Thursday, May 29, 2008

PLA vs. SCADA

From China’s Cyber-Militia: Chinese hackers pose a clear and present danger to U.S. government and private-sector computer networks and may be responsible for two major U.S. power blackouts.

One prominent expert told National Journal he believes that China’s People’s Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network that controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said. “They said that, with confidence, it had been traced back to the PLA.” These officials believe that the intrusion may have precipitated the largest blackout in North American history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected

And Nmap cause the Florida blackout?

A second information-security expert independently corroborated Bennett’s account of the Florida blackout. According to this individual, who cited sources with direct knowledge of the investigation, a Chinese PLA hacker attempting to map Florida Power & Light’s computer infrastructure apparently made a mistake. “The hacker was probably supposed to be mapping the system for his bosses and just got carried away and had a ‘what happens if I pull on this’ moment.” The hacker triggered a cascade effect, shutting down large portions of the Florida power grid, the security expert said. “I suspect, as the system went down, the PLA hacker said something like, ‘Oops, my bad,’ in Chinese.”

And who has heard of Cybrinth or Stephen Spoonamore?

Stephen Spoonamore, CEO of Cybrinth, a cyber-security firm that works for government and corporate clients, said that Chinese hackers attempt to map the IT networks of his clients on a daily basis. He said that executives from three Fortune 500 companies, all clients, had document-stealing code planted in their computers while traveling in China, the same fate that befell Gutierrez.

I saw prove it. Show me the logs of an informed attacker demonstrating knowledge of their target device, protocol, or application. Not, random script-kiddie crap from Chinese Universities. Been there seen that -- as has anyone that has set up a honeynet.

Show me a journalist that has a clue on this topic.

Hat Tip: Marc Ambinder.

2 comments:

Jake Brodsky said...

Amen! Ask the Emperor where his clothes are. But be ready to run if they get angry.

Jeff Martens said...

Spoonamore was on the Diane Rehm Show this morning and made the incredible statement that IPv6 is four times as powerful as IPv4, giving Chinese hackers an advantage over the Americans. Where did that factor of 4 come from? Sure, the addresses are four times as long, but that means the address space size of IPv6 is IPv4's to the fourth. I think he doesn't understand the technical side of things.