Hackers breached a US nuclear power plant's network, and it could be a 'big danger'

"Hackers breached a US nuclear power plant's network, and it could be a 'big danger'

A US nuclear facility was breached in a cyberattack, outlets reported on Wednesday.

The attack was contained to the business-associated side of the plant, and evidence indicates that critical infrastructure was not affected.

But cybersecurity experts say that now that the network has been infiltrated, the nuclear systems have become 'much more vulnerable.'...

The name and location of the plant have not been released, but cyberattacks have affected “multiple nuclear power generation sites this year,” according to E&E News, which was the first to report the story....

https://www.businessinsider.com.au/nuclear-power-plant-breached-cyberattack-2017-6

 

Nothing will be done to protect us against dangers, fraud etc. by hacking. Until corporate officers & public officials go to prison for not having their (our) **** tight.

 

I think it should be made public which plant it was.

 

https://www.forbes.com/sites/jamesc...power-plants-something-we-should-be-afraid-of

 

I guess the author of this article never viewed the movie 'Zero Days?'

 

"Hackers targeted U.S. nuclear plants using ... fake Microsoft Word résumés..."

http://mashable.com/2017/07/07/hackers-nuclear-plant-microsoft-word/#o6TXESwlXaqV

 

"Kansas Nuclear Operator Named as Hacking Spree Victim..."

https://www.thestreet.com/story/142...r-operator-named-as-hacking-spree-victim.html

 

There is absolutely no valid excuse (what it would be) that exists, and especially now, after so many recent rampings up of the breaking down and penetration of normal security protocols into what is been perceived as safe systems.

A full on re-evaluation is in order and no doubt many are either in process of being conducted or scheduled but, just how effective/confident are the completed inspections which have been assigned certified to date?

If any good is to be realized from the known discovery of recent breaches it is that more attention is surfacing to the potential dangers if not carried out to a higher more secure standard than many rely on so far.

 

"U.S. Energy Department helping power firms defend against cyber attacks

The U.S. Department of Energy said on Friday it is helping U.S. firms defend against a hacking campaign that targeted nuclear plants and power companies, saying the attacks have not impacted power production or the grid..."

http://www.reuters.com/article/us-usa-cyber-energy-nuclearpower-idUSKBN19S27Z

 

If you reside downwind, is your fall-out shelter operational?

-EDIT- Cheaper less effective protection is here: https://www.nukepills.com/emergency-kits/

 

"U.S. officials say Russian government hackers have penetrated energy and nuclear company business networks...

Russian government hackers were behind recent cyber-intrusions into the business systems of U.S. nuclear power and other energy companies in what appears to be an effort to assess their networks, according to U.S. government officials...

The National Security Agency has detected specific activity by the Russian spy agency, the FSB, targeting the energy firms, according to two officials...

The joint alert from the FBI and DHS, first reported by Reuters on June 30, said the hackers have been targeting the industry since at least May...

At the end of June, the FBI and the Department of Homeland Security sent a joint alert to the energy sector stating that “advanced, persistent threat actors” — a euphemism for sophisticated foreign hackers — were stealing network log-in and password information to gain a foothold in company networks. The agencies did not name Russia.

The campaign marks the first time Russian government hackers are known to have wormed their way into the networks of American nuclear power companies, several U.S. and industry officials said. And the penetration could be a sign that Russia is seeking to lay the groundwork for more damaging hacks..."

https://www.washingtonpost.com/world/national-security/us-officials-say-russian-government-hackers-have-penetrated-energy-and-nuclear-company-business-networks/2017/07/08/bbfde9a2-638b-11e7-8adc-fea80e32bf47_story.html?hpid=hp_rhp-top-table-main_russiacyber-855pm:homepage/story

 

So singing the Russian national anthem is not required in newly acquired territories.

As a US citizen I am disgusted by our 3letters not keeping us safe from Russian espionage. Start hanging the traitors now.

 

Lol its the Russians again? Give me a break.

 

One question is whether or not The Russian State Hackers were just sloppy in covering their tracks or were they sending a message they intended to be discovered -- to tell The USA to" tread lightly"

"[US Officials] learned of Russia's attempts to hack US election systems in early August 2016, and as intelligence mounted over the following months, the White House deployed secrecy protocols it hadn't used since the 2011 raid on Osama bin Laden's compound, according to a report by The Washington Post. Apparently, one of the covert programs...eventually put together was a new kind of cyber operation that places remotely triggered "implants" in critical Russian networks, ready for the US to deploy in the event of a pre-emptive attack. The downed Russian networks "would cause them pain and discomfort," a former US official told The Post.

https://www.engadget.com/2017/06/23/report-obama-authorized-a-secret-cyber-operation-against-russia/

 

Well if it wasn't them it would be some other global player right?

All this stuff makes me sick. Pull the dam systems off to their own tight-knit secure network and from off the internet completely.

Present danger is ended and thefts averted. Apparently the term INTRANET never caught on.

When you hang your clothes out to dry on the line don't be so shocked when a pair of decent trousers end up missing too.

Another analogy that fits the bill. The world wide internet is a Ma Belle party line in case they missed that one too.

The pure simple fact is, there's now multiple well talented coders (and script kiddies) who lap up all the code for these breaches to happen then ever before.

