Category Archives: Russia

International Red Cross is a Political Wing for Foreign Policy

Posted on by

Red Crescent too….

Hamas Charter: Article Two: The Link between Hamas and the Association of Muslim Brothers
The Islamic Resistance Movement is one of the wings of the Muslim Brothers in Palestine. The Muslim Brotherhood Movement is a world organization, the largest Islamic Movement in the modern era. It is characterized by a profound understanding, by precise notions and by a complete comprehensiveness of all concepts of Islam in all domains of life: views and beliefs, politics and economics, education and society, jurisprudence and rule, indoctrination and teaching, the arts and publications, the hidden and the evident, and all the other domains of life.

Article Twenty-Eight
 The Zionist invasion is a mischievous one. It does not hesitate to take any road, or to pursue all despicable and repulsive means to fulfill its desires. It relies to a great extent, for its meddling and spying activities, on the clandestine organizations which it has established, such as the Freemasons, Rotary Clubs, Lions, and other spying associations. All those secret organizations, some which are overt, act for the interests of Zionism and under its directions, strive to demolish societies, to destroy values, to wreck answerableness, to totter virtues and to wipe out Islam. It stands behind the diffusion of drugs and toxics of all kinds in order to facilitate its control and expansion. The Arab states surrounding Israel are required to open their borders to the Jihad fighters, the sons of the Arab and Islamic peoples, to enable them to play their role and to join their efforts to those of their brothers among the Muslim Brothers in Palestine. The other Arab and Islamic states are required, at the very least, to facilitate the movement of the Jihad fighters from and to them. We cannot fail to remind every Muslim that when the Jews occupied Holy Jerusalem in 1967 and stood at the doorstep of the Blessed Aqsa Mosque, they shouted with joy: “Muhammad is dead, he left daughters behind.” Israel, by virtue of its being Jewish and of having a Jewish population, defies Islam and the Muslims. “Let the eyes of the cowards not fall asleep.” Read all 36 Hamas Charter Articles here.

Cant make this up! Notice how blame always included Israel.

Red Cross Offers Workshops in International Law to Hamas

NYT: GAZA CITY — A new training regimen for fighters in Hamas’s armed wing employs slide presentations and a whiteboard rather than Kalashnikov rifles and grenades. The young men wear polo shirts instead of fatigues and black masks. They do not chant anti-Israel slogans, but discuss how the Geneva Conventions governing armed conflict dovetail with Islamic principles.

The three-day workshop, conducted last month by the International Committee of the Red Cross, followed numerous human-rights reports accusing both Israel and Hamas, the Islamist group that controls Gaza, of war crimes in their devastating battle last summer, and came as the International Criminal Court prosecutor conducts a preliminary inquiry into that conflict.

It was clear during the opening session that the Red Cross would face a steep climb to convince militant Islamists that international law should govern their resistance against Israel.

“The prophet used to give orders to his army that you don’t kill any child, don’t cut any tree,” one fighter said promisingly, lending Quranic support to the principle of distinguishing between soldiers and civilians. “As long as he is not fighting me, I should not kill him.”

But a colleague soon countered, “The prophet is different than today,” and the conversation quickly shifted from Hamas’s own questionable methods to the enemy.

“They killed us, they killed our babies,” one militant insisted, speaking of the Israeli military. Of the humanitarian principles underpinning both Islam and international law, he added, “Sometimes we need to overlook these things, because the situation is different.”

The Red Cross developed its program in conjunction with Islamic scholars several years ago, but ramped it up after last summer’s deadly battle. So far this year, it has conducted six sessions for a total of 210 fighters from Hamas’s Izzedine al-Qassam Brigades and two other Gaza armed groups. Another workshop is scheduled for this week.

 Skeptics may question the utility of teaching humanitarian law to a guerrilla force that the United States and the European Union classify as a terrorist organization. The Qassam Brigades fired thousands of rockets and mortars toward Israeli cities last summer; its weapons caches have been found in civilian homes and schools across Gaza, and Israel alleges that it uses Palestinian residents as human shields, purposely risking their lives to mobilize international ire against Israel.

But Red Cross leaders say they have seen an increasing commitment from Hamas leaders and linemen alike, if only because they now consider their international image a critical component of their struggle.

