Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

News & Supplemental  

Can the Muslim Brotherhood and Ptech Sabotage U.S. Electronic Defense Systems?

COMMENT: Two of the most neglected aspects of the investigation into the 9/11 attacks are the Ptech company/investigation and Operation Green Quest. In the person of Yaqub Mirza, the two overlap.

Now comes the disclosure that integrated circuits can be implanted with “kill switches” that could enable a malefactor to sabotage critical military and/or civilian operating systems.

How might the Ptech/Yaqub nexus described in the linked article above affect the possible implanting of such “kill switches” in computer chips?

The results might be devastating.

“Researcher to Feds: Beware of Secret ‘Kill Switches’ on Computer Chips” by Sarah Lai Stirland; Talking Points Memo; 5/25/2011.

EXCERPT: Federal authorities need to shift more of their attention to computer chips as a platform for a well-organized attack on the United States by would-be saboteurs, warns a well-respected professor in the field of integrated circuits.

Several administration officials are scheduled to testify in front of two House committees Wednesday as Capitol Hill works with them to enact landmark cybersecurity legislation by the end of the summer.

One little-discussed area that they all need to more thoroughly examine is the security measures that should be adopted against malicious hardware that can be secretly implanted in the integrated circuits that control much of the world around us today, John D. Villasenor, professor of electrical engineering at the University of California, told TPM.

“There are literally thousands of people engaged in addressing software security concerns, but there’s very little awareness of the enormous exposure we have with respect to hardware security,” he said. “Chips are in almost everything these days, and in the commercial sector very little effort is directed to making sure they are free of malicious circuitry.”

Chips can be a security risk because a saboteur can slip in one component of hardware into a design that could contain thousands. Modern computer chips can power anything from the flaps of airplanes to the entire electricity system itself.

Integrated circuits pose a particular risk because they have become so complex. They are sourced and put together by suppliers all around the globe, and so it’s difficult to control the process of creating every single part that goes into them.

Villasenor estimates that there are about 1,550 companies around the world involved in designing integrated circuits.

Saboteurs could implant parts that are triggered by certain events to freeze hardware, or they could build in ‘back doors’ that could perform secret actions on devices as it, or whatever system it’s part of, keeps running.

While it all might sound like something out of The Bourne Conspiracy, French chipmakers and defense contractors have apparently already built such capabilities, an industry source told engineering magazine IEEE in 2008.

The Defense Advanced Research Projects Agency has already embarked on a project to address the issue with chips powering military equipment. Villasenor said that perhaps industry could take a look to see if they could learn any lessons. . . .


Discussion

10 comments for “Can the Muslim Brotherhood and Ptech Sabotage U.S. Electronic Defense Systems?”

  1. DARPA just provided an answer the question posed in the title of this post: Yes.

    http://www.wired.com/dangerroom/2011/11/darpa-hackers-cybersecurity/

    Darpa Begs Hackers: Secure Our Networks, End ‘Season of Darkness’

    By Spencer Ackerman, 11/7/2011

    The Pentagon’s far-out research agency and its brand new military command for cyberspace have a confession to make. They don’t really know how to keep U.S. military networks secure. And they want to know: could you help them out?

    Darpa convened a “cyber colloquium” at a swank northern Virginia hotel on Monday for what it called a “frank discussion” about the persistent vulnerabilities within the Defense Department’s data networks. The Pentagon can’t defend those networks on its own, the agency admitted.

    Because it’s the blue-sky research agency that helped create the internet, Darpa framed the problem as a deep, existential one, not a pedestrian question of insecure code. “It is the makings of novels and poetry from Dickens to Gibran that the best and the worst occupy the same time, that wisdom and foolishness appear in the same age, light and darkness in the same season,” mused Regina Dugan, Darpa’s director. She’s talking about the internet. “These are the timeless words of our existence. We know it is true of everything.”

    Put in a blunter way, U.S. networks are “as porous as a colander,” Richard Clarke, the former White House counterterrorism chief turned cybersecurity Cassandra, told a packed ballroom.

