Category Archives: Whistleblower

Russia’s Silent Effective War Against the United States

Posted on by

There is no country that is better with propaganda tactics than Russia and they are in use today. The measure of the costs related to Russia’s tactics especially when it comes to the internet is not measurable.

This silent war is noticed even by Secretary of State John Kerry when he declared he was certain that both China and Russia have access or have read his emails. So why no declaration of war or prosecution of espionage?

***

A Russian crime ring has amassed the largest known collection of stolen Internet credentials, including 1.2 billion user name and password combinations and more than 500 million email addresses, security researchers say.

The records, discovered by Hold Security, a firm in Milwaukee, include confidential material gathered from 420,000 websites, including household names, and small Internet sites. Hold Security has a history of uncovering significant hacks, including the theft last year of tens of millions of records from Adobe Systems. More details here.

***

Exclusive: Russian antivirus firm faked malware to harm rivals – Ex-employees

Reuters: Beginning more than a decade ago, one of the largest security companies in the world, Moscow-based Kaspersky Lab, tried to damage rivals in the marketplace by tricking their antivirus software programs into classifying benign files as malicious, according to two former employees.

They said the secret campaign targeted Microsoft Corp (MSFT.O), AVG Technologies NV (AVG.N), Avast Software and other rivals, fooling some of them into deleting or disabling important files on their customers’ PCs.

Some of the attacks were ordered by Kaspersky Lab’s co-founder, Eugene Kaspersky, in part to retaliate against smaller rivals that he felt were aping his software instead of developing their own technology, they said.

“Eugene considered this stealing,” said one of the former employees. Both sources requested anonymity and said they were among a small group of people who knew about the operation.

Kaspersky Lab strongly denied that it had tricked competitors into categorizing clean files as malicious, so-called false positives.

“Our company has never conducted any secret campaign to trick competitors into generating false positives to damage their market standing,” Kaspersky said in a statement to Reuters. “Such actions are unethical, dishonest and their legality is at least questionable.”

Executives at Microsoft, AVG and Avast previously told Reuters that unknown parties had tried to induce false positives in recent years. When contacted this week, they had no comment on the allegation that Kaspersky Lab had targeted them.

The Russian company is one of the most popular antivirus software makers, boasting 400 million users and 270,000 corporate clients. Kaspersky has won wide respect in the industry for its research on sophisticated Western spying programs and the Stuxnet computer worm that sabotaged Iran’s nuclear program in 2009 and 2010.

The two former Kaspersky Lab employees said the desire to build market share also factored into Kaspersky’s selection of competitors to sabotage.

“It was decided to provide some problems” for rivals, said one ex-employee. “It is not only damaging for a competing company but also damaging for users’ computers.”

The former Kaspersky employees said company researchers were assigned to work for weeks or months at a time on the sabotage projects.

Their chief task was to reverse-engineer competitors’ virus detection software to figure out how to fool them into flagging good files as malicious, the former employees said.

The opportunity for such trickery has increased over the past decade and a half as the soaring number of harmful computer programs have prompted security companies to share more information with each other, industry experts said. They licensed each other’s virus-detection engines, swapped samples of malware, and sent suspicious files to third-party aggregators such as Google Inc’s (GOOGL.O) VirusTotal.

By sharing all this data, security companies could more quickly identify new viruses and other malicious content. But the collaboration also allowed companies to borrow heavily from each other’s work instead of finding bad files on their own.

Kaspersky Lab in 2010 complained openly about copycats, calling for greater respect for intellectual property as data-sharing became more prevalent.

In an effort to prove that other companies were ripping off its work, Kaspersky said it ran an experiment: It created 10 harmless files and told VirusTotal that it regarded them as malicious. VirusTotal aggregates information on suspicious files and shares them with security companies.

Within a week and a half, all 10 files were declared dangerous by as many as 14 security companies that had blindly followed Kaspersky’s lead, according to a media presentation given by senior Kaspersky analyst Magnus Kalkuhl in Moscow in January 2010.

