In our October 7, 2011 report There Have Been Intrusions, we noted that DHS Undersecretary Greg Shaffer warned that hackers and foreign governments are “knocking on the backdoor” of the networked systems which connect everything from infrastructure grid control systems to financial networks.
It now appears that our interconnected smart grid is actively under attack, as evidenced by a new Stuxnet-style trojan that has been detected by major cyber security leaders Symantec and McAfee. Much like its predecessor, the trojan dubbed “Duqu” is designed to infilitrate the networks that control everything from power production facilities to oil refineries. It is not yet clear exactly how the trojan operates, what its intended purpose is, or who designed it (though it is believed that the code for Duqu and Stuxnet likely originated with U.S. intelligence agencies). Both Symantec and McAfee continue to investigate the threat:
Security researchers have detected a new Trojan, scarily similar to the infamous Stuxnet worm, which could disrupt computers controlling power plants, oil refineries and other critical infrastructure networks.
The Trojan, dubbed “Duqu” by the security firm Symantec, appears, based on its code, to have been written by the same authors as the Stuxnet worm, which last July was used to cripple an Iranian nuclear-fuel processing plant.
“Duqu shares a great deal of code with Stuxnet; however, the payload is completely different,” researchers for the security firm Symantec wrote on its Security Response blog.
Instead of directly targeting the SCADA system, Duqu gathers “intelligence data and assets from entities, such as industrial control system manufacturers, in order to more easily conduct a future attack against another third party. The attackers are looking for information such as design documents that could help them mount a future attack on an industrial control facility.”
“Duqu is essentially the precursor to a future Stuxnet-like attack,” the researchers added.
Source: Fox News
You may recall that Stuxnet was so advanced that it crashed the physical centrifuges used to enrich uranium in Iran’s nuclear facilities. Stuxnet did this by exploiting software and hardware vulnerabilities, essentially reporting to Iranian research facility engineers that everything was functioning properly by controlling the software interface, while in the background it sent centrifuges spinning out of control to the point of hardware failure.
Duqu, which is apparently a similar piece of advanced code with a slightly different modus operandi, is not yet completely understood, but like Stuxnet in Iran, it is now actively functioning inside of critical infrastructure systems gathering information. To what end? The answer to that question may remain elusive until it’s too late.
In reportedly unrelated news, the Department of Homeland Security, in an unclassified National Cybersecurity and Communications Integration Center Bulletin (pdf), has issued warnings about the hacking group Anonymous and the possibility that they are becoming increasingly capable of targeting advanced Industrial Control Systems (ICS):
(U//FOUO) The information available on Anonymous suggests they currently have a limited ability to conduct attacks targeting ICS. However, experienced and skilled members of Anonymous in hacking could be able to develop capabilities to gain access and trespass on control system networks very quickly. Free educational opportunities (conferences, classes), presentations at hacker conferences, and other high profile events/media coverage have raised awareness to ICS vulnerabilities, and likely shortened the time needed to develop sufficient tactics, techniques, and procedures (TTPs) to disrupt ICS. Control system exploits are released in common penetration testing software such as Metasploit release 4.0 that can be directly used with novice level skills in hacking and little to no background in control systems. Common packet inspection tools such as WireShark and Netmon have improved to the point where industrial protocols are supported minimizing the effectiveness of security-by-obscurity. In addition, there are control systems that are currently accessible directly from the Internet and easy to locate through internet search engine tools and applications. These systems could be easily located and accessed with minimal skills in order to trespass, carry out nefarious activities, or conduct reconnaissance activities to be used in future operations.
(U//FOUO) Anonymous has recently called on their members to target energy companies based on “Green Energy” initiative performance. This targeting could likely extend beyond Anonymous to the broader hacktivist community, resulting in larger-scope actions against energy companies. Asset owners and operators of critical infrastructure control systems are encouraged to engage in addressing the security needs of their control system assets.
