Archive for China

Israeli cyber-Spies Penetrated Electricity Grid in U.S. and blame it on China & Russia

Posted in Etc. with tags , , , , , , on April 9, 2009 by The 800 Pound Gorilla

going-off-the-grid-1-customElectricity Grid in U.S. Penetrated By Spies
The Wall Street Journal

APRIL 8, 2009

WASHINGTON — Cyberspies have penetrated the U.S. electrical grid and left behind software programs that could be used to disrupt the system, according to current and former national-security officials.

[SAN FRANCISCO (Reuters) — More cyber attacks originate in the United States than in any other country, but the number of attacks that appear to come from Israel is nearly double that of any other nation, according to a study released Monday. (2002)

The study found that power and energy companies were primarily targeted by the Middle East {Israel} while high-tech and financial services companies were targeted by Asian attackers.

Israel, which has produced security software specialists such as Checkpoint and Kavado, produced more cyber attacks per head of population than any other nation, at 26 attacks per 10,000 internet users.

Sources inform Globes that representatives of the R&D department of Chinese communications equipment giant Huawei arrived in Israel this week to examine the possibility of establishing an R&D center in Israel. (2004)]

The spies came from China, Russia and other countries, these officials said, and were believed to be on a mission to navigate the U.S. electrical system and its controls. The intruders haven’t sought to damage the power grid or other key infrastructure, but officials warned they could try during a crisis or war.

“The Chinese have attempted to map our infrastructure, such as the electrical grid,” said a senior intelligence official. “So have the Russians.”

The espionage appeared pervasive across the U.S. and doesn’t target a particular company or region, said a former Department of Homeland Security official. “There are intrusions, and they are growing,” the former official said, referring to electrical systems. “There were a lot last year.”

Many of the intrusions were detected not by the companies in charge of the infrastructure but by U.S. intelligence agencies, officials said. Intelligence officials worry about cyber attackers taking control of electrical facilities, a nuclear power plant or financial networks via the Internet.

Authorities investigating the intrusions have found software tools left behind that could be used to destroy infrastructure components, the senior intelligence official said. He added, “If we go to war with them, they will try to turn them on.”

Officials said water, sewage and other infrastructure systems also were at risk.

“Over the past several years, we have seen cyberattacks against critical infrastructures abroad, and many of our own infrastructures are as vulnerable as their foreign counterparts,” Director of National Intelligence Dennis Blair recently told lawmakers. “A number of nations, including Russia and China, can disrupt elements of the U.S. information infrastructure.”

Officials cautioned that the motivation of the cyberspies wasn’t well understood, and they don’t see an immediate danger. China, for example, has little incentive to disrupt the U.S. economy because it relies on American consumers and holds U.S. government debt.

But protecting the electrical grid and other infrastructure is a key part of the Obama administration’s cybersecurity review, which is to be completed next week. Under the Bush administration, Congress approved $17 billion in secret funds to protect government networks, according to people familiar with the budget. The Obama administration is weighing whether to expand the program to address vulnerabilities in private computer networks, which would cost billions of dollars more. A senior Pentagon official said Tuesday the Pentagon has spent $100 million in the past six months repairing cyber damage.

Overseas examples show the potential havoc. In 2000, a disgruntled employee rigged a computerized control system at a water-treatment plant in Australia, releasing more than 200,000 gallons of sewage into parks, rivers and the grounds of a Hyatt hotel.

Last year, a senior Central Intelligence Agency official, Tom Donahue, told a meeting of utility company representatives in New Orleans that a cyberattack had taken out power equipment in multiple regions outside the U.S. The outage was followed with extortion demands, he said.

The U.S. electrical grid comprises three separate electric networks, covering the East, the West and Texas. Each includes many thousands of miles of transmission lines, power plants and substations. The flow of power is controlled by local utilities or regional transmission organizations. The growing reliance of utilities on Internet-based communication has increased the vulnerability of control systems to spies and hackers, according to government reports.

The sophistication of the U.S. intrusions — which extend beyond electric to other key infrastructure systems — suggests that China and Russia are mainly responsible, according to intelligence officials and cybersecurity specialists. While terrorist groups could develop the ability to penetrate U.S. infrastructure, they don’t appear to have yet mounted attacks, these officials say.