    “We are losing ground because we are inherently divergent from the threat,” conceded Dugan, swooping down from the stratosphere. Current network security is a numbers game: according to Darpa research, securing sensitive information on the military’s networks requires, typically, on programs running 10 million lines of code. On average, the malicious code, viruses, bots, worms and exploits that try to penetrate those defenses rely on 9,000 lines of code. Eventually, simple beats over-engineered.

    Dugan didn’t go as far as Clarke did — she’s a senior Defense Department official, after all — but she implied that left to its own devices, the government’s network defenses will allow crucial data to increasingly sluice through, like water through Clarke’s colander. And it’s not just information leaking out: it’s the danger of a cyberattack crippling U.S. financial systems or the power grid, according to many at the colloquium. ”We believe we need more and better options,” Dugan said.
    ….

    Posted by Pterrafractyl | November 7, 2011, 11:26 am
  2. Son of Stuxnet?

    US investigates cyber attack on Illinois water system
    State report says stolen credentials used by hacker who was traced to Russia

    By Jim Finkle
    Reuters
    updated 2 hours 21 minutes ago

    Federal investigators are looking into a report that hackers managed to remotely shut down a utility’s water pump in central Illinois last week, in what could be the first known foreign cyber attack on a U.S. industrial system.

    The Nov. 8 incident was described in a one-page report from the Illinois Statewide Terrorism and Intelligence Center, according to Joe Weiss, a prominent expert on protecting infrastructure from cyber attacks.

    The attackers obtained access to the water utility’s network with credentials stolen from a company that makes software used to control industrial systems, according to the account obtained by Weiss. It did not explain the motive of the attackers.

    SCADA security
    Cyber security experts said that the reported attack highlights the risk that attackers can break into what is known as Supervisory Control and Data Acquisition (SCADA) systems. They are highly specialized computer systems that control critical infrastructure — from water treatment facilities, chemicals plants and nuclear reactors to gas pipelines, dams and switches on train lines.

    The issue of securing SCADA systems from cyber attacks made international headlines last year after the mysterious Stuxnet virus attacked a centrifuge at a uranium enrichment facility in Iran. Many experts say that was a major setback for Iran’s nuclear weapon’s program and attribute the attack to the United States and Israel.

    In 2007, researchers at the U.S. government’s Idaho National Laboratories identified a vulnerability in the electric grid, demonstrating how much damage a cyber attack could inflict on a large diesel generator.

    “Many (SCADA systems) are old and vulnerable,” said Kass. “There are no financial incentives for the utility owners to replace and secure these systems and the costs would be high.”
    …..

    Umm, if there are “no financial incentives” for operators of critical infrastructure to secure their systems I think we need new operators.

    Posted by Pterrafractyl | November 18, 2011, 3:07 pm
  3. I’ve often wondered over the years why it isn’t considered a national security issue that the USs tax policies actually incentivize manufactures to move jobs offshore.

    Still wondering:

    VOA
    Fake Chinese Parts Widespread in US Military Equipment: Senate Report
    Posted Tuesday, May 22nd, 2012 at 3:35 am

    A U.S. Senate investigation has found that counterfeit Chinese electronic parts used in U.S. military equipment are compromising the safety of American troops and posing a national security risk.

    A year-long investigation by the Senate Armed Services Committee found over 1,800 cases of fake electronic components in everything from cargo aircraft to night vision goggles.

    The report released Monday said that more than 70 percent of an estimated one million suspect parts could be traced to China, which it says has failed to adequately police its counterfeit electronics market.

    Posted by Pterrafractyl | May 24, 2012, 10:07 pm
  4. Not surprising, but worth noting:

    Techworld
    Germany readying offensive cyberwarfare unit, parliament told
    Cyber-ops are go

    By John E Dunn | Techworld | Published: 12:45, 07 June 2012

    Germany has set up a cyber-warfare unit designed to carry out offensive operations, the country’s Defence Ministry has admitted for the first time in a parliamentary report to legislators.

    According to German reports, the Bonn-based Computer Network Operations (CNO) unit had existed since 2006 but was only now being readied for deployment under the control of the country’s military.

    “The initial capacity to operate in hostile networks has been achieved,” a German press agency reported the brief document as saying. The unit had already conducted closed lab simulations of cyber-attacks.

    Although the German admission is not a huge surprise – most countries are assumed to have cyber-offensive capabilities – the clear declaration that the CNO has an attack role has reportedly caused controversy among the country’s legislators.

