Category Archives: NSA Spying

ISIS ‘End of the World’ Manifesto Investigation

Posted on by

ISIS ‘Mein Kampf’ Blames Israel for Global Terrorism

Experts pouring over secret Islamic State dossier found in Pakistan’s tribal badlands; Arutz Sheva gains an exclusive look.

By Sara A. Carter, American Media Institute

First Publish: 8/16/2015, 8:52 PM

 

ISIS leader Abu Bakr al-Baghdadi

ISIS leader Abu Bakr al-Baghdadi
Reuters

Intelligence officials are comparing a newly discovered secret Islamic State document to Hitler’s “Mein Kampf,” as it blames Israel for the rise of the Islamic State and crowns U.S. President Barack Obama as the “Mule of the Jews.”

Found in Pakistan’s remote tribal region by American Media Institute (AMI), the 32-page Urdu language document promotes an “end of the world” battle as a final solution. It argues that the Islamic leader should be recognized as the sole ruler of the world’s 1 billion Muslims, under a religious empire called a “caliphate.”

“It reads like the caliphate’s own Mein Kampf,” said a U.S. intelligence official, who reviewed the document. “While the world is watching videos of beheadings and crucifixions in Iraq and Syria the Islamic State is moving into North Africa the Middle East, and now we see it has a strategy in South Asia. It’s a magician’s trick, watch this hand and you’ll never see what the other is doing.”

Retired U.S. Defense Intelligence Agency Director Gen. Michael Flynn and other U.S. intelligence officials confirmed the authenticity of the document based on its unique markings, specific language used to describe leaders and the writing style and religious wording that matched other Islamic State records.

Flynn said the undated document, “A Brief History of the Islamic State Caliphate (ISC), The Caliphate According to the Prophet,” is a campaign plan that “lays out their intent, their goals and objectives, a red flag to which we must pay attention.”

The document serves as a Nazi-like recruiting pitch that attempts to unite dozens of factions of the Pakistani and Afghan Taliban into a single army of terror.  It includes a never-before-seen history of the Islamic State, details chilling future battle plans and urges al-Qaeda to join Islamic State.

Its tone is direct: “Accept the fact that this caliphate will survive and prosper until it takes over the entire world and beheads every last person that rebels against Allah. This is the bitter truth, swallow it.”

Rabbi Abraham Cooper, associate dean of the Simon Wiesenthal center for human rights who heads Center’s Digital Terrorism and Hate Project, compares the Islamic State threats in the document to the rise of Nazism pre-World War II.

The brutal killing of a teacher and three children at the Ozar Hatorah school in Toulouse in 2012 by an Algerian Islamist was a major signal to the Jewish community that Europe was no longer safe and that not enough was being done to curtail the rise of anti-semitism, he said.

“It’s important to remember what our founder, Wiesenthal said, ‘it often starts with the Jews but it never ends with the Jews,” Cooper said. “As a matter fact [Islamic State] did not create anti-semitism but they are taking advantage of it, and they are building on it.”

The document advocates creating a new terrorist army in Afghanistan and Pakistan to trigger a war in India and provoke an Armageddon-like confrontation with the United States. It also details Islamic State’s plot to attack U.S. soldiers as they withdraw from Afghanistan and target America diplomats and Pakistani officials and blames the rise of jihadi organizations on the establishment of Israel.

“No sooner had the British government relinquished control of Israel, Ben-Gurion, the leader of the Jews, declared the independence of the State of Israel, triggering a global migration of Jews to the Jewish State, and launching the systematic persecution of Palestinian Muslims who had to abandon their homes and migrate,” the document states.

The document discloses the history of Islamic State dating back to the early 1990s and explains why in 2011 its leader, Abu Bakr al- Bagdhadi, unleashed car bombs to avenge Osama bin Laden’s death, and boasts about the suicide rates of American soldiers.

“Urban centers across Iraq exploded with car bombs and IED’s. The losses inflicted upon Americans, apostates, and heretics were unprecedented, as were the suicide rates amongst U.S soldiers,” the document states. “This state of affairs forced Mule of the Jews, U.S President Obama to announce an exit plan.”

The battle plan to “end the world” is described in six phases (three of which have already passed) – ripping pages from al-Qaeda’s original plans to defeat the west, in a graphic illustration of how ISIS sees itself as the true heirs to Osama Bin Laden’s legacy.

