Dave Emory’s entire lifetime of work is available on a flash drive that can be obtained here. The new drive is a 32-gigabyte drive that is current as of the programs and articles posted by 12/19/2014. The new drive (available for a tax-deductible contribution of $65.00 or more) contains FTR #827. (The previous flash drive was current through the end of May of 2012 and contained FTR #748.)
You can subscribe to e‑mail alerts from Spitfirelist.com HERE.
You can subscribe to RSS feed from Spitfirelist.com HERE.
You can subscribe to the comments made on programs and posts–an excellent source of information in, and of, itself HERE.
COMMENT: Late last year, a series of drone flights over nuclear power plants in France raised alarm at the time. Although 3 people were detained and then released (apparently not engaged in sinister activity), questions remain about the large number of flights.
In the wake of the attacks on Charlie Hebdo and a kosher delicatessen in Paris, one wonders if some of the flights may have been preparatory to an attack of some kind?
IF, in fact, such an attack were to take place, things will become SERIOUSLY interesting.
“France Arrests 3 with Drones by Power Plant” by Dan Bilefsky; The New York Times; 11/7/2014.
Two men and a woman were questioned by the police on Thursday after being arrested in possession of two drones near the Belleville-sur-Loire nuclear power plant in central France, news agencies reported. The arrests follow a wave of at least 14 illegal drone flights over French nuclear plants in recent weeks, which have raised concerns about the security of the country’s main source of electricity. . . . .
. . . . From Oct. 5 to Nov. 2, guards at 13 nuclear plants, including some operated by the French electricity giant EDF, heard the buzzing of drones that the authorities have labeled an “organized provocation” aimed at “disrupting the surveillance chain and protection of these sites.” Officials said that the drones were not military, but rather civilian or commercial, and that they could be used to take photographs or record video of the plants.
Adding to the mystery, Ségolène Royal, the environment minister, has said that she does not have any leads on who was behind the flights. While she said she would not let anyone undermine France’s reputation for security at its nuclear plants, she added that the threat posed by the drone flights should neither be minimized nor exaggerated.
France has 19 nuclear plants and 58 reactors that supply nearly 75 percent of its electricity. . . .
Since it might be tempting to attribute these drones to environmental groups shooting footage for a video or demonstrating airspace vulnerabilities, note that Greenpeace, which has a history of protesting French nuclear plants, explicitly denied involvement:
As France’s Interior Minister pointed out, those plants are “designed to withstand a strong earthquake or an airliner crashing into it”. Let’s hope so. But it’s also worth noting that, while the current threat to nuclear power plants from drones may be limited today, that’s not going to be the case tomorrow:
“Although there’s been some discussion of embedding unmanned aircraft with tracking software or “kill switches,” practical problems abound with such an approach. Unfortunately, reliably detecting such small and agile machines will probably be a challenge for years to come. ”
Drone kill switches and tracking software. Could that be part of the future when everyone’s random hover drone comes with a vast range and the ability to carry large amounts of [insert scary thing here]? If so, you have to wonder what the odds are that the future ‘Snowden of drone surveillance’, one that reveals all the secret stuff governments start inserting into drone technology but somehow remains completely anonymous, is even human. The drones want to be free too. One least one of them.
The future sport of drone hunting is probably going to be pretty addicting. Sometimes really addicting:
Good luck drone hunters. Of course, one of the risks highlighted in this story is that your hunting dogs you send out to find the downed drone might end up consuming the drone’s contents before you get there.Uh oh. Fido needs an upgrade.
Seven Iranian hackers were just charged with a number of hacking attempts on dozens of US institutions, the vast majority of targets being major banks. And while a major bank hacked is potentially going to result in a very nasty financial bath, if you happen to live near one of hacking targets, you may have barely avoided a very nasty actual bath:
“The attack on the Bowman Avenue Dam in Rye Brook, New York, was especially alarming, Lynch said, because it represented a known intrusion on critical infrastructure. A stroke of good fortune prevented the hackers from obtaining operational control of the flood gates because the dam had been manually disconnected for routine maintenance, she said.”
