Spitfire List Web site and blog of anti-fascist researcher and radio personality Dave Emory.

News & Supplemental  

Whose Drones Were Surveilling Nuclear Power Plants in France?

Dave Emory’s entire life­time of work is avail­able on a flash dri­ve that can be obtained here. The new dri­ve is a 32-giga­byte dri­ve that is cur­rent as of the pro­grams and arti­cles post­ed by 12/19/2014. The new dri­ve (avail­able for a tax-deductible con­tri­bu­tion of $65.00 or more) con­tains FTR #827.  (The pre­vi­ous flash dri­ve was cur­rent through the end of May of 2012 and con­tained FTR #748.)

You can sub­scribe to e‑mail alerts from Spitfirelist.com HERE

You can sub­scribe to RSS feed from Spitfirelist.com HERE.

You can sub­scribe to the com­ments made on pro­grams and posts–an excel­lent source of infor­ma­tion in, and of, itself HERE.

COMMENT: Late last year, a series of drone flights over nuclear pow­er plants in France raised alarm at the time.  Although 3 peo­ple were detained and then released (appar­ent­ly not engaged in sin­is­ter activ­i­ty), ques­tions remain about the large num­ber of flights.

In the wake of the attacks on Char­lie Heb­do and a kosher del­i­catessen in Paris, one won­ders if some of the flights may have been prepara­to­ry to an attack of some kind?

IF, in fact, such an attack were to take place, things will become SERIOUSLY inter­est­ing.

“France Arrests 3 with Drones by Pow­er Plant” by Dan Bilef­sky; The New York Times; 11/7/2014.

Two men and a woman were ques­tioned by the police on Thurs­day after being arrest­ed in pos­ses­sion of two drones near the Belleville-sur-Loire nuclear pow­er plant in cen­tral France, news agen­cies report­ed. The arrests fol­low a wave of at least 14 ille­gal drone flights over French nuclear plants in recent weeks, which have raised con­cerns about the secu­ri­ty of the country’s main source of elec­tric­i­ty. . . . .

. . . . From Oct. 5 to Nov. 2, guards at 13 nuclear plants, includ­ing some oper­at­ed by the French elec­tric­i­ty giant EDF, heard the buzzing of drones that the author­i­ties have labeled an “orga­nized provo­ca­tion” aimed at “dis­rupt­ing the sur­veil­lance chain and pro­tec­tion of these sites.” Offi­cials said that the drones were not mil­i­tary, but rather civil­ian or com­mer­cial, and that they could be used to take pho­tographs or record video of the plants.

Adding to the mys­tery, Ségolène Roy­al, the envi­ron­ment min­is­ter, has said that she does not have any leads on who was behind the flights. While she said she would not let any­one under­mine France’s rep­u­ta­tion for secu­ri­ty at its nuclear plants, she added that the threat posed by the drone flights should nei­ther be min­i­mized nor exag­ger­at­ed.

France has 19 nuclear plants and 58 reac­tors that sup­ply near­ly 75 per­cent of its elec­tric­i­ty. . . .

 

 

Discussion

4 comments for “Whose Drones Were Surveilling Nuclear Power Plants in France?”

  1. Since it might be tempt­ing to attribute these drones to envi­ron­men­tal groups shoot­ing footage for a video or demon­strat­ing air­space vul­ner­a­bil­i­ties, note that Green­peace, which has a his­to­ry of protest­ing French nuclear plants, explic­it­ly denied involve­ment:

    Agence France-Presse
    More drones spot­ted over French nuclear pow­er sta­tions

    Fri­day 31 Octo­ber 2014 08.39 EDT

    French author­i­ties detect drones over two nuclear pow­er plants, the lat­est in a baf­fling series of inci­dents across the coun­try

    French author­i­ties said on Fri­day they had detect­ed drones over two nuclear pow­er plants, the lat­est in a baf­fling series of inci­dents across the coun­try.

    A spokesman for secu­ri­ty forces said: “Drone-type machines over­flew two nuclear plants dur­ing the night. They were detect­ed by police in charge of pro­tect­ing the plants and staff.”

    “These machines were not neu­tralised because they did not rep­re­sent a direct threat” to the nuclear facil­i­ties, the spokesman added.

    ...

    An enquiry has been launched, with a source close to the probe say­ing they were try­ing to find the pilot of the remote-con­trolled drones.

    The drone flights have sparked ques­tions over the secu­ri­ty of nuclear plants in France. The coun­try relies heav­i­ly on nuclear ener­gy for elec­tric­i­ty.

    The inte­ri­or min­istry has stressed that a drone does not pose any con­cern for the plants which are “designed to with­stand a strong earth­quake or an air­lin­er crash­ing into it”.

    It is against French law to fly with­in a five-kilo­me­tre (three-mile) radius of a nuclear plant. Those break­ing this law are liable to one year in prison and a fine of €75,000 (£59,000).

    Envi­ron­men­tal lob­by group Green­peace, whose activists have in the past staged protests at nuclear plants in France, has denied any involve­ment in the mys­te­ri­ous pilot­less flight activ­i­ty.

    France, the world’s most nuclear-depen­dent coun­try, oper­ates 58 reac­tors and has been a lead­ing inter­na­tion­al cheer­leader for atom­ic ener­gy.

    But in a deal with the Greens before the 2012 par­lia­men­tary and pres­i­den­tial elec­tions, Pres­i­dent François Hollande’s Social­ist par­ty promised to cut reliance on nuclear ener­gy from more than 75% to 50% by shut­ting 24 reac­tors by 2025.