When Kaspersky’s complaints did not lead to significant change, the former employees said, it stepped up the sabotage.

INJECTING BAD CODE

In one technique, Kaspersky’s engineers would take an important piece of software commonly found in PCs and inject bad code into it so that the file looked like it was infected, the ex-employees said. They would send the doctored file anonymously to VirusTotal.

Then, when competitors ran this doctored file through their virus detection engines, the file would be flagged as potentially malicious. If the doctored file looked close enough to the original, Kaspersky could fool rival companies into thinking the clean file was problematic as well.

VirusTotal had no immediate comment.

In its response to written questions from Reuters, Kaspersky denied using this technique. It said it too had been a victim of such an attack in November 2012, when an “unknown third party” manipulated Kaspersky into misclassifying files from Tencent (0700.HK), Mail.ru (MAILRq.L) and the Steam gaming platform as malicious.

The extent of the damage from such attacks is hard to assess because antivirus software can throw off false positives for a variety of reasons, and many incidents get caught after a small number of customers are affected, security executives said.

The former Kaspersky employees said Microsoft was one of the rivals that were targeted because many smaller security companies followed the Redmond, Washington-based company’s lead in detecting malicious files. They declined to give a detailed account of any specific attack.

Microsoft’s antimalware research director, Dennis Batchelder, told Reuters in April that he recalled a time in March 2013 when many customers called to complain that a printer code had been deemed dangerous by its antivirus program and placed in “quarantine.”

Batchelder said it took him roughly six hours to figure out that the printer code looked a lot like another piece of code that Microsoft had previously ruled malicious. Someone had taken a legitimate file and jammed a wad of bad code into it, he said. Because the normal printer code looked so much like the altered code, the antivirus program quarantined that as well.

Over the next few months, Batchelder’s team found hundreds, and eventually thousands, of good files that had been altered to look bad. Batchelder told his staff not to try to identify the culprit.

“It doesn’t really matter who it was,” he said. “All of us in the industry had a vulnerability, in that our systems were based on trust. We wanted to get that fixed.”

In a subsequent interview on Wednesday, Batchelder declined to comment on any role Kaspersky may have played in the 2013 printer code problems or any other attacks. Reuters has no evidence linking Kaspersky to the printer code attack.

As word spread in the security industry about the induced false positives found by Microsoft, other companies said they tried to figure out what went wrong in their own systems and what to do differently, but no one identified those responsible.

At Avast, a largely free antivirus software maker with the biggest market share in many European and South American countries, employees found a large range of doctored network drivers, duplicated for different language versions.

Avast Chief Operating Officer Ondrej Vlcek told Reuters in April that he suspected the offenders were well-equipped malware writers and “wanted to have some fun” at the industry’s expense. He did not respond to a request on Thursday for comment on the allegation that Kaspersky had induced false positives.

WAVES OF ATTACKS

The former employees said Kaspersky Lab manipulated false positives off and on for more than 10 years, with the peak period between 2009 and 2013.

It is not clear if the attacks have ended, though security executives say false positives are much less of a problem today.

That is in part because security companies have grown less likely to accept a competitor’s determinations as gospel and are spending more to weed out false positives.

AVG’s former chief technology officer, Yuval Ben-Itzhak, said the company suffered from troves of bad samples that stopped after it set up special filters to screen for them and improved its detection engine.

“There were several waves of these samples, usually four times per year. This crippled-sample generation lasted for about four years. The last wave was received at the beginning of the year 2013,” he told Reuters in April.

AVG’s chief strategy officer, Todd Simpson, declined to comment on Wednesday.

Kaspersky said it had also improved its algorithms to defend against false virus samples. It added that it believed no antivirus company conducted the attacks “as it would have a very bad effect on the whole industry.”