    The ambiguities are legion. Does the military have the legal or constitutional authority to launch cyber-attacks against third parties without the approval of Parliament and if so under what circumstances?

    Posted by Pterrafractyl | June 12, 2012, 6:38 pm
  5. @Pterrafractyl–

    I wonder if they will start making noise in this direction?

    Dave Emory

    Posted by Dave Emory | June 13, 2012, 3:42 pm
  6. @Dave: Heh, well, I suppose the German military could send some “noise” towards site pretty easily, along with at least half the other militaries of the world. Fortunately, I suspect some sort of attack would simply gather attention and act as a proxy-validation of the content on this site. Unfortunately, that same validation of this site’s content could have been achieved years ago by enough people reading the content on this site but that’s a seemingly insurmountable barrier (ahistorical historical eras tend to end unwell).

    On the plus side, at least we don’t have to be as immediately concerned about hacking as these folks:

    June 13, 2012 11:27 PM
    Report: Flight suits could make F-22 pilots sick

    (CBS News) Pilots flying the U.S. military’s most advanced fighter jet, the F-22 Raptor, had been getting sick at the controls, and much of the focus toward finding the cause has been on the plane itself.

    Now, however, Air Force investigators say the specialized flight suit pilots wear in the F-22 could be at least partially to blame for the oxygen deprivation experienced in flight.

    Officials tell CBS News correspondent David Martin that tests carried out in a flight-simulating centrifuge replicated hypoxia-like conditions for pilots wearing the suits. The link to the suits was first reported by CNN on Wednesday.

    As “60 Minutes” reported in May (video), the Raptor – the most expensive fighter ever – has been plagued by a mysterious flaw that causes its pilots to become disoriented while at the controls from a lack of oxygen.

    Pilots of the stealth fighter have complained that those oxygen-deficit problems have resulted in pilot dizziness, blackouts and other symptoms.

    Martin reported that, according to the Air Force, there have been 22 unexplained cases over the past four years in which pilots experienced symptoms of oxygen deprivation.

    The F-22 was grounded last year while engineers searched for something that could be contaminating the cockpit air, but the Air Force returned it to flight, sending the F-22s to the Persian Gulf, without finding the cause.

    Now, investigators are zeroing in on a part of the flight suit called the “Combat Edge,” which “hampers breathing and causes oxygen loss when combined with a physiological condition that collapses air sacs in the lungs,” CNN reports.

    The Air Force report is also expected to state that another possible problem for pilots is a condition called acceleration atelectasis, which causes a pilot’s lungs to not effectively deliver oxygen to the bloodstream. The extreme effects of g-forces along with the pure oxygen breathed by pilots could lead to the condition.

    Yes, the pilots of the most expensive fighter jet ever made are either suffering from atelectasis, a medical condition caused by breathing pure oxygen under extreme g-forces OR they’re suffering from a asphyxiation, a medical condition caused by the “Combat Edge” g-suit not delivering enough oxygen during extreme aeronautic maneauvers. That sounds like an unpleasant situation all around.

    If the flight suit is the culprit, it sounds like it might be a software issue:

    FlightGlobal.com
    Combat Edge anti-g ensemble might be causing the Raptor’s woes

    By
    Dave Majumdar
    on June 6, 2012 12:41 AM

    The Combat Edge upper pressure-garment might be responsible for the Lockheed Martin F-22 Raptor’s oxygen woes.

    The US Air Force isn’t saying anything officially just yet though.

    The USAF still maintains it has two broad hypotheses as to the root cause of the Raptor’s oxygen woes. One theory is that there is a problem with the quality of the air reaching the pilot, which might include some sort of toxin or contaminant. “To date, we’ve seen no conclusive evidence of toxins in the analyses of life support system components, cockpit air samples, or pilots’ medical work-ups, although we have not definitively ruled out contamination as a possible factor,” the USAF says. That includes analysis of the contents of the C2A1 activated carbon filters when pilots were flying with those devices, the service adds.

    The second hypothesis is that the quantity of air reaching the pilot may not be the correct amount. Factors that might impact right quantity of oxygen reaching the pilot include the demand for air versus the supply flowing through the life support system under operating conditions like high altitude and high-G force and other factors. This second hypothesis seems to be in line with what sources have disclosed to Flightglobal.

