While these hackers haven’t caused the kind of blackouts that the intelligence community is afraid of, many of them have stowed away data that would allow them to strike at will. The Department of Homeland Security has made it known that they’re aware of attacks like this, but they’ve been fairly consistent in not doing anything about it.
And the Department of Homeland Security announced about a year ago that a separate hacking campaign, believed by some private firms to have Russian origins, had injected software with malware that allowed the attackers to spy on U.S. energy companies.
“You want to be stealth,” said Lillian Ablon, a cybersecurity expert at the RAND Corporation. “That’s the ultimate power, because when you need to do something you are already in place.”
The hackers have gained access to an aging, outdated power system. Many of the substations and equipment that move power across the U.S. are decrepit and were never built with network security in mind; hooking the plants up to the Internet over the last decade has given hackers new backdoors in. Distant wind farms, home solar panels, smart meters and other networked devices must be remotely monitored and controlled, which opens up the broader system to fresh points of attack.
Hundreds of contractors sell software and equipment to energy companies, and attackers have successfully used those outside companies as a way to get inside networks tied to the grid.
Attributing attacks is notoriously tricky. Neither U.S. officials nor cybersecurity experts would or could say if the Islamic Republic of Iran was involved in the attack Wallace discovered involving Calpine Corp., a power producer with 82 plants operating in 18 states and Canada.
Private firms have alleged other recent hacks of networks and machinery tied to the U.S. power grid were carried out by teams from within Russia and China, some with governmental support.
Even the Islamic State group is trying to hack American power companies, a top Homeland Security official told industry executives in October.
Homeland Security spokesman SY Lee said that his agency is coordinating efforts to strengthen grid cybersecurity nationwide and to raise awareness about evolving threats to the electric sector through industry trainings and risk assessments. As Deputy Secretary Alejandro Mayorkas acknowledged in an interview, however, “we are not where we need to be” on cybersecurity.
That’s partly because the grid is largely privately owned and has entire sections that fall outside federal regulation, which experts argue leaves the industry poorly defended against a growing universe of hackers seeking to access its networks.
As Deputy Energy Secretary Elizabeth Sherwood Randall said in a speech earlier this year, “If we don’t protect the energy sector, we are putting every other sector of the economy in peril.”
—
THE CALPINE BREACH
The AP looked at the vulnerability of the energy grid as part of a yearlong, AP-Associated Press Media Editors examination of the state of the nation’s infrastructure. AP conducted more than 120 interviews and examined dozens of sets of data, government reports and private analyses to gauge whether the industry is prepared to defend against cyberattacks.
The attack involving Calpine is particularly disturbing because the cyberspies grabbed so much, according to interviews and previously unreported documents.
Cybersecurity experts say the breach began at least as far back as August 2013, and could still be going on today.
Calpine spokesman Brett Kerr said the company’s information was stolen from a contractor that does business with Calpine. He said the stolen diagrams and passwords were old — some diagrams dated to 2002 — and presented no threat, though some outside experts disagree.
Kerr would not say whether the configuration of the power plants’ operations networks — also valuable information — remained the same as when the intrusion occurred, or whether it was possible the attackers still had a foothold.
According to the AP investigation, the hackers got:
—User names and passwords that could be used to connect remotely to Calpine’s networks, which were being maintained by a data security company. Even if some of the information was outdated, experts say skilled hackers could have found a way to update the passwords and slip past firewalls to get into the operations network. Eventually, they say, the intruders could shut down generating stations, foul communications networks and possibly cause a blackout near the plants.
—Detailed engineering drawings of networks and power stations from New York to California — 71 in all — showing the precise location of devices that communicate with gas turbines, boilers and other crucial equipment attackers would need to hack specific plants.
—Additional diagrams showing how those local plants transmit information back to the company’s virtual cloud, knowledge attackers could use to mask their activity. For example, one map shows how information flows from the Agnews power plant in San Jose, California, near the San Francisco 49ers football stadium, to the company headquarters in Houston.
Wallace first came across the breach while tracking a new strain of noxious software that had been used to steal student housing files at the University of California, Santa Barbara.
“I saw a mention in our logs that the attackers stored their malware in some FTP servers online,” said Wallace, who had recently joined the Irvine, Calif.-based cybersecurity firm Cylance, Inc., fresh out of college. “It wasn’t even my job to look into it, but I just thought there had to be something more there.”
Wallace started digging. Soon, he found the FTP servers, typically used to transfer large numbers of files back and forth across the Internet, and the hackers’ ill-gotten data — a tranche of more than 19,000 stolen files from thousands of computers across the world, including key documents from Calpine.
Before Wallace could dive into the files, his first priority was to track where the hackers would strike next — and try to stop them.
He started staying up nights, often jittery on Red Bull, to reverse-engineer malware. He waited to get pinged that the intruders were at it again.
Months later, Wallace got the alert: From Internet Protocol addresses in Tehran, the hackers had deployed TinyZbot, a Trojan horse-style of software that the attackers used to gain backdoor access to their targets, log their keystrokes and take screen shots of their information. The hacking group, he would find, included members in the Netherlands, Canada, and the United Kingdom.
The more he followed their trail, the more nervous Wallace got.
According to Cylance, the intruders had launched digital offensives that netted information about Pakistan International Airlines, the Mexican oil giant Pemex, the Israel Institute of Technology and Navy Marine Corps Intranet, a legacy network of the U.S. military. None of the four responded to AP’s request for comment.
Then he discovered evidence of the attackers’ most terrifying heist — a folder containing dozens of engineers’ diagrams of the Calpine power plants.