“Although the security market is very competitive, trusted threat-data exchange is definitely part of the overall security of the entire IT ecosystem, and this exchange must not be compromised or corrupted,” Kaspersky said.

U.S. Flag Raised in Cuba Today by John Kerry and Envoy

Posted on by

The weekend before Secretary of State John Kerry travels to Cuba with an envoy to raise the U.S. flag at the re-opening of the embassy in Havana, 60 Cubans were arrested in what is more repression. Arrested were Cuban Ladies in White and yet Barack Obama on vacation in Martha’s Vineyard had nothing to say and John Kerry was mute of the matter himself.

John Kerry leads delegation to Cuba for flag raising at U.S. Embassy

WaPo: The United States plans to raise the Stars and Stripes at its embassy in Havana Friday morning, kicking off a day of symbolism and carefully balanced outreach to both Cuba’s communist government and its restive population.

Two U.S. government aircraft are scheduled to depart Washington at dawn to carry Secretary of State John F. Kerry and dozens of others on the 2   1/2 hour flight to the island. In addition to a 20-person official delegation of officials and members of Congress, selected Cuban-Americans, entrepreneurs and a large media contingent will be aboard, along with the three retired Marines who last lowered the flag when relations were severed more than 54 years ago.

Speeches are to follow the raising of the banner outside the seven-story embassy building, built in the early 1950s on the Malecón, Havana’s sweeping waterfront boulevard. The U.S. Army’s Brass Quintet will play both country’s anthems.

President Obama’s inaugural poet, Richard Blanco, whose family left Cuba shortly before he was born in 1968, will read “Matters of the Sea,” a poem he has written for the occasion.

The embassy has been open for nearly a month, following the official July 20 re-establishment of U.S.-Cuba relations. But the flag has been kept under wraps for the arrival of Kerry, the highest U.S. government official to set foot in Cuba since Franklin D. Roosevelt was president .

After the ceremony, Kerry will meet privately with Cardinal Jaime Ortega, the Roman Catholic archbishop of Havana. Ortega was instrumental, along with Pope Francis, in the success of nearly two years of secret bilateral negotiations that led to this day. Obama and Cuban President Raul Castro announced plans to restore relations last December.

In a carbon copy of last month’s official opening of the Cuban Embassy here, Kerry will meet with Foreign Minister Bruno Rodriguez at his ministry, and the two will then hold a joint news conference.

Later in the afternoon, a separate U.S. flag will be raised at the oppulent estate in western Havana that is the once and future residence of the U.S. ambassador, currently occupied by Charge d’Affairs Jeffrey DeLaurentis. Members of Cuban civil society — including political dissidents — ave been invited to that ceremony and to a reception with Kerry will host.

In an interview Wednesday with CNN Espanol, Kerry rejected criticism Cuban government opponents were not asked to attend the morning events at the embassy.

“We just disagree with that. We’re going to meet,” he said. The embassy ceremony, “is a government-to-government moment. We’re opening an embassy. It’s not open to everybody in the country. And later we’ll have an opportunity where there is a broader perspective to be able to meet with … a broad cross-section of Cuban civil society, including dissidents,” he said.

While many dissidents support the U.S-Cuba opening, many also oppose it, charging that the administration is helping the Castro government stay in power while getting little in return. Since the restoration of relations was announced, the number of opposition demonstrations has sharply increased, along with government detention of dissidents.

“The truth is that this will not be the complete and total change everybody wants overnight. It’s going to take a little bit of time,” Kerry told CNN. “But I am convinced … President Obama is convinced, that by being there, we will be able to do more to help the Cuban people,” he said. “Their concerns, their issues, their hopes, their dreams will be better represented more directly to our government with accountability in that process.”

Human rights, Kerry said, is “at the top of our agenda in terms of the first things that we will be focused on in our direct engagement with the Cuban government,” including his Friday talks with Rodriguez.