    As France’s Inte­ri­or Min­is­ter point­ed out, those plants are “designed to with­stand a strong earth­quake or an air­lin­er crash­ing into it”. Let’s hope so. But it’s also worth not­ing that, while the cur­rent threat to nuclear pow­er plants from drones may be lim­it­ed today, that’s not going to be the case tomor­row:

    Bloomberg View
    When Ter­ror­ists Have Drones
    70 Jul 22, 2014 1:14 PM EDT
    By The Edi­tors

    A very small air­plane rose over the Gaza Strip last week. It entered Israeli air­space and sped toward the coastal city of Ash­dod. Then a Patri­ot mis­sile blew it up.

    The plane, a rudi­men­ta­ry drone launched by the ter­ror­ist group Hamas, posed lit­tle threat. But Hamas promis­es more to come — includ­ing some intend­ed for “sui­cide mis­sions.”

    That sug­gests a vex­ing prob­lem: As drones become more com­mon­place, what’s to stop ter­ror­ists from using them?

    Drones have an obvi­ous appeal to the extrem­ist mind. They’re hard to detect, con­trolled from afar and capa­ble of fly­ing into crowd­ed or remote places, any­where from a sports sta­di­um to a pow­er plant. They can be affixed with explo­sives or chem­i­cal agents. And no one has to die to com­plete the mis­sion.

    In short, drones could com­bine the inti­ma­cy and stealth of a sui­cide bomber with the pow­er and range of an armed air­craft.

    Con­cerns about a ter­ror­ist using a drone aren’t entire­ly hypo­thet­i­cal. Hezbol­lah has been fly­ing them into Israeli air­space for a decade. Hamas claims to have three vari­eties. Al-Qae­da has planned to use remote-con­trolled planes for a range of bru­tal attacks. In 2012, a Mass­a­chu­setts grad­u­ate stu­dent was impris­oned for plot­ting to strap plas­tic explo­sives to small drones and fly them into the Pen­ta­gon and the U.S. Capi­tol.

    None of these sce­nar­ios led to casu­al­ties. But oth­er poten­tial uses are unnerv­ing: crop-dust­ing drones mod­i­fied to dis­perse dead­ly chem­i­cals, unmanned planes used as assas­sins, drones meant to attack crit­i­cal infra­struc­ture.

    It’s some­what com­fort­ing to know that, for now, armed drones — the kind the U.S. uses in Pak­istan and Afghanistan — prob­a­bly remain beyond the reach of ter­ror­ists. And the pay­loads of most unarmed vari­eties on the mar­ket, even if mod­i­fied to do harm, are prob­a­bly insuf­fi­cient to cause sig­nif­i­cant casu­al­ties or struc­tur­al dam­age. Also: fly­ing a drone isn’t a triv­ial skill and buy­ing one still takes a lot of cash.

    But these chal­lenges may not impede com­mit­ted ter­ror­ists for­ev­er, as drones get cheap­er, bet­ter and eas­i­er to find.

    ...

    Although there’s been some dis­cus­sion of embed­ding unmanned air­craft with track­ing soft­ware or “kill switch­es,” prac­ti­cal prob­lems abound with such an approach. Unfor­tu­nate­ly, reli­ably detect­ing such small and agile machines will prob­a­bly be a chal­lenge for years to come.

    By 2030, some 30,000 unmanned planes may be hov­er­ing over­head in the U.S., most of them devot­ed to wor­thy things such as agri­cul­ture and emer­gency response. All the more rea­son to start think­ing now about how best to sep­a­rate the good ones from the bad.

    “Although there’s been some dis­cus­sion of embed­ding unmanned air­craft with track­ing soft­ware or “kill switch­es,” prac­ti­cal prob­lems abound with such an approach. Unfor­tu­nate­ly, reli­ably detect­ing such small and agile machines will prob­a­bly be a chal­lenge for years to come. ”

    Drone kill switch­es and track­ing soft­ware. Could that be part of the future when every­one’s ran­dom hov­er drone comes with a vast range and the abil­i­ty to car­ry large amounts of [insert scary thing here]? If so, you have to won­der what the odds are that the future ‘Snow­den of drone sur­veil­lance’, one that reveals all the secret stuff gov­ern­ments start insert­ing into drone tech­nol­o­gy but some­how remains com­plete­ly anony­mous, is even human. The drones want to be free too. One least one of them.

    Posted by Pterrafractyl | January 17, 2015, 2:04 pm
  2. The future sport of drone hunt­ing is prob­a­bly going to be pret­ty addict­ing. Some­times real­ly addict­ing:

    CNET
    Drone car­ry­ing three kilos of meth crash­es near US-Mex­i­co bor­der

    Tijua­na shop­pers expe­ri­ence a close encounter of an ille­gal kind after a drug-smug­gling drone crash-lands in a store park­ing lot.

    by Antho­ny Doman­i­co
    Jan­u­ary 22, 2015 7:52 AM PST

    While Ama­zon, Google and oth­ers are explor­ing how to use drones to deliv­er mer­chan­dise to cus­tomers, drug smug­glers in Mex­i­co are turn­ing to the remote-con­trolled air­crafts to deliv­er pack­ages of a dif­fer­ent kind.

    A drone car­ry­ing metham­phet­a­mines crashed into a park­ing lot at a shop­ping cen­ter in Tijua­na on Tues­day. Accord­ing to AP, the Tijua­na Police Depart­ment announced on Wednes­day that the drone crashed near the San Ysidro bor­der cross­ing. The police toldU‑T San Diego that the drone like­ly was being used to fer­ry drugs between neigh­bor­hoods and not across the heav­i­ly guard­ed US-Mex­i­co bor­der where the drone had bet­ter chances of being spot­ted.