It is nearly impossible to know whether or not an attack is government-sponsored because of the difficulty in tracking true identities in cyberspace. U.S. officials said investigators have followed electronic trails of stolen data to China and Russia.

Russian and Chinese officials have denied any wrongdoing. “These are pure speculations,” said Yevgeniy Khorishko, a spokesman at the Russian Embassy. “Russia has nothing to do with the cyberattacks on the U.S. infrastructure, or on any infrastructure in any other country in the world.”

A spokesman for the Chinese Embassy in Washington, Wang Baodong, said the Chinese government “resolutely oppose[s] any crime, including hacking, that destroys the Internet or computer network” and has laws barring the practice. China was ready to cooperate with other countries to counter such attacks, he said, and added that “some people overseas with Cold War mentality are indulged in fabricating the sheer lies of the so-called cyberspies in China.”

Utilities are reluctant to speak about the dangers. “Much of what we’ve done, we can’t talk about,” said Ray Dotter, a spokesman at PJM Interconnection LLC, which coordinates the movement of wholesale electricity in 13 states and the District of Columbia. He said the organization has beefed up its security, in conformance with federal standards.

In January 2008, the Federal Energy Regulatory Commission approved new protection measures that required improvements in the security of computer servers and better plans for handling attacks.

Last week, Senate Democrats introduced a proposal that would require all critical infrastructure companies to meet new cybersecurity standards and grant the president emergency powers over control of the grid systems and other infrastructure.

Specialists at the U.S. Cyber Consequences Unit, a nonprofit research institute, said attack programs search for openings in a network, much as a thief tests locks on doors. Once inside, these programs and their human controllers can acquire the same access and powers as a systems administrator. NERC Letter

The North American Electric Reliability Corporation on Tuesday warned its members that not all of them appear to be adhering to cybersecuirty requirements. Read the letter.

The White House review of cybersecurity programs is studying ways to shield the electrical grid from such attacks, said James Lewis, who directed a study for the Center for Strategic and International Studies and has met with White House reviewers.

The reliability of the grid is ultimately the responsibility of the North American Electric Reliability Corp., an independent standards-setting organization overseen by the Federal Energy Regulatory Commission.

The NERC set standards last year requiring companies to designate “critical cyber assets.” Companies, for example, must check the backgrounds of employees and install firewalls to separate administrative networks from those that control electricity flow. The group will begin auditing compliance in July. —Rebecca Smith contributed to this article.

Corrections & Amplifications
Central Inteligence Agency official Tom Donahue’s last name was misspelled in a previous version of this article.

This article can be found at: http://online.wsj.com/article/SB123914805204099085.html

Study: Most cyber attacks originate in U.S., Israel

USA Today
January 28, 2002

SAN FRANCISCO (Reuters) — More cyber attacks originate in the United States than in any other country, but the number of attacks that appear to come from Israel is nearly double that of any other nation, according to a study released Monday.

High-tech, financial services, media/entertainment and power and energy companies showed the highest intensity of attacks per company, each averaging more than 700 attacks per company over the six-month period.

On a percentage basis, most of the attacks were relatively benign in nature. But the number of severe attacks was still substantial, with critical and emergency-level events detected on 43% of the client networks, the study found.

“In fact, our findings strongly suggest that once companies connect their systems to the Internet, they are virtually guaranteed to suffer some form of attack,” the report said.

Average attacks per company increased by nearly 80% over the six months studied.

Israel leads the list of countries in terms of number of computer attacks per 10,000 Internet users, followed by Hong Kong, Thailand, South Korea, France, Turkey, Malaysia, Poland, Taiwan and Denmark, according to the study from Riptech, a firm that provides security monitoring of corporate and other computer networks.

“Israel is a country with pretty sophisticated warfare capabilities,” that spread through the relatively computer-literate general population, said Amit Yoran, president and chief executive of Alexandria, Va.-based Riptech.

For the study, Riptech investigated more than 128,000 cyber attacks found in the analysis of 5.5 billion log entries and alerts on its customer’s networks between July and December. The company has about 300 customers in 25 countries.

While most attacks can be traced back to what is believed to be the source country, it is possible for malicious hackers to hide their exact location, according to Yoran.

The study found that attacks that appeared to originate in the United States — nearly 30% of the total — were nearly triple the second-ranked country. But only about 3.5 attacks were made per 10,000 U.S. Internet users, compared with 26 attacks per 10,000 Internet users in Israel, the study found.