In a Thursday letter to Kerry, the organization Reporters Without Borders USA noted that Cuba ranks 169 of 180 countries on its press freedom index. “Cuba’s information monopoly and censorship practices do not apply only to local media,” it said, “foreign journalists are also subject to restrictions, receiving accreditation only selectively” and “deported” when they displease “the current regime.”

Despite the restoration of relations, the U.S. economic embargo against Cuba remains in place. Obama has called for Congress to lift it, along with remaining restrictions on U.S. travel to the island, but lawmakers have resisted.

The eight members of Congress in Kerry’s official delegation include Sens. Barbara Boxer (D-Calif.), Jeff Flake (R-Ariz.), Amy Klobuchar (D-Minn.) and Patrick Leahy (D-Vt.); and Democratic Reps. Karen Bass (Calif.), Steve Cohen (Tenn.), Barbara Lee (Calif.) and Jim McGovern (Mass.).

The embargo continues to be a rallying point for the Cuban government. In an article published in Granma, the official Cuban Communist party paper, on the occasion of his 89th birthday Thursday, revolutionary leader and former president Fidel Castro criticized the United States for everything from dropping an atomic bomb on Japan near the end of World War II, to setting the stage for global economic crisis by amassing most of the world’s gold supply.

That crisis, Castro said, had battered Cuba’s economy, even as it is “owed compensation equivalent to damages, which have reached many millions of dollars” as a result of the U.S. sanctions.

 

Smoke Coming From the Hillary Server Fire is Worse

Posted on by

Strip the security clearance from this woman. There are many calling for this exact action and the State Department will not comment if she in fact still has it. At least during this investigation, her clearance should be suspended.

Posted on this site was a timeline and factual information when it comes to the Hillary Servergate affair. A few hours have passed and there of course is more to report.

More factual intrigue is listed below and it is not in any real date order given what and how information is being obtained. This comes as the FBI begins the data and material investigations.

1. Barack Obama drafted and signed a lengthy Executive Order #13526 spelling out the comprehensive conditions of all classified and top secret information. The Democrats and those supporting the Hillary camp in Severgate can NO longer claim restrictive laws are passed AFTER her term as Secretary of State. Further and quite important, Hillary was ONE of 20 who were designate with authority to apply classified codes to documents making it all the more curious on how she can claim ignorance in top secret or restricted documents.

2, It is now confirmed, the second server in question which held the material involved in Servergate, located in New Jersey and seized by the FBI was stripped of data. The FBI does in fact have the skills to rebuild and retrace all administrative actions in the server.

3, Now another at the core of this investigation is Huma Abedin who was and is Hillary’s personal confidant and aide de camp. To date, she has not signed nor turned over as order by Judge Sullivan the certification under penalty of perjury or the email materials which hovers in the range of 7000 communication transmissions.

4. As discussed before, not only was there 3 thumb drives of the Hillary email transaction surrendered to the FBI and 3 servers, but the FBI will likely need to obtain or gain a search warrant for 3 additional communication devices held by Hillary, those being her Blackberry, her iPhone and her iPad.

5. When it comes to the SIGINT or geo-spatial top secret email in question, it appears it was relating to a drone image of terror groups in Pakistan. This speaks to sources and methods such that the top secret designations would have originated with the original transmission of the critic (critical communications).

6. Platte River was NOT an approved facility to house or support classified material. Outside vendors are to be approved in the case of top secret material that have hardened rooms preventing espionage or eavesdropping.

7. There will be more Hillary personnel caught up in the investigation snare and those likely will include Mike Morrell, Deputy Director of the CIA; Phillippe Reines, Hillary’s gatekeeper; Jeremy Bash, former Chief of Staff for Leon Panetta; Andrew Shapiro, Hillary’s Policy Advisor; and several others now at Beacon Global Strategies, Hillary’s personnel policy think tank.

8. The contracted server company, Platte River is now raising deeper questions due in part to a lawsuit and investigation from November 2014. The lawsuit document is found here. They stole phone numbers and metadata from White House military advisors.