  • Phase 1 “Awakening” 2000-2003: Islamic State calls for “a major operation against the U.S. .. to provoke a crusade against Islam.”
  • Phase 2 “Shock and Awe” 2004 – 2006: Islamic State will lure U.S. into multiple theatres of war, including cyber-attacks and establish charities across the Muslim and Arab world to support terrorism.
  • Phase 3 “Self-reliance” 2007-2010: Islamic State will create “interference” with Iraq’s neighboring states with particular focus on Syria.
  • Phase 4 “Reaping/extortion/receiving” 2010-2013: Islamic State will attack “U.S and Western interests” to destroy their economy and replace the dollar with silver and gold and expose Muslim governments’ relations with Israel and the U.S.
  • Phase 5 Declaring the Caliphate 2013-2016: Not much details offered here. The document just says, “The Caliphate According to The Prophet.
  • Phase 6, Open Warfare 2017-2020:  Islamic State predicts faith will clash with non-believers and “Allah will grant victory to the believers after which peace will reign on earth.”

The document urges followers of al-Qaeda and the Taliban to join the Islamic State in overthrowing Arab governments who have relations with the U.S. and Israel, unlike al-Qaeda, which believed it was “important to weaken the U.S before launching an armed revolt in Arab states and establishing a caliphate.”

In response to the document, a senior ranking Israeli official said that in the Middle East the world faces two threats – from Islamic State and from Iran. “We need not strengthen one at the expense of the other. We need to weaken both and prevent the aggression and arming of both,” he warned.

Alistair Baskey, deputy spokesman for the White House’s National Security Council said Islamic State is being monitored “closely to see whether their emergence will have a meaningful impact on the threat environment in the region.”

The document builds on evidence that Islamic State is expanding into the region where the September 11 attacks were born. A united Taliban, backed by the hundreds of millions of dollars of Iraqi oil revenue now enjoyed by Islamic State, would be a “game-changer,” officials said.

The document warns that “preparations” for an attack in India are underway and predicts that an attack will provoke an apocalyptic confrontation with America: “Even if the U.S tries to attack with all its allies, which undoubtedly it will, the (entire global Muslim community) will be united, resulting in the final battle.”

A war in India would magnify Islamic State stature and threaten the stability of the region, said Bruce Riedel, a senior fellow with the Brookings Institution who served more than 30 years in the CIA. “Attacking in India is the Holy Grail of South Asian jihadists.”

Pakistan Foreign Secretary Aizaz Chaudhry denied the presence of Islamic State in the region, calling it only “a potential threat.”

Unlike al-Qaida, whose focus was the United States and other western nations, the document said Islamic State leaders believe that’s the wrong strategic goal. “Instead of wasting energy in a direct confrontation with the U.S., we should focus on an armed uprising in the Arab world for the establishment of the caliphate,” the document said.

The failure to target the radical Islamic ideas has given the group breathing room to spread throughout the world much like Hitler did.

“We did a lousy job predicting what Hitler was going to do in the 1920s, 1930s – honestly, we blew it,” Cooper said. “It’s hard to take seriously or believe that such hatred was real or would be possible. They made jokes about Jews, degraded Jews but nobody believed that they would be capable of what they were saying.  So now, when groups, like [Islamic State] come along and say they are going to do A B and C, you have to take them for their word.”

***

This is not the first revelation when it comes to Islamic State in Pakistan, such that who in the White House, the National Security Council or at the United Nations is really taking heed from 2014?

NBC: QUETTA, Pakistan — ISIS has created a 10-man “strategic planning wing” with a master plan on how to wage war against the Pakistani military, and is trying to join forces with local militants, according to a government memo obtained by NBC News.

What is a caliphate?

“They are now planning to inflict casualties to Pakistan Army outfits who are taking part in operation Zarb-e-Azb,” says the alert, referring to the military offensive against the Pakistani Taliban and other militants that was launched in June in a tribal region near the Afghan border.

Labeled “secret,” the memo was sent by the government of Balochistan, a southwestern province that borders Afghanistan, to authorities and intelligence officials across Pakistan last week. Akber Durrani, the province’s home secretary, called it “routine” and said Sunni militant group and its sympathizers do not have a stronghold there.

