Peace via the internet (weapon of mass disruption.)

press to enlarge

Chinese hackers are thought to have targeted Western networks repeatedly. Computers at the Foreign and Commonwealth Office and other Whitehall departments were attacked from China in 2007. In the same year, Jonathan Evans, the MI5 Director-General, alerted 300 British businesses that they were under Chinese cyber-attack.

British intelligence chiefs have warned recently that China may have gained the capability effectively to shut down Britain by crippling its telecoms and utilities. Equipment installed by Huawei, the Chinese telecoms giant, in BT’s new communications network could be used to halt critical services such as power, food and water supplies, they said.

The Chinese Embassy in London said that there was no evidence to back up the claim that the Chinese Government was behind GhostNet and alleged that the report had been “commissioned by the Tibetan government in exile”.

Liu Weimin, a spokesman, said: “I will not be surprised if this report is just another case of their recent media and propaganda campaign. In China, it is against the law to hack into the computers of others, and we are victims of such cyber-attack. It is a global challenge that requires global cooperation. China is an active participant in such cooperation in the world.”

Once the hackers had infiltrated the systems, they gained control using malware – software installed on the compromised computers – and sent and received data from them, the researchers said. “The GhostNet system directs infected computers to download a Trojan known as Ghost Rat that allows attackers to gain complete, real-time control,” IWM said. “These instances of Ghost Rat are consistently controlled from commercial internet access accounts located on the island of Hainan, in the People’s Republic of China.”

Hainan is home to the Lingshui signals intelligence facility and the Third Technical Department of the People’s Liberation Army, IWM said.

Actually it is very good news. All major nations will soon be able to dismantle or disrupt the infrastructure of each other's nations. That means there will be less probability of any major war. (Ric)

April 8, 2009 - 8:10pm

SAN JOSE, Calif. (AP) - Spies hacked into the U.S. electric grid and left behind computer programs that would let them disrupt service, exposing potentially catastrophic vulnerabilities in key pieces of national infrastructure, a former U.S. government official said Wednesday.

The intrusions were discovered after electric companies gave the government permission to audit their systems, the ex-official said. The official was not authorized to discuss the matter and spoke to The Associated Press on condition of anonymity.

The inspections of the electric grid were triggered by fears over a March 2007 video from the Idaho National Laboratory, which had staged a demonstration of what damage hackers could do if they seized control of a crucial part of the electric grid. The video showed a power turbine spinning out of control until it became a smoking hulk and shut down.

Although the resulting audits turned up evidence of spying sometime earlier, the former official told the AP that the extent of the problem is unknown, because the government does not have blanket authority to examine other electric systems.

"The vulnerability may be bigger than we think," the official said, adding that the level of sophistication necessary to pull off such intrusions is so high that it is "almost without a doubt" done by state sponsors.

The Wall Street Journal, which reported the intrusions earlier, said officials believe the spies have not yet sought to damage the nation's electric grid, but that they likely would try in a war or another crisis.

Chinese and Russian officials have denied involvement in hacks on U.S. systems.

The malicious programs were probably purged immediately from the utilities' networks after their discovery.

Intrusions are generally much harder to detect than to clean up, though purging malicious programs from mission-critical systems poses a special challenge, since computers often have to be running around the clock and can't be shut down to be scrubbed clean. If that's the case, proper backups need to be in place to make sure an infection is fully neutralized.

The attacks highlight serious problems that utilities like power and water companies face as they add more technologies for remotely managing their facilities. Any system networked to the rest of the world _ from financial systems to university records to retail operations _ can leave openings for hackers.

Homeland Security spokeswoman Amy Kudwa said her department is "not aware of any disruptions to the power grid caused by deliberate cyber activity here in the United States." Even so, congressional investigators and intelligence officials have warned that electric utilities are vulnerable to cyber attacks, and utilities acknowledge that their computer networks are routinely under assault.

CIA analyst Tom Donahue told utility engineers at a conference last year that in other countries, hackers had broken into electric utilities and demanded payments before disrupting power _ in one case turning off the lights in multiple cities.

The power grid is becoming a bigger target for hackers as more pieces of it are connected to each other or, in some cases, to the Internet.

Employees who work remotely can be a major point of weakness. If their computers can be compromised, hackers can begin working backward into a utility's central control system. One way that's done is by so-called "spear phishing," or trying to fool people into opening personalized e-mails that have malicious programs inside them. Malicious Web applications can be another route for hackers.

"The severity of what we're seeing is off the charts," said Tom Kellermann, vice president of security awareness for Core Security Technologies and a member of the Commission on Cyber Security that is advising President Barack Obama. "Most of the critical infrastructure in the U.S. has been penetrated to the root by state actors."

Joe Weiss, a security expert who has testified before Congress about such threats, said the industry has failed to address these vulnerabilities.

"The human resources computer system in a utility happens to be more cyber-secure than any power plant or electric substation that we have," said Weiss, managing partner of Applied Control Solutions, a company based in Cupertino, Calif. "The fundamental problem is that we're paying more attention to the cybersecurity of Facebook than we are to trying to keep our lights on."

He said the long-term ramifications of such an attack would be severe: If electrical equipment were destroyed, power could be lost for six to nine months, because the replacement gear would take so long to manufacture.