Good ol’ dumb luck, the best unreliable defense around. It kind of raises the question of just what these hackers would have done had they actually obtained operational access to the flood gates? Would there have been a major flooding event in retaliation for the US/Israeli Stuxnet attacks? That seems highly unlikely given the potentially devastating US response, which is a reminder that, as scary as these kind of state-backed hacking capabilities of critical infrastructure are in the age of the internet, they probably a lot less scary that non-state actors with similar capabilities. After all, as long as this is a state vs state activity, the logic of MADness can hopefully still keep things at least somewhat in check.
For instance, just imagine if ISIS, a suicidal “state”, had similar hacking capabilities and not just for critical infrastructure like dams but the kind that can literally go “critical”: nuclear plants. And beyond hacking, just imagine if ISIS had the ability to infiltrate nuclear facilities and either steal radioactive material or cause a meltdown. Would fear of a massive, overwhelming retaliatory attack really dissuade ISIS from attempting to a nuclear facilities into giant dirty bombs? It’s kind of hard to enter into an informal quid pro quo MADness agreement with an insane suicidal enemy:
“On Friday, the authorities stripped security badges from several workers at one of two plants where all nonessential employees had been sent home hours after the attacks at the Brussels airport and one of the city’s busiest subway stations three days earlier. Video footage of a top official at another Belgian nuclear facility was discovered last year in the apartment of a suspected militant linked to the extremists who unleashed the horror in Paris in November.”
Yeah, ISIS surveillance videos of top nuclear facility officials is definitely a reason to fear your facilities are vulnerable. Especially when it appears that ISIS recruited some of your former employees and an unknown individuals effectively sabotaged one of your reactors:
Well that’s as ominous as it gets when it comes to nuclear security. Or, rather, almost as ominous it gets. It can get more ominous:
“DH reported on Thursday that the suicide bombers who self-detonated on Tuesday were originally planning an attack on nuclear facilities. However, as Belgian police started closing in on their extremist network and arrested suspected terrorists such as Salah Abdeslam, DH said, militants were under pressure to carry out an attack as soon as possible, and abandoned the grander plan of targeting Belgium’s nuclear infrastructure.”
That’s right, the attacks in Brussels were basically the rushed Plan B for the terror-network. Plan A was some sort of nuclear attack, and with the head of security guard for the national radioactive elements institute at Fleurus murdered after the Brussels attack, it’s rather unclear just how abandoned Plan A really is at this point. It seems ongoing. And as we saw in the above article, it’s the nuclear research facilities that hold the highly-enriched uranium that could be used to build an actual primitive nuclear bomb:
All in all, it’s pretty clear that not only does ISIS want nukes, it’s actively planning on obtaining them and may have already infiltrated the nuclear energy workforce. So let’s hope EVERY nuclear facility on the planet is slated for a major security upgrade soon. Also keep your fingers crossed for more dumb luck. We’re going to need it.
Another piece of critical civilian infrastructure was recently hacked. This time it was a water treatment plant, where the levels of chemicals used to treat the water were modified multiple times by the hackers. Like a number of these types of hacks, there was a familiar good news/bad news dynamic: the good news is that the hack doesn’t seem to be due to some sort of super-hackers but instead appears to be largely a consequence of appallingly bad security practices by the treatment plant. The bad news, of course, is that this critical piece of infrastructure had appalling bad security. So, like many security breaches of this nature, the good news is also the bad news:
“Having internet facing servers, especially web servers, directly connected to SCADA management systems is far from a best practice. Many issues like outdated systems and missing patches contributed to the data breach — the lack of isolation of critical assets, weak authentication mechanisms and unsafe practices of protecting passwords also enabled the threat actors to gain far more access than should have been possible.”
Yes, the security practices were most certainly ‘far from a best practice’, which is what such a dangerous situation as opposed to super-hacking capabilities. Good news! And horrifying news.