But the document suggests that ISIS has Pakistan in its cross-hairs, warning that the group aims to stir up sectarian unrest by dispatching the local militant group Lashkar-e-Jhangvi on offensives against Pakistan’s minority Shiite Muslim community, further destabilizing a country already battling Taliban and al Qaeda elements. Most Pakistanis are Sunni Muslims. Mistrust has existed between Shiites and Sunnis for around 1,400 years.

Secret letter sent by the government of Balochistan regarding ISIS activity in Pakistan.
Secret letter sent by the government of Balochistan regarding ISIS activity in Pakistan. NBC News

ISIS has seized large areas of Syria and Iraq. It claims to have recruited 10,000 to 12,000 followers in tribal areas on the Afghan border, including in Hangu, which is known for hostility between Shiites and Sunnis, the memo says.

Lashkar-e-Jhangvi, which has claimed responsibility for violence against Shiites, and Sipa-e Muhammed, which has struck against Sunnis, were banned after 9/11.

Just days ago, the chief minister of Balochistan, Dr. Malik Baloch, told journalists he had no information about the presence of ISIS in the province. “However, there are fundamentalists whose approach is similar to that of ISIS,” he said.

The memo recommended “strict monitoring” of militants and “extreme vigilance” to ward off any attacks.

There have been other signs of ISIS flexing its muscles in the region. In late September, a pamphlet apparently made by the self-proclaimed caliphate was distributed among Afghan refugees in Pakistan exhorting them to pledge allegiance and lashing out against “America and the rest of the infidels.”In late September, ISIS-aligned militants launched a brutal offensive in Afghanistan alongside Taliban fighters that has left more than 100 people dead. Fifteen family members of local police officers were beheaded and at least 60 homes were set ablaze, officials said.

Refugee, Spy, Hacker, Thief Problems with China?

Posted on by

Not just in the United States, but add Canada as well. Seems there could be many moving parts to this and many questions. Apparently this is a big enough issue that Barack Obama dispatched one of his pesky sternly worded letters to China.

Operation Fox Hunt

Obama Administration Warns Beijing About Covert Agents Operating in U.S.

NYT: WASHINGTON — The Obama administration has delivered a warning to Beijing about the presence of Chinese government agents operating secretly in the United States to pressure prominent expatriates — some wanted in China on charges of corruption — to return home immediately, according to American officials.

The American officials said that Chinese law enforcement agents covertly in this country are part of Beijing’s global campaign to hunt down and repatriate Chinese fugitives living abroad and, in some cases, recover allegedly ill-gotten gains. The Chinese government has officially named the effort Operation Fox Hunt.

The American warning, which was delivered to Chinese officials in recent weeks and demanded a halt to the activities, reflects escalating anger in Washington about intimidation tactics used by the agents. And it comes at a time of growing tension between Washington and Beijing on a number of issues: from the computer theft of millions of government personnel files that American officials suspect was directed by China, to China’s crackdown on civil liberties, to the devaluation of its currency.

Those tensions are expected to complicate the state visit to Washington next month by Xi Jinping, the Chinese president.

The work of the agents is a departure from the routine practice of secret government intelligence gathering that the United States and China have carried out on each other’s soil for decades. The Central Intelligence Agency has a cadre of spies in China, just as China has long deployed its own intelligence operatives into the United States to steal American political, economic, military and industrial secrets.

In this case, American officials said, the Chinese agents are undercover operatives with the Ministry of Public Security, China’s law enforcement branch charged with carrying out Operation Fox Hunt.

The campaign, a central element of Mr. Xi’s wider battle against corruption, has proved popular with the Chinese public. Since 2014, according to the Ministry of Public Security, more than 930 suspects have been repatriated, including more than 70 who have returned this year voluntarily, the ministry’s website reported in June. According to Chinese media accounts, teams of agents have been dispatched around the globe.

American officials said they had solid evidence that the Chinese agents — who are not in the United States on acknowledged government business, and most likely are entering on tourist or trade visas — use various strong-arm tactics to get fugitives to return. The harassment, which has included threats against family members in China, has intensified in recent months, officials said.

The United States has its own history of sending operatives undercover to other nations — sometimes under orders to kidnap or kill. In the years after the Sept. 11 terrorist attacks, the C.I.A. dispatched teams abroad to snatch Qaeda suspects and spirit them either to secret C.I.A prisons or hand them over to other governments for interrogation.