Mamadou Sow, who heads Red Cross operations in Gaza, said that in April he presented a critique of Hamas’s conduct during the 2014 hostilities to its top political and military leaders, and that they “welcomed it” and “indicated that they are a learning organization.” He said they also “challenged us to keep in mind the topology of the Gaza Strip,” one of the most densely populated patches on the planet.

“For the first time,” said Jacques de Maio, director of the Red Cross delegation in Israel and the Palestinian territories, “Hamas is actually, in a private, protected space, expressing a readiness to look critically at a number of things that have an impact on their level of respect for international humanitarian law.”

He added, “Whether this will translate into something concrete, time will tell.”

Besides participating in the workshops, Hamas has altered its propaganda in the aftermath of the war. New talking points stress that tunnel attacks last summer targeted military positions, not civilian communities, and argue — dubiously — that rockets fly toward civilian areas because the Gaza groups lack guiding technology.

Still, Hamas leaders routinely praise attacks on Israelis, and there are widespread reports that Qassam is rebuilding tunnels to infiltrate Israeli territory.

Last week, in announcing the arrest of a Qassam fighter in July, Israel’s security service said that he had told interrogators “the organization’s fighters endanger many civilians by storing explosives in their homes, on the instructions of Hamas commanders.”

Mr. de Maio of the Red Cross acknowledged that “a big ethical, fundamental question would be, ‘Are we now shaking hands with the devil?’ ” But he said his group’s work with rogue rulers and rebels around the world had altered their modi operandi. He cited a 2011 episode in Afghanistan in which operatives painted a vehicle like an ambulance. “We engaged with the Taliban and it was a long process,” he said. Eventually commanders issued an order saying it was a mistake that should not be repeated, “and it didn’t happen again.”

The Red Cross and the Qassam Brigades let reporters from The New York Times observe the first day of the workshop in July, on the condition that neither the trainers nor the participants be named, and that no photographs be taken. Role-playing and case studies — one exercise involved an armed group firing on an invading tank from the garden of a civilian home, near a hospital — were also off limits.

Most of the men were in their 20s and wore trim beards. Their leader opened by saying, “All what we’re going to hear we can find in our religion,” urging them “to take it very seriously” and reminding them to silence their cellphones.

The seminar unfolded in a room of Al Salam Restaurant, overlooking the beachfront where four young cousins were killed by Israeli missiles in 2014, a seminal episode that prompted one of the loudest international outcries of the war. Israeli military investigators later classified the attack as a tragic mistake.

During five hours of conversation, the fighters did not reflect on their own questionable activities or debate any situations they faced regarding risk to civilians while operating in Gaza’s urban landscape. Instead, they repeatedly turned the focus to Israel.

“You are dealing with an enemy that there’s not any difference between soldier and civilian,” insisted one fighter in a plaid shirt.

“Israelis violated everything,” another declared. “You say this also to the Jews?”

Yes, the Red Cross officials said, they conduct similar sessions with the Israeli military. This prompted more outrage. “You equalize the victim and the criminal,” one fighter said accusingly. “All of you, until now, you did not denounce the crimes of the Zionists.”

Others challenged Red Cross war efforts — providing water to refugee camps, repairing downed power lines, restoring cellular service, arranging with Israel to evacuate the wounded from bombarded areas.

“What was your role when the massacre in Rafah happened?” one fighter wanted to know, referring to Black Friday, when Qassam fighters took the remains of a slain Israeli soldier after a tunnel battle, prompting an Israeli assault that killed as many as 200 civilians. “We were besieged inside the hospital — why didn’t the I.C.R.C. help us?”

The trainer allowed, “The whole environment was very complicated, we couldn’t deal with everything and every place — you can’t have a war without victims.”

The Qassam coordinator, who gave only his nom de guerre, Abu Mahmoud, refused to let participants be interviewed about their experience or to engage in any substantive discussion of the group’s methods. “We did not commit war crimes as much as the Israelis did,” he said, adding that “civilian casualties happen because we are not an organized army.”

As for the International Criminal Court inquiry into both sides, he said with a shrug: “It will not affect us. We are, eventually, victims and they are occupiers, so there is no comparison.”

A 23-year-old Qassam member who participated in a similar workshop in May 2014, was permitted to speak only with Abu Mahmoud monitoring. He said that he had “signed a paper saying I should not kill civilians” upon joining Qassam four years ago, and that last summer, “the rules and teachings of this training made me fight within limits.”

