance threat
From: InfoSec News <isn () c4i org>
Date: Wed, 13 Jun 2001 00:55:53 -0500 (CDT)
By DAN VERTON
June 12, 2001
The revelation that hackers broke into computer systems owned by
California's primary electric power grid operator and remained
undetected for 17 days this spring highlights a growing fear on the
part of federal officials that such intrusions could be part of
long-term intelligence-gathering activities.
The intent of the network break-in at the Folsom, Calif.-based
California Independent System Operator (Cal-ISO) isn't clear. But
security analysts said the lack of apparent damage indicates that it
was conducted either by an unsophisticated group of hackers or by
attackers whose intent was merely to collect information about how the
systems work and to document their vulnerabilities.
The incident, which took place between April 25 and May 11, is being
investigated by the FBI. While Cal-ISO officials said they managed to
trace the attack to a system in China, experts said current security
technology can't help users differentiate the noise of so-called
"script kiddies" from the more nefarious goals of hacking sponsored by
governments or terrorists.
"You still don't know if you're dealing with a kid, organized crime,
an intelligence service or an economic competitor," said Frank
Cilluffo, a senior policy analyst at the Center for Strategic &
International Studies and co-chairman of a task force that the
Washington-based thinktank has set up to study future cyberthreats.
However, government officials and security researchers have documented
a significant increase in Internet probes and server scans this year.
A large percentage of the probes, they said, could be part of an
organized effort by foreign intelligence services and other groups to
map potential security holes in important systems.
A report released last month by the Defense Science Board, an industry
and academic group convened by the U.S. Department of Defense,
confirmed that the current state of the art in cyberattacks launched
by governments or terrorists includes preliminary intrusions into
various critical infrastructure networks. "Defenses must be probed,
vulnerable systems reconnoitered, logic bombs planted," the report
stated. "We should be watching intently for just such activities."
The primary threat to the most critical networks in the U.S. currently
comes from foreign countries that are actively mapping the Internet
for vulnerabilities, said Richard Clarke, national coordinator for
security, infrastructure protection and counterterrorism at the
National Security Council. "And they know more about our national
architecture than many of us do," Clarke said while speaking last
month at an Internet security conference in Washington (see story).
Cal-ISO is a not-for-profit company that was created by California's
government to run the bulk of the state's electricity grid, and its
systems are tightly integrated with the major power distribution
network serving the entire western U.S. Grids such as Cal-ISO's are
managed using highly proprietary technology known as Supervisory
Control and Data Acquisition (SCADA) systems.
Potential vulnerabilities associated with SCADA systems, particularly
those being used to manage the flow of electricity, have been widely
known for years and were documented in a 1996 report by a presidential
commission. But the available information about the vulnerabilities
isn't detailed enough for hackers to easily take advantage of,
"There's a tremendous learning curve for [infiltrating] SCADA
systems," said Tim Belcher, chief technology officer at Riptech Inc.,
a security consulting firm in Alexandria, Va. "This leads me to
believe that [the Cal-ISO break-in] wasn't an extremely sophisticated
attack, because with 17 days' worth of access [to the systems there],
I know what we could have done."
Cal-ISO spokesman Greg Fishman also downplayed the impact of the
incident. The intruders "never really got close at all to our
operational systems that run the grid," Fishman said. But the incident
"was an attempt to breach our security, and we take that very
seriously," he added. "We are in the midst of an investigation with
Chris Rouland, director of the X-Force vulnerability research unit at
Internet Security Systems Inc. in Atlanta, said his company has
documented "a consistent widescale probing of the Internet taking
place." But technology can't tell "a hacker sitting in a Chatahoochee,
Fla., high school from a crime syndicate in Beijing or [alleged
terrorist] Osama Bin Laden," said Rouland.
That's something the Defense Department and U.S. intelligence agencies
would like to be able to do. But critics charge that bureaucratic
roadblocks to information sharing among those groups and law
enforcement agencies, such as the FBI's National Infrastructure
Protection Center, are clouding the government's picture of what is
happening on the Internet.
"Gathering information about the kinds of attacks now being launched
is the crucial first step of any defensive effort," the Defense
Science Board's report concluded. "But the effort to begin this task
has become the subject not of effective initiative, but of continuing
political and bureaucratic conflict."
ISN is hosted by SecurityFocus.com
To unsubscribe email isn-unsubscribe () SecurityFocus com
- California hack points to possible IT surveillance threat InfoSec News (Jun 13)