Russia’s Silent Effective War Against the United States

Posted on by

There is no country that is better with propaganda tactics than Russia and they are in use today. The measure of the costs related to Russia’s tactics especially when it comes to the internet is not measurable.

This silent war is noticed even by Secretary of State John Kerry when he declared he was certain that both China and Russia have access or have read his emails. So why no declaration of war or prosecution of espionage?

***

A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems. More details here.

***

Exclusive: Russian antivirus firm faked malware to harm rivals – Ex-employees

Reuters: Beginning more than a decade ago, one of the largest security companies in the world, Moscow-based Kaspersky Lab, tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious, according to two former employees.

They said the secret campaign targeted Microsoft Corp (MSFT.O), AVG Technologies NV (AVG.N), Avast Software and other rivals, fooling some of them into deleting or disabling important files on their customers’ PCs.

Some of the attacks were ordered by Kaspersky Lab’s co-founder, Eugene Kaspersky, in part to retaliate against smaller rivals that he felt were aping his software instead of developing their own technology, they said.

“Eugene considered this stealing,” said one of the former employees. Both sources requested anonymity and said they were among a small group of people who knew about the operation.

Kaspersky Lab strongly denied that it had tricked competitors into categorizing clean files as malicious, so-called false positives.

“Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing,” Kaspersky said in a statement to Reuters. “Such actions are unethical, dishonest and their legality is at least questionable.”

Executives at Microsoft, AVG and Avast previously told Reuters that unknown parties had tried to induce false positives in recent years. When contacted this week, they had no comment on the allegation that Kaspersky Lab had targeted them.

The Russian company is one of the most popular antivirus software makers, boasting 400 million users and 270,000 corporate clients. Kaspersky has won wide respect in the industry for its research on sophisticated Western spying programs and the Stuxnet computer worm that sabotaged Iran’s nuclear program in 2009 and 2010.

The two former Kaspersky Lab employees said the desire to build market share also factored into Kaspersky’s selection of competitors to sabotage.

“It was decided to provide some problems” for rivals, said one ex-employee. “It is not only damaging for a competing company but also damaging for users’ computers.”

The former Kaspersky employees said company researchers were assigned to work for weeks or months at a time on the sabotage projects.

Their chief task was to reverse-engineer competitors’ virus detection software to figure out how to fool them into flagging good files as malicious, the former employees said.

The opportunity for such trickery has increased over the past decade and a half as the soaring number of harmful computer programs have prompted security companies to share more information with each other, industry experts said. They licensed each other’s virus-detection engines, swapped samples of malware, and sent suspicious files to third-party aggregators such as Google Inc’s (GOOGL.O) VirusTotal.

By sharing all this data, security companies could more quickly identify new viruses and other malicious content. But the collaboration also allowed companies to borrow heavily from each other’s work instead of finding bad files on their own.

Kaspersky Lab in 2010 complained openly about copycats, calling for greater respect for intellectual property as data-sharing became more prevalent.

In an effort to prove that other companies were ripping off its work, Kaspersky said it ran an experiment: It created 10 harmless files and told VirusTotal that it regarded them as malicious. VirusTotal aggregates information on suspicious files and shares them with security companies.

Within a week and a half, all 10 files were declared dangerous by as many as 14 security companies that had blindly followed Kaspersky’s lead, according to a media presentation given by senior Kaspersky analyst Magnus Kalkuhl in Moscow in January 2010.

When Kaspersky’s complaints did not lead to significant change, the former employees said, it stepped up the sabotage.

INJECTING BAD CODE

In one technique, Kaspersky’s engineers would take an important piece of software commonly found in PCs and inject bad code into it so that the file looked like it was infected, the ex-employees said. They would send the doctored file anonymously to VirusTotal.

Then, when competitors ran this doctored file through their virus detection engines, the file would be flagged as potentially malicious. If the doctored file looked close enough to the original, Kaspersky could fool rival companies into thinking the clean file was problematic as well.

VirusTotal had no immediate comment.

In its response to written questions from Reuters, Kaspersky denied using this technique. It said it too had been a victim of such an attack in November 2012, when an “unknown third party” manipulated Kaspersky into misclassifying files from Tencent (0700.HK), Mail.ru (MAILRq.L) and the Steam gaming platform as malicious.