Pressed for examples, the fighter recalled one instance in which “some of my colleagues wanted to have a military task inside a school, but we prevented this from happening.”

“We explained the consequences of such actions,” he said. “What will happen in the I.C.C. against us, and the international community. We don’t want to have a weakness point, and that the occupation will use it against us.”

U.S. Germany to Remove Missile Defense Systems from Turkey

Posted on by
WTH??? Anyone who believes the reasons for these decisions needs to think again.
I personally will throw in my reason, it is part of the Iran Deal where under the P5+1, John Kerry and Wendy Sherman along with The White House gave up yet another major item….missile defense. Iran and the IRGC must be delighted.
 Germany to Withdraw Patriot Missiles From Turkey in 2016
Berlin:  Germany on Saturday said it would withdraw its two Patriot missile batteries from Turkey early next year, ending its role in a three-year NATO mission to help bolster the country’s air defences against threats from Syria’s civil war.

The German army, known as the Bundeswehr, said on its website that the mandate for the mission would run out on January 31, 2016, and would not be renewed.

Germany will also call back around 250 soldiers who are currently deployed in southeastern Turkey as part of the mission, the statement said.

“Along with our NATO partners, we have protected the Turkish people from missile attacks from Syria,” Defence Minister Ursula von der Leyen was quoted as saying in the statement.

“We are ending this deployment in January 2016,” she said, adding that the main threat in the crisis-wracked region now came from the Islamic State group.

Turkey turned to its NATO allies for help over its troubled frontier after a mortar bomb fired from Syrian territory killed five Turkish civilians in the border town of Akcakale in 2012.

The United States, the Netherlands and Germany each sent Patriot missile batteries in response. Germany’s Patriot missile system is based in the Turkish town of Kahramanmaras, some 100 kilometres (60 miles) from the Syrian border.

Originally used as an anti-aircraft missile, Patriots today are used to defend airspace by detecting and destroying incoming missiles. NATO deployed Patriot missiles in Turkey during the 1991 Gulf war and in 2003 during the Iraqi conflict.

U.S. pulling Patriot missiles from Turkey

FNC: The U.S. military is pulling its Patriot missiles from Turkey this fall, the U.S. Embassy in Ankara announced Sunday.

It is unclear if the decision to pull the missiles is in response to Turkey’s unannounced massive airstrike against a Kurdish separatist group in northern Iraq on July 24. The strike endangered U.S. Special Forces on the ground training Kurdish Peshmerga fighters, angering U.S. military officials.

The U.S. military was taken completely by surprise by the Turkish airstrike, which involved 26 jets, military sources told Fox News.

Patriot missiles have been upgraded in recent years to shoot down ballistic missiles, in addition to boasting an ability to bring down enemy aircraft. The U.S. military has deployed these missiles along Turkey’s border with Syria.

When a Kurdish journalist asked the Army’s outgoing top officer, Gen. Raymond Odierno, about the incident over northern Iraq at his final press conference Wednesday, Odierno replied: “We’ve had conversations about this to make sure it doesn’t happen.”

The Kurdistan Workers Party, or PKK, has been listed as a foreign terrorist organization by the U.S. State Department. It is influenced by Marxist ideology and has been responsible for recent attacks in Turkey, killing Turkish police and military personnel. A separate left-wing radical group was responsible for attacking the U.S. Consulate in Istanbul last week.

State Department and Pentagon officials have said in recent days that Turkey has a right to defend itself against the PKK.

A senior military source told Fox News that Turkey is worried about recent gains by Syrian Kurds, some affiliated with the PKK. But the group is seen as an effective ground force against ISIS, helping pinpoint ISIS targets for U.S. warplanes.

The Turks, however, worry Syrian Kurds will take over most of the 560-mile border it shares with Syria.

Currently, ISIS controls a 68-mile strip along the Turkey-Syria border, but Turkey does not want Kurdish fighters involved in the fight to push out ISIS from this portion of the border because it would enable the Kurds to control a large swath of land stretching from northern Iraq to the Mediterranean. Right now Syrian Kurds occupy both sides of the contested 68-mile border controlled by ISIS.

Of the 30 million Kurds living in the Middle East, 14 million reside in Turkey. They are one of the world’s largest ethnic groups without its own country.