    Six pack­ets of meth, weigh­ing about 6.6 pounds, were taped to the under­side of a six-pro­peller drone. Author­i­ties are inves­ti­gat­ing who was fly­ing the drone and from where the flight orig­i­nat­ed. Police believe the drone is a DJI Spread Wings S900, which can fly autonomous­ly, which could make track­ing down the respon­si­ble par­ty more chal­leng­ing.

    This isn’t the first time Tijua­na police have seen drones used to trans­port drugs. Drone smug­gling is just the lat­est in a string of ways drug run­ners are try­ing to traf­fic their prod­uct with­in and out­side of Mex­i­co. Pre­vi­ous smug­gling efforts made use of cat­a­pults, exten­sive tun­nels and — I kid you not — a pneu­mat­ic pot can­non that attempt­ed to trans­port drugs across the US-Mex­i­co bor­der.

    ...

    Good luck drone hunters. Of course, one of the risks high­light­ed in this sto­ry is that your hunt­ing dogs you send out to find the downed drone might end up con­sum­ing the drone’s con­tents before you get there.Uh oh. Fido needs an upgrade.

    Posted by Pterrafractyl | January 22, 2015, 3:35 pm
  3. Sev­en Iran­ian hack­ers were just charged with a num­ber of hack­ing attempts on dozens of US insti­tu­tions, the vast major­i­ty of tar­gets being major banks. And while a major bank hacked is poten­tial­ly going to result in a very nasty finan­cial bath, if you hap­pen to live near one of hack­ing tar­gets, you may have bare­ly avoid­ed a very nasty actu­al bath:

    Reuters

    U.S. indicts Ira­ni­ans for hack­ing dozens of banks, New York dam

    WASHINGTON/BOSTON | By Dustin Volz and Jim Fin­kle
    Fri Mar 25, 2016 11:13am EDT

    Sev­en Iran­ian hack­ers con­duct­ed a coor­di­nat­ed cyber attack on dozens of U.S. banks, caus­ing mil­lions of dol­lars in lost busi­ness, and tried to shut down a New York dam, the U.S. gov­ern­ment said on Thurs­day in an indict­ment that for the first time accused indi­vid­u­als tied to anoth­er coun­try of try­ing to dis­rupt crit­i­cal infra­struc­ture.

    It said the sev­en accused were believed to have been work­ing on behalf of Iran’s gov­ern­ment and the Islam­ic Rev­o­lu­tion­ary Guard. Those named live in Iran and the Iran­ian gov­ern­ment is not expect­ed to extra­dite them. There was no imme­di­ate com­ment from Tehran.

    At least 46 major finan­cial insti­tu­tions and finan­cial sec­tor com­pa­nies were tar­get­ed, includ­ing JPMor­gan Chase (JPM.N), Wells Far­go (WFC.N) and Amer­i­can Express (AXP.N), the indict­ment said. AT&T (T.N) also was tar­get­ed.

    The hack­ers are accused of hit­ting the banks with dis­trib­uted-denial-of-ser­vice attacks on a near-week­ly basis, a rel­a­tive­ly unso­phis­ti­cat­ed way of knock­ing com­put­er net­works offline by over­whelm­ing them with a flood of spammed traf­fic.

    “These attacks were relent­less, they were sys­tem­at­ic, and they were wide­spread,” U.S. Attor­ney Gen­er­al Loret­ta Lynch told a Wash­ing­ton news con­fer­ence.

    The indict­ment from a fed­er­al grand jury in New York City said the attacks occurred from 2011 to 2013. Wash­ing­ton has pre­vi­ous­ly accused mil­i­tary offi­cers from Chi­na and the North Kore­an gov­ern­ment of cyber attacks against U.S. busi­ness­es.

    The attack on the Bow­man Avenue Dam in Rye Brook, New York, was espe­cial­ly alarm­ing, Lynch said, because it rep­re­sent­ed a known intru­sion on crit­i­cal infra­struc­ture. A stroke of good for­tune pre­vent­ed the hack­ers from obtain­ing oper­a­tional con­trol of the flood gates because the dam had been man­u­al­ly dis­con­nect­ed for rou­tine main­te­nance, she said.

    The Bow­man hack was a “game-chang­ing event” for the U.S. gov­ern­ment that prompt­ed inves­ti­ga­tors to uncov­er oth­er sys­tems vul­ner­a­ble to sim­i­lar attacks, said Andre McGre­gor, a for­mer FBI agent and a lead case inves­ti­ga­tor on the dam intru­sion.

    “The inves­ti­ga­tion’s dis­cov­ery of many more exposed com­put­er sys­tems with vul­ner­a­ble man­age­ment con­soles is a con­stant reminder that basic cyber hygiene remains at the fore­front of the bat­tle against cyber attacks,” said McGre­gor, now direc­tor of secu­ri­ty at Tani­um, a Sil­i­con Val­ley cyber secu­ri­ty firm.

    “We must step up our counter-hack­ing game ASAP to deal with threats from places like Iran and would be ter­ror­ists,” said New York Sen­a­tor Chuck Schumer in a state­ment.

    Cyber secu­ri­ty experts and U.S. intel­li­gence offi­cials have grown more alarmed in recent months by the pos­si­bil­i­ty of destruc­tive hacks of crit­i­cal infra­struc­ture such as dams, pow­er plants and fac­to­ries. Some have said a Decem­ber cyber attack on the Ukraine’s ener­gy grid that caused a tem­po­rary black­out of 225,000 should serve as a wake-up call.

    ...

    he U.S. and Israel launched a cyber attack against Iran in 2010, now famous­ly known as the Stuxnet worm, in order to dis­able Iran’s nuclear cen­trifuges. Some secu­ri­ty researchers and offi­cials have long sus­pect­ed the attacks against U.S. banks and the dam were done in part as retal­i­a­tion.

    ...