    But the USAF has not ruled out decompression sickness, which could be a factor at the altitudes and cabin pressures encountered by F-22 pilots.

    “Some of the symptoms pilots have reported are listed as symptoms of [decompression sickness], but they’re also non-specific symptoms of a number of other conditions or factors such as acceleration atelectasis or increased work of breathing that are as consistent or more consistent with what may be happening between pilots and their life support systems during incident sorties,” the USAF says. “We continue to look at a range of potential root causes, but that range continues to narrow.”

    That Combat Edge suit is probably the source of the problem, sources say. The USAF release alludes to that… The F-35’s suit might be a way of partially fixing the problem, but given the extreme altitudes and high g-forces Raptor pilots encounter at those cabin pressures, they may just need to take a day off after their flight. But there is another factor that plays into all this, and that is a newer model digital On-board Oxygen Generation System–but more on that later…

    On the plus side, the manufacturers of the “Combat Edge” g-suit, David Clark Company, are known for their noise-canceling headphones so noise is something they hopefully don’t have to worry about too much. In the age of out­sourced national security and “WTF?!” reality, I guess beggars can’t be choosers.

    Posted by Pterrafractyl | June 14, 2012, 7:31 am
  7. Did script kiddies just target energy companies in Saudi Arabia?

    Shamoon Malware Targets Energy Firms, Possibly Saudis
    By: Robert Lemos
    2012-08-17

    The same day a Saudi oil company announces it’s been attacked, antivirus firms release an analysis of a program called Shamoon that is deleting corporate data at different energy firms.

    A limited number of energy companies have been targeted with a destructive virus—dubbed Shamoon—that spreads through shared network drives and deletes important data from computers.

    The virus, which some are calling Disstrack, has destroyed data belonging to at least one energy firm, according to an analysis published Aug. 16 by security firm Symantec. Reports of the program came a day after a major Saudi oil company, Saudi Aramco, announced that a virus had destroyed data in its network, but antivirus firms declined to comment on whether the firm was the source of their malware samples.

    The virus is likely the digital version of a clean-up crew for a separate attack, but its simplistic programming does not resemble previous programs aimed at governments in the region, such as Stuxnet, Duqu and Flame, said Liam O Murchu, manager of operations for Symantec’s security response group.

    “I think the fact that it appears to have been targeted is quite interesting,” he said, adding: “But it looks like something that is quite simple and quite quick to code, so it falls into a different category in my mind.”

    Shamoon may not be of the same ilk as previous attacks. While the malware resembles another destructive attack on Iranian government agencies that led to the discovery of the Flame espionage Trojan, there are significant technical differences between the two attacks, wrote an analyst with security software firm Kaspersky Lab.

    “It is more likely that this is a copycat, the work of script kiddies inspired by the story,” the analysis states. “Nowadays, destructive malware is rare; the main focus of cyber-criminals is financial profit. Cases like the one here do not appear very often.”

    “This is another strong case for saying that the companies which were targeted were those whose machines had important information on them and were not connected directly to the Internet,” said Raff.

    For the most part, other companies do not need to worry about Shamoon, as the attacks appear to be targeted at a very limited number of companies, according to the Kaspersky analysis.

    “So far, there are only two (other) reports, both from China, which appear to be security researchers,” according to Kaspersky. “So we can conclude that the malware is not widespread and it was probably only used in very focused targeted attacks.”

    While it’s possible that script kiddies targetting machines with important info on SaudiAramco’s networks, the just-discovered virus targetting financial institutions in Lebanon appears to have more than just script kiddies behind its development:

    The Atlantic
    Did the Bounds of Cyber War Just Expand to Banks and Neutral States?
    By Katherine Maher

    Aug 17 2012, 7:34 AM ET

    Last week the Russian security research group Kaspersky Labs announced they had found a new computer virus infecting thousands of computers in the Middle East. Called “Gauss,” after a filename found in its codebase, the malware can capture information about the infected computer, including Internet browsing histories, user login details, and system configuration details. The existence of Gauss suggests that countries may be using cyber warfare for more than just countering imminent threats, and that, with the rules of digital engagement so ambiguous, there’s little to restrain or guide cyberwar’s development.