Despite Turkey being listed among the 62-nation anti-ISIS coalition, it has yet to be named as a country striking ISIS in the coalition’s daily airstrike report.

A week ago, after months of negotiations, the U.S. Air Force moved six F-16 fighter jets to Incirlik Air Base in Turkey from their base in Italy and several KC-135 refueling planes. Airstrikes against ISIS in Syria soon followed.

The decision to allow manned U.S. military aircraft inside Turkey came days after an ISIS suicide bomber killed dozens of Turkish citizens.

Part of Turkey’s reluctance to do more against ISIS is because Turkey wants the U.S. military to take on the regime of Syrian president Bashar al-Assad. But that is not U.S. policy.

“We are not at war with the Assad regime,” Pentagon spokesman Capt. Jeff Davis said recently.

The animosity between Turkey and Syria goes back decades. In 1939, Turkey annexed its southern most province, Hatay, from Assad family land. Syria has never recognized the move and the two countries have been at odds ever since.

There was no immediate reply from the Pentagon or State Dept. when contacted by Fox News asking what prompted the decision to pull the U.S. missiles from Turkey.

al Qaeda and Taliban New Allegiance in Afghanistan

Posted on by

The Taliban has raised their flag after they take control of the Helmand district in Afghanistan. Afghan soldiers bailed out and the Taliban has seized military gear supplied to the Afghanistan forces after killing 40 Afghan soldiers and police.

Sharia will be imposed and wield deeper power in the region.

After the official declaration of the deal of Mullah Omar was announced, the Taliban leadership was fractured due to a sense of betrayal. During many tribal meetings, it was soon announced that Mullah Akhtar Mansour would be the new leader.

 Omar

 Mansour

Ayman al Zawahiri, who took control of al Qaeda after the death of Usama bin Ladin made a declaration of pledge and cooperation with Akhtar Mansour where new threats against America have been officially broadcasted.


al Zawahiri has been thought to be hiding in the Pakistan border region and recently produced an audio raising news fears in the region. Additionally, while there have been several attempts at peace talks with the Afghanistan government, the Taliban is now formally opposed.

In part from Reuters: The swift announcement that Mansour, Omar’s longtime deputy, would be the new leader has riled many senior Taliban figures, and Omar’s family said this month that it did not endorse the move.

Mansour’s position could be shored up by the vote of confidence by al Qaeda, the global militant group that has maintained ties with the Taliban for almost two decades since the tenure of its founder and late leader Osama bin Laden.

“As leader of the al Qaeda organization for jihad, I offer our pledge of allegiance, renewing the path of Sheikh Osama and the devoted martyrs in their pledge to the commander of the faithful, the holy warrior Mullah Omar,” Zawahiri added.

Reiterating support for the Taliban is also a tacit rejection of Islamic State, the new ultra-radical Sunni Muslim movement that is ensconced in Iraq and Syria and has gained the support of a few Afghan insurgent commanders.

Al Qaeda is being challenged by Islamic State for leadership of the global jihadist movement, as determined backers of IS have cropped up in Libya and Yemen this year.

Al Qaeda was set up by Arab guerrillas who flocked to Afghanistan to fight Soviet occupation forces in the 1980s. It thrived under the Taliban’s 1996-2001 rule in Afghanistan before the U.S. invasion that followed Al Qaeda’s Sept. 11, 2001 attacks on New York and Washington drove both groups underground.

Russia’s Silent Effective War Against the United States

Posted on by

There is no country that is better with propaganda tactics than Russia and they are in use today. The measure of the costs related to Russia’s tactics especially when it comes to the internet is not measurable.

This silent war is noticed even by Secretary of State John Kerry when he declared he was certain that both China and Russia have access or have read his emails. So why no declaration of war or prosecution of espionage?

***

A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems. More details here.

***

Exclusive: Russian antivirus firm faked malware to harm rivals – Ex-employees

Reuters: Beginning more than a decade ago, one of the largest security companies in the world, Moscow-based Kaspersky Lab, tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious, according to two former employees.

They said the secret campaign targeted Microsoft Corp (MSFT.O), AVG Technologies NV (AVG.N), Avast Software and other rivals, fooling some of them into deleting or disabling important files on their customers’ PCs.

