Forgot your password?
typodupeerror
Bug

Cal-ISO Breach Revealed 158

Posted by timothy
from the breaking-and-entering dept.
HiredMan writes: "The LA Times says in a story that 'hackers' had penetrated the Cal-ISO, the California electric grid parent company, and were attempting to compile code to allow them penetrate the 'firewalls' to access the actual grid control computers. Apparently the 'hackers' -- who came through a Chinese server -- breached a development computer that wasn't hardened and the intrusion went undetected for over two weeks until the intruders brought too much attention to themselves. Trying to downplay the incident one official said, 'It was a compromise, not really an attack.'" An anonymous reader pointed to coverage at MSNBC as well.
This discussion has been archived. No new comments can be posted.

Cal-ISO Breach Revealed

Comments Filter:
  • I didn't say anything about military attacks, you ignorant karma whore.

    "If the Chinese government is sponsoring these 'hacker attacks', this is an act of war and should be treated like one."

    Declaring something as an act of war IS saying something about military attacks, specifically retaliation-wise. Lay off the caffine, k?

  • by Anonymous Coward
    But now it's 3-1! =D
  • We are not brainwashed. We are not brainwashed. We are not brainwashed.

    (Just lazy, arrogant and ignorant.)
  • by Anonymous Coward
    I understand the need for the internet's infrastructure for communications. However, there is something else to consider. Many US utilities outsource for programming. India provides some of the programming talent. I hope our utilities have experts reviewing the code before it is integrated into the system. One does not need to wage war through arms if one can simply turn out the lights. This does not mean that India would necessarily want to do this, but individuals could be surrogates for states.
  • by Anonymous Coward on Saturday June 09, 2001 @02:16PM (#163460)
    So, If you hack into a power companies's computer, you could reboot everyone else's systems
  • I thought it was the Japanase games that said, "all your power are belong to us" . . .


    :)
    hawk

  • Anyone who has worked on control systems knows that most run their own proprietary networks and communications protocols.

    Maybe that was true 15 years ago. Today everything is either DeviceNet (US), ProfiBus (Europe), or ModBUS (everywhere) -- there are other protocols but these are the Big Three. And with Industrial Ethernet becoming more and more popular, ModBUS/TCP (ModBus data structure inside a normal TCP packet), it is trivial to fuck up network.

    True, you'll likely not know what you're dicking with since you won't have the device configuration files (DeviceNet) unless they were left lying around somewhere but just having the ability to spew trash out to all the industrial devices can cause some pretty massive problems all their own.

  • Warning: Too many connections in /include/common.inc.php on line 60
    Unable to connect to database askadick. Be sure to edit include/common.inc.php.
  • ...a Richard. Couldn't help it. I've had tons of luck with HE.net [he.net] and Vex [vex.net]. Shell access as well as top notch service. Good luck!
  • Oh GOD!! NOT FINGER!!!!

    Sweet merciful crap! Every two-bit, pinheaded, self-proclaimed Security Expert has rehashed the Common Wisdom for years that fingerd is FUCKING DEADLY! And damned if you aren't going to trot right into line, am I right?

    Tell me... aside from a hole in Joe Random's Nifty-Keeno New-Fangled Finger Daemon and Lemon Peeler (Debian exclusive! As Seen On TV!) this year, and FreeBSD's "oops, we let it read the filesystem... as *nobody*" bug last year, what evil lurks in the hearts of finger daemons that should strike terror into the hearts of men?

    God... next you'll be bitching that people leave (horror of horrors!) telnetd running.

  • Characters my posterior. If the power grid had been taken down, I can guarantee you that is tantamount to an act of war.

    Consider that so far US armed forces who are developing similar capabilities have been restrained from using them for just such legal reasons.

    Tell ya what - when you're sitting here with the lites out (and I will be) and the Western grid, not just CA is included.. is that funny?
  • uhm - there was an article a few years ago in Linux Journal about how PG&E was looking at Linux to help do reporting and control. I also seem to recall a similar article from a Virginian Power company.

    They're using commercial data com to talk now-adays. Heck, even the Richochet modems were invented originally to be power-meter readers (and they started with AX.25 for their first generation protocol!)
  • Enough of your commie treason. Duffbeer703 has a point - if those hackers had been successful, a large chunk of California might have lost power for perhaps twenty or even thirty seconds before someone figured out that something was wrong with the computers and switched to manual override.

    And if that momentary deprivation of electrical services isn't equivalent to the assasination of Archduke Francis Ferdinand, or the bombing of Pearl Harbor, I frankly don't know what is. A full-fledged atomic counterstrike is the only allowable course of action.
  • It's kind of like the "Zero tolerance policies" in the school system. Parents scream and yell about the violence in schools, the school system "gets tough," innocent students are persecuted and the real bullies get off.
  • Maybe he meant "attack" in the sense of "malicious intent by evil Commie terrorists" and "compromise" in the sense of "kids screwin' around"?
  • If the grid's monitoring and controlling
    computers are actually connected to the net,
    somebody in Cal-ISO needs to do some
    prison time for criminal negligence.
    This is inexcusable.
  • Why the hell would important computers which control the power grid be accessable from the internet in any way.

    Why? So they can renew their license of Microsoft Power Policy Manager, of course!