    “The attack on the Bow­man Avenue Dam in Rye Brook, New York, was espe­cial­ly alarm­ing, Lynch said, because it rep­re­sent­ed a known intru­sion on crit­i­cal infra­struc­ture. A stroke of good for­tune pre­vent­ed the hack­ers from obtain­ing oper­a­tional con­trol of the flood gates because the dam had been man­u­al­ly dis­con­nect­ed for rou­tine main­te­nance, she said.
    Good ol’ dumb luck, the best unre­li­able defense around. It kind of rais­es the ques­tion of just what these hack­ers would have done had they actu­al­ly obtained oper­a­tional access to the flood gates? Would there have been a major flood­ing event in retal­i­a­tion for the US/Israeli Stuxnet attacks? That seems high­ly unlike­ly giv­en the poten­tial­ly dev­as­tat­ing US response, which is a reminder that, as scary as these kind of state-backed hack­ing capa­bil­i­ties of crit­i­cal infra­struc­ture are in the age of the inter­net, they prob­a­bly a lot less scary that non-state actors with sim­i­lar capa­bil­i­ties. After all, as long as this is a state vs state activ­i­ty, the log­ic of MAD­ness can hope­ful­ly still keep things at least some­what in check.

    For instance, just imag­ine if ISIS, a sui­ci­dal “state”, had sim­i­lar hack­ing capa­bil­i­ties and not just for crit­i­cal infra­struc­ture like dams but the kind that can lit­er­al­ly go “crit­i­cal”: nuclear plants. And beyond hack­ing, just imag­ine if ISIS had the abil­i­ty to infil­trate nuclear facil­i­ties and either steal radioac­tive mate­r­i­al or cause a melt­down. Would fear of a mas­sive, over­whelm­ing retal­ia­to­ry attack real­ly dis­suade ISIS from attempt­ing to a nuclear facil­i­ties into giant dirty bombs? It’s kind of hard to enter into an infor­mal quid pro quo MAD­ness agree­ment with an insane sui­ci­dal ene­my:

    The New York Times

    Bel­gium Fears Nuclear Plants Are Vul­ner­a­ble

    By ALISSA J. RUBIN and MILAN SCHREUER
    MARCH 25, 2016

    BRUSSELS — As a drag­net aimed at Islam­ic State oper­a­tives spi­raled across Brus­sels and into at least five Euro­pean coun­tries on Fri­day, the author­i­ties were also focus­ing on a nar­row­er but increas­ing­ly alarm­ing threat: the vul­ner­a­bil­i­ty of Belgium’s nuclear instal­la­tions.

    The inves­ti­ga­tion into this week’s dead­ly attacks in Brus­sels has prompt­ed wor­ries that the Islam­ic State is seek­ing to attack, infil­trate or sab­o­tage nuclear instal­la­tions or obtain nuclear or radioac­tive mate­r­i­al. This is espe­cial­ly wor­ry­ing in a coun­try with a his­to­ry of secu­ri­ty laps­es at its nuclear facil­i­ties, a weak intel­li­gence appa­ra­tus and a deeply root­ed ter­ror­ist net­work.

    On Fri­day, the author­i­ties stripped secu­ri­ty badges from sev­er­al work­ers at one of two plants where all nonessen­tial employ­ees had been sent home hours after the attacks at the Brus­sels air­port and one of the city’s busiest sub­way sta­tions three days ear­li­er. Video footage of a top offi­cial at anoth­er Bel­gian nuclear facil­i­ty was dis­cov­ered last year in the apart­ment of a sus­pect­ed mil­i­tant linked to the extrem­ists who unleashed the hor­ror in Paris in Novem­ber.

    Asked on Thurs­day at a Lon­don think tank whether there was a dan­ger of the Islam­ic State’s obtain­ing a nuclear weapon, the British defense sec­re­tary, Michael Fal­lon, said that “was a new and emerg­ing threat.”

    While the prospect that ter­ror­ists can obtain enough high­ly enriched ura­ni­um and then turn it into a nuclear fis­sion bomb seems far-fetched to many experts, they say the fab­ri­ca­tion of some kind of dirty bomb from radioac­tive waste or byprod­ucts is more con­ceiv­able. There are a vari­ety of oth­er risks involv­ing Belgium’s facil­i­ties, includ­ing that ter­ror­ists some­how shut down the pri­vate­ly oper­at­ed plants, which pro­vide near­ly half of Belgium’s pow­er.

    The fears at the nuclear pow­er plants are of “an acci­dent in which some­one explodes a bomb inside the plant,” said Sébastien Berg, the spokesman for Belgium’s fed­er­al agency for nuclear con­trol. “The oth­er dan­ger is that they fly some­thing into the plant from out­side.” That could stop the cool­ing process of the used fuel, Mr. Berg explained, and in turn shut down the plant.

    The rev­e­la­tion of the video sur­veil­lance footage was the first evi­dence that the Islam­ic State has a focused inter­est in nuclear mate­r­i­al. But Belgium’s nuclear facil­i­ties have long had a wor­ry­ing track record of breach­es, prompt­ing warn­ings from Wash­ing­ton and oth­er for­eign cap­i­tals.

    Some of these are rel­a­tive­ly minor: The Bel­gian nuclear agency’s com­put­er sys­tem was hacked this year and shut down briefly. In 2013, two indi­vid­u­als man­aged to scale the fence at Belgium’s research reac­tor in the city of Mol, break into a lab­o­ra­to­ry and steal equip­ment.

    Oth­ers are far more dis­con­cert­ing. In 2012, two employ­ees at the nuclear plant in Doel quit to join jihadists in Syr­ia, and even­tu­al­ly trans­ferred their alle­giances to the Islam­ic State. Both men fought in a brigade that includ­ed dozens of Bel­gians, includ­ing Abdel­hamid Abaaoud, con­sid­ered the on-the-ground leader of the Paris attacks.