Some of the attacks were ordered by Kaspersky Lab’s co-founder, Eugene Kaspersky, in part to retaliate against smaller rivals that he felt were aping his software instead of developing their own technology, they said.

“Eugene considered this stealing,” said one of the former employees. Both sources requested anonymity and said they were among a small group of people who knew about the operation.

Kaspersky Lab strongly denied that it had tricked competitors into categorizing clean files as malicious, so-called false positives.

“Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing,” Kaspersky said in a statement to Reuters. “Such actions are unethical, dishonest and their legality is at least questionable.”

Executives at Microsoft, AVG and Avast previously told Reuters that unknown parties had tried to induce false positives in recent years. When contacted this week, they had no comment on the allegation that Kaspersky Lab had targeted them.

The Russian company is one of the most popular antivirus software makers, boasting 400 million users and 270,000 corporate clients. Kaspersky has won wide respect in the industry for its research on sophisticated Western spying programs and the Stuxnet computer worm that sabotaged Iran’s nuclear program in 2009 and 2010.

The two former Kaspersky Lab employees said the desire to build market share also factored into Kaspersky’s selection of competitors to sabotage.

“It was decided to provide some problems” for rivals, said one ex-employee. “It is not only damaging for a competing company but also damaging for users’ computers.”

The former Kaspersky employees said company researchers were assigned to work for weeks or months at a time on the sabotage projects.

Their chief task was to reverse-engineer competitors’ virus detection software to figure out how to fool them into flagging good files as malicious, the former employees said.

The opportunity for such trickery has increased over the past decade and a half as the soaring number of harmful computer programs have prompted security companies to share more information with each other, industry experts said. They licensed each other’s virus-detection engines, swapped samples of malware, and sent suspicious files to third-party aggregators such as Google Inc’s (GOOGL.O) VirusTotal.

By sharing all this data, security companies could more quickly identify new viruses and other malicious content. But the collaboration also allowed companies to borrow heavily from each other’s work instead of finding bad files on their own.

Kaspersky Lab in 2010 complained openly about copycats, calling for greater respect for intellectual property as data-sharing became more prevalent.

In an effort to prove that other companies were ripping off its work, Kaspersky said it ran an experiment: It created 10 harmless files and told VirusTotal that it regarded them as malicious. VirusTotal aggregates information on suspicious files and shares them with security companies.

Within a week and a half, all 10 files were declared dangerous by as many as 14 security companies that had blindly followed Kaspersky’s lead, according to a media presentation given by senior Kaspersky analyst Magnus Kalkuhl in Moscow in January 2010.

When Kaspersky’s complaints did not lead to significant change, the former employees said, it stepped up the sabotage.

INJECTING BAD CODE

In one technique, Kaspersky’s engineers would take an important piece of software commonly found in PCs and inject bad code into it so that the file looked like it was infected, the ex-employees said. They would send the doctored file anonymously to VirusTotal.

Then, when competitors ran this doctored file through their virus detection engines, the file would be flagged as potentially malicious. If the doctored file looked close enough to the original, Kaspersky could fool rival companies into thinking the clean file was problematic as well.

VirusTotal had no immediate comment.

In its response to written questions from Reuters, Kaspersky denied using this technique. It said it too had been a victim of such an attack in November 2012, when an “unknown third party” manipulated Kaspersky into misclassifying files from Tencent (0700.HK), Mail.ru (MAILRq.L) and the Steam gaming platform as malicious.

The extent of the damage from such attacks is hard to assess because antivirus software can throw off false positives for a variety of reasons, and many incidents get caught after a small number of customers are affected, security executives said.

The former Kaspersky employees said Microsoft was one of the rivals that were targeted because many smaller security companies followed the Redmond, Washington-based company’s lead in detecting malicious files. They declined to give a detailed account of any specific attack.

Microsoft’s antimalware research director, Dennis Batchelder, told Reuters in April that he recalled a time in March 2013 when many customers called to complain that a printer code had been deemed dangerous by its antivirus program and placed in “quarantine.”

Batchelder said it took him roughly six hours to figure out that the printer code looked a lot like another piece of code that Microsoft had previously ruled malicious. Someone had taken a legitimate file and jammed a wad of bad code into it, he said. Because the normal printer code looked so much like the altered code, the antivirus program quarantined that as well.