    Kaspersky Labs was blunt: Gauss, it says, is likely a “nation-state sponsored banking Trojan” built by the same programmers behind Stuxnet and Flame, the recent, sophisticated digital pathogens often speculated as designed by the United States and Israel. However, unlike these viruses, which both targeted Iran, Gauss appears to have a very different target: the banking system of Lebanon.

    Gauss is the latest in a line of massive malware attacks, and much like its predecessors, it appears to be so complex and sophisticated that it’s assumed to have been built by a sovereign state. Gauss uses the same platform as Flame, a “cyber espionage” program that was found in a number of locations in Iran in early 2012 and was capable of comprehensive surveillance of infected computers. Flame itself bore a strong family resemblance to Stuxnet, a 2010 virus that targeted the Iranian nuclear research program.

    Like Flame, Gauss transmits detailed records of user activity back to its central command. Like Stuxnet, it carries a special encrypted “payload” that targets machines that carry specific system configurations. Stuxnet’s payload would identify and disable nuclear research systems, but the encryption for the Gauss payload has not yet been broken, and its purpose remains unknown.

    However, unlike Flame and Stuxnet, which targeted a rogue state’s government networks, Gauss goes after the commercial sector in a country that has normalized relations with the United States. Out of more than 2,500 identified instances of Gauss, nearly two-thirds of have been found in Lebanon. And, unlike the broad spying capacity of Flame, Gauss seems designed for the narrow purpose of capturing transaction data from financial institutions and digital payment providers; specifically, Lebanese banks Fransabank, Bank of Beirut, BLOM, Credit Libanais, Byblos Bank, and EBLF, as well as siphoning data from PayPal and Citibank.

    Why Lebanon? Why banks? Stealing financial transaction data is traditionally the province of, say, shadowy underground criminal gangs. Lebanon is a small country better known for its vibrant nightlife and perpetual domestic volatility. Neither its banking sector nor the state itself are obvious targets for the U.S. or Israeli ntelligence services, which, though they haven’t been connected to Gauss, are the only groups with both the know-how and, if they truly were behind Stuxnet and Flame, the track record.

    However, Lebanon’s size belies its importance as a regional entrepôt and banking haven; its cosmopolitan libertarianism, along with old-world discretion, have long made the country a popular choice for foreign depositors of all profiles and persuasions. Think of it as something like the Switzerland of the modern Middle East. More than 60 banks manage nearly $120 billion in private deposits in a country of 4.3 million people, and account for roughly 35 percent of the country’s economic activity.

    These are not mere corner retail banks serving up loans, mortgages, and checking accounts to Lebanese citizens. They are among the most private banks in the world, bound by genteel conventions of secrecy long since abandoned elsewhere. Since 1956, domestic and foreign banks operating in Lebanon have been legally required to protect the names and assets of their clients from all inquiring authorities.

    U.S. financial regulators, concerned with money laundering and terrorism financing, have long given special attention to the opacity and reach of the Lebanese banking system. A 2000 advisory by the U.S. Department of Treasury Financial Crimes Enforcement Network instructed all U.S. banks to “give enhanced scrutiny to all financial transactions originating in or routed to or through Lebanon.” In 2011, the Lebanese Canadian Bank was shuttered after the U.S. revealed that the Lebanese militant group Hezbollah was using the bank to launder money from cocaine profits, Mexican cartels, and African conflict diamonds. This year, the entire national banking system has come under scrutiny, accused of assisting members of the Syrian and Iranian regimes evade international sanctions and launder money that’s also being funneled to Syria’s ongoing conflict.

    The Kaspersky researchers think that Gauss first made its way onto Lebanese computers in late summer 2011, as violence worsened in Syria and Iranian nuclear talks stalled. Without the decrypted contents of the Gauss payload, it’s impossible to know the virus’ full capabilities, but it’s not difficult to conjecture a likely purpose. Gauss appears to be capable of tracing the flow of illicit funds through some of the region’s largest financial clearing houses, offering its designers unprecedented access to data on how money flows and between whom, on organizational networks, and on funding sources — a veritable intelligence bonanza for anyone who might have an interest in that sort of thing.