    One of these men is believed to have died fight­ing in Syr­ia, but the oth­er was con­vict­ed of ter­ror-relat­ed offens­es in Bel­gium in 2014, and released from prison last year, accord­ing to Pieter Van Oes­taeyen, a researcher who tracks Belgium’s jihadist net­works. It is not known whether they com­mu­ni­cat­ed infor­ma­tion about their for­mer work­place to their Islam­ic State com­rades.

    At the same plant where these jihadists once worked, an indi­vid­ual who has yet to be iden­ti­fied walked into the reac­tor No. 4 in 2014, turned a valve and drained 65,000 liters of oil used to lubri­cate the tur­bines. The ensu­ing fric­tion near­ly over­heat­ed the machin­ery, forc­ing it to be shut down. The dam­age was so severe that the reac­tor was out of com­mis­sion for five months.

    Inves­ti­ga­tors are now look­ing into pos­si­ble links between that case and ter­ror­ist groups, although they cau­tion that it could also have been the work of an insid­er with a work­place grudge. What is clear is that the act was meant to sow dan­ger­ous hav­oc — and that the plant’s secu­ri­ty sys­tems can be breached.

    “This was a delib­er­ate act to take down the nuclear reac­tor, and a very good way to do it,” Mr. Berg, the nuclear agency spokesman, said of the episode in a recent inter­view.

    These inci­dents are now all being seen in a new light, as infor­ma­tion is mount­ing from inves­ti­ga­tors that the ter­ror­ist net­work that hit Paris and Brus­sels may have been in the plan­ning stages of some kind of oper­a­tion at a Bel­gian nuclear facil­i­ty.

    Three men linked to the sur­veil­lance video were involved in either the Paris or the Brus­sels attacks.

    Ibrahim and Khalid el-Bakraoui, the broth­ers who the author­i­ties say were sui­cide bombers at the Brus­sels air­port and sub­way sta­tion, are believed to have dri­ven to the sur­veilled scientist’s home and removed a cam­era that was hid­den in near­by bush­es. The author­i­ties believe they then took it to a house con­nect­ed to Mohammed Bakkali, who was arrest­ed by the Bel­gian police after the Paris attacks and is accused of help­ing with logis­tics and plan­ning. The police found the video­cam­era dur­ing a raid on the house.

    Bel­gium has both low-enriched ura­ni­um, which fuels its two pow­er plants, and high­ly enriched ura­ni­um, which is used in its research reac­tor pri­mar­i­ly to make med­ical iso­topes, plus the byprod­ucts of that process. The Unit­ed States pro­vides Bel­gium with high­ly enriched ura­ni­um — mak­ing it par­tic­u­lar­ly con­cerned about radioac­tive mate­ri­als land­ing in ter­ror­ist hands — and then buys iso­topes.

    Experts say the most remote of the poten­tial nuclear-relat­ed risks is that Islam­ic State oper­a­tives would be able to obtain high­ly enriched ura­ni­um. Even the dan­ger of a dirty bomb is lim­it­ed, they said, because much radioac­tive waste is so tox­ic it would like­ly sick­en or kill the peo­ple try­ing to steal it.

    Cheryl Rofer, a retired nuclear sci­en­tist at the Los Alam­os Nation­al Lab­o­ra­to­ry and edi­tor of the blog Nuclear Din­er, said Belgium’s Tihange nuclear plant has pres­sur­ized water reac­tors, inside a heavy steel ves­sel, reduc­ing the dan­ger that nuclear fuel could leak or spread. She said that the Brus­sels bombers’ explo­sive of choice, TATP, might be able to dam­age parts of the plant but that the dam­age would shut down the reac­tor, lim­it­ing the radi­a­tion dam­age.

    And if ter­ror­ists did man­age to shut down the reac­tor and reach the fuel rods, they would have to remove them with a crane to get the fuel out of them, Ms. Rofer said. And then the fuel would still be “too radioac­tive to go near — it would kill you quick­ly.”

    While experts are doubt­ful that ter­ror­ists could steal the high­ly enriched ura­ni­um at the Mol reac­tor with­out alert­ing law enforce­ment, some nuclear sci­en­tists do believe that if they could obtain it, they could recruit peo­ple who know how to fash­ion a prim­i­tive nuclear device.

    Matthew Bunn, a spe­cial­ist in nuclear secu­ri­ty at Harvard’s John F. Kennedy School of Gov­ern­ment, said anoth­er wor­ry was the byprod­ucts of the iso­topes made at Mol, such as Cesium-137.

    “It’s like tal­cum pow­der,” he said. “If you made a dirty bomb out of it, it’s going to pro­voke fear, you would have to evac­u­ate and you have to spend a lot of mon­ey clean­ing it up; the eco­nom­ic destruc­tion cost could be very high.”

    The dis­cov­ery of the sur­veil­lance video in Novem­ber set off alarm bells across the small nuclear-secu­ri­ty com­mu­ni­ty, with fresh wor­ries that ter­ror groups could kid­nap, extort or oth­er­wise coerce a nuclear sci­en­tist into help­ing them. The offi­cial whose fam­i­ly was watched works at Mol, one of five research reac­tors world­wide that pro­duce 90 per­cent of the radio iso­topes used for med­ical diag­no­sis and treat­ment.

    Pro­fes­sor Bunn of Har­vard not­ed that the Islam­ic State “has an apoc­a­lyp­tic ide­ol­o­gy and believes there is going to be a final war with the Unit­ed States,” expects to win that war and “would need very pow­er­ful weapons to do so.”

    “And if they ever did turn to nuclear weapons,” he added, “they have more peo­ple, more mon­ey and more ter­ri­to­ry under their con­trol and more abil­i­ty to recruit experts glob­al­ly than Al Qae­da at its best ever had.”