Over the next few months, Batchelder’s team found hundreds, and eventually thousands, of good files that had been altered to look bad. Batchelder told his staff not to try to identify the culprit.

“It doesn’t really matter who it was,” he said. “All of us in the industry had a vulnerability, in that our systems were based on trust. We wanted to get that fixed.”

In a subsequent interview on Wednesday, Batchelder declined to comment on any role Kaspersky may have played in the 2013 printer code problems or any other attacks. Reuters has no evidence linking Kaspersky to the printer code attack.

As word spread in the security industry about the induced false positives found by Microsoft, other companies said they tried to figure out what went wrong in their own systems and what to do differently, but no one identified those responsible.

At Avast, a largely free antivirus software maker with the biggest market share in many European and South American countries, employees found a large range of doctored network drivers, duplicated for different language versions.

Avast Chief Operating Officer Ondrej Vlcek told Reuters in April that he suspected the offenders were well-equipped malware writers and “wanted to have some fun” at the industry’s expense. He did not respond to a request on Thursday for comment on the allegation that Kaspersky had induced false positives.

WAVES OF ATTACKS

The former employees said Kaspersky Lab manipulated false positives off and on for more than 10 years, with the peak period between 2009 and 2013.

It is not clear if the attacks have ended, though security executives say false positives are much less of a problem today.

That is in part because security companies have grown less likely to accept a competitor’s determinations as gospel and are spending more to weed out false positives.

AVG’s former chief technology officer, Yuval Ben-Itzhak, said the company suffered from troves of bad samples that stopped after it set up special filters to screen for them and improved its detection engine.

“There were several waves of these samples, usually four times per year. This crippled-sample generation lasted for about four years. The last wave was received at the beginning of the year 2013,” he told Reuters in April.

AVG’s chief strategy officer, Todd Simpson, declined to comment on Wednesday.

Kaspersky said it had also improved its algorithms to defend against false virus samples. It added that it believed no antivirus company conducted the attacks “as it would have a very bad effect on the whole industry.”

“Although the security market is very competitive, trusted threat-data exchange is definitely part of the overall security of the entire IT ecosystem, and this exchange must not be compromised or corrupted,” Kaspersky said.

Cyber-attack on Power Grid Paralysis

Posted on by

Cyber Attacks on the Power Grid: The Specter of Total Paralysis

Posted in General Security, Hacking, Incident Response on July 27, 2015

The Incidents

Imagine that one day you wake up and trading is halted on the New York Stock Exchange (NYSE) floor; meanwhile systems at United Airlines and the Wall Street Journal newspaper appear out of order.

It is not a scene from a movie; it happened on July 8, when trading at the NYSE stopped around 11:30 a.m. ET.

According the media, the temporary interruption of the services mentioned was a fateful coincidence and the events are unrelated, but the incidents have raised once again the question of the real security of critical infrastructure.

White House spokesperson Josh Earnest confirmed that the incidents weren’t caused by cyber-attacks. President Obama had briefed on the glitch at NYSE by White House counterterrorism and Homeland Security adviser Lisa Monaco as well as Chief Of Staff Denis McDonough.

“It appears from what we know at this stage that the malfunctions at United and at the stock exchange were not the result of any nefarious actor,” said Department of Homeland Security Secretary Jeh Johnson. “We know less about the Wall Street Journal at this point except that their system is back up again as is the United Airline system.”

Which is the impact of a cyber-attack on a critical infrastructure? Are critical infrastructure actually secure?

A major attack on a critical infrastructure like a power grid would cause chaos in the country by interrupting vital services for the population.

The current scenario

The Stock Exchange, transportation, and media are critical to the infrastructure of a country. A contemporary failure of these systems could cause serious problems to the nation, especially when the incident is caused by a cyber-attack.

“I think the Wall Street Journal piece is connected to people flooding their web site in response to the New York Exchange to find out what’s going on.” FBI Director James Comey told the Senate Intelligence committee. “In my business we don’t love coincidences, but it does appear that there is not a cyber-intrusion involved.”

Sen. Bill Nelson, D-FL, the top Democrat on the cyber-security subcommittee, told Fox News that the NYSE incident has “the appearance” of a cyber-attack and noted the coordination of multiple sites.