The extent of the damage from such attacks is hard to assess because antivirus software can throw off false positives for a variety of reasons, and many incidents get caught after a small number of customers are affected, security executives said.

The former Kaspersky employees said Microsoft was one of the rivals that were targeted because many smaller security companies followed the Redmond, Washington-based company’s lead in detecting malicious files. They declined to give a detailed account of any specific attack.

Microsoft’s antimalware research director, Dennis Batchelder, told Reuters in April that he recalled a time in March 2013 when many customers called to complain that a printer code had been deemed dangerous by its antivirus program and placed in “quarantine.”

Batchelder said it took him roughly six hours to figure out that the printer code looked a lot like another piece of code that Microsoft had previously ruled malicious. Someone had taken a legitimate file and jammed a wad of bad code into it, he said. Because the normal printer code looked so much like the altered code, the antivirus program quarantined that as well.

Over the next few months, Batchelder’s team found hundreds, and eventually thousands, of good files that had been altered to look bad. Batchelder told his staff not to try to identify the culprit.

“It doesn’t really matter who it was,” he said. “All of us in the industry had a vulnerability, in that our systems were based on trust. We wanted to get that fixed.”

In a subsequent interview on Wednesday, Batchelder declined to comment on any role Kaspersky may have played in the 2013 printer code problems or any other attacks. Reuters has no evidence linking Kaspersky to the printer code attack.

As word spread in the security industry about the induced false positives found by Microsoft, other companies said they tried to figure out what went wrong in their own systems and what to do differently, but no one identified those responsible.

At Avast, a largely free antivirus software maker with the biggest market share in many European and South American countries, employees found a large range of doctored network drivers, duplicated for different language versions.

Avast Chief Operating Officer Ondrej Vlcek told Reuters in April that he suspected the offenders were well-equipped malware writers and “wanted to have some fun” at the industry’s expense. He did not respond to a request on Thursday for comment on the allegation that Kaspersky had induced false positives.

WAVES OF ATTACKS

The former employees said Kaspersky Lab manipulated false positives off and on for more than 10 years, with the peak period between 2009 and 2013.

It is not clear if the attacks have ended, though security executives say false positives are much less of a problem today.

That is in part because security companies have grown less likely to accept a competitor’s determinations as gospel and are spending more to weed out false positives.

AVG’s former chief technology officer, Yuval Ben-Itzhak, said the company suffered from troves of bad samples that stopped after it set up special filters to screen for them and improved its detection engine.

“There were several waves of these samples, usually four times per year. This crippled-sample generation lasted for about four years. The last wave was received at the beginning of the year 2013,” he told Reuters in April.

AVG’s chief strategy officer, Todd Simpson, declined to comment on Wednesday.

Kaspersky said it had also improved its algorithms to defend against false virus samples. It added that it believed no antivirus company conducted the attacks “as it would have a very bad effect on the whole industry.”

“Although the security market is very competitive, trusted threat-data exchange is definitely part of the overall security of the entire IT ecosystem, and this exchange must not be compromised or corrupted,” Kaspersky said.

Smoke Coming From the Hillary Server Fire is Worse

Posted on by

Strip the security clearance from this woman. There are many calling for this exact action and the State Department will not comment if she in fact still has it. At least during this investigation, her clearance should be suspended.

Posted on this site was a timeline and factual information when it comes to the Hillary Servergate affair. A few hours have passed and there of course is more to report.

More factual intrigue is listed below and it is not in any real date order given what and how information is being obtained. This comes as the FBI begins the data and material investigations.

1. Barack Obama drafted and signed a lengthy Executive Order #13526 spelling out the comprehensive conditions of all classified and top secret information. The Democrats and those supporting the Hillary camp in Severgate can NO longer claim restrictive laws are passed AFTER her term as Secretary of State. Further and quite important, Hillary was ONE of 20 who were designate with authority to apply classified codes to documents making it all the more curious on how she can claim ignorance in top secret or restricted documents.

2, It is now confirmed, the second server in question which held the material involved in Servergate, located in New Jersey and seized by the FBI was stripped of data. The FBI does in fact have the skills to rebuild and retrace all administrative actions in the server.

