Hackers Breached Computer Network At Key US Port But Did Not Disrupt Operations (cnn.com) 17
Suspected foreign government-backed hackers last month breached a computer network at one of the largest ports on the US Gulf Coast, but early detection of the incident meant the intruders weren't in a position to disrupt shipping operations, according to a Coast Guard analysis of the incident obtained by CNN and a public statement from a senior US cybersecurity official. CNN reports: The incident at the Port of Houston is an example of the interest that foreign spies have in surveilling key US maritime ports, and it comes as US officials are trying to fortify critical infrastructure from such intrusions. "If the compromise had not been detected, the attacker would have had unrestricted remote access to the [IT] network" by using stolen log-in credentials, reads the US Coast Guard Cyber Command's analysis of the report, which is unclassified and marked "For Official Use Only." "With this unrestricted access, the attacker would have had numerous options to deliver further effects that could impact port operations." The Port of Houston is a 25-mile-long complex through which 247 million tons of cargo move each year, according to its website.
In the case of the Port of Houston, the unidentified hackers broke into a web server somewhere at the complex using a previously unidentified vulnerability in password management software at 2:38 p.m. UTC on August 19, according to the Coast Guard report. The intruders then planted malicious code on the server, which allowed further access to the IT system. Beginning about 90 minutes after the initial breach, the hackers stole all of the log-in credentials for a type of Microsoft software that organizations use to manage passwords and access to their networks, according to the report. Minutes later, cybersecurity staff at the port isolated the hacked server, "cutting off unauthorized access to the network," the advisory said.
It's unclear who was behind the breach, which appears to be part of a broader espionage campaign. When asked about the incident at a Senate hearing on Thursday, US Cybersecurity and Infrastructure Security Agency Director Jen Easterly said she believed a foreign government-backed hacking group was responsible. Attribution of cyberattacks "can always be complicated," Easterly told the Senate Homeland Security and Governmental Affairs Committee. "At this point in time, I would have to get back with my colleagues, but I do think it is a nation-state actor."
In the case of the Port of Houston, the unidentified hackers broke into a web server somewhere at the complex using a previously unidentified vulnerability in password management software at 2:38 p.m. UTC on August 19, according to the Coast Guard report. The intruders then planted malicious code on the server, which allowed further access to the IT system. Beginning about 90 minutes after the initial breach, the hackers stole all of the log-in credentials for a type of Microsoft software that organizations use to manage passwords and access to their networks, according to the report. Minutes later, cybersecurity staff at the port isolated the hacked server, "cutting off unauthorized access to the network," the advisory said.
It's unclear who was behind the breach, which appears to be part of a broader espionage campaign. When asked about the incident at a Senate hearing on Thursday, US Cybersecurity and Infrastructure Security Agency Director Jen Easterly said she believed a foreign government-backed hacking group was responsible. Attribution of cyberattacks "can always be complicated," Easterly told the Senate Homeland Security and Governmental Affairs Committee. "At this point in time, I would have to get back with my colleagues, but I do think it is a nation-state actor."
Hahaha, again? (Score:3)
In 2003 Port of Houston had its IIS (need we say more) server hacked. Are they still running that crap and amazed they got hacked again?
Re: (Score:2)
Aren't you tired of blaming an OS instead of blaming the people who are responsible for securing their systems?
Re: (Score:2)
Engage your brain, Linux systems aren't being hacked because of those patched vulnerabilities at your link.
Meanwhile, the low quality of Microsoft's garbage is causing billions of dollars in damages yearly, even though the infrastructure of internet is built of Linux and BSD and is more attractive target.
The OS is to blame for the problems in the news, get it through your skull.
Do you hold Microsoft stock or something, to be shilling such an absurd point of view?
Wonderful goal (Score:3)
... goal of "closing maritime cybersecurity gaps and vulnerabilities over the next five years."
Let me guess (Score:2)
It was Port 139, right?
Re: (Score:2)
It was Port 139, right?
The file article states that it was Port of Houston.
Vg'f n wbxr. V xabj jung FZO vf.
Re: (Score:2)
Vg'f n wbxr. V xabj jung FZO vf.
Re: Call it what it is (Score:3)
The way they say it I assume it was an Access database but they are simply too embarrased to admit it.
An open port (Score:3)
What did they expect?
sudo ufw default deny incoming
Is that hard?
Re:An open port (Score:4, Funny)
What did they expect?
sudo ufw default deny incoming
Is that hard?
That only works for TCP ports. Apparently Port of Houston isn't.
Re: (Score:2)
good catch (Score:3)
Maybe... (Score:2)
... they were trying to find out where their container load of p0rn had gone, and get it delivered.
If we're going to point fingers, get it right (Score:3)
Windows? (Score:1)