According to multiple sources, the drawings contained user names and passwords that an intruder would need to break through a firewall separating Calpine’s communications and operations networks, then move around in the network where the turbines are controlled. The schematics also displayed the locations of devices inside the plants’ process control networks that receive information from power-generating equipment. With those details, experts say skilled hackers could have penetrated the operations network and eventually shut down generating stations, possibly causing a blackout.
Cylance researchers said the intruders stored their stolen goods on seven unencrypted FTP servers requiring no authentication to access details about Calpine’s plants. Jumbled in the folders was code that could be used to spread malware to other companies without being traced back to the attackers’ computers, as well as handcrafted software designed to mask that the Internet Protocol addresses they were using were in Iran.
Circumstantial evidence such as snippets of Persian comments in the code helped investigators conclude that Iran was the source of the attacks.
The full extent of the attacks on the grid and what damage they’ve caused isn’t public knowledge. The Department of Justice says that the FBI doesn’t actually keep any record of how often cyber attack cases are prosecuted. The lack of information is just as frightening as how vulnerable we are to these types of attacks. It almost makes you wonder if the government is hiding something.
The reality is that our power grid is completely vulnerable and our government is doing little about it. Watch this report by Fox’s Judge Pirro on this threat that has the potential to kill 90% of the American population.
Source: apnews.myway.com
Peace loving muslims
A German’s View on Islam – worth reading.
The author of this is Dr. Emanuel Tanya, a well-known and well-respected psychiatrist. A man, whose family was German aristocracy prior to World War II, owned a number of large industries and estates. When asked how many German people were true Nazis, the answer he gave can guide our attitude toward fanaticism.
‘Very few people were true Nazis,’ he said, ‘but many enjoyed the return of German pride, and many more were too busy to care. I was one of those who just thought the Nazis were a bunch of fools. So, the majority just sat back and let it all happen. Then, before we knew it, they owned us, and we had lost control, and the end of the world had come.’
‘My family lost everything. I ended up in a concentration camp and the Allies destroyed my factories.’
‘We are told again and again by ‘experts’ and ‘talking heads’ that Islam is a religion of peace and that the vast majority of Muslims just want to live in peace. Although this unqualified assertion may be true, it is entirely irrelevant. It is meaningless fluff meant to make us feel better, and meant to somehow diminish the specter of fanatics rampaging across the globe in the name of Islam.’
‘The fact is that the fanatics rule Islam. It is the fanatics who wage any one of 50 shooting wars worldwide. It is the fanatics who systematically slaughter Christian or tribal groups throughout Africa and are gradually taking over the entire continent in an Islamic wave. It is the fanatics who bomb, behead, murder, or honor-kill. It is the fanatics who take over mosque after mosque. It is the fanatics who zealously spread the stoning and hanging of rape victims and homosexuals. It is the fanatics who teach their young to kill and to become suicide bombers.’
‘The hard, quantifiable fact is that the peaceful majority, the ‘silent majority,’ is cowed and extraneous. Communist Russia was comprised of Russians who just wanted to live in peace, yet the Russian Communists were responsible for the murder of about 20 million people. The peaceful majority were irrelevant. China’s huge population was peaceful as well, but Chinese Communists managed to kill a staggering 70 million people.’
‘The average Japanese individual prior to World War II was not a warmongering sadist. Yet, Japan murdered and slaughtered its way across South East Asia in an orgy of killing that included the systematic murder of 12 million Chinese civilians; most killed by sword, shovel, and bayonet. And who can forget Rwanda, which collapsed into butchery? Could it not be said that the majority of Rwandans were ‘peace loving’?
‘History lessons are often incredibly simple and blunt, yet for all our powers of reason, we often miss the most basic and uncomplicated of points: peace-loving Muslims Have been made irrelevant by their silence. Peace-loving Muslims will become our Enemy if they don’t speak up, because like the peace loving Germans, they will awaken one day and find that the fanatics own them, and the end of their world will have begun.’
‘Peace-loving Germans, Japanese, Chinese, Russians, Rwandans, Serbs, Afghans, Iraqis, Palestinians, Somalis, Nigerians, Algerians, and many others have died because the peaceful majority did not speak up until it was too late.’
‘Now Islamic prayers have been introduced in Toronto and other public schools in Ontario, and, yes, in Ottawa, too, while the Lord’s Prayer was removed (due to being so offensive?). The Islamic way may be peaceful for the time being in our country until the fanatics move in.’
‘In Australia, and indeed in many countries around the world, many of the most commonly consumed food items have the halal emblem on them. Just look at the back of some of the most popular chocolate bars, and at other food items in your local supermarket. Food on aircraft have the halal emblem just to appease the privileged minority who are now rapidly expanding within the nation’s shores.’
‘In the U.K, the Muslim communities refuse to integrate and there are now dozens of “no-go” zones within major cities across the country that the police force dare not intrude upon. Sharia law prevails there, because the Muslim community in those areas r efuse to acknowledge British law.’
‘As for us who watch it all unfold, we must pay attention to the only group that counts – the fanatics who threaten our way of life, our children’s and grandchildren’s.’
Lastly, anyone who doubts that the issue is serious, is contributing to the passiveness that allows the problems to expand.
Extend yourself a bit and send this on. Let us hope that thousands world-wide read this, think about it, and send it on before it’s too late, and we are silenced because we were silent!!
Obama probably gave them the keys
And the codes.
They did not hack into the power grid …it was freely given by Obama and Valerie Jarrett who is the acting president while Obama goes out golfing and vacationing around the world she runs America and keeps Iran informed. They are laughing at the stupidity of the goverment that is lead by weak and corrupt men. To let Obama and Valerie run America down and sell the people out for money.. Elected politicians are the problem they do not have our backs.. They are self serving and that is how Valerie is the unofficial president….
Obama gave them the pass words
I am sure Barry gave them the codes to break in