    What, you mean they don't control the power by going to
    Control Panel->Power Options->Advanced->Outage Control ??


    --
  • There has been call since the early '70s to require certification for programmers -- a way to make them financially responsible for the quality of their work would be on the lines of a construction company's bond. As long as we allow a software industry to permit mediocrity, we will be blessed with substandard systems even to a national disgrace.

    The story is quoted from a lot of people whose core competency is politics, and not from network engineers. I wonder what the rest of the story is.

    I have industrial strength security built on consumer gear for my network, why can't they?

    Oh yeah, they can't afford my consulting rate.

  • Why the hell would important computers which control the power grid be accessable from the internet in any way.

    It is cheaper than laying a dedicated net to all of the programmable power-controlling units. Remember that they must have an easy way to redirect the power (spare power is often sent to other countries buying it). But normally vital parts are strongly protected to ensure no outside interference. That is why heavy cryptography is commonly used in these businesses, and security is a big issue.

    My father leads a power company. There they have a small dedicated net for the most vital parts, separate from the internet, which you have to call up using special routers. But his company is rather small compared to the system Cal-ISO controls.

  • Actually they probably have switches which can be configured for different VLANs, and then they won't have any extra costs for having them on a "separate" network.

  • "That's really amazing on two counts: that there were computers not behind a firewall and it took 17 days to discover," said state Sen.

    What's more, dozens of ports into the computer system were open, when only a handful should have been available.

    It seems strange how professionals can install a system full of securityholes and have it online. Probably that means their default distro of the operating system (their not mentioning which) has these holes per default. Since they have a system like this online for a relative long period of time, why should it not be probable that they also has many such systems behind the firewall?

    Obviously they are reliabiling 100% on the firewall. If the intruders had made it through the wall, they would no doubt have easy access to many of the systems there. And that would be scary, if they can't secure such vital systems in a proper way.

    I'm glad I don't live in California.

  • Hahahahah! Imagine a blackout hitting a computer inside the power company! That's about as likely as Bill Gates inviting Linus over for drinks.

    ---
  • Ok good reason. The computers need to talk.
    But this is still good for dedicated networking.

    With the Internet you still have hacks, Access to critical systems etc.
    Plus the Internet is not as reliable as a network could be. It's no technical falt. Simply the bulk of the systems are untrusted. Even back bones and ISPs aren't entirely trustworthy.
    Add to the picture the other traffic. The Internet carrys my Slashdot news, your Quake traffic, your power grid data could be delayed at a critical moment.

    The Internet is best for NON CRITICAL information exchange. If you have critical information on critical systems put together a dedicated network. Same software same hardware as the Internet just dedicated equipment and a diffrent configuration.

    Internet servers need to support 10 year old software pacages. Dedicated networks could reject packets at the backbone or service side that don't run the latest indent or what ever solution you pick.

    When every server is "watching your back" it's much harder to hack and much easier to secure.
  • by Mike Schiraldi (18296) on Saturday June 09, 2001 @02:27PM (#163479) Homepage Journal
    The hackers were this close to setting off their attack, but luckily before they could initiate the program, the rolling blackouts hit the server they were using.

    --

  • We have only a limited number of hubs

    Who's "we"?

    I'd be surprised if they're using hubs at all. Switches are better, they could implement VLANs to separate their mission critical networks from their "office" networks.

    Your description is really scary - I hope your power companies have better IT/Network Operations departments...
  • Hear Hear! Just drop the routes to unnecessery hosts - now that is real security measures - and they work!

    Until someone compromises one of those trusted systems...

  • by GC (19160)
    I especially like the bollocks they use:

    Colour it Green - call it red...

    and so on...

    This is bollocks! At it's best.
  • by GC (19160) <giles@coochey.net> on Saturday June 09, 2001 @05:05PM (#163483)
    Necessary data connections between the netwoks are randomly disconnected by a mechanical device. Even developers working in the bank have limited internet access by a slow modem to a secure proxy server (which might make it a crappy job but also a fine place to put your money in).

    Randomly? Do they randomly deposit money in their customer accounts as well?

    oh come on! I have never heard such clap trap - Do you have a URL, rather than these weird urban legend approaches to network security?

    slow modem? They use modems? Banks? I just can't believe it. I seen the Network installations of many financial institutions and there were very few modems - plenty of Switches, Firewalls and Routers though.
  • There isn't an 'energy shortage.' California as a state used 14% less energy this April than April 2000, while energy production in the country has increased in the same timeframe. Per capita energy consumption in California is lower than in 48 of the 49 other states in the union.

    But Bush telling us that directing Federal agencies in the state to cut energy use by 10% will fix everything? That's an insult.

    Kevin Fox
    --
  • Sorry. Actually I won't.

    The fact of the matter is Bush is catering to Texas energy companies he has a stake in, at the expense of California. Last week he came to our state and said he wouldn't impose price caps on energy costs in California because the prices were simply reflecting the law of supply and demand and that a spending cap wouldn't do any good. He stood on a podium next to our governor and insulted his intelligence by acting as if withholding natural gas to drive prices up for apopulation of 28 million people, and consequently cutting their power is not something the president has any reason to act upon.

