LATimes reports on cyber threats to a Southern California water system. This is why we have been testifying against “online” voting and highlighting that even good size cities cannot protect their systems. Clearly each of Connecticut’s 169 towns could not afford even the expense of threat assessment of online voting systems. A good start would be vulnerability assessment of our existing paper ballot and voting machine security. Virtual war a real threat <read>
When a large Southern California water system wanted to probe the vulnerabilities of its computer networks, it hired Los Angeles-based hacker Marc Maiffret to test them. His team seized control of the equipment that added chemical treatments to drinking water — in one day…
“There’s always a way in,” said Maiffret, who declined to identify the water system for its own protection.
The weaknesses that he found in California exist in crucial facilities nationwide, U.S. officials and private experts say.
The same industrial control systems Maiffret’s team was able to commandeer also run electrical grids, pipelines, chemical plants and other infrastructure. Those systems, many designed without security in mind, are vulnerable to cyber attacks that have the potential to blow up city blocks, erase bank data, crash planes and cut power to large sections of the country.
Update: New York Times post reviews several recent attacks on businesses by individuals. Clearly no reason to be assured by the by the above article’s assertion that “Terrorist groups such as Al Qaeda don’t yet have the capability to mount such attacks”. The Asymmetrical Online War <read>
“It’s a completely surreal realization that nation states can be seriously confronted by teenagers, but that’s where we’re at,” said John Perry Barlow, the Grateful Dead lyricist who co-founded the Electronic Frontier Foundation in 1990 to help defend young computer hackers. “One very smart person can take on an entire nation state.”
One can take on the security apparatus of the Web as well. In the space of a little more than a month, two computer security firms have been publicly humiliated, one by an anonymous computer hacker who claimed in an e-mail interview with a Forbes columnist to be a 16-year-old girl and a second by someone who is apparently a 21-year-old Iranian…
Hardly a week passes when there isn’t some new incident underscoring the fundamental imbalance of power in cyberspace between attacker and defender, where a highly motivated and reasonably skilled intruder, operating in secrecy from almost anywhere in the world, can with apparent ease unravel digital fortifications intended to offer banking-grade security.
In February, an executive at HBGary, a Sacramento, Calif., security software and consulting firm, made the mistake of publicly boasting that he had unmasked the identities of the members of Anonymous, a secretive collection of cyber-vigilantes who had attracted attention by launching Internet denial-of-service attacks in defense of Wikileaks. The security company, which was engaged in a series dubious business propositions, soon found that the details of its business were exposed to the world. Anonymous, whose ringleader was possibly a teenager, tricked one of the company’s systems administrators into giving them password information, making it possible to steal more than 50,000 of HBGary’s e-mail messages and placing them on a Russian web site.
Update: Man hacks Federal Reserve and other financial institutions <read>
According to court documents, Poo found a security vulnerability in the Federal Reserve’s network in June 2010, resulting in thousands of dollars worth of damages. However, it is believed that he stole the huge booty of credit card numbers and other account information from other financial institutions.
The American government claims to have also obtained extensive evidence of how Poo’s alleged criminal hacking activity targeted the US’s national security, military and financial sectors.