The Internet company used by Hillary Clinton to maintain her private server was sued for stealing dozens of phone lines including some which were used by the White House.

Platte River Networks is said to have illegally accessed the master database for all US phone numbers.

It also seized 390 lines in a move that created chaos across the US government.

Among the phone numbers which the company took – which all suddenly stopped working – were lines for White House military support desks, the Department of Defense and the Department of Energy, a lawsuit claims.

Others were the main numbers for major financial institutions, hospitals and the help desk number for T2 Communications, the telecom firm which owned them.

A lawsuit filed on behalf of T2 claims that the mess took 11 days to fix and demands that Platte River pay up $360,000 in compensation.

More to come for sure…..stay tuned.

 

Now Veterans Can Grade VA Facilities

Posted on by

Listen To A VA Employee And A Veteran Break Down On The Phone Over Access To Care, the full story is here.

The plight of veterans when it comes to the Veterans Administration continues and no one is really taking any action to clean up the mess while vets actually die waiting for an appointment for medical services.

Some disabled veterans go hungry and can’t afford basic resources for themselves because the disability rating they have been given by the VA isn’t high enough for them. They have to seek assistance from somewhere like these Georgia VA disability lawyers to help them get the disability rating they deserve. Few veterans are treated with the respect they deserve but now there are new platforms to make things better for them.

Now a new ratings platform has been launched to help vets navigate and even grade each facility, a new tool that is desperately needed. The Secretary of the VA ignores reports and the Congress has worked diligently to install cures and solutions that the VA is loathe to accept.

Washington ~ Stars and Stripes: More than 35,000 veterans have had their health care delayed by a Department of Veterans Affairs computer program that automatically put them in limbo — many for years. Yet the VA says it lacks the authority to override the system.

According to documents leaked to the Huffington Post, the veterans — most of whom served in Iraq and Afghanistan — were erroneously put onto a “pending” list for failing to fill out a means test. But combat veterans are not required to fill out means tests to receive health care.

About 16,000 of the cases have been pending for more than five years, according to the Huffington Post. Under VA rules, combat veterans are eligible for five years of free health care after discharge, but the period begins the day of discharge. But VA spokeswoman Walinda West said combat veterans who are granted Veterans Health Administration benefits received them for life.

The VA has known about the problem since at least April, according to the Huffington Post. As of Wednesday, staffers were calling and mailing notices to affected veterans, telling them to fill out paperwork to agree to copays – which appears to duplicate paperwork they have already filled out — in order to enroll in the program.

VA website

New VAratings.com Healthcare Site Allows U.S. Veterans to Rate & Review VA Facilities Nationwide

Charleston, SC: VetFriends.com – the largest Website reuniting U.S. military veterans – has launched a nationwide online database of VA Hospitals with ratings and reviews at https://www.VAratings.com. The goal of the site is to allow veterans to share their experiences, rate their local VA hospitals and clinics and to help improve and provide awareness to Veterans Affairs facilities nationwide.

U.S. veterans and military personnel are the foundation of what has made America the symbol of freedom and opportunity that we enjoy today. The VetFriends.com Veteran Healthcare Resource Center is a free resource for all veterans and their families.

VAratings.com powered by VetFriends.com provides a free ratings/review system with a directory of all VA Hospitals, Outpatient Clinics, Veteran Centers, National Cemeteries and Intake Centers. The rating system consists of a 5 star rating process with questions about a veteran’s visit that deal with: Department, Ease of scheduling, Wait times, Treatment quality, Staff’s quality of care and more. A comment section is also available where veterans can add more information and others visitors can respond directly to posts.

VAratings.com was created to provide objective reviews of services provided by the VA from U.S. veterans and their families. It is important for veterans to know that their VA facility has the highest quality of care and expertise. VAratings.com is an ideal platform for information to be exchanged, questions asked and unbiased reviews are posted.