Curiously, the Duqu trojan doesn’t seem to have originated from individual hackers or hacking groups, or foreign intelligence services. Rather, like Stuxnet, the virus was likely written under control and/or guidance of U.S. intelligence, possibly in collaboration with Israeli intelligence.
While DHS has issued warnings about Anonymous and other hacking groups potentially attacking the grid, someone – and it’s likely not a lone hacker or the Anonymous hacking group – is actively involved in probing for vulnerabilities in our infrastructure control systems. These are the systems that monitor and control our electricity, water supplies, gas pipelines, oil refineries, financial exchanges, and even certain military operations.
There seems to be no immediate danger at this time, as the Duqu trojan is reportedly gathering intelligence, as opposed to actively attempting to bring down the systems via a hardware style attack like Stuxnet.
But once it acquires all of the necessary information, such as personnel access codes, security certificates and a mapped layout of a particular grid infrastructure, it wouldn’t take much to take things to the next level.
Imagine for a moment the effect of an attack on major refining operations, cascading electrical outages, urban water purification systems that added excessive chemicals to water supplies, or the massive flooding that might result if a dam were compromised.
Or, consider that the U.S. drone fleet was recently attacked by an unknown trojan or malware, which was logging access commands and passwords for high security military systems. What would happen if an enemy of the people of the United States gained access to our entire drone fleet, weapons systems and all?
The possibilities for damage via compromised infrastructure systems would be nothing short of a digital apocalypse, with the potential to adversely affect the lives of tens of millions of unsuspecting Americans virtually overnight.
Well crap. My whole state would be wiped out.
How do you sell a computer security service/system? Report a threat….the bigger the threat the more $$$$ of course. I know its cynical and I know its likely there are viable threats out there. Still when the source is selling something you gotta wonder?
You mean Janet Nappytonto’s “see something, say something” failed??
Stunning, I’m speechless. Thanks for a well written piece.
What’s stunning? These types of viruses/trojans have been out there for quite a while (over 5 years at least). Honestly a large scale DDOS attack on a lot of sites could bring down large portions of the Internet (has happened already) and disrupt communications to power plants, dams, etc and cause major issues.
A friend wrote last year an internal document for BC Hydro that few there read (I reviewed it for him). It stated that as few as 15 grounding wires, fired over high tension transmissions lines by remote control (cellphones) could bring down the entire West coast power grid for days. The big problem being that there are so many hundreds of miles of wires we could never find the next attack without dumb blind luck. I’m sure the East coast would be a bit harder but is just as vulnerable in the end. He demonstrated to his supervisor that something as small as a shoe box and a coil of wire next to it could be used to fire the wire over the transmission wires.
Just be thankful most terrorists come from countries with horrid schooling.
“What would happen if an enemy of the people of the United States gained access to our entire drone fleet, weapons systems and all?”
Mac, that shipped has long since sailed. The United States corp IS the enemy of the People. I thought you knew that already. What is going to happen? We will wait and see until enough people recognize the enemy that is in control and stand up together to stop it.
THAT AIN,T GOOD LMFAO
sounds like the government is preparing the sheeple for a false flag cyber attack. and it already not working!
these dudes cry wolf so many time that even if there was a real cyber attck carried out by hackers, aliens, or some arab living in a cave on life support, no one…absolutly no on…would believe them.
governments credibility is toast. which means so is the dollar.
I hope you don’t think every encounter against our nation is a false flag event. I’m not saying one won’t happen or hasn’t I just want to try and get you to realize there are enemies of our way of life out there – they hate us – and will do anything they can to destroy our way of life.
A good friend of mine use to say routinely that JFK was likely killed by the CIA. Then he said….if you knew why you’d thank em.
What decent person is not against our culture of death as “a way of life” ?
Genocide, abortion, perpetual preemptive war, torture, oppression, surveillance, secret experimentation on unknowing people, economic crimes against humanity, “et cetera, et cetera, et cetera.”
As best I can discern from the timeline, JFK was assassinated shortly after he tried to write the Fed banksters out of the currency equation and after he denied nukes to the Master Race.
yet again you prove your insanity *pats on back* dont worry, youll get help someday mate
How dare you call the Master Race the Master Race. Are you crazy?