Behind the United States in percentage of total attacks was South Korea, China, Germany, France, Canada, Taiwan, Italy, Great Britain and Japan.

Middle East targets power; Asia targets finance

The study found that power and energy companies were primarily targeted by the Middle East while high-tech and financial services companies were targeted by Asian attackers.

Of particular note was the fact that the Code Red and Nimda worms were so predominant — accounting for about 63% of the malicious activity detected by Riptech — that they were excluded from the study.

“We had to pull them out or they would have completely skewed any type of analysis,” said Yoran. “They were just so prevalent over that six month period.”

Excluding Nimda, attacks dipped during the week following Sept. 11 but began to rise in the third week of September, peaking in the middle of November and declining slightly in early December, according to the study.

Companies with more than 500 employees suffered at least 50% more attacks than smaller companies, while public companies suffered about twice as many attacks as private and non-profit companies.

Thirty-nine percent of the attacks looked targeted, appearing to be deliberate attempts to compromise a specific system or company. “That was just mindboggling to me,” Yoran said.

Yoran said the study was different from most in that it relied on actual attack data rather than surveys of network administrators or other company officials, which Yoran said are not always accurate.

This article can be found at: http://www.usatoday.com/tech/news/2002/01/28/security-study.htm

China”s Huawei mulling Israel R&D center
Asia Intelligence Wire

October 27, 2004

Sources inform Globes that representatives of the R&D department of Chinese communications equipment giant Huawei arrived in Israel this week to examine the possibility of establishing an R&D center in Israel.

The visit follows Minister of Industry Trade and Labor Ehud Olmert”s visit to China in June. Olmert was accompanied by a business delegation, which met Huawei chief manager Zhang Laifa. Olmert invited Zhang to establish an R&D center in Israel and to attend the Telecom Israel 2004 exhibition in November.

Amiram Halevy-Laher, director of the Asia Pacific division at the Ministry of Industry, Trade, and Labor foreign trade administration, confirmed the report. He said the visit by Huawei R&D representatives and the expected visit by Zhang next month were initial steps for examining the possible establishment of a Huawei R&D center in Israel.

A delegation of Israel high-tech businesspeople and Israeli Industry Center for R&D (MATIMOP) representatives recently visited Shezhen in China, where it established relations with Huawei”s R&D department. Following the meeting in Shenzhen, Huawei”s R&D staff will also meet MATIMOP representatives in Israel.

This article can be found at: http://www.cn-c114.net/582/a304692.html

Spy chiefs fear Chinese cyber attack
Times Online

March 29, 2009

INTELLIGENCE chiefs have warned that China may have gained the capability to shut down Britain by crippling its telecoms and utilities.

They have told ministers of their fears that equipment installed by Huawei, the Chinese telecoms giant, in BT’s new communications network could be used to halt critical services such as power, food and water supplies.

The warnings coincide with growing cyberwarfare attacks on Britain by foreign governments, particularly Russia and China.

A confidential document circulating in Whitehall says that while BT has taken steps to reduce the risk of attacks by hackers or organised crime, “we believe that the mitigating measures are not effective against deliberate attack by China”.

It is understood that Alex Allan, chairman of the Joint Intelligence Committee (JIC), briefed members of the ministerial committee on national security about the threat from China at a top-secret Whitehall meeting in January.

According to Whitehall sources, the meeting, led by Jacqui Smith, the home secretary, heard that ministers had “not paid sufficient attention to the threat in the past”, despite repeated warnings from the intelligence services. These included warnings from the security arm of GCHQ, which expressed concern because government departments, the intelligence services and the military will all use the new BT network.

A Whitehall report is understood to warn that, although there is at present a “low” risk of China exploiting its capability, “the impact would be very high”.

Huawei was allegedly founded with significant funding from the Chinese state. Its head is Ren Zhengfei, a former director of the telecoms research arm of the 3m-strong People’s Liberation Army.

The company is providing key components for BT’s new £10 billion network, which will update the UK’s telecoms with the use of internet technology. The report says the potential threat from Huawei “has been demonstrated elsewhere in the world”.

The multi-million-pound deal, signed in 2005, has led to a string of risk warnings from the intelligence and security services, with officials complaining of the failure of ministers to take them seriously.