Each month a topic will be spotlighted in our awareness campaign featuring a specific health issue. The topic covered will coincide with the national awareness months such as Breast Cancer Awareness in October and American Diabetes Month in November. Additional resources include information on how veterans can obtain VA Benefits, along with a library of VA forms. Furthermore, health topics and articles address illnesses, new treatments and discoveries, along with healthy lifestyle tips plus a variety of others.

VetFriends.com offers additional services such as: search over 1,900,000 members to make contact with old service friends and relatives; information on how to obtain your own or a relative’s military records and medals; message boards; military veteran job boards; upload past and present photos; military jokes; search and post reunions, military pride merchandise and more.

VetFriends.com encourages all Companies, and all Americans to honor and support our U.S. veterans and active military of the U.S. Army, Navy, Air Force, Marines and Coast Guard — All heroes of our nation.

Founded in 2000 by a U.S. military veteran, thousands of people have been reconnected through VetFriends.com, spanning from World War II through to Operation Desert Storm and the present. For further information and/or interview opportunities please contact VAratings.com at: (843) 606-2578(843) 606-2578

Cyber-attack on Power Grid Paralysis

Posted on by

Cyber Attacks on the Power Grid: The Specter of Total Paralysis

Posted in General Security, Hacking, Incident Response on July 27, 2015

The Incidents

Imagine that one day you wake up and trading is halted on the New York Stock Exchange (NYSE) floor; meanwhile systems at United Airlines and the Wall Street Journal newspaper appear out of order.

It is not a scene from a movie; it happened on July 8, when trading at the NYSE stopped around 11:30 a.m. ET.

According the media, the temporary interruption of the services mentioned was a fateful coincidence and the events are unrelated, but the incidents have raised once again the question of the real security of critical infrastructure.

White House spokesperson Josh Earnest confirmed that the incidents weren’t caused by cyber-attacks. President Obama had briefed on the glitch at NYSE by White House counterterrorism and Homeland Security adviser Lisa Monaco as well as Chief Of Staff Denis McDonough.

“It appears from what we know at this stage that the malfunctions at United and at the stock exchange were not the result of any nefarious actor,” said Department of Homeland Security Secretary Jeh Johnson. “We know less about the Wall Street Journal at this point except that their system is back up again as is the United Airline system.”

Which is the impact of a cyber-attack on a critical infrastructure? Are critical infrastructure actually secure?

A major attack on a critical infrastructure like a power grid would cause chaos in the country by interrupting vital services for the population.

The current scenario

The Stock Exchange, transportation, and media are critical to the infrastructure of a country. A contemporary failure of these systems could cause serious problems to the nation, especially when the incident is caused by a cyber-attack.

“I think the Wall Street Journal piece is connected to people flooding their web site in response to the New York Exchange to find out what’s going on.” FBI Director James Comey told the Senate Intelligence committee. “In my business we don’t love coincidences, but it does appear that there is not a cyber-intrusion involved.”

Sen. Bill Nelson, D-FL, the top Democrat on the cyber-security subcommittee, told Fox News that the NYSE incident has “the appearance” of a cyber-attack and noted the coordination of multiple sites.

Thus far, the temporary outage at the New York Stock Exchange, United Airlines and the Wall Street Journal’s website were the results of tech glitches, but we have to consider the US infrastructure remains vulnerable to cyber-attacks that would cause serious problems and would be costly.

To compound the scenario, there is the rapid increase in the number of cyber-attacks, at least of those we fail to detect, and its complexity.

The DHS’s Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) has issued its new ICS-CERT MONITOR report related to the period September 2014 – February 2015. The ICS-CERT MONITOR report

According to the report, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) received and responded to 245 incidents in Fiscal Year 2014, more than half of the incidents reported by asset owners and industry partners involved sophisticated APT. ICS/SCADA system were also targeted by other categories of threat actors, including cyber criminals, insider threats and hacktivists.