    “On Fri­day, the author­i­ties stripped secu­ri­ty badges from sev­er­al work­ers at one of two plants where all nonessen­tial employ­ees had been sent home hours after the attacks at the Brus­sels air­port and one of the city’s busiest sub­way sta­tions three days ear­li­er. Video footage of a top offi­cial at anoth­er Bel­gian nuclear facil­i­ty was dis­cov­ered last year in the apart­ment of a sus­pect­ed mil­i­tant linked to the extrem­ists who unleashed the hor­ror in Paris in Novem­ber.”
    Yeah, ISIS sur­veil­lance videos of top nuclear facil­i­ty offi­cials is def­i­nite­ly a rea­son to fear your facil­i­ties are vul­ner­a­ble. Espe­cial­ly when it appears that ISIS recruit­ed some of your for­mer employ­ees and an unknown indi­vid­u­als effec­tive­ly sab­o­taged one of your reac­tors:

    ...
    Oth­ers are far more dis­con­cert­ing. In 2012, two employ­ees at the nuclear plant in Doel quit to join jihadists in Syr­ia, and even­tu­al­ly trans­ferred their alle­giances to the Islam­ic State. Both men fought in a brigade that includ­ed dozens of Bel­gians, includ­ing Abdel­hamid Abaaoud, con­sid­ered the on-the-ground leader of the Paris attacks.

    One of these men is believed to have died fight­ing in Syr­ia, but the oth­er was con­vict­ed of ter­ror-relat­ed offens­es in Bel­gium in 2014, and released from prison last year, accord­ing to Pieter Van Oes­taeyen, a researcher who tracks Belgium’s jihadist net­works. It is not known whether they com­mu­ni­cat­ed infor­ma­tion about their for­mer work­place to their Islam­ic State com­rades.

    At the same plant where these jihadists once worked, an indi­vid­ual who has yet to be iden­ti­fied walked into the reac­tor No. 4 in 2014, turned a valve and drained 65,000 liters of oil used to lubri­cate the tur­bines. The ensu­ing fric­tion near­ly over­heat­ed the machin­ery, forc­ing it to be shut down. The dam­age was so severe that the reac­tor was out of com­mis­sion for five months.
    ...

    Well that’s as omi­nous as it gets when it comes to nuclear secu­ri­ty. Or, rather, almost as omi­nous it gets. It can get more omi­nous:

    Vice News

    Secu­ri­ty Guard’s Mur­der Fuels Fears That Nuclear Plants in Bel­gium Could Be Attacked

    By Tess Owen
    March 26, 2016 | 11:10 am

    With Brus­sels still reel­ing in the after­math of the dead­ly bomb­ings this week, the mur­der of a nuclear pow­er plant secu­ri­ty guard and the theft of his badge has com­pound­ed fears that Bel­gium’s two sprawl­ing nuclear plants could be vul­ner­a­ble to attacks.

    The secu­ri­ty guard was found dead in his home in Charleroi, a post-indus­tri­al region known for its derelict fac­to­ries and slag heaps. Didi­er Pros­pero, who worked for US-owned secu­ri­ty com­pa­ny G4S, was dis­cov­ered shot dead in his bath­room on Thurs­day night. Bel­gian dai­ly Derniere Heure (DH) report­ed that Pros­per­o’s chil­dren found him, and that his dog had also been shot. His secu­ri­ty pass was miss­ing but deac­ti­vat­ed after his body was found, DH said.

    A police spokesper­son was unable to pro­vide VICE News with fur­ther infor­ma­tion about the case due to the ongo­ing inves­ti­ga­tion. Bel­gian pros­e­cu­tors told DH that they had not found any cor­re­la­tion between the guard’s mur­der and ter­ror­ism. Nev­er­the­less, the tim­ing of his death days after the bomb­ings in Brus­sels fueled con­cerns that mil­i­tants could be try­ing to get their hands on mate­ri­als to build a radioac­tive dirty bomb.

    ...

    Hours after sui­cide bomb­ings rocked Brus­sels trans­port hubs on Tues­day, killing 31 peo­ple and injur­ing hun­dreds, Bel­gium’s Tihange nuclear plant was par­tial­ly evac­u­at­ed, and all work­ers who were not strict­ly nec­es­sary were sent home ear­ly. The head of Bel­gium’s nuclear reg­u­la­to­ry agency said on Tues­day that, while there were no direct threats to the plant, the move to par­tial-evac­u­a­tion was “based on new infor­ma­tion and the events of [Tues­day]. Extra secu­ri­ty mea­sures were tak­en.”

    How­ev­er, the claim that there had­n’t been a direct threat mount­ed against Bel­gium’s nuclear infra­struc­ture isn’t entire­ly accu­rate. In Feb­ru­ary, Bel­gian author­i­ties dis­cov­ered 10-hours worth of secret­ly record­ed video footage show­ing one of the coun­try’s top nuclear sci­en­tists com­ing and going from his home. The mate­r­i­al was dis­cov­ered dur­ing a counter-ter­ror­ism raid on the home of Mohamed Bakkali, who was arrest­ed and charged with ter­ror­ism and mur­der asso­ci­at­ed with the Novem­ber 13 Paris attacks. Ibrahim and Khalid el-Bakraoui — broth­ers who author­i­ties believe were the alleged sui­cide bombers at Brus­sels’ air­port and sub­way — are sus­pect­ed to have plant­ed the cam­era, which was hid­den in bush­es near the sci­en­tist’s house.

    Experts and offi­cials have con­tend­ed that sur­veilling the nuclear offi­cial, who had access to secure areas of a nuclear research facil­i­ty in Mol, was part of a grander scheme to take him hostage and force him to hand over radioac­tive mate­r­i­al.