    Perhaps the most surprising part of this “Gauss” story is that a virus presumably developed by the US intelligence community would even bother trying to capture PayPal transactions for intelligence gathering purposes. I would have expected that info to be readily available to the spooks.

    Posted by Pterrafractyl | August 20, 2012, 12:13 pm
  8. Given that this latest Stuxnet-cousin, Gauss, may also contain a Stuxnet-like ability to remotely take control of industrial command and control systems, and given the massive RSA login-password data-breach from 2011, this should probably be looked into:

    Siemens works to fix vulnerability in critical control networks
    Remotely exploitable flaw could disrupt devices used by utilities, refineries others

    By Jaikumar Vijayan
    August 22, 2012 05:34 PM ET

    Computerworld – Siemens is working on a fix for a remotely exploitable vulnerability in network routers and switches from subsidiary RuggedCom that are widely deployed in refineries, power substations and other critical infrastructure networks in the U.S.

    In a statement, Siemens said it was notified of the issue by the Department of Homeland Security’s Industrial Control Systems Computer Emergency Response Team (ICS-CERT) earlier this week. The vulnerability stems from a hard-coded RSA SSL private key in RuggedCom’s Rugged Operating System (ROS) that gives attackers a way to decrypt traffic between an end user and the router.

    According to ICS-CERT, the hard-coded key can be used by attackers to launch malicious communications against RuggedCom network devices.

    “Specialists from Siemens and RuggedCom are investigating this issue and will provide information updates as soon as they become available,” the company said, without specifying when that might happen. Siemens acquired RuggedCom earlier this year.

    ICS-CERT on Wednesday issued an alert warning operators of industrial control networks about the problem. The alert urged administrators to ensure that control system devices are not connected directly to the Internet and to make sure all control system networks and devices are behind firewalls.

    Dale Peterson, CEO of Digital Bond, a consulting firm specializing in control system security, said the flaw allows an attacker to access the login credentials to RuggedCom devices and to launch denial-of-service attacks against network devices running the vulnerable OS.

    Peterson described RuggedCom as the “Cisco” of the industrial control network space and said the company is the largest supplier of ruggedized network devices to industrial control systems owners in the U.S.

    The vulnerability described by Clarke is akin to flaws in older versions of Microsoft’s Remote Desktop Protocol clients and Terminal Servers. And just like Microsoft, it will likely take Siemens a while to address the issue, he said.

    By itself, the vulnerability is unlikely to greatly heighten risks for operators of industrial control networks, according to Peterson. That’s because an attacker would already need to have access to an ICS network to be able to exploit the vulnerability. “It’s pretty much game over if you already have someone on your network,” he said. “This [vulnerability] gives them just another thing they can do as an attacker.”

    Even so, flaws such as this highlight the fundamental security problems that exist in systems running critical infrastructure equipment and networks, he said.

    This is the second security vulnerability in RuggedCom’s products in just the past few months, Peterson noted. “They had a terrible response last time, so it will be interesting to see if they do better with this one,” he said. In addition to fixing the issue, RuggedCom also needs to offer an explanation to customers about how it plans on changing its software development and testing processes to ensure such problems don’t continue, he said.

    Posted by Pterrafractyl | August 23, 2012, 11:05 am
  9. And here we have another surprising developing coming out of the Middle East: A group calling itself “Izz ad-Din al-Quassam Cyber Fighters” just unleashed an unusually powerful series of denial-of-service attacks on major US banks:

    Bloomberg
    Cyber Attacks on U.S. Banks Expose Computer Vulnerability
    By Chris Strohm and Eric Engleman on September 27, 2012

    Cyber attacks on the biggest U.S. banks, including JPMorgan Chase & Co. (JPM) and Wells Fargo & Co., have breached some of the nation’s most advanced computer defenses and exposed the vulnerability of its infrastructure, said cybersecurity specialists tracking the assaults.

    The attack, which a U.S. official yesterday said was waged by a still-unidentified group outside the country, flooded bank websites with traffic, rendering them unavailable to consumers and disrupting transactions for hours at a time.