“Of the total number of incidents reported to ICS-CERT, roughly 55 percent involved advanced persistent threats (APT) or sophisticated actors. Other actor types included hacktivists, insider threats, and criminals. In many cases, the threat actors were unknown due to a lack of attributional data.” states the report.

Analyzing incidents reported by sector, it is possible to note that the majority of the attacks involved entities in the Energy Sector followed by Critical Manufacturing. About 30 percent of the incidents hit infrastructures in the energy sector, meanwhile Critical Manufacturing (i.e. manufacturing of vehicles and aviation and aerospace components) accounted for 27 percent.

The threat actors used a significant number of zero-day vulnerabilities to compromise industrial control systems through the exploitation of web application flaws.

The most common flaws exploited by attackers include authentication, buffer overflow, and denial-of-service . Noteworthy among ICS-CERT’s activities included the multi-vendor coordination that was conducted for the ”

“Noteworthy among ICS-CERT’s activities included the multi-vendor coordination that was conducted for the “Heartbleed” OpenSSL vulnerability. The team worked with the ICS vendor community to release multiple advisories, in addition to conducting briefings and webinars in an effort to raise awareness of the vulnerability and the mitigation strategies for preventing exploitation” states the ICS-CERT report to explain the coordination activities sustained by the agency to address principal vulnerabilities.

The ICS-CERT MONITOR report confirmed that the attackers used a vast range of methods for attempting to compromise control systems infrastructure, including:

Figure 1 – ICS -CERT Attack Methods

Unfortunately, it is quite difficult to attribute an incident to a specific threat actor. In the majority of cases, these offensives have gone under the radar over the years due to high level of sophistication of the Tactics, Techniques, and Procedures (TTPs).

The victims were not able to identify the threat actors. Neither the attack vector exploited by hackers for 38 percent of the reported incidents,

“Many more incidents occur in critical infrastructure that go unreported,” states the ICS-CERT MONITOR report. “Forensic evidence did not point to a method used for intrusion because of a lack of detection and monitoring capabilities within the compromised network”.

US power grid vulnerable to cyber attacks

The US power grid is a privileged target for various categories of attackers, terrorists, cyber criminals, and state-sponsored hackers. Daily, they threaten the backbone of the American society. Security experts and US politicians are aware that the national power grid is vulnerable to a terrorist attack.

“It’s possible; and whether it’s likely to happen soon remains to be seen,” explained by the former Secretary of Defense William Cohen on “The Steve Malzberg Show.”

Attackers have several options to hit a power grid, from a cyber-attack on SCADA systems to an EMP attack, according to Cohen.

“You can do it through cyber-attacks, and that’s the real threat coming up as well. We have to look at cyber-attacks being able to shut down our power grid, which you have to remember is in the private sector’s hands, not the government’s. And we’re vulnerable,” Cohen added. “It’s possible and whether it’s likely to happen soon remains to be seen.”

“That’s because the technology continues to expand and terrorism has become democratized. Many, many people across the globe now have access to information that allows them to be able to put together a very destructive means of carrying out their terrorist plans. We’re better at detecting than we were in the past. We’re much more focused in integrating and sharing the information that we have, but we’re still vulnerable and we’ll continue to be vulnerable as long as groups can operate either on the margins or covertly to build these kind of campaigns of terror.” said Cohen.

Former Department of Homeland Security Secretary Janet Napolitano shared Cohen’s concerns. A major cyber-attack the power grid was a matter of “when,” not “if.”

State-sponsored hackers, cyber terrorists are the main threat actors, but as confirmed by a recent research conducted by TrendMicro, also the cybercrime represents a serious menace.

Former senior CIA analyst and EMP Task Force On National Homeland Security Director, Dr. Peter Vincent Pry, told Newsmax TV that that a cyber attack against the power grid could cause serious destruction and loss of life.