    DH report­ed on Thurs­day that the sui­cide bombers who self-det­o­nat­ed on Tues­day were orig­i­nal­ly plan­ning an attack on nuclear facil­i­ties. How­ev­er, as Bel­gian police start­ed clos­ing in on their extrem­ist net­work and arrest­ed sus­pect­ed ter­ror­ists such as Salah Abdeslam, DH said, mil­i­tants were under pres­sure to car­ry out an attack as soon as pos­si­ble, and aban­doned the grander plan of tar­get­ing Bel­gium’s nuclear infra­struc­ture.

    Sébastien Berg, the spokesman for Bel­gium’s fed­er­al agency for nuclear con­trol said a poten­tial attack pos­es a num­ber of risks. First, that ter­ror­ists infil­trate the plant and shut down their oper­a­tions, which would send about half the coun­try into a black­out.

    Anoth­er fear, Berg said, was of “an acci­dent in which some­one explodes a bomb inside the plant.” Last­ly, Berg said, “the oth­er dan­ger is that they fly some­thing into the plant from out­side,” which would stop the cool­ing process of the fuel and force the plant to shut down.

    Until two years ago, secu­ri­ty around the plants was fair­ly lax. In 2014, Bel­gian offi­cials installed secu­ri­ty cam­eras and devel­oped a plan to com­bat cyber­at­tacks. They also man­dat­ed that all employ­ees move in groups to avoid sab­o­tage by a lone wolf.

    Just 11 days before the attacks shook Brus­sels, Bel­gium’s two nuclear facil­i­ties — which con­tain sev­en reac­tors — were guard­ed by unarmed secu­ri­ty per­son­nel. On March 11, the Bel­gian gov­ern­ment deployed 140 troops to beef up secu­ri­ty at the nuclear facil­i­ties, a tem­po­rary solu­tion until a new armed police force is trained to take over.

    “DH report­ed on Thurs­day that the sui­cide bombers who self-det­o­nat­ed on Tues­day were orig­i­nal­ly plan­ning an attack on nuclear facil­i­ties. How­ev­er, as Bel­gian police start­ed clos­ing in on their extrem­ist net­work and arrest­ed sus­pect­ed ter­ror­ists such as Salah Abdeslam, DH said, mil­i­tants were under pres­sure to car­ry out an attack as soon as pos­si­ble, and aban­doned the grander plan of tar­get­ing Bel­gium’s nuclear infra­struc­ture.”
    That’s right, the attacks in Brus­sels were basi­cal­ly the rushed Plan B for the ter­ror-net­work. Plan A was some sort of nuclear attack, and with the head of secu­ri­ty guard for the nation­al radioac­tive ele­ments insti­tute at Fleu­rus mur­dered after the Brus­sels attack, it’s rather unclear just how aban­doned Plan A real­ly is at this point. It seems ongo­ing. And as we saw in the above arti­cle, it’s the nuclear research facil­i­ties that hold the high­ly-enriched ura­ni­um that could be used to build an actu­al prim­i­tive nuclear bomb:

    ...
    Bel­gium has both low-enriched ura­ni­um, which fuels its two pow­er plants, and high­ly enriched ura­ni­um, which is used in its research reac­tor pri­mar­i­ly to make med­ical iso­topes, plus the byprod­ucts of that process. The Unit­ed States pro­vides Bel­gium with high­ly enriched ura­ni­um — mak­ing it par­tic­u­lar­ly con­cerned about radioac­tive mate­ri­als land­ing in ter­ror­ist hands — and then buys iso­topes.

    ...

    While experts are doubt­ful that ter­ror­ists could steal the high­ly enriched ura­ni­um at the Mol reac­tor with­out alert­ing law enforce­ment, some nuclear sci­en­tists do believe that if they could obtain it, they could recruit peo­ple who know how to fash­ion a prim­i­tive nuclear device.

    ...

    All in all, it’s pret­ty clear that not only does ISIS want nukes, it’s active­ly plan­ning on obtain­ing them and may have already infil­trat­ed the nuclear ener­gy work­force. So let’s hope EVERY nuclear facil­i­ty on the plan­et is slat­ed for a major secu­ri­ty upgrade soon. Also keep your fin­gers crossed for more dumb luck. We’re going to need it.

    Posted by Pterrafractyl | March 26, 2016, 3:43 pm
  4. Anoth­er piece of crit­i­cal civil­ian infra­struc­ture was recent­ly hacked. This time it was a water treat­ment plant, where the lev­els of chem­i­cals used to treat the water were mod­i­fied mul­ti­ple times by the hack­ers. Like a num­ber of these types of hacks, there was a famil­iar good news/bad news dynam­ic: the good news is that the hack does­n’t seem to be due to some sort of super-hack­ers but instead appears to be large­ly a con­se­quence of appalling­ly bad secu­ri­ty prac­tices by the treat­ment plant. The bad news, of course, is that this crit­i­cal piece of infra­struc­ture had appalling bad secu­ri­ty. So, like many secu­ri­ty breach­es of this nature, the good news is also the bad news:

    Inter­na­tion­al Busi­ness Times

    Hack­ers hijack­ing water treat­ment plant con­trols shows how eas­i­ly civil­ians could be poi­soned

    By Mary-Ann Rus­son
    March 23, 2016 16:17 GMT

    A group of hack­ers man­aged to infil­trate a water treat­ment plant and change the lev­els of chem­i­cals being used to treat tap water four times dur­ing the cyber­at­tack, secu­ri­ty researchers report.