3, Now another at the core of this investigation is Huma Abedin who was and is Hillary’s personal confidant and aide de camp. To date, she has not signed nor turned over as order by Judge Sullivan the certification under penalty of perjury or the email materials which hovers in the range of 7000 communication transmissions.

4. As discussed before, not only was there 3 thumb drives of the Hillary email transaction surrendered to the FBI and 3 servers, but the FBI will likely need to obtain or gain a search warrant for 3 additional communication devices held by Hillary, those being her Blackberry, her iPhone and her iPad.

5. When it comes to the SIGINT or geo-spatial top secret email in question, it appears it was relating to a drone image of terror groups in Pakistan. This speaks to sources and methods such that the top secret designations would have originated with the original transmission of the critic (critical communications).

6. Platte River was NOT an approved facility to house or support classified material. Outside vendors are to be approved in the case of top secret material that have hardened rooms preventing espionage or eavesdropping.

7. There will be more Hillary personnel caught up in the investigation snare and those likely will include Mike Morrell, Deputy Director of the CIA; Phillippe Reines, Hillary’s gatekeeper; Jeremy Bash, former Chief of Staff for Leon Panetta; Andrew Shapiro, Hillary’s Policy Advisor; and several others now at Beacon Global Strategies, Hillary’s personnel policy think tank.

8. The contracted server company, Platte River is now raising deeper questions due in part to a lawsuit and investigation from November 2014. The lawsuit document is found here. They stole phone numbers and metadata from White House military advisors.

The Internet company used by Hillary Clinton to maintain her private server was sued for stealing dozens of phone lines including some which were used by the White House.

Platte River Networks is said to have illegally accessed the master database for all US phone numbers.

It also seized 390 lines in a move that created chaos across the US government.

Among the phone numbers which the company took – which all suddenly stopped working – were lines for White House military support desks, the Department of Defense and the Department of Energy, a lawsuit claims.

Others were the main numbers for major financial institutions, hospitals and the help desk number for T2 Communications, the telecom firm which owned them.

A lawsuit filed on behalf of T2 claims that the mess took 11 days to fix and demands that Platte River pay up $360,000 in compensation.

More to come for sure…..stay tuned.

 

Cyber-attack on Power Grid Paralysis

Posted on by

Cyber Attacks on the Power Grid: The Specter of Total Paralysis

Posted in General Security, Hacking, Incident Response on July 27, 2015

The Incidents

Imagine that one day you wake up and trading is halted on the New York Stock Exchange (NYSE) floor; meanwhile systems at United Airlines and the Wall Street Journal newspaper appear out of order.

It is not a scene from a movie; it happened on July 8, when trading at the NYSE stopped around 11:30 a.m. ET.

According the media, the temporary interruption of the services mentioned was a fateful coincidence and the events are unrelated, but the incidents have raised once again the question of the real security of critical infrastructure.

White House spokesperson Josh Earnest confirmed that the incidents weren’t caused by cyber-attacks. President Obama had briefed on the glitch at NYSE by White House counterterrorism and Homeland Security adviser Lisa Monaco as well as Chief Of Staff Denis McDonough.

“It appears from what we know at this stage that the malfunctions at United and at the stock exchange were not the result of any nefarious actor,” said Department of Homeland Security Secretary Jeh Johnson. “We know less about the Wall Street Journal at this point except that their system is back up again as is the United Airline system.”

Which is the impact of a cyber-attack on a critical infrastructure? Are critical infrastructure actually secure?

A major attack on a critical infrastructure like a power grid would cause chaos in the country by interrupting vital services for the population.

The current scenario

The Stock Exchange, transportation, and media are critical to the infrastructure of a country. A contemporary failure of these systems could cause serious problems to the nation, especially when the incident is caused by a cyber-attack.

“I think the Wall Street Journal piece is connected to people flooding their web site in response to the New York Exchange to find out what’s going on.” FBI Director James Comey told the Senate Intelligence committee. “In my business we don’t love coincidences, but it does appear that there is not a cyber-intrusion involved.”

Sen. Bill Nelson, D-FL, the top Democrat on the cyber-security subcommittee, told Fox News that the NYSE incident has “the appearance” of a cyber-attack and noted the coordination of multiple sites.

