Digital Pearl Harbor, Cyber 9/11, and E-Qaeda
From today's print edition of The Washington Post come a pair of alarming stories about how Chinese hackers and terrorist groups have infiltrated our electric power grid and are using our own digital infrastructure against us.
A piece on page A4 talks about cyber spies having left behind software backdoors on networks connected to the U.S. power grid. A story on the front page warns that terrorist groups who have sworn to destroy the United States are taking full advantage of Web site hosting and registration services here in our backyard.
The stories each are a fascinating read, but both have been told before. Hackers motivated by financial gain have been both infiltrating power networks and using our Internet infrastructure against us for years. The main differences these stories highlight are in attribution -- that is, who's responsible -- and intent, or their implied goals.
For example, most malicious software, regardless of who wields it, opens backdoors on infected hosts that allow bad guys to get back in whenever they want. In fact, this is a standard feature of all bot programs, those used to turn otherwise healthy PCs into spam-spewing zombies.
I mention this because at any one time, computers at dozens of power companies throughout the United States are compromised by bot programs. And this has been so for years. In 2007, I wrote about penny-stock spam being blasted out of computers at American Electric Power that was confirmed to be the result of a bot infection there.
If you simply examine the list of Internet addresses flagged by anti-spam groups as blastiing junk e-mail, you can find dozens of systems that currently are or very recently were infected with bots and backdoors.
To illustrate this concept, I took a few minutes to peruse the Composite Block List as published by Spamhaus.org (the CBL lists Internet addresses that appear to be acting as open relays for other Internet traffic, or infected with a spam Trojan or some other security compromise).
All I did was sort the CBL list by U.S.-based Internet addresses, and then have a look through them for those assigned to American power companies. One caveat: It is not possible just from looking at this list to say how many -- if any -- of these backdoored systems have access to critical power control networks. Still, this is just from one public source. What's more, these are mostly opportunistic infections, caused by attacks that are random in nature. Now, just imagine the access that a determined adversary could gain.
Spamhaus reports that it found 106 different infected Internet addresses assigned to Conway Corp., a power and telecommunications provider in Arkansas.
Forty-one of the addresses on the CBL trace back to Internet addresses belonging to City Utilities of Springfield, Missouri.
For the rest, I'll just list the name of the provider, its location, and the number of Internet addresses assigned to the company that showed up on Spamhaus's block list:
KAMO Electric Cooperative, Vinita, Okla. (6)
Cobb Energy, Marietta, Ga. (4)
Pulaski Electric System, Pulaski, Tenn. (2)
Arizona Public Service Co. (3)
TXU Energy, Texas (2)
Electric Fiber, NY, New York (2)
Baltimore Gas & Electric, Baltimore, Md. (1)
Florida Power and Light (1)
Hopkinsville Electric System, Ky. (1)
Southern Company, Atlanta, Ga. (1)
Newnan Utilities, Newnan, Ga. (1)
Regarding the fact that terrorist organizations are using U.S. based Web hosting companies to blast their messages of hate and destruction to the world, this also is nothing new. In March 2008, I wrote a piece about groups such as Hezbollah, Islamic Jihad, and Al-Aqsa Martyrs Brigade that were using our nation's infrastructure.
Got a comment about these articles, or a question about anything tech, security or privacy related? Please consider dropping your question in the queue in advance of our Security Fix Live online chat tomorrow at 11 a.m. ET. See you then and there.
April 9, 2009; 3:34 PM ET
Categories: From the Bunker | Tags: cyber terrorism, eqaeda, power grid hack, taliban
Save & Share: Previous: Microsoft: Dramatic Rise in 'Scareware' Infections
Next: Conficker Worm Awakens, Downloads Rogue Anti-virus Software
Posted by: pmorlan1 | April 9, 2009 7:01 PM | Report abuse
Posted by: pmorlan1 | April 9, 2009 7:04 PM | Report abuse
Posted by: pmorlan1 | April 9, 2009 7:06 PM | Report abuse
Posted by: DupontJay | April 9, 2009 10:11 PM | Report abuse
Posted by: DupontJay | April 9, 2009 10:20 PM | Report abuse
Posted by: AlphaCentauri | April 9, 2009 11:07 PM | Report abuse
Posted by: lostinthemiddle | April 10, 2009 8:43 AM | Report abuse
Posted by: peterpallesen | April 10, 2009 10:03 AM | Report abuse
Posted by: AlphaCentauri | April 10, 2009 10:52 AM | Report abuse
Posted by: anthonymfreed | April 10, 2009 12:17 PM | Report abuse
Posted by: skoper1 | April 10, 2009 5:29 PM | Report abuse
Posted by: asclepious2 | April 14, 2009 1:54 PM | Report abuse
The comments to this entry are closed.