    Now let me tell you, you "ignorant fuck," that when I, through my utility, have to pay $1900 for a megawatt hour that goes for between $22 and $32 in Texas, New York, or Florida, that it's not because of supply and demand, but because of cartel price manipulation, so go fuck yourself before giving me any more shit.

    Or if you actually think you're right, then explain why and don't be an Anonymous Coward.

    Kevin Fox
    --
  • We have quite a few power plants. We have power plants that are LYING DORMANT because the cost of natural gas PIPED IN FROM TEXAS is so high that using it to fuel said plants is too expensive for the energy produces, again because they are charging 40x-100x the prices the SAME COMPANIES (Enron, for example) charge other states.

    A power plant for every california family wouldn't help if there's still a stranglehold on the fuel.

    Read a book, or a newspaper, before spouting off such childish economic mantras, will you?

    While we're at it, isn't it interesting that gas prices [gaspricewatch.com] in San Juan Capistrano (California) are the highest in the country, at $2.35 a gallon, while the lowest in teh country is, any guesses? Yep, San Antonio, Texas, at $1.27. That's an 85% markup over Texas retail prices, and natural gas is far, far worse.

    California generates 75% of the power it uses in-state. This is far more than most of the larger states.

    Kevin Fox
    --
  • by KFury (19522) on Saturday June 09, 2001 @03:31PM (#163487) Homepage
    On one hand, I'm supposed to ignore California's energy problems. But I'm supposed to be hard on any Chinese retaliation against us. Damn, and Cheney took the weekend off. Umm. I know! I can call for more spy satellites! It'll justify my higher defense budget, and they're made in California, so the Cali's will be using more energy, which puts money back into Texas! Win-win!

    Kevin Fox
    --
  • Funny, I don't know if it's still there but there was a Network Security Manager job opening at Cal ISO.

    I'd have appied myself but the job description was IMHO very pooly written. I got the impression they were looking for a suit that could actually say a handfull of buzzwords but not much else.

    Bet they're looking for someone a bit smarted now :).
  • Given the rolling blackouts in California, I doubt anyone would have noticed even if they had succeeded :)
  • Hasn't anyone gthere heard of an air gap style perimiter? I can't think of any reason why the grid control computers should even have ANY links to the "real world" networks. Sure, perhaps so that they can be controlled from workstations on your LAN, but IMO, that's not really smart.
  • Well, it was a developmental computer. Sure, that's no excuse, but if you're a developer (and not a sysadmin), do *you* worry about the holes in the OS first thing? More than likely, you've got an itch to scratch and you set up the box and start CODING. The thought to "secure" the OS probably never even came around.

    This is also an argument to get OS distributers to ship their OS in a pro-active security mode, ala OpenBSD. I'm sure if the money is right it'll happen.

  • by Rinikusu (28164) on Saturday June 09, 2001 @04:08PM (#163492)
    You know, I seem to recall the US bombing the shit out of Serbian power infrastructure...

    Cracking Power Grid = bad
    Putting 5000 pound bomb on the generators = good

    Hmmm.

  • NEVER Secure a Network in such a way. It won't work.

    If I drop a packet sniffer on that network, what do you think I get?

    EVERYTHING.

    A switch isn't a real solution to that either, unless All the switches are configured correctly and securely I would only need 1 to get packets directed onto the 'secure' network.

    While you don't want a single point of failure in a network, you also don't want to leave all the doors and windows open.

  • "That's really amazing on two counts: that there were computers not behind a firewall and it took 17 days to discover," said state Sen. Debra Bowen (D-Marina del Rey), who chairs her chamber's Energy Committee. Bowen, who was informed of the breach by The Times, called it a "serious matter" and said she was "very concerned to learn about this from the L.A. Times, rather than from the ISO itself." The lack of official notification, she said, adds to her skepticism about whether the agency has been forthcoming. "It is embarrassing, so I can understand they would not want to talk about it," Bowen said. "We're going to ask some questions."

    I love that quote. What, does she think that she needs to know every little common thing that goes on in a place like that? Does she think that compromises aren't a daily thing in this electronic world? If that same place had a stapler get stolen from the supply closet or hell a company car from the dealer that was working on it, would she have to have "official notification"? Would she expect for someone to realize a stapler was missing right away? People like that make me sick. She reminds me of a super I used to have that was always on my case wanting to know exactly what I was doing every minute of the day. Finally I got so fed up I literally wrote down everything I did for the entire day, minute by minute with notes. Some examples entries would be:

    8:15AM Blew nose.
    9:30AM Left to take a bathroom break.
    9:33AM Arrived at bathroom. Took morning shit. Bad case of diarrhea. Took 9 wipes and 4 dabs and a lot of air freshener. Note to self: bring Peptobismal to work for desk drawer.
    9:47AM Returned from bathroom.
    10:12AM Picked nose.
    10:43AM Did super's job for him because he was too busy planning his next vacation. 11:01AM Opened 3rd can of Mountain Dew.
    11:05AM Took a Pepcid AC to combat bad acid reflux.
    11:47AM Scratched myself.
    1:00AM Went to worthless meeting of which I shouldn't be in because I have no part in anything discussed and nothing in it directly or indirectly affects me.