Back to the shtetl, schnozzim. Humans are waking up to the antics of your species…
Rachel: If the dollar is “toast”, please send ALL of the dollars that you have to Mac and I will give you a dime for each one of them.
I would like to have many souveniers of a once great currency! 🙂
Pre ’65 dime?
Fox reported a virus in USAF drones a couple days ago as well.
That virus was the result of someone doing some online gambling with an Air Force computer at Creech AFB. Some Comm Squadron CC probably got fired over it. It’s scary that the drone fleet was infected with it, but it’s not the action of a nation state.
Agreed Mal, but proves the point of the govt operating with its head up its butts, and starving for oxygen. Peace Clay
I guarantee that Internet Ops will disrupt our systems in the near future. Use your own imagination as to the Who, What, and Why of it all. Without a bogeyman there would be no need to keep us safe.
Bo, thunder thighs, butch skunk & EH.
Please clarify the above map. Are those red dots the areas served by each local power plant or the area that would be affected if it were shut down or blown up? What exactly are we looking at?
Since these systems are interconnceted and have demonstrated the ability and tendency to have cascadeing dammage, has there been any success in seperating them to isolate the effects of an attack or failure?
i would say that this is related to what Professor Lessig once told…
iPatriot is coming and it’s already written, it just needs a false flag.
“Law Professor: Counter Terrorism Czar Told Me There Is Going To Be An i-9/11 And An i-Patriot Act”
after the last news about nuclear plants and the US electrical grid i would look at the Hoover Dam and it’s NWO symbolism.
Is it too late to bury my head back in the sand?
Ignorance was SO bliss!
I just reveived a joke from a friend:
You drive a car at a stable speed.
To your left there is a valley, and to your right is a fire dept vehicle which moves at the same speed as your car.
In front of you, a running pig has the same size as your car and doesn’t let you pass.
Exactly behind you, a helicopter flies close to the ground.
Both the giant pig and the helicopter, travel at the same speed as you.
What should you do in order to get out of this situation?
Step down from the kids’ Carousel. You are totally drunk.
All left turns, right?
all right turns, left?
This makes me suspicious.
“Oh,” says TPTB. “Look, sheeple! We’ve been attacked. We need to change the way the internet works FOR YOUR OWN GOOD. There may be some intrusion of privacy, but it’s for YOUR OWN GOOD. We need to be able to access everyone’s computer at any time for YOUR OWN GOOD.”
This is exactly how the unPatriot Act came into being – for our own good. Whether the US govt is behind these attacks or not, the end result will be further losses of freedom.
If that happens, I will disconnect and start working with alternatives. Search the internet and you will find there are groups of people with wireless routers connected to extra computers that they plan to use to create wireless network to bypass the internet. Also, there are ham radio people who are working on packet radio and possibly other shortwave computer communication possibilities. Sneakernet will always work for document distribution, just as it did before networking.
Any suggestions how we can most expeditiously learn the HAM packet technology ?
I understand that spread spectrum can also be used to encrypt transmissions. Any experts out there who would like to hold forth on these or mission-equivalent technologies?
I will need to learn about the radio possibilities. I have just started learning about the wireless networking. I have the extra wireless router and extra standalone computer, but I don’t know that I am in reach of enough other wireless routers to network. I’m not exactly in an area with much wireless technology (I’ve only found one other router I can reach with mine).
My brother is a ham and can help me start learning about packet radio. You should find local hams and pick their brains. I learned when I was small to ask questions of those who know the answers. You should also think about getting a license and join with other hams. I’m thinking of doing that as soon as I can afford a radio.
Packet technology has been around for years for email purposes. There has been a market for years for really old simple computers like Commodores and TRS-80s with dot matrix printers to print out messages from packet.
If anyone knows a one-stop source for detailed how-tos and other info about networking via radio, I would like to see it. It would save me and others a lot of time if someone else has already done the research, testing, etc. and can share it.