Not only US power grid are under attack. In January 2015, the British Parliament revealed that UK Power Grid is under cyber-attack from foreign hackers, but the emergency is for critical infrastructure worldwide.\

Figure 2 – SCADA control room

Arbuthnot confirmed the incessant attacks on national critical infrastructure and he doesn’t exclude a major incident, despite the enormous effort spent at the National Grid.

“Our National Grid is coming under cyber-attack not just day-by-day but minute-by-minute,” Arbuthnot, whose committee scrutinized the country’s security policy, told a conference in London last year. “There are, at National Grid, people of very high quality who recognize the risks that these attacks pose, and who are fighting them off,” he said, “but we can’t expect them to win forever.”

The power grid is a vital system for our society and the cyber strategy of every government must consider its protection a high priority, a terror attack would leave entire countries sitting in the dark.

A hypothetical attack scenario and estimation of the losses

What will happen in case of a cyber-attack on a critical infrastructure in the US? Which is the economic impact of a cyber-attack against a power grid?

According to a poll conducted by researchers at the Morning Consult firm from May 29 to May 31, cyber-attacks are just behind terrorism attacks on the list of biggest threats to US. The research allowed the experts to estimate that the insurance industry could face losses of about $21 billion. That poll was conducted by interviewing a national sample of 2,173 registered voters.

Nearly 36 percent of voters consider acts of terrorism at the top of a list of major security threats, followed by cyber-attacks at 32 percent.

Figure 3- Morning Consult firm poll results

The Lloyd’s of London has conducted a very interesting study, Business Blackout, that describes the impacts of a cyber-attack on the national power grid.

It is the first time that the insurance industry has elaborated on a similar report. Obviously, the estimates provided are merely indicative due to the large number of factors that can influence the costs.

According to the report prepared by Lloyd’s of London in a joint effort with the University of Cambridge’s Centre for Risk Studies, cyber-attacks would have a catastrophic impact on multiple types of insurance.

The attack scenario described by Business Blackout illustrates the effects of a malware-based attack on systems that controls the national power grid. The attack causes an electrical blackout that plunges 15 US states and principal cities, including New York City and Washington DC, into darkness. Nearly 93 million people will remain without power in the scenario hypothesized by the study.

The attackers spread the ‘Erebos’ Trojan through the network with the effect of compromising the electricity generation control rooms in several locations in the Northeastern United States.

According to the researchers, the attack will cause health and safety systems to fail, disrupting water supplies as electric pumps fail. The chaos will reign causing the failure of main services, including transportation. The malware is able to infect the Internet and search and compromise 50 generators that it will destroy, causing prolonged outages in the region.

The total of claims paid by the insurance industry has been estimated to be included in the interval comprised between $21.4b and $71.1b, depending on the evolution of the scenarios designed by the researchers.

The researchers involved in the simulation have calculated the economic losses could range from $243 million to $1 trillion, depending on the number of components in the power grid compromised by the attack.

“Economic impacts include direct damage to assets and infrastructure, decline in sales revenue to electricity supply companies, loss of sales revenue to business and disruption to the supply chain. The total impact to the US economy is estimated at $243bn, rising to more than $1trn in the most extreme version of the scenario.” states the report.

The experts analyzed the historical outages, estimating that currently the power interruptions, most of which last five minutes or less, already cost the US about $96 billion. The cost related to a prolonged outage is likely to be included in the range of $36 billion to $156 billion. The Commercial and industrial sectors are the sectors most impacted by the attack on the power grid due to their dependency on the electricity supply.

“Evidence from historical outages and indicative modelling suggests that power interruptions already cost the US economy roughly $96bn8 annually.9 However, uncertainty and sensitivity analysis suggest this figure may range from $36b to $156b.” continues the report. “Currently over 95% of outage costs are borne by the commercial and industrial sectors due to the high dependence on electricity as an input factor of production.”

As explained in the report, it is important to identify the risks related to a possible cyber-attack and adopt all the necessary measures to mitigate them. The protection of critical infrastructure like a power grid is an essential part of the cyber strategy of any Government.