    I documented to entire day like that but worse with even more vivid descriptions. I spent more time writing shit in my list than I did actually working that day. At the end of the day I sent it to my super and _the_ boss. Needless to say my super never asked what I was doing ever again. :-)

    --

  • Excuse me? Buddy you 1) weren't there, 2) obviously don't know the people involved, and 3) apparently you don't know the policies set forth by the company I worked for. HR would have had a field day over this because it violated numerous company privacy policies for employees as well as procedural policies within my department and my super and boss both knew it. That would probably be why my super was assigned to other duties (read: shit work) and was no longer my super. If there are a number of possible variables that you don't know, either a) ask for them or b) save a some electrons and don't say jack.

    --

  • Or maybe they simply couldn't sleep because of their neighbour's overly loud stereo. So they spent their time doing something "useful". And if successful, they would have been able to rest in silence, undisturbed by the party below!
  • This a cute gimmick but fundamentally no different form any other opaque firewall approach that stages email and does not offer general IP connectivity.

    An air gap is an air gap, that passes data only by human intervention. This product is not an air gap.
  • stopping genocide: good

    If 'stopping genocide' requires unethical actions, why pretend that war is ethical at all?

    qualified ethics : pointless
  • Sometimes the end does justify the means. If the evil combatted is so extra-ordinarily bad, and if the only way to bring it down is a slightly unethical action, I'd opt for the slightly unethical action, rather than the unspeakable evil.

    Translation:

    When fighting those without ethics the only way to win is abandon you own ethics.

    Not that I disagree, my inital post was trying to convey that declaring we must fight wars in an 'ethical' manner is ridiculous. See "Apocalypse Now" for exactly my opinion on the matter.

    Col. Kurtz : "The Horror...the horror..."
  • people who cripple themselves into inaction through excessive contemplation of 'ethics' = dead

    Is there an echo in here? I could have sworn I just said that...
  • If you read the article you will see that they came in off machines in Santa Clara.
  • or hell, mandate that banks have backup power generators.. like every other country on earth!
  • Everyone relies 100% on the firewall. My security consulting work goes to waste every time I recommend tightening up "internal security". They want me to break the firewall.
  • Arnt worth much to americans. Which is what we were arguing about (apparently, it's hard to tell with this cocksucker).
  • I'll tell you about suffering! One day I had to stand outside in the California sun waiting to bank my pay check cause they were only letting people into the bank two at a time (no power == no aircon) and when I did finally get inside they couldn't look up my account number cause they didn't even have a backup generator for their mission critical computer systems.
  • you need to chill home boy. totally. read the paper I linked to, it quite clearly establishes that all is not fair in war, and that there have been rules in war for about the last 2000 years.
  • Alternatively we could just come to the often stated conclusion that the US is the sploiled brat of the world and doesn't know how to play fairly. After all, attacking civilians has never been a problem for your army. You should hang your head in shame, not stand up and say that is the way it should be.
  • The subject? I thought the "subject" was whether a (cyber)attack on a power grid was ethical or not. You're the one that has changed the subject to one of whether or not this is a big conspiracy manufactured by the government. My post simply states that there is no justification for taking down a civil power grid -- even if it is in war time. Go have your everyone is out to get me argument with someone else.
  • All is fair in war no matter what your own beliefs are.

    The only relevant thing you have posted before you went off on a tangent. What is your supporting evidence for this? Oh, the US doesn't respect the universally accepted laws of war (primarily that you dont attack indescriminately) so it must be alright. Was your argument about conspiracy and "world government" meant to support your case that the US should be the ethical model for the world or what?
  • News Flash: You have no point. The actions of the US government is not the best place to start debating the ethics of war. Your government is lame, what are you trying to say? When AC's start questioning what the fuck you are on about it is time to stop replying.
  • by QuantumG (50515) <qg@biodome.org> on Saturday June 09, 2001 @02:35PM (#163511) Homepage Journal
    This is disturbing because even if China was at war with the US this would not be an honourable attack. From this paper [army.mil]:

    Since a control system is the portion of the electrical grid most vulnerable to computer network attack, and since it disrupts the transmission and distribution systems serving all consumers, such an attack is indiscriminate except in one isolated, hypothetical case. If it were possible to disrupt only the electricity to those targets which are proper for iron bombs (e.g., military facilities and defense industry targets making only war materiel), then, and only then, would such an attack be discriminate. Until such a capability exists, however, one must assume that an attack on electrical power facilities is an attack on noncombatants, including facilities such as hospitals, specifically excluded from attack by numerous treaties.

    The widespread effects of electrical grid attacks are so devastating to a modern society that they are neither humane nor proportional to the military effect achieved. Iraq's experience after the Gulf War is an example. Neither water treatment plants nor sewage treatment plants were operational due to the long-term electricity outages. These combined to produce a major health crisis. During the year after the Gulf War, some estimates linked as many as 70,000 to 90,000 Iraqi deaths to the higher-order effects of life without electricity.[26] In Iraq, the outages were long-term in nature because the large, obvious generator halls were a favorite target of allied airmen, and these are more time-consuming and expensive to repair than distribution yards.[27] The efficacy of these attacks also has been called into question because many, if not most, military targets have backup power from dedicated generators, making them independent from the public power utilities. Thus, evidence from past wars suggests that air attack of electricity grids produces only a limited effect on the outcome of a conflict.[28] In such a scenario the military advantage would not outweigh the harm to civilians from reduced hospital capacity, diminished agricultural capacity, and reduced medical refrigeration capability. Indeed, "customary law" protects foodstuffs, crops, and medicines during time of war.[29] Attacking the political stability of an enemy by cutting off his electricity clearly is devastating to the civilian population and thus bears no resemblance to a discriminate attack.