Thus far, the temporary outage at the New York Stock Exchange, United Airlines and the Wall Street Journal’s website were the results of tech glitches, but we have to consider the US infrastructure remains vulnerable to cyber-attacks that would cause serious problems and would be costly.

To compound the scenario, there is the rapid increase in the number of cyber-attacks, at least of those we fail to detect, and its complexity.

The DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued its new ICS-CERT MONITOR report related to the period September 2014 – February 2015. The ICS-CERT MONITOR report

According to the report, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) received and responded to 245 incidents in Fiscal Year 2014, more than half of the incidents reported by asset owners and industry partners involved sophisticated APT. ICS/SCADA system were also targeted by other categories of threat actors, including cyber criminals, insider threats and hacktivists.

“Of the total number of incidents reported to ICS-CERT, roughly 55 percent involved advanced persistent threats (APT) or sophisticated actors. Other actor types included hacktivists, insider threats, and criminals. In many cases, the threat actors were unknown due to a lack of attributional data.” states the report.

Analyzing incidents reported by sector, it is possible to note that the majority of the attacks involved entities in the Energy Sector followed by Critical Manufacturing. About 30 percent of the incidents hit infrastructures in the energy sector, meanwhile Critical Manufacturing (i.e. manufacturing of vehicles and aviation and aerospace components) accounted for 27 percent.

The threat actors used a significant number of zero-day vulnerabilities to compromise industrial control systems through the exploitation of web application flaws.

The most common flaws exploited by attackers include authentication, buffer overflow, and denial-of-service . Noteworthy among ICS-CERT’s activities included the multi-vendor coordination that was conducted for the ”

“Noteworthy among ICS-CERT’s activities included the multi-vendor coordination that was conducted for the “Heartbleed” OpenSSL vulnerability. The team worked with the ICS vendor community to release multiple advisories, in addition to conducting briefings and webinars in an effort to raise awareness of the vulnerability and the mitigation strategies for preventing exploitation” states the ICS-CERT report to explain the coordination activities sustained by the agency to address principal vulnerabilities.

The ICS-CERT MONITOR report confirmed that the attackers used a vast range of methods for attempting to compromise control systems infrastructure, including:

Figure 1 – ICS -CERT Attack Methods

Unfortunately, it is quite difficult to attribute an incident to a specific threat actor. In the majority of cases, these offensives have gone under the radar over the years due to high level of sophistication of the Tactics, Techniques, and Procedures (TTPs).

The victims were not able to identify the threat actors. Neither the attack vector exploited by hackers for 38 percent of the reported incidents,

“Many more incidents occur in critical infrastructure that go unreported,” states the ICS-CERT MONITOR report. “Forensic evidence did not point to a method used for intrusion because of a lack of detection and monitoring capabilities within the compromised network”.

US power grid vulnerable to cyber attacks

The US power grid is a privileged target for various categories of attackers, terrorists, cyber criminals, and state-sponsored hackers. Daily, they threaten the backbone of the American society. Security experts and US politicians are aware that the national power grid is vulnerable to a terrorist attack.

“It’s possible; and whether it’s likely to happen soon remains to be seen,” explained by the former Secretary of Defense William Cohen on “The Steve Malzberg Show.”

Attackers have several options to hit a power grid, from a cyber-attack on SCADA systems to an EMP attack, according to Cohen.

“You can do it through cyber-attacks, and that’s the real threat coming up as well. We have to look at cyber-attacks being able to shut down our power grid, which you have to remember is in the private sector’s hands, not the government’s. And we’re vulnerable,” Cohen added. “It’s possible and whether it’s likely to happen soon remains to be seen.”

“That’s because the technology continues to expand and terrorism has become democratized. Many, many people across the globe now have access to information that allows them to be able to put together a very destructive means of carrying out their terrorist plans. We’re better at detecting than we were in the past. We’re much more focused in integrating and sharing the information that we have, but we’re still vulnerable and we’ll continue to be vulnerable as long as groups can operate either on the margins or covertly to build these kind of campaigns of terror.” said Cohen.

Former Department of Homeland Security Secretary Janet Napolitano shared Cohen’s concerns. A major cyber-attack the power grid was a matter of “when,” not “if.”

State-sponsored hackers, cyber terrorists are the main threat actors, but as confirmed by a recent research conducted by TrendMicro, also the cybercrime represents a serious menace.