It is unclear whether Patricia Hewitt, then trade and industry secretary, was warned of the problems when the deal was agreed in April 2005. However, the British company Marconi, which failed to win the contract in the face of a far cheaper offer from Huawei, did ask her to intervene to protect British jobs.

Hewitt, now a nonexecutive director of BT, declined to intervene, saying it was “a competitive tender between two commercial companies”. The most recent warnings about the cyberthreat to Britain’s security came in the JIC report on UK cybersecurity circulated in January and a Cabinet Office briefing paper that is understood to have emphasised Huawei’s links to the Chinese military.

Despite Allan’s warnings, and repeated warnings in the past, ministers remain reluctant to fund any move to remove the threat, officials say.

Yvette Cooper, chief secretary to the Treasury, is understood to have cautioned that it would be difficult to find the necessary funds in the current downturn. Ministers expressed concern that replacing the Chinese components with British parts would clash with government policy on competition.

According to the sources, the ministerial committee on national security was told at theJanuary meeting that Huawei components that form key parts of BT’s new network might already contain malicious elements waiting to be activated by China.

Working through Huawei, China was already equipped to make “covert modifications” or to “compromise equipment in ways that are very hard to detect” and that might later “remotely disrupt or even permanently disable the network”, the meeting was told.

This would be likely to have a “significant impact on critical services” such as power and water supplies, food distribution, the financial system and transport, which were dependent on computers to operate.

While technical modifications suggested to BT reduced the threat from hackers, organised criminals and most “hostile adversaries”, they were “not effective against deliberate attack from China”. The current friendly relations between Britain and China meant there was no immediate threat of this happening but there was still a very real threat that “covert functionality” within the components was already being used to gather intelligence.

Intelligence chiefs are believed to have warned that it was impossible to say if such information-gathering had already been introduced, since they had “only limited understanding of our adversaries’ attack capability”.

Whitehall departments were reportedly targeted by the Chinese in 2007, and a few months later Jonathan Evans, the MI5 director-general, wrote to 300 chief executives warning them that the Chinese were hacking into their systems and stealing confidential information.

An attempt by Huawei to merge with the US company 3Com, which provides computer security systems for thePentagon, was blocked last year after US intelligence warned that it would not be in US national security interests. In a new-year e-mail, Sun Yafang, Huawei’s chairwoman, told the company’s 85,000 employees that the global economic situation offered “both challenges and opportunities”. Four weeks later she was inside Downing Street as Gordon Brown welcomed Wen Jiabao, the Chinese premier.

Both Wen and Sun were keen to promote Huawei, which in little more than 20 years has grown into one of the world’s most powerful companies, with projected sales this year of £21 billion. Last year its sales jumped 46%. Its tentacles have reached most of the world’s telecoms companies.

Four days before Brown met Sun, intelligence chiefs had warned ministers of fears that Huawei’s role in the new system might have given China the ability to shut down Britain. Nor was it the first warning. Members of the ministerial committee on national security were told that “ministers had not paid sufficient attention to the threat from Huawei”.

John Tindle, professor in telecommunications engineering at Sunderland University, said software or hardware could sit hidden in a network, waiting to be activated. “If an unauthorised person were able to gain control of the equipment, its mode of operation could be changed,” he said. “The ability to move traffic across the network could be switched off. Traffic could be re-routed to another node controlled by the attacker.”

Huawei was selected to provide key components for the BT network in April 2005 despite allegations that it was bank-rolled by the Chinese government. The firm has previously shown itself to be opportunistic. The US company Cisco, one of Huawei’s main rivals, sued the Chinese company for alleged theft of its intellectual property rights in 2003. The case was settled out of court.

It is Huawei’s links to the Chinese military that cause most concern. Ren set up the company in 1988 after an edict from Deng Xiaoping, then China’s leader, that the country’s defence industry turn itself into profitable companies able to acquire modern technology.

A Pentagon report last week cited Huawei as a key part of the cyberthreat from China, noting that it retained “close ties” with the People’s Liberation Army (PLA). Huawei denies any continuing links to the PLA. A spokeswoman at the company’s UK headquarters dismissed the alleged links as “rumour and speculation”.