    The fedz are right to call these punks "terrorists."
  • Stop using the "Code" formatting method. Use "Plain Old Text".
    ------
  • the cal-iso doesn't and can keep our power on...
  • I would humbly suggest that you drop the anti-government conspiracy theories and pay attention to facts.
    Here's your facts, mister [attrition.org].

    As the Attrition rant notes, petty vandalism has been going on pretty constantly for a while now. The tone of it has changed, slightly, now that the vandals are making the news, but what you're seeing now really isn't significantly different, in volume or content, than it has been for a while now.

    To the extent that the reporter talks about the increase in Chinese attacks during the timeframe in question, the reporter is wrong. There was no such increase. There were $foohundred attacks then. There were also $foohundred attacks the month before, and there were $foohundred attacks the month after. Big deal.

    Not all vapid propaganda has to come from big brother...


  • First off Parameters is for ROTC school kiddies in training, and articles like that are nothing more than propaganda. If you take a look at history as you state sure there are rules, and those rules are always broken. Take a close look at what we (the United States) did in Serbia. We cause an ecological disaster with the warfare, water is polluted, air is polluted, etc. Sure you can think the Geneva Treaty is something glorious but its nothing more than more propaganda.

    Facts are facts, and the fact is the military would never practiced what's preached in publicly available documents, everything is gonna look pretty for the people, but when you dig deeper the shit always comes out. I suggest you keep a sharp eye out for "Operation Dragonlord" should they ever release it via the FOIA, and you'll see exactly how shady the US government is in regards to China.

    Last month they sent out warnings of a massive attack set to take place. Something which never happened. Why? Simple, create animosity between Americans, and the intended target, makes things simpler when you have to take action, and that's the bottom line.

  • Stick to facts, I can dish em out to point out why I think the way I do. Wow what how ironic this happens when the United States is hoping that the European Cybercrime Treaty [cryptome.org] is being finalized. An incidence like this would surely make politicians think twice about taking away a certain amount of rights from the people in order to maintain National Security wouldn't they?

    Hell this could be what is meant by "justifying world government [theregister.co.uk]." See if the treaty goes through it would mean the United States LEA's would not have to depend on the liberties given to the people here, they could simply have their German counterparts subpoena things they've been denied in American courts. What power they'd have.

    Look I'm in no way flaming you so don't take it that way, there's always two sides to every single issue. One thing that's certain is China's networking infrastructure is harsh on rules, and laws, so it'd mean harsh punishment for someone even trying to do things, and their up shit's creek so I personally feel they'd be reluctant to pull this off. Now on a technical level if the system was compromised do you know how easy it is to manipulate log records? Hell I could make you think Elvis or Tupac compromised that host. So for someone to say the Chinese did this, I could always come back and say oh yea, well someone using Nemesis [packetninja.net], or HailStorm [clicktosecure.com] replayed a session to impose a Chinese did this.
  • Go have your everyone is out to get me argument with someone else.

    Is that what you think for someone who posts a different view of what may be happening? I could care less about government, I don't hide from anyone especially using anonyminity. As stated I posted a substantialy documented rebuttal, and sadly you have no answer only a pathetic message.
  • My supportive evidence?

    Army accused of cover-up in Kosovar Albanian's death [freerepublic.com]

    Government Watchdog Agency for human medical experiments under investigation [199.45.69.176]

    Hydrazine Sulfate Cancer Coverup [heall.com]

    THE COVER-UP OF GULF WAR SYNDROME -- A QUESTION OF NATIONAL INTEGRITY [gulfwarvets.com]

    The United States and Biological Warfare [zolatimes.com]

    THE UNITED STATES SINCE 1968 [jmu.edu]

    MKUltra, Uranium, Unsolved Homicide, Possible Genocide [antioffline.com]

    My bad everyone must be wrong the government is such a great watcher and keeper of the peace. Maybe if you took the time to see things in an unbiased way you would actually have a clue. Me on the other hand I love government, and I truly love many of the policies they've created, but I would never turn a blind eye because they did one good thing so this enables them to perform 20 bad things in return. Fsck that.

  • by joq (63625) on Saturday June 09, 2001 @04:47PM (#163520) Homepage Journal
    All is fair in war no matter what your own beliefs are. Lest we forget how the "fedz" tried to hire a Russian hacker to infiltrate the Russian Federal infrastructure.

    |http://www.wired.com/news/politics/0,1283,42998 ,0 0.html [wired.com]|

    So if it was some Chinese hackers so be it, on the other hand what makes you think this couldn't be something like the government falsely reporting to bring up animosity amongst Americans towards Asians in case they wanted to wage a war? I suggest you see read what they had planned for Cuba [antioffline.com] before you think the feds are so fine and glorious