    Such a sustained network attack ranks among the worst-case scenarios envisioned by the National Security Agency, according to the U.S. official, who asked not to be identified because he isn’t authorized to speak publicly. The extent of the damage may not be known for weeks or months, said the official, who has access to classified information.

    “The nature of this attack is sophisticated enough or large enough that even the largest of the financial institutions would find it difficult to defend against,” Rodney Joffe, senior vice president at Sterling, Virginia-based security firm Neustar Inc. (NSR), said in a phone interview.

    While the group is using a method known as distributed denial-of-service, or DDoS, to overwhelm financial-industry websites with traffic from hijacked computers, the attacks have taken control of commercial servers that have much more power, according to the specialists.

    “The notable thing is the volume and the scale of the traffic that’s been directed at these sites, and that’s very rare,” Dmitri Alperovitch, co-founder and chief technology officer of Palo Alto, California-based security firm CrowdStrike Inc. (0192981D), said in a phone interview.

    White House

    The assault, which escalated this week, was the subject of closed-door White House meetings in the past few days, according to a private-security specialist who asked not to be identified because he’s helping to trace the attacks.

    President Barack Obama’s administration is circulating a draft executive order that would create a program to shield vital computer networks from cyber attacks, two former U.S. officials with knowledge of the effort said earlier this month.

    The U.S. Senate last month failed to advance comprehensive cybersecurity legislation and the administration is contemplating using the executive order because it’s not certain that Congress can pass a cybersecurity bill, the officials said.

    Responsibility Claim

    A group calling itself Izz ad-Din al-Quassam Cyber Fighters claimed responsibility for the assault in a statement posted to the website pastebin.com, saying it was in response to a video uploaded to Google Inc.’s YouTube, depicting the Prophet Muhammad in ways that offended some Muslims.

    The initial planning for the assault pre-dated the video controversy, making it less likely that it inspired the attacks, according to Alperovitch and Joffe, both of whom have been tracking the incidents. A significant amount of planning and preparation went into the attacks, they said.

    “The ground work was done to infect systems and produce an infrastructure capable of launching an attack when it was needed,” Joffe said.

    Jenny Shearer, a spokeswoman for the Federal Bureau of Investigation, and Peter Boogaard at the U.S. Department of Homeland Security, declined to comment.
    Premature Attribution

    Senator Joe Lieberman, a Connecticut independent who heads the Senate Homeland Security and Governmental Affairs Committee, said last week he thought Iran was behind the attacks.

    Alperovitch and Joffe said that while they think one group is behind the attacks, they didn’t have enough information to prove or disprove Lieberman’s assertion that Iran is responsible. The U.S. official with access to classified information said it’s premature to attribute the attacks to Iran’s government.

    The attacks flooded the bank websites with 10 to 20 times more Internet traffic than the typical denial-of-service attack, Alperovitch said. He said that no data were stolen and no networks infiltrated by hackers.

    Bad Timing

    “If banking infrastructure was affected in this way for an extended period of time, the natural outcome of that is a loss of faith,” he said. “If you can’t get to your banking site for three or four hours on a day when you have to do things, you start thinking about what are my alternatives because this might happen again.”

    The banking industry worries about an organization with more resources launching attacks, said Ed Powers, head of security and private issues for U.S. financial firms at Deloitte & Touche LLP.

    “This is coming toward the end of the month; it’s badly timed,” Joffe said. “People have to pay bills today and tomorrow.”

    So we can add one more item to the list of recent surprising developments in the Middle East while claiming the pathetic Islam-bashing film as the inspiration for the attacks when it’s clear that the attacks were planned in advance of the film’s release:

    Hackers May Have Had Help With Attacks on U.S. Banks, Researchers Say
    By NICOLE PERLROTH
    September 27, 2012, 5:25 pm

    The hackers claiming responsibility for cyberattacks on American banks over the past week must have had substantial help to disrupt and take down major banking sites, security researchers say.

    Bank of America, JPMorgan Chase, Citigroup, U.S. Bancorp, Wells Fargo and PNC all experienced disruptions and delays on their banking sites over the past week because of denial of service or DDoS attacks, in which hackers clog a Web site with data requests until it slows or collapses under the load.