Thus far, the temporary outage at the New York Stock Exchange, United Airlines and the Wall Street Journal’s website were the results of tech glitches, but we have to consider the US infrastructure remains vulnerable to cyber-attacks that would cause serious problems and would be costly.

To compound the scenario, there is the rapid increase in the number of cyber-attacks, at least of those we fail to detect, and its complexity.

The DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued its new ICS-CERT MONITOR report related to the period September 2014 – February 2015. The ICS-CERT MONITOR report

According to the report, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) received and responded to 245 incidents in Fiscal Year 2014, more than half of the incidents reported by asset owners and industry partners involved sophisticated APT. ICS/SCADA system were also targeted by other categories of threat actors, including cyber criminals, insider threats and hacktivists.

“Of the total number of incidents reported to ICS-CERT, roughly 55 percent involved advanced persistent threats (APT) or sophisticated actors. Other actor types included hacktivists, insider threats, and criminals. In many cases, the threat actors were unknown due to a lack of attributional data.” states the report.

Analyzing incidents reported by sector, it is possible to note that the majority of the attacks involved entities in the Energy Sector followed by Critical Manufacturing. About 30 percent of the incidents hit infrastructures in the energy sector, meanwhile Critical Manufacturing (i.e. manufacturing of vehicles and aviation and aerospace components) accounted for 27 percent.

The threat actors used a significant number of zero-day vulnerabilities to compromise industrial control systems through the exploitation of web application flaws.

The most common flaws exploited by attackers include authentication, buffer overflow, and denial-of-service . Noteworthy among ICS-CERT’s activities included the multi-vendor coordination that was conducted for the ”

“Noteworthy among ICS-CERT’s activities included the multi-vendor coordination that was conducted for the “Heartbleed” OpenSSL vulnerability. The team worked with the ICS vendor community to release multiple advisories, in addition to conducting briefings and webinars in an effort to raise awareness of the vulnerability and the mitigation strategies for preventing exploitation” states the ICS-CERT report to explain the coordination activities sustained by the agency to address principal vulnerabilities.

The ICS-CERT MONITOR report confirmed that the attackers used a vast range of methods for attempting to compromise control systems infrastructure, including:

Figure 1 – ICS -CERT Attack Methods

Unfortunately, it is quite difficult to attribute an incident to a specific threat actor. In the majority of cases, these offensives have gone under the radar over the years due to high level of sophistication of the Tactics, Techniques, and Procedures (TTPs).

The victims were not able to identify the threat actors. Neither the attack vector exploited by hackers for 38 percent of the reported incidents,

“Many more incidents occur in critical infrastructure that go unreported,” states the ICS-CERT MONITOR report. “Forensic evidence did not point to a method used for intrusion because of a lack of detection and monitoring capabilities within the compromised network”.

US power grid vulnerable to cyber attacks

The US power grid is a privileged target for various categories of attackers, terrorists, cyber criminals, and state-sponsored hackers. Daily, they threaten the backbone of the American society. Security experts and US politicians are aware that the national power grid is vulnerable to a terrorist attack.

“It’s possible; and whether it’s likely to happen soon remains to be seen,” explained by the former Secretary of Defense William Cohen on “The Steve Malzberg Show.”

Attackers have several options to hit a power grid, from a cyber-attack on SCADA systems to an EMP attack, according to Cohen.

“You can do it through cyber-attacks, and that’s the real threat coming up as well. We have to look at cyber-attacks being able to shut down our power grid, which you have to remember is in the private sector’s hands, not the government’s. And we’re vulnerable,” Cohen added. “It’s possible and whether it’s likely to happen soon remains to be seen.”

“That’s because the technology continues to expand and terrorism has become democratized. Many, many people across the globe now have access to information that allows them to be able to put together a very destructive means of carrying out their terrorist plans. We’re better at detecting than we were in the past. We’re much more focused in integrating and sharing the information that we have, but we’re still vulnerable and we’ll continue to be vulnerable as long as groups can operate either on the margins or covertly to build these kind of campaigns of terror.” said Cohen.

Former Department of Homeland Security Secretary Janet Napolitano shared Cohen’s concerns. A major cyber-attack the power grid was a matter of “when,” not “if.”

State-sponsored hackers, cyber terrorists are the main threat actors, but as confirmed by a recent research conducted by TrendMicro, also the cybercrime represents a serious menace.