    Get real no one knows truly what happened yet, and I'd be skeptical to jump the gun and believe the first thing written about the whole case. And as for your "fedz have the right to call these punks terrorists" you better wake up and smell the coffee there, if your not 100% pro government including all of their FUD/Errata/Schemes [1 [slashdot.org], 2 [antioffline.com]] then your considered just as much a terrorist as anyone else.
  • They probably lease their desktops, but I doubt that they lease the critical infrastructure computers. They're probably "big iron" anyways.
  • They're most likely not. It is very handy to have the ability to *display* grid information to selected authorized PC's, but the actual control network is something totally different. Usually the control network is mostly run on the high power lines themselves or selected microwave links. A lot of this pre-dates the internet as we know it. If you know what DDSMS stands for, then you know what I'm talking about. I seriously doubt anyone could control equipment on the grid remotely through an internet connection. But maybe I'm just ignorant.
  • I can't speak to number (1) except to say that it's my impression that the vitual private networks are over their own network not the general internet. The replacement of really old non-networked stations I believe was done with an internal network that (again my impression) uses a proprietary protocol. And (3) I think you are confusing the system that remotely controls power output of some of the (usually smaller) power generators to match load moment by moment (frequency and VAR loading) with a separate system that controls grid switching. Also, all the really critical stations (switching centers) are all manned stations, with manual switching controls (usually). And these stations can remotely operate the smaller stations near them. I don't believe you can operate power circuit breakers from some anonymous PC on the internet. I believe it would be done from a control board at a switching center with a direct link to equipment at a smaller unmanned station it is responsible for. Not using a conventional PC. And except for emergencies, under the direct orders of the grid control center/grid operation center (Cal-ISO).
  • by leucadiadude (68989) on Saturday June 09, 2001 @03:53PM (#163527) Homepage
    They do indeed have their own fiberoptic capacity. Plus there are indeed methods and equipment to carry control signals on the lines themselves. All the data that you mention is available from servers specifically setup to supply it, these servers have no ability to generate control signals, that (AFAIK) is done with separate equipment. So other than the compromise of operating data, I don't see what else could have happened. I admit I'm probably ignorant. But I'm looking at a grid display right now, and I'm an authorized person, and *I* can't cause anything to actuate even if I wanted to. The data display stuff is simply not set up to do that. But like I said I'm most likely ignorant of all the clever ways to get around stuff. Sigh.
  • If you're wondering about security devices which allow for secure transfers of data, you might want to check out Airgap [airgap.net]. It's been developed for absolutely secure data transfer. There is a physical separation between the two networks.

    Full details are on the site [airgap.net].

    --
  • Think about it for a second.

    Why would anyone outside of North America need to access computer systems, or firewalls, or routers leading to Public Utility companies? Why haven't these systems/firewalls/routers/tincans-on-a-string not been programmed to block any traffic coming from overseas? It isn't secure, by any means, but it *will* make it more difficult for these overseas hackers to gain access.....
  • How do we know they don't run separate networks?

    But, as the article points out, they crackers were trying to break through a firewall. So, there could have been VLANs connected at some point by a firewall.

    Face it, if you have a secure control network, you'll really really also want some access to that network from the less-secure office network. Otherwise, generating reports and stuff on operations requires people running tapes around. There's also a strong motivation to get email in and out of a secure network.

    They should have also had better security in place for their office network. My guess is that they had rooted the unsecure machine and were putting together some executables to spoof the users into giving up the firewall access. If the control system firewall used secure key cards, this would make things more difficult, but not impossible.

    Running a private network for the secure systems isn't difficult. Making it completely isolated from other networks is difficult for political reasons. There's just such a temptation to allow some kinds of access through. With proper security, you should be able to pull it off.

  • Or maybe he was just trying to prop up his APCC [yahoo.com] shares some more. Apparently, they already have benefitted greatly from the current Californian power crisis!
  • > If 'stopping genocide' requires unethical actions, why pretend that war is ethical at all?

    Sometimes the end does justify the means. If the evil combatted is so extra-ordinarily bad, and if the only way to bring it down is a slightly unethical action, I'd opt for the slightly unethical action, rather than the unspeakable evil.

  • by Greyfox (87712) on Saturday June 09, 2001 @02:38PM (#163535) Homepage Journal
    We might start seeing people with no computer background (PHBs, the guy on the street, etc) taking security seriously. Maybe we'd even see some laws passed mandating secure systems for companies that should require security, such as banks and power companies.

    Of course, if they'd succeeded in California chances are no one would have noticed.

  • Yes. we should send the best under cover agent on the british secret service.

    Chinese communist hacker: After we complete our attack to the electric grid, we will bring chaos to the ENTIRE WORLD!! HAHAHAHAHAHA
    James Bond (trapped on a complicated mechanism designed to kill him after 40 minutes): You will never get away with this !!!
    Chinese communist hacker: See you in hell Mr. Bond. HAHAHAHAHAHA (and leaves the room)

    --

  • Trying to downplay the incident one official said, 'It was a compromise, not really an attack.

    He said that in an attempt to downplay the incident? Does he actually understand what either of those words mean? How is it better to have people actually break into your system (compromise) than to have them trying, but failing (attacking)?
  • Anyone who has worked on control systems knows that most run their own proprietary networks and communications protocols.
    So even if these guys got through, they might not even know what they're looking at.
    And that could only happen if the automation network has contact points with the other networks. (hopefully unlikely, unless they are stupid).
  • by zunix (117687) on Saturday June 09, 2001 @03:07PM (#163543)
    I hear you, sister!