This is the best site I have been studing about Ham Packet, I have many radios and am trying to learn as much as posible before big sis shuts down our internet.
What makes you think we are not already being monitored and our computers and their files routinely being accessed remotely by Big Sis? We have a double-edged sword with the internet. I would suspect that TPTB allow the internet to remain relatively free because it serves their interests more than we think it serves ours. Being able to know who opposes you, their motivations, who the leaders are, and what their plans are is of far more value to the NSA than the possible danger of allowing like-minded people to communicate and plot with one another.
If you want to keep something secret, don’t ever digitize it or even work on or discuss around anything with a microphone even if the device is turned off. I know this firsthand having seen plenty of terrorists on kill tv meet their ends by hellfire because they either were not aware of that fact or chose to disregard it.
One thing the muslims have right is the halwalla system of money transfer. Apparently our government is trying to crack down on this form of money transfer. Maybe some clever person could figure out how to send messages by similiar system?
Google “The Onion Router” otherwise known as TOR for a way to travel the internet anonymously.
Or better yet, don’t Google; use http://www.startpage.com, which uses Google but doesn’t record squat.
URP – Mac, check out this link to story about Louisianna banning cash sales of second hand goods..
Thanks Sam. I contacted Thad, the author of that story this morning. Very troubling, indeed. Looks like we know where the French got their law banning cash sales of all metals over 400 euro including ag/au
Its like a creaping web..slowly they take..inch by inch.
allow this, and it moves on to another state..etc..
than other issues..etc.. they will push it right to the breaking point people..thats what they want.
this is what they want…to push right into a breaking point in society
Who remembers Unintended Consequences by John Ross?
Reminds me of a Tom Clancy novel.
One Thing that could help to prevent a disaster is to decentralize these systems to the most local level. Washington’s Blog did a post on that. (Or am I way off on this?)
i’ve always thought the next attack (black flag not) would be to the electric grid, or an BMP/BEP, how ever you abbreviate and electrical bomb.
Why did I take the red pill! Why did I take the red pill!
Oh yes, watching the clintons destroy the navy, lie about everything, people listed as awol but being killed, just to start. Its coming fast and it won’t be pretty. Need to load more varmit rounds, later and good luck.
This will be used as a sort of false flag on the internet!
The internet is pushing this communist revolution with literal EGYPTIAN activists on scene at the occupy protests!
US State Department Funded Agitator in DC Advising Occupy Wall Street Crowds
sounds great in theory but in REALITY it wont happen ! makes for great doom and gloom though and keeps the rabbits ears pointed up !
thank you anonymous
The rulers who are guilty of such an encroachment on the liberties of the people exceed the commission from which they derive their authority and are tyrants. The people who submit to it are governed by laws made neither by themselves nor by an authority derived from them and are slaves.
It is the slave who allows slavery to continue.
Reminds me of a poem I memorized in grade school:
They are slaves who fear to speak
For the fallen and the weak
They are slaves who will not choose
Hatred, suffering and abuse
Rather than in silence shrink
From the truth they needs must think
They are slaves who dare not be
In the right with two or three
I thought that the Nation’s critical infrastructure was not linked up to the internet in order to circumvent any potential vulnerabilities such as computer viruses from a hacker. This article doesn’t make much sense when one considers that to actually be the case. This “Duku” just like the “Stuxnet” had to be uploaded at the source of the infrastructure, not over the internet. This is an inside job.
When I went to college for Industrial Automation and Control, we were taught to design systems to have no or very limited access to the outside world. Most industrial processes, including power generation and distribution, are now controlled/ran by PLC’s, my understanding of how they work would leave very little chance for any virus or worm to invade.
Things change constantly in industry, but I can’t imagine, that systems are now online with the internet, although most of the more sophisticated PLC’s do have the ability to be controlled via ethernet.
Smoke and mirrors show to ensure Janet Napolitano’s team gets a bonus before the crash.
Nice story, bro.
Harry Potter is great too…