Former senior CIA analyst and EMP Task Force On National Homeland Security Director, Dr. Peter Vincent Pry, told Newsmax TV that that a cyber attack against the power grid could cause serious destruction and loss of life.

Not only US power grid are under attack. In January 2015, the British Parliament revealed that UK Power Grid is under cyber-attack from foreign hackers, but the emergency is for critical infrastructure worldwide.\

Figure 2 – SCADA control room

Arbuthnot confirmed the incessant attacks on national critical infrastructure and he doesn’t exclude a major incident, despite the enormous effort spent at the National Grid.

“Our National Grid is coming under cyber-attack not just day-by-day but minute-by-minute,” Arbuthnot, whose committee scrutinized the country’s security policy, told a conference in London last year. “There are, at National Grid, people of very high quality who recognize the risks that these attacks pose, and who are fighting them off,” he said, “but we can’t expect them to win forever.”

The power grid is a vital system for our society and the cyber strategy of every government must consider its protection a high priority, a terror attack would leave entire countries sitting in the dark.

A hypothetical attack scenario and estimation of the losses

What will happen in case of a cyber-attack on a critical infrastructure in the US? Which is the economic impact of a cyber-attack against a power grid?

According to a poll conducted by researchers at the Morning Consult firm from May 29 to May 31, cyber-attacks are just behind terrorism attacks on the list of biggest threats to US. The research allowed the experts to estimate that the insurance industry could face losses of about $21 billion. That poll was conducted by interviewing a national sample of 2,173 registered voters.

Nearly 36 percent of voters consider acts of terrorism at the top of a list of major security threats, followed by cyber-attacks at 32 percent.

Figure 3- Morning Consult firm poll results

The Lloyd’s of London has conducted a very interesting study, Business Blackout, that describes the impacts of a cyber-attack on the national power grid.

It is the first time that the insurance industry has elaborated on a similar report. Obviously, the estimates provided are merely indicative due to the large number of factors that can influence the costs.

According to the report prepared by Lloyd’s of London in a joint effort with the University of Cambridge’s Centre for Risk Studies, cyber-attacks would have a catastrophic impact on multiple types of insurance.

The attack scenario described by Business Blackout illustrates the effects of a malware-based attack on systems that controls the national power grid. The attack causes an electrical blackout that plunges 15 US states and principal cities, including New York City and Washington DC, into darkness. Nearly 93 million people will remain without power in the scenario hypothesized by the study.

The attackers spread the ‘Erebos’ Trojan through the network with the effect of compromising the electricity generation control rooms in several locations in the Northeastern United States.

According to the researchers, the attack will cause health and safety systems to fail, disrupting water supplies as electric pumps fail. The chaos will reign causing the failure of main services, including transportation. The malware is able to infect the Internet and search and compromise 50 generators that it will destroy, causing prolonged outages in the region.

The total of claims paid by the insurance industry has been estimated to be included in the interval comprised between $21.4b and $71.1b, depending on the evolution of the scenarios designed by the researchers.

The researchers involved in the simulation have calculated the economic losses could range from $243 million to $1 trillion, depending on the number of components in the power grid compromised by the attack.

“Economic impacts include direct damage to assets and infrastructure, decline in sales revenue to electricity supply companies, loss of sales revenue to business and disruption to the supply chain. The total impact to the US economy is estimated at $243bn, rising to more than $1trn in the most extreme version of the scenario.” states the report.

The experts analyzed the historical outages, estimating that currently the power interruptions, most of which last five minutes or less, already cost the US about $96 billion. The cost related to a prolonged outage is likely to be included in the range of $36 billion to $156 billion. The Commercial and industrial sectors are the sectors most impacted by the attack on the power grid due to their dependency on the electricity supply.

“Evidence from historical outages and indicative modelling suggests that power interruptions already cost the US economy roughly $96bn8 annually.9 However, uncertainty and sensitivity analysis suggest this figure may range from $36b to $156b.” continues the report. “Currently over 95% of outage costs are borne by the commercial and industrial sectors due to the high dependence on electricity as an input factor of production.”

As explained in the report, it is important to identify the risks related to a possible cyber-attack and adopt all the necessary measures to mitigate them. The protection of critical infrastructure like a power grid is an essential part of the cyber strategy of any Government.