Cyber-Attacks?

Galahad2 writes "The Washington Post has a lengthy article about the Bush administration's fears of an Al Qaeda cyber attack on the nation's infrastructure. Though we have all seen this sort of attack as a possiblity for a long time, I'm having a hard time believing that Al Qaeda is capable of anything along these lines." You're not the only one. The article does cite an example of the only known infrastructure attack, a case in Australia where a consultant used his inside knowledge of a local sewage treatment system to dump raw sewage, hoping for a contract to solve the problem he created.

Re:The Obvious Question

[guttentag]

What kind of fscking imbecile allows critical infrastructure control systems to be connected to the Internet?

I don't know, maybe the same kind of person who would code infrastructure control systems to rely on only the last two digits of a date's year.

I'm sure there are people who have a Web interface set up for some seemingly non-critical facet (though there probably aren't many cases of "Look Honey, I can manage the dam's intake system from my iBook in the backyard!"), but there is probably a greater number of people who use the Internet for some communication/reporting feature ("Hey, I'm encrypting all transmissions, I'm using port 18937, I'm not publishing this info on a Web site and I'm not controlling the infrastructure in any way through this interface, so I should be safe."). Should such people be running infrastructure control systems? No. Does that mean they're not running these systems? No.

I think the article's primary purpose is to send a "Hey, infrastructure engineers, this means YOU" (or "does that guy who works for you have infrastructure controls connected to the Internet? Ask him.") message to people who think they're already covered.

Re:the real terrorists are governments and media

[Anonymous Coward]

There's a lot of truth in this. For a balanced, well-written (and refreshingly non-conspiracy-nut) view on government-controlled media , read the article Sept11: Unanswered Questions [communitycurrency.org] by MalcontentX (this is the article that gave rise to a recent press conference attended by families of Sept11 victims).

The cyber-attacks that should be taking place are ones that alert the public to articles such as this one and encourage them to question the official line of everything they think they know. Imagine how enlightening it could be for a link to the above article to mysteriously appear on the front page of CNN.com....

Utter shite

[Anonymous Coward]

The subject of this article is such rabid FUD that it needs dispelling, quickly. The technically savvy readers of Slashdot, if not already aware of the state of power-plant security, need to catch up to what reality is, because they will be the ones that the non-technicals will look to for answers and reassurance.

The idea that critical systems of a power-plant of any kind would be on-line and accessible via the web or dial-up is so preposterous as to defy reason. The idea is surely suggested by ignorant kooks, and snatched up and carried into daylight by "journalists" who would rather see their name in a byline than verify the information in the stories they rush to press. In short, someone has seen one to many USA Channel Sunday Night Movies.

Having worked on nuclear plant monitoring systems software, I can tell you for a fact that the critical systems not only can not be tripped from off-site, but also can not be accessed from anything but specific, highly secure and redundant systems.

These systems have physical switches that often require two hands to operate. They are designed to prevent insider sabotage, so no wanker with a laptop, sitting in a cave or boardroom half a world a way can do anything. The only action that can be caused by any local anomaly is a controlled, safe shut-down. The only thing that a remote action will result in is a line-item in the logs, period. A plant shutdown may be costly and greatly inconvenient, but hardly lethal, and absolutely not catastrophic. The "terrorists" will have better luck flying a 747 into the Hoover Dam.

The notion that someone with access from outside could trip a plant or cause anything but the generation of a non-critical statistics report to be generated is lunacy. Yes, some aspects of some systems may be monitored from outside, but this is only for informational purposes only.

Rise in UNIX Targetted Attacks

[Nishi-no-wan]

Off topic, I know, but there's been a serious increase in attempts to hijack my web site since the Gobbles' proof of break-in-ability code for the Apache hole was released last week. It's probably the work of out of school script kiddies rather than that cad Al, but I'd like to know if other sys-admins have notice an increase in UNIX targetted attacks (specifically geared toward Apache) in the past week.

The usual attack pattern goes:

1. Enter the site on a "powered by freebsd" google search reference
2. Cause an error ("GET ../.." or a "GET / HTTP/1.0" request) to get the web server name and version.
3. If the version is a vulnerable version of Apache, an attack commenses with a different tool.

If everyone hasn't upgraded Apache to a safe version yet, I strongly suggest you do. It's not just a Microsoft hole any more.

Re:the real terrorists are governments and media

[ssclift]

Well put. My browser just made the sound of a nail being hit squarely on the head.

A conference I was to attend got cancelled in the wake of the Sept. 11 attacks. Since I had the plane ticket, I flew anyway and spent the weekend kayaking around Washington D.C.

Being acclimatised to European media, I found the propaganda pouring from my car radio stunning and repulsive. The real dissonance in the whole experience, though, was the refreshingly critical and well informed views of my fellow kayakers (most of whom, contrary to popular image, are healthy, intelligent, independant-minded folks).

My compliments to you and all such Americans who are displaying an ability to think, something you would hardly guess from your media or your government spokesmen.

because it needs to be?

[Xtifr]

I'm sure that many government computers are safely isolated from any public nets, but many of them have the sole purpose of serving information to the Internet, and would be pretty useless if they were isolated! Furthermore, it's not just government installations that are at risk. The 9-11 attacks weren't just aimed at the Pentagon. Or perhaps you forgot about the WTC?

The major US backbones of the Internet itself could be considered part of our national infrastructure. I hope you're not going to ask why the backbones are on the Internet!

happened East Timor

[Anonymous Coward]

well, East Timor was hit (allegedly by Indonesia), but the infrastructure involved was exactly massive. A small ISP called Connect - Ireland was hosting .tp for them.

http://seattletimes.nwsource.com/news/technology/h tml98/issu_020799.html [nwsource.com]

Re:Have you learned nothing?

[CrosseyedPainless]

While the point of your post is quite valid, I'd like to correct one thing: absurdly tight border restrictions

The (approximately) 9,000 km border with Canada is completely uncontrolled except at major highways and urban areas. The 3,300 km border with Mexico is somewhat more controlled, but is readily penetrated in remote areas. Add in the lightly patrolled coastlines, and the immense and basically uninhabited border of Alaska, and one has what is essentially unimpeded access to the US. (Pre 9-11, anyway; things may have changed.)

Re:Smart Move...

[thelaw]

i'm not so sure that this is the case. i've been following washingtonpost.com's cyber-attack stories for quite some time (very much pre-september-11), and just about every story they do has a slightly sensationalist bent. this one, ironically, is the most fact-based story i've seen them do since i started reading them.

jon

More plausible than you might think

[Anonymous Coward]

I am the network administrator at an electric co-op that uses SCADA in our electrical grid. From my perspective it is quit possible for terrorist to carry out such an attack. Scary part is that I cannot get buy in from management for even the simplest of security measures such as regular password changes or even properly restricting access to physical resources such as server rooms. They even allow users to dial out to the Internet using personal ISPs bypassing my firewall and all network security that I have put into place....

BE AFFRAID, BE VERY AFFRAID.

Re:Inconceivable?

[Discopete]

Actually, the Phalanx weapons system is not designed to destroy incoming planes, but incoming anti-ship missiles.
It's a water cooled 3000+ round/minute gatling cannon commonly referred to as R2-D2.
The distinctive white dome is a radar tracking system that tracks every out-going projectile as well as the incoming missile, making minute modifications to it's aim to insure total destruction of the incoming threat.
The system is so sensitive (unless they've dumbed it down) that it will continute firing until there is no piece of the incoming threat larger than a small sparrow.
At that fire rate, the weapon would run out of ammo long before a Kamikaze plane were to disintegrate.