    Shouldn't the state put such a thing in the license of the power company?

    Banks in Israel started providing service through the internet about two years ago. The Israeli bank-supervisor forced them to put it on a seperate network than the bank interior network. Necessary data connections between the netwoks are randomly disconnected by a mechanical device. Even developers working in the bank have limited internet access by a slow modem to a secure proxy server (which might make it a crappy job but also a fine place to put your money in).

    This is basic stuff, but I guess people care more about their bank account than their electric bill. Let them back to the caves.

    slashdot rules!
    --- "How to Kiss Ass", chapter twelve.

  • Chinese government officials stated about two months ago that the Chinese people were "very angry at the US spy plane situation and many retaliate by attacking US computers"

    Two months later we find out that a critical piece of US infrastructure was hacked.

    The fact that China is a black hole as far as law enforcement is concerned, and that Chinese authorities tightly control internet access makes it worthwhile to investigate whether or not there is any Chinese involvement.
  • I didn't say anything about military attacks, you ignorant karma whore.

    Here is the complete text of my post:

    "If the Chinese government is sponsoring these 'hacker attacks', this is an act of war and should be treated like one."

    I had assumed that an intelligent human being would be able to reason what exactly the word 'If' means. 'If' implies that some sort of investigation would determine who exactly carried out these attacks.

    Since many of the servers originated in China, and Chinese government officals recently stated publicly that 'angry chinese citizens' would likely launch such an attack in the wake of the US spy plane crisis, it stands to reason that the Chinese government may have had some involvement.

    I'm glad that you were not attempting to ridicule me, because you completely failed to do so. Instead you displayed your own ignorant knee-jerk reaction to the term 'act of war' by implying that I am some sort of ignorant militarist straight out of The Manchurian Candidate calling for a shooting war with China.
  • I'm sure you won't heel to any argument, but I'll try anyway.

    According to the article, the main security report stated that "the main attack was routed through China Telecom from someone in Guangdong province in China"

    James Sample, the Computer Security Officer at ISO stated "You don't know where people are really from".

    Mr. Sample is certainly correct in stating that the hackers could have appeared from anywhere. But it is rather suspicious that such an attack which COULD have originated in China would occur at the height of a Sino-US diplomatic crisis.

    This is especially suspicious given that fact that the article specifically states that "In early May, there were hundreds of publicly reported computer attacks apparently originating from China."

    And my government is not feeding me propaganda regarding some imaginary Chinese cabal. The Los Angeles Times is not an agency of the United States government. The ISO is a public authority chartered by the State of California and also not an organ of the Federal Government.

    I would humbly suggest that you drop the anti-government conspiracy theories and pay attention to facts.

  • by duffbeer703 (177751) on Saturday June 09, 2001 @02:53PM (#163561)
    Are you crazy? This is Slashdot!

    These 'hackers' were just bored geeks. In fact, the chances are high that they were 'white hats' and simply wanted to let the administrators know there was a problem!
  • hold the phone --- They have thier power lines running all over hell and back, couldn't they just run a small chunk of fiber optic line with it for communication and controls?
  • by chompz (180011) on Saturday June 09, 2001 @02:23PM (#163565)
    Why the hell would important computers which control the power grid be accessable from the internet in any way. I realize everyone wants to look at thier porn while they are at work, but bring it on CD god damn it! Repeat after me: Mission critical systems which to not explicitly require internet access should not have internet access or be on the same network as machines with internet access. Its all about which machines can be trusted, and as far as I am concerned, any machine which is accessable from the internet or has internet access is not to be trusted.
  • Chinese servers are notoriously insecure, it is more likely that the hackers are from elsewhere and used compromised chinese servers as an extra hop to help obscure their true identity.


    --
  • Actually, the US made a big deal of NOT permanently damaging the Serbian power grid. We did bomb power substations, but with carbon filament, not with explosives. The carbon filament shorted everything out, forcing shutdown for a few hours. Then, the Serbs would go out, sweep off the carbon filament, and turn the lights back on. The US military's intent was to cause temporary inconvenience to the population, in order to turn the people against the leadership. You can argue as to the effectiveness of the approach, but you can't say that the US wasn't trying its damndest to be humane.

    For details, check this [fas.org] out.