Former senior CIA analyst and EMP Task Force On National Homeland Security Director, Dr. Peter Vincent Pry, told Newsmax TV that that a cyber attack against the power grid could cause serious destruction and loss of life.

Not only US power grid are under attack. In January 2015, the British Parliament revealed that UK Power Grid is under cyber-attack from foreign hackers, but the emergency is for critical infrastructure worldwide.\

Figure 2 – SCADA control room

Arbuthnot confirmed the incessant attacks on national critical infrastructure and he doesn’t exclude a major incident, despite the enormous effort spent at the National Grid.

“Our National Grid is coming under cyber-attack not just day-by-day but minute-by-minute,” Arbuthnot, whose committee scrutinized the country’s security policy, told a conference in London last year. “There are, at National Grid, people of very high quality who recognize the risks that these attacks pose, and who are fighting them off,” he said, “but we can’t expect them to win forever.”

The power grid is a vital system for our society and the cyber strategy of every government must consider its protection a high priority, a terror attack would leave entire countries sitting in the dark.

A hypothetical attack scenario and estimation of the losses

What will happen in case of a cyber-attack on a critical infrastructure in the US? Which is the economic impact of a cyber-attack against a power grid?

According to a poll conducted by researchers at the Morning Consult firm from May 29 to May 31, cyber-attacks are just behind terrorism attacks on the list of biggest threats to US. The research allowed the experts to estimate that the insurance industry could face losses of about $21 billion. That poll was conducted by interviewing a national sample of 2,173 registered voters.

Nearly 36 percent of voters consider acts of terrorism at the top of a list of major security threats, followed by cyber-attacks at 32 percent.

Figure 3- Morning Consult firm poll results

The Lloyd’s of London has conducted a very interesting study, Business Blackout, that describes the impacts of a cyber-attack on the national power grid.

It is the first time that the insurance industry has elaborated on a similar report. Obviously, the estimates provided are merely indicative due to the large number of factors that can influence the costs.

According to the report prepared by Lloyd’s of London in a joint effort with the University of Cambridge’s Centre for Risk Studies, cyber-attacks would have a catastrophic impact on multiple types of insurance.

The attack scenario described by Business Blackout illustrates the effects of a malware-based attack on systems that controls the national power grid. The attack causes an electrical blackout that plunges 15 US states and principal cities, including New York City and Washington DC, into darkness. Nearly 93 million people will remain without power in the scenario hypothesized by the study.

The attackers spread the ‘Erebos’ Trojan through the network with the effect of compromising the electricity generation control rooms in several locations in the Northeastern United States.

According to the researchers, the attack will cause health and safety systems to fail, disrupting water supplies as electric pumps fail. The chaos will reign causing the failure of main services, including transportation. The malware is able to infect the Internet and search and compromise 50 generators that it will destroy, causing prolonged outages in the region.

The total of claims paid by the insurance industry has been estimated to be included in the interval comprised between $21.4b and $71.1b, depending on the evolution of the scenarios designed by the researchers.

The researchers involved in the simulation have calculated the economic losses could range from $243 million to $1 trillion, depending on the number of components in the power grid compromised by the attack.

“Economic impacts include direct damage to assets and infrastructure, decline in sales revenue to electricity supply companies, loss of sales revenue to business and disruption to the supply chain. The total impact to the US economy is estimated at $243bn, rising to more than $1trn in the most extreme version of the scenario.” states the report.

The experts analyzed the historical outages, estimating that currently the power interruptions, most of which last five minutes or less, already cost the US about $96 billion. The cost related to a prolonged outage is likely to be included in the range of $36 billion to $156 billion. The Commercial and industrial sectors are the sectors most impacted by the attack on the power grid due to their dependency on the electricity supply.

“Evidence from historical outages and indicative modelling suggests that power interruptions already cost the US economy roughly $96bn8 annually.9 However, uncertainty and sensitivity analysis suggest this figure may range from $36b to $156b.” continues the report. “Currently over 95% of outage costs are borne by the commercial and industrial sectors due to the high dependence on electricity as an input factor of production.”

As explained in the report, it is important to identify the risks related to a possible cyber-attack and adopt all the necessary measures to mitigate them. The protection of critical infrastructure like a power grid is an essential part of the cyber strategy of any Government.