Cyberspace targets

Chinese hackers have repeatedly targeted western networks

-Computers at the Foreign Office and other Whitehall departments were attacked from China in 2007. In the same year, Jonathan Evans, the MI5 director-general, warned 300 British businesses that they were under Chinese cyber-attack

-The People’s Liberation Army is reputed to hold an annual competition to recruit the country’s best hackers

-Two years ago, Chinese Trojan horse spyware was found in the offices of Angela Merkel, the German chancellor

This article can be found at: http://www.timesonline.co.uk/tol/news/uk/article5993156.ece

[here is an example of a commercial outfit that produces such weapons of cyber-terror - 800]

Companies target overload cyber-attacks
Israel 21c

December 03, 2001

Tel Aviv-based WanWall is preparing to commercially launch the first comprehensive solution for what is potentially the most dangerous weapon in the arsenals of cyber-terrorists – the massive distributed denial of service (DDOS) attacks that flood a victim’s Internet server with huge amounts of traffic, overloading the system and causing the site to essentially crash.

In February 2000 such attacks crippled the networks of Yahoo, Ebay and Amazon.com, knocking these e-commerce giants offline for as long as several days, resulting in an estimated $1.2 billion in losses. More recently – and much more ominously – similar attacks have were used to paralyze NATO computers in protest against the bombing of Serbia, and key Indian government Web sites to promote Kashmiri separatist goals.

While attacks against commercial Web sites may seem like a mere nuisance, in the wake of the Sept. 11 terrorist attacks, the DDOS threat has government officials concerned. A Pentagon advisory commission on terrorist threats faced by the U.S. said in recent report that the nation “must improve security against cyber attacks and enhance related critical infrastructure protection to ensure the security of essential government, financial, energy, and other critical sector operations against attack.”

The FBI’s National Infrastructure Protection Center, which on Nov. 2 issued a formal warning about the likelihood of new DDOS attacks, said in an October report that, “cyber protesters are becoming increasingly more organized and their techniques more sophisticated.”

The threat is so real that the Defense Advance Research Projects Agency (DARPA), the Pentagon’s technology development organization, has solicited companies to present their technologies at a December conference devoted solely to the threat of, and potential solutions to, DDOS attacks.

Companies and government institutions currently rely on a hodgepodge of anti-virus software, firewalls and other Internet security devices to respond to DDOS attacks. That’s about to change, though, as WanWall readies its suite of products that are designed specifically to protect routers and application servers from extreme overload conditions in wide-area networks (WANs).

In addition to government agencies, the products are targeted at Internet Service Providers (ISPs), Web-hosting companies, large enterprises and cellular telephone providers. Taken together, these represent an extremely attractive market opportunity for WanWall and other companies developing anti-DDOS solutions. According to a recent study by technology research firm IDC, the total DDOS prevention market will grow to over $800 million by 2005.

“We are ready with the right product just as the need for it increases significantly,” WanWall CEO Yuval Rachmilevitz said of the heightened awareness of the cyber-terrorist threat.

WanWall’s products are unique in that they divert the “bad” traffic away from a victim’s network while allowing legitimate traffic to reach the site. In addition, the key components of the system are not part of the network’s “critical path” and therefore do not degrade the normal operation of the network. Rather, when an attack is detected, the system automatically offloads the victim’s traffic from the network, cleans it, and then returns the clean traffic to the network, on its way to the intended destination.

For example, an attack on one ISP client has no impact on any others. In addition, WanWall’s solution is the only one capable of protecting ISPs’ and carriers’ networks from all known attacks, with minimal requirements from the network.

“The key idea of the system is not to add another device on the path, but rather to divert attack traffic away from it,” said Rachmilevitz.

The company, which was founded in 2000 by a team of top computer scientists from the Israeli academia and executives from some of Israel’s top technology companies, has significant backing from major venture capital firms, including Intel Capital and Israel’s Gemini Capital and Koor CVC. With these heavyweights in its corner, WanWall has the financial resources to see itself through and beyond the March 2002 release of its first products, and its first anticipated revenues.

This article can be found at: http://www.israel21c.org/bin/en.jsp?enDispWho=Articles^l43&enPage=BlankPage&enDisplay=view&enDispWhat=object&enVersion=0&enZone=Technology&

Israeli cyber-Spies Penetrated Electricity Grid in U.S. and blame it on China & Russia

Follow

Get every new post delivered to your Inbox.

Join 38 other followers