  • There should be no link between the internetnet and this, not even people logging in remotely should be allowed to have their computer on the internet at the same time. Preferrably no computer which ever had been used to get on the internet should be allowed to access their network... but thats kinda hard to enforce. Still it should be easy enough to ensure that they dont have a truly direct link to the internet, there is just no good reason which justifies the risk IMO.
  • Let's see... a dev machine in front of the firewall but with internal network access... no tripwire, promiscuous ports all over the place... wow. Wish I could do that.
    Think about it for a second. If everyone set up their machines like this, the hackers wouldn't be able to pick out a target amid all the noise! Of course, that would be the end of online shopping, but that's overrated :-)
    Shame on the irresponsible people who would so ignorantly play Russian Roulette with the California electrical grid. The power system is dangerous as it is, and the potential exists for real human suffering if it should collapse. No need for more incompetence (on top of the legislators who created the mess in the first place) to help bring the whole thing down. I hope that the person whose machine that was is aware of just how bad they fscked up.
  • Ok, duffbeer703 [mailto], you may have a point. I guess I was responding to the brief, abrupt way you were making an if:then statement involving acts of way. Such words are not to be bandied about loosely, even in flamewars.
  • Er... I meant to say acts of war. I think acts of way would have an entirely different meaning :)
  • by tulare (244053) on Saturday June 09, 2001 @02:36PM (#163581) Journal
    Great. So let me see... is this how it goes?
    [BUZZWORD]..hack attack... [BUZZWORD]...Chinese servers... {Knee suddenly jerks}"What? How dare they? Call the cops! Write my congressmen! Facts be damned - we can ask questions after everyone's dead! We have do DO something, right now!"
    Silly. We don't even know what part of the world the attacks came from - just that some of the servers were in China. Did you notice that some of them were in Oklahoma, too? Maybe California should start a pr blitz on that account - "Oklahoma is not ok!" Of course that would be ridiculous. Just about as bad as blaming an entire country for one script kiddie who may have been operating out of it.
    My point isn't to ridicule you, but to strongly encourage you to think before you talk about military attacks. Nobody wins when a country goes to war. The first time somebody dies, everyone loses, simply because we know better, or should.
  • by metalhed77 (250273) <[andrewvc] [at] [gmail.com]> on Saturday June 09, 2001 @02:20PM (#163582) Homepage
    no no no, the attack came through several servers, one of which was chinese, the others were in the US. They mentioned china, cuz of their political significance

    ----------
    www.shockthemonkey.org [shockthemonkey.org]
  • Putting 5000 pound bomb on the generators = good

    Recall they were not normal iron bombs. From this CNN article [cnn.com], "Pentagon sources said the special bombs explode over targets, then shower the electric transformers and lines with tiny carbon fibers, shorting out the systems. "

    They don't permanently destroy the plants, as happened in Iraq, but take them down for several days, limiting long term damage to the civilian population.

    Of course, you still have to wonder if it really helped the bombing effort at all...

    Anyhow, back on topic a bit more, shutting down a power system temporarily through computer attack or temporarily through carbon fiber bombs really are no different in the eyes of the end user. Their lives are disrupted for several days. If this 'hacker' was actually able to do some damage, the end result would be very similar to what NATO did to serbia. (of course, most of our bridges would still be standing...)

  • Well, I've read the article and the posts up till now, and am surprised that nobody else caught this...

    Right after it says this:

    In what may have been the most significant lapse, the system being developed was not behind a firewall, a security element designed to keep out those who are not entitled to access.

    Additionally, so-called tripwires that might have alerted agency security personnel to the unauthorized entry were nonexistent. Nor were there logs within the system that might have identified users entering the system as the infiltration was occurring, the report notes.

    Sample, the security engineer who wrote the report, downplayed the potential threat and says:

    The attack was "something that we've been anticipating."

    Hmmmm....

    They must have some "hot shot" security experts working there I guess...

    I wonder what their security was like before they anticipated the compromise?!!!

  • by Ayende Rahien (309542) on Saturday June 09, 2001 @02:15PM (#163588)
    Now the Californian can blame *someone* for their power problems.


    --

    Two witches watch two watches.
  • Sunday June 10, @12:53AM EDT kmade offtopic post on slashdot how to get fired in the stupidest way possible, in feeble attempt to impress others.
  • by blang (450736) on Saturday June 09, 2001 @02:47PM (#163607)
    Because the internet exists.

    Power generating companies, power distribution companies, power exchanges all need to talk to each other. In the old ages that may have been done by dedicated links, faxes, phone calls and many other ways. Standards for information exchange have existed for a long time (for example EDIFACT). The bank world has it own worldwide network for bank transactions, but that network existed before the internet tok off.

    Computers at the core of the powergrid control need inputs from computers on the outside. It's not like the old days anymore, where all you needed was a control center with dials, lights and switches, and a handful of information from the outside. These days, systems are connected, and if the security job is not done well, systems will be compromised.

    I don't know the network topology for CAL-ISO, but it should be possible to achieve decent security if the job is well done. I don't think the power industry is going to build their own proprietary network.

  • One of several servers through which the attack was routed was located in China. Big deal. They could have routed through a server in Zaire or Sweden or any country you care to name, ping permitting. The geographical location of a server does NOT imply the complicity of any particular government. You might as well say we should investigate the possibility of a chinese conspiracy because the crud sound system you bought was built in china.

    Just wanted to make sure no /.ers nuked Beijing as "retaliation". You never know who has a /. account, after all...

  • I don't know if this is what happened in this case, but a lot of computers in my school that have "mission-critical information" (gradebooks, student records) do not need to be on the Internet for any reason, but are on the same network as computers that are. The reason for this is simple: We have only a limited number of hubs, and there simple aren't enough to maintain two entirely seperare networks. Since the gradebook boxes do have to talk to each other, that means they have to share hubs with Internet machines. Could that be what happened in California?

  • I don't think so. Even though it isn't cost-effective, these systems should not be on the Internet. Not even a VPN.

    I used to work for GE, and they refused to use the Internet, and instead built their own world-wide Intranet. I asked why? They said 1) security, and 2) reliability

    They also own the entire 3.x.x.x IP address range!

Lo! Men have become the tool of their tools. -- Henry David Thoreau

Working...