    The poten­tial trou­ble caused by hack­ing crit­i­cal infra­struc­ture has become a key cyber­se­cu­ri­ty con­cern in recent months. In Decem­ber 2015, cyber­at­tacks against three Ukrain­ian pow­er com­pa­nies caused wide­spread pow­er out­ages in mul­ti­ple cen­tral and region­al facil­i­ties, hit­ting 225,000 cus­tomers. In Jan­u­ary, Israel’s Elec­tric­i­ty Author­i­ty (IEA) was vic­tim of a ran­somware attack attack that paral­ysed some of the com­put­ers on its net­work for over two days.

    Ver­i­zon Secu­ri­ty Solu­tions is the cyber­se­cu­ri­ty arm of Ver­i­zon’s enter­prise ser­vices for busi­ness­es, and the secu­ri­ty firm is fre­quent­ly called in by cor­po­ra­tions to deal with cyber­se­cu­ri­ty threats. Ver­i­zon states in its lat­est report that a group of hack­ers who have been pre­vi­ous­ly asso­ci­at­ed with hack­tivism cam­paigns suc­ceed­ed in breach­ing a water treat­ment facil­i­ty.

    Due to the sen­si­tive nature of the breach, which gave the hack­ers access to the per­son­al and finan­cial records of over 2.5 mil­lion cus­tomers, Ver­i­zon is not releas­ing the name of the water com­pa­ny or the coun­try it resides in, refer­ring to the com­pa­ny by the fake moniker “Kemuri Water Com­pa­ny” (KWC).

    Water com­pa­ny using 1980s IBM serv­er

    Ver­i­zon says the breach hap­pened as the water com­pa­ny had been using oper­at­ing sys­tems over a decade old to run its entire IT net­work (we’re guess­ing Win­dows XP), and because the entire IT net­work relied on a sin­gle ancient IBM Appli­ca­tion System/400 (AS/400) serv­er, released back in 1988.

    This serv­er was used to con­nect not just the fir­m’s inter­nal IT net­work but also the oper­a­tional tech­nol­o­gy (OT) sys­tems that con­trols the water treat­ment facil­i­ty, which man­aged the water sup­ply and meter­ing water usage for a num­ber of neigh­bour­ing coun­ties, and best of all, only one employ­ee in the whole com­pa­ny was capa­ble of deal­ing with the ancient AS/400 sys­tem.

    KWC asked Ver­i­zon to assess their net­works for indi­ca­tions of a secu­ri­ty breach as the com­pa­ny’s IT team had detect­ed unau­tho­rised access to the OT sys­tems of the water dis­trict, and in the two months pri­or to report­ing the breach, KWC had noticed an unex­plain­able pat­tern of valve and duct move­ments that seemed to be manip­u­lat­ing hun­dreds of Pro­gram­ma­ble Log­ic Con­trollers (PLCs).

    ...

    The hack­ers breached the KWC’s sys­tems by exploit­ing a vul­ner­a­bil­i­ty in the web-acces­si­ble pay­ments sys­tem and using it to get into the com­pa­ny’s web serv­er. Ver­i­zon’s researchers realised that the IP address­es of the attack­ers cor­re­spond­ed with those of hack­ers who had pre­vi­ous­ly car­ried out hac­tivist cam­paigns, and it is thought that the hack­ers’ motives might con­cern Syr­ia, so per­haps these hack­ers are affil­i­at­ed with a larg­er hack­ing col­lec­tive like Anony­mous.

    Hack­ers may have been unaware of what they could actu­al­ly do

    The researchers say that although the hack­ers had access to over 2.5 mil­lion cus­tomer records, luck­i­ly the hack­ers nev­er sought to use the infor­ma­tion from the accounts, and it is very like­ly that the hack­ers did­n’t even realise that they were manip­u­lat­ing tap water chem­i­cal lev­els as the way they mod­i­fied appli­ca­tion set­tings showed very lit­tle knowl­edge of how the flow con­trol sys­tem worked.

    In the end, KWC was able to iden­ti­fy and reverse the chem­i­cal and flow changes in time, so the impact on cus­tomers was large­ly min­imised and nobody got ill – but it could have been so much worse.

    “KWC’s breach was seri­ous and could have eas­i­ly been more crit­i­cal. If the threat actors had a lit­tle more time, and with a lit­tle more knowl­edge of the ICS/SCADA sys­tem, KWC and the local com­mu­ni­ty could have suf­fered seri­ous con­se­quences,” Ver­i­zon’s researchers write in the report.

    “Hav­ing inter­net fac­ing servers, espe­cial­ly web servers, direct­ly con­nect­ed to SCADA man­age­ment sys­tems is far from a best prac­tice. Many issues like out­dat­ed sys­tems and miss­ing patch­es con­tributed to the data breach — the lack of iso­la­tion of crit­i­cal assets, weak authen­ti­ca­tion mech­a­nisms and unsafe prac­tices of pro­tect­ing pass­words also enabled the threat actors to gain far more access than should have been pos­si­ble.”

    “Hav­ing inter­net fac­ing servers, espe­cial­ly web servers, direct­ly con­nect­ed to SCADA man­age­ment sys­tems is far from a best prac­tice. Many issues like out­dat­ed sys­tems and miss­ing patch­es con­tributed to the data breach — the lack of iso­la­tion of crit­i­cal assets, weak authen­ti­ca­tion mech­a­nisms and unsafe prac­tices of pro­tect­ing pass­words also enabled the threat actors to gain far more access than should have been pos­si­ble.”
    Yes, the secu­ri­ty prac­tices were most cer­tain­ly ‘far from a best prac­tice’, which is what such a dan­ger­ous sit­u­a­tion as opposed to super-hack­ing capa­bil­i­ties. Good news! And hor­ri­fy­ing news.

    Posted by Pterrafractyl | April 2, 2016, 5:27 pm

Post a comment