   1 2  -  Next page

Comment by Ric:  "And don't think the U.S. is not doing the same thing, buddy!"

....................................

NEW YORK: A vast cyber spy network controlled from China has infiltrated government and private computers in 103 countries. 

Safety tips to keep hackers away

 even the Indian embassy in Washington and the Tibetan spiritual leader Dalai Lama, a media report said on Sunday.  Canadian researchers, the New York Times reported, have concluded that the computers based almost exclusively in China are controlling the network and stealingdocuments, but stopped short of saying that the Chinese government was involved.  It quoted researchers as saying that they had found no evidence that the US government offices had been infiltrated, although a NATOcomputer was monitored by the spies for half a day and computers of the Indian embassy in Washington were infiltrated.  The researchers, who are based at the Munk Center for International Studies at the University of Toronto, had been asked by the office of the Dalai Lama, the exiled Tibetan leader whom China regularly denounces, to examine its computers for signs of malicious software or malware, the paper said, quoting a report being issued shortly.  Their sleuthing, it said, opened a window into a broader operation that, in less than 2 years, has infiltrated at least 1,295 computers in 103 countries, including many belonging to embassies, foreign ministries and other government offices, as well as the Dalai Lama's Tibetan exile centers in India, Brussels, London and New York. 

.  The Information Warfare Monitor (IWM), which carried out an extensive 10-month research on cyber spy activities emanating from China, said the hacked systems include the computers of Indian embassies and offices of the Dalai Lama.  Without identifying Indian embassies, the group said all evidence points to China as the source of this spy espionage.  The group said it has evidence that the hackers managed to install a software called malware on the compromised computers to steal sensitive documents, including those from the Dalai Lama's offices.  The group began its research after Tibetan exiles made allegations of cyber spying by the Chinese.  After initial investigations when the group widened it research it found that the China-based cyber espionage had hacked computer systems of embassies of India, Pakistan, Germany, Indonesia, Thailand, South Korea and many other countries.  In all, the hackers had gained access to 1,295 computer systems of foreign ministries of many countries, including Bhutan, Bangladesh, Latvia, Indonesia, Iran, and the Philippines, the researchers said.  After gaining access to foreign government and private computer systems, the hackers installed malware to exercise control over these computer systems to access anydocuments.  "We have been told by the researchers that the Chinese hackers have gained access to our computers systems all over the world, and taken sensitive documents from the office of His Holiness (the Dalai Lama)," Toronto-based Tibetan student leader Bhutila Karpoche told IANS.  She said, "Our website (studentsforafreetibet.org) has been repeated hacked, and we keep getting all kinds of viruses in our emails. This trend has increased in recent months, and we have become very wary about opening  our emails."  The findings of the 10-month investigation titled 'Tracking GhostNet: Investigating a Cyber Espionage Network,' will be released Monday.

http://www.nationaljournal.com/njmagazine/cs_20080531_6948.phpChina’s Cyber-Militia CHINESE HACKERS POSE A CLEAR AND PRESENT DANGER TO U.S. GOVERNMENT AND PRIVATE-SECTOR COMPUTER NETWORKS AND MAY BE RESPONSIBLE FOR TWO MAJOR U.S. POWER BLACKOUTS. by Shane Harris Sat. May 31, 2008 Computer hackers in China, including those working on behalf of the Chinese government and military, have penetrated deeply into the information systems of U.S. companies and government agencies, stolen proprietary information from American executives in advance of their business meetings in China, and, in a few cases, gained access to electric power plants in the United States, possibly triggering two recent and widespread blackouts in Florida and the Northeast, according to U.S. government officials and computer-security experts. Read on from website above. One prominent expert told National Journal he believes that China’s People’s Liberation Army played a role in the power outages. Tim Bennett, the former president of the Cyber Security Industry Alliance, a leading trade group, said that U.S. intelligence officials have told him that the PLA in 2003 gained access to a network that controlled electric power systems serving the northeastern United States. The intelligence officials said that forensic analysis had confirmed the source, Bennett said. “They said that, with confidence, it had been traced back to the PLA.” These officials believe that the intrusion may have precipitated the largest blackout in North American history, which occurred in August of that year. A 9,300-square-mile area, touching Michigan, Ohio, New York, and parts of Canada, lost power; an estimated 50 million people were affected. Officially, the blackout was attributed to a variety of factors, none of which involved foreign intervention. Investigators blamed “overgrown trees” that came into contact with strained high-voltage lines near facilities in Ohio owned by FirstEnergy Corp. More than 100 power plants were shut down during the cascading failure. A computer virus, then in wide circulation, disrupted the communications lines that utility companies use to manage the power grid, and this exacerbated the problem. 

Although this attack is only to spread propaganda, security of these sites need to get special attention because of the important and influential organization. Also be confirmed by securityexperts that the conflict over Gaza, which continues to drag on, the more sites will be the disabled.

As tensions in Gaza have intensified over the past few weeks, loosely organized hacking groups from countries such as Morocco, Turkey and Iran have defaced thousands of Web pages. This latest wave of attacks has mostly focused on Israeli sites, particularly easy targets belonging to individuals or small businesses. However, some high-profile targets have been hit too, such as news site Ynetnews.com.