The solution to prevent it so stupid simple that it defies belief. But I guess being plum lazy and procrastinating is easier than getting their hands dirty to confine and break down important networks to only a simple set of organizational, categorized and separated channel(s) from all the sticky fingers/noses out there just waiting their turn to snatch their share of free open data.

Bottom line is if it's so vitally important, from running a business to running a nation, don't hang your silly neck out the window when you know the traffic is all around you.

 

“...The outermost layer of security should prevent unauthorised access to the network itself from external sources. In the past this was trivial, as industrial networks were generally stand-alone systems. The growing amount of integration with business networks has made this a much more complex requirement. Plant data might be required by engineers or other employees working on the business network, information concerning the plant may be needed at other plants or at central locations and vendors may need dedicated remote access to assist with troubleshooting...”

http://www.rfidblog.org.uk/Preprint-GallowayHancke-IndustrialControlSurvey.pdf

 

Yeah, it still grinds me to no end just how soft and flimsy things have become from the corporate ends to industrial, the business chiefs etc. Politicians whine and cry over getting their stuff exposed, officials get poked too and all they can do is point fingers, blame and bicker how this place or that place hacked them and blah blah blah when they need look no further than the service in which they are BLINDLY depending on to communicate back n forth whatever. How freaking hard can it be to MAKE A CHANGE! FOR THE BETTER as in secure.

It always all comes back to ground zero each and every time. Don't want my business systems compromised by the darts that fly in the night? For pity sakes time for me to TAKE A LITTLE RESPONSIBILITY to learn my system dependencies and decide if they are time tested and trustworthy or not. Have doubts? Scrap the entire thing and regroup, reorganize and build safeguards into new frameworks no matter how many it takes to get close to failsafe.

Personally I see the whole networking (spider-web) is evolved to turn into a wide open trap. Keep or create systems tightly controlled and isolated. It's coming to that eventually or else.......

Don't blow a gasket when a group of learned and determined sticklers interrupt and make chaos on a computer system/network where they can so easily sift through code details and play Boss controller on the other end at will because we resigned ourselves to play the cards that we were dealt with (as in O/S). Shuffle the deck as in set up dummys and let the hackers have at it on that until they burst from exhaustion.

In short, TURN THEM OFF.

 

I just said what I said due to the current political climate here in the USA. I will refrain since we are not allowed to discuss political topics here.

On topic, I think it is absolutely absurd that this happened. Whether a nuclear power plant, our nuclear weapons or stockpiles, they should be the most secure facilities not only in our country but in the world. I do hope that people are held accountable for this.

 

What I wonder is if these attackers, whom ever they are, used some leaked NAS tools or their own concoction? I f they were NSA tools we only have them to blame for all that has been happening over the past months.

 

Being state-sponsored actors, they have their "own bag" of NSA equivalent tools.

 

According to the latest report it was not "state sponsored" but rather an official agency (FSB) of The Russian State itself that did this:

"...The National Security Agency has detected specific activity by the Russian spy agency, the FSB, targeting the energy firms, according to two officials..."

https://www.washingtonpost.com/world/national-security/us-officials-say-russian-government-hackers-have-penetrated-energy-and-nuclear-company-business-networks/2017/07/08/bbfde9a2-638b-11e7-8adc-fea80e32bf47_story.html?hpid=hp_rhp-top-table-main_russiacyber-855pm:homepage/story

 

Vulnerabilities Found in Siemens Building Tech, Smart Grid Products

http://www.securityweek.com/vulnerabilities-found-siemens-building-tech-smart-grid-products

 

Which is all the more reason to eventually change operational system's format coding to another design entirely in order to SEPARATE away from potential outside interference. In short, design another network and integrate some creativity into the thing.

It could even perhaps be assigned as the Babylon Factor? If languages/tongues were scrambled and you subscribe as much to this as historical fact as many ancient history texts express, it should be a project worthy of attention.

Since current English machine code is so quickly adaptable by the entire world populations (mostly) now (unlike the reverse), it just takes some old fashioned home grown creativity to steer it to a new design.

Fact is as long as those current systems continue to prove as vulnerable as having been exposed suggests, coupled with way too many methods openly available (and institutionally designed TOOLS from state actors) completely compatible to icepick through to their targets, they have IMHO been rendered OBSOLETE as well as their solutions which supposedly were fashioned to protect from being popped.

 

"NEWS ANALYSIS: Insecure power grid leaves US vulnerable to Russian cyber threats...

All of which raises the question of whether Russian hackers wanted to be discovered rummaging around in U.S. nuclear plants and power grids. Given the sophistication of Russian government cyber teams and their proven ability to be very stealthy, it is a logical conclusion that they were intentionally being noisy to remind Washington of the cyber vulnerability of our own power grids. They were saying the equivalent of: Obama asked you to get ready to mess with our grid? Well, be careful, because we can do that, too..."

http://abcnewsradioonline.com/natio...re-power-grid-leaves-us-vulnerable-to-ru.html

 

The Clever Phishing Trick Used by Hackers Targeting the US Energy Sector

https://www.bleepingcomputer.com/ne...ed-by-hackers-targeting-the-us-energy-sector/