    A hacker group, which calls itself the Izz ad-Din al-Qassam Cyber Fighters, took credit for the attacks in online posts. They enlisted volunteers for the attacks with messages on various sites. On one blog, they called on volunteers to visit two Web addresses that would cause their computers to instantly start flooding targets — including the New York Stock Exchange, Nasdaq and Bank of America — with hundreds of data requests each second. This week, hackers asked volunteers to attack banks according to a defined timetable: Wells Fargo on Tuesday, U.S. Bancorp on Wednesday and PNC on Thursday.

    Representatives for Wells Fargo, U.S. Bank and PNC all confirmed Wednesday that their Web sites had experienced disruptions because of unexpected volumes of traffic. Both the New York Stock Exchange and Nasdaq saw a slowdown, but no serious disruption, on their Web sites.

    Security researchers say the attack methods being peddled by hackers — the custom-built Web sites — were too basic to have generated the disruptions.

    “The number of users you need to break those targets is very high,” said Jaime Blasco, a security researcher at AlienVault who has been investigating the attacks. “They must have had help from other sources.”

    Those additional sources, Mr. Blasco said, would have to be a well-resourced group, like a nation state, or botnets — networks of infected zombie computers that do the bidding of cybercriminals. Botnets can be rented via black market schemes that are common in the Internet underground, or loaned out by cybercriminals or governments.

    Last week, Senator Joseph I. Lieberman, chairman of the Senate Homeland Security Committee, said in an interview that he believed the attacks on the banks were being sponsored by Iran’s government.

    Mr. Blasco said security researchers had noticed an increase in the use of botnets out of Iran recently. But he said he had not been able to track the origin of the attack to Iran. Attacks can be routed through various I.P. addresses to mask their true origin, making attribution “nearly impossible,” Mr. Blasco said.

    In the hackers’ post, they said their attacks were not sponsored by Iran, and said they “strongly reject the American officials’ insidious attempts to deceive public opinion.”

    Regarding the allegations that Iran is behind the attack, while it may be the case that Ahmadinejad and much of Iran’s leadership are pathetic lunatics that are ensuring the destruction of their nation’s future through ass-backwards mismanagement(sometimes in ironic ways). But it’s still kind of difficult to see what, if anything, the Iranian government would gain from a cyber attack that would probably just end up helping the candidate that’s promising unilateral military action against Iran if elected.

    Posted by Pterrafractyl | September 27, 2012, 10:00 pm
  10. While it’s laughable to think that the Russian government just found out about security risks in electronic hardware from Snowden, it’s going to be interesting to see if any serious policy shifts emerge from this proposal. You also have to wonder how this could impact Russia’s arms export industry:

    Russia should use own electronics in defense industry: deputy PM

    By Alexei Anishchuk

    NOVO-OGARYOVO, Russia | Mon Jul 29, 2013 1:12pm EDT

    (Reuters) – Russia’s defense industry is cutting down on its use of foreign electronics as a result of leaks by ex-U.S. spy agency contractor Edward Snowden, a Russian government official said on Monday.

    Snowden’s actions in divulging details of U.S. government intelligence programs had shown the need for arms makers to be careful in importing any equipment that contained software capable of transmitting sensitive data abroad, Deputy Prime Minister Dmitry Rogozin said.

    Rogozin specifically referred to foreign-made lathes.

    “Those lathes contain software which can have certain settings. They could either shut down at some point or transmit certain data about the engineering parameters of an assignment (in progress),” Rogozin, who oversees the defense industry, told reporters after a meeting on arms contracts chaired by President Vladimir Putin.

    Russian officials have denied that Snowden has been debriefed by Russian security services.

    “If we talk about electronic components used widely in the navy, air force and armored vehicles, not to mention space … here we will also stick to the necessity of key electronic components being produced in Russia,” Rogozin, Russia’s former ambassador to NATO, said.

    The Russian defense industry has been crippled by under financing after the fall of the Soviet Union and domestic electronic engineering has largely fallen behind, forcing producers to rely on foreign-made electronics.

    Kremlin-backed project Glonass, its answer to the U.S. Global Positioning System (GPS) system, has been marred by several botched launches which experts inside Russia have blamed on faulty foreign-made microchips.

    Posted by Pterrafractyl | July 29, 2013, 11:15 am

Post a comment