“Night Dragon” An Attack on our Energy Infrastructure

My guess? Industrial espionage. The fact that nothing has blown up or shut down makes me think "they" were after information, not breaking stuff.

I came across this article a few days ago. Seems the PTB's in China aren't too concerned with it. They know of it but choose to do nothing about it so it stands to reason there is something to gain for them. Could be they, whoever they are, are testing our ability to detect and stop this sort of cyberattack. Know your enemy type thing. IMO

I don't know who originated the attack, or the reasons behind it, however, it is clear that we all are vulnerable from within and without.

The motive could well be economic, but that doesn't tell us who initiated the attack nor at the behest of whom. I also believe the amount learned by the criminals to be larger than just economic, and could be peddled to terrorist groups and hostile national and corporate entities.

I do not believe we conceptualize how truly complex and multilayered our relationships with other countries, companies and yes, even criminals are.

The criminal economy is not a small one and probably is in the hundreds of trillions of dollars, and impacts us all on many levels of our lives.

China is an up and coming economic and military power that could soon outstrip the US, UK and other western powers. The Chinese rulers have already admitted knowledge of the activities. Not disagreeing with you Doc but like I said they choose not to do anything about it. Uncle Sam would be wise to cultivate China as an ally.

That's some great timing, considering the "off-switch" for the internet in the US being discussed. Almost smells like false flag operations to me.

Yep... they own so much of our paper we better be good little boys and girls...

You're assuming the DoD (or NSA, or CIA) is better at cyberwarfare than my grandmother. I doubt that they are. It is also unlikely that they could keep a lid on something like this.

I absolutely assume that they are just as capable as China, when it comes to "cyber warfare". Anything else would just be naive. US hackers are neither innocent nor incompetent.

Re: "keep a lid on something like this" - I have no idea how to determine if something is likely or unlikely when it comes to espionage, but I do know it's possible.

Fellas... wait for tomorrow's planned article.... I'll explain exactly how a cyber attack can shut down the net, and about the "off switch".

Same time, same station and as Warner Wolfe used to say, "Videotape at 11."

Hackers, sure. But the national-security structure does not (to my knowledge) have any system to recruit hackers, and I doubt many would go to work for them if they did.

They're called Red Teams. I think it's understandable that the NSA doesn't really push this on the 11'oclock news. They are apparently "recruited" with abandon.

Source? That would be very interesting to learn more about...

These attacks began in 2007, and the oil companies only knew about it when McAfee made a report?

Why are people worried about this connecting to an internet off switch?  It's all oil company related, which means it's either bullshit or the oil companies are fucking retarded, and either way it'll end up with higher gas prices.

There was a fairly comprehensive study on our infrastructure vulnerability to 'cyberwars' done in Norway some years ago. It has probably been updated but back then the 'main points' were:

Power infrastructure:
Bad: Power companies has tended to convert from dedicated networks and proprietary platforms over to regular internet and windows-based systems in order to cut costs and increase profits. Result: Systems are more vulnerable.
Good: However, the power systems themselves operate perfectly well without the computers and there is no possibility of actual damage to the systems originating solely from the networks.
Bad: Load information is transmitted over the internet in order to reroute power traffic. A physical attack on a power junction combined with a DOS attack on the computers could lead to cascade failures similar to that on the US east coast a few years ago, but you'd need a well-timed combined attack.

Industry:
Bad: JIT distribution combined with increasing amounts of using the internet for distributing orders will cripple industry quickly. Without stockpiles, industry can operate only for a short time without shipments, and without the internet, logistics will become very difficult for a period of time.
Good: This would be somewhat temporary; the industry can to a large extent operate without the internet, but efficiency will take a nosedive for a few weeks. 

Internet vulnerability:
The internet itself is robust. However, 'cost efficiency' is a risk also here - it is more robust on paper than in reality. Internet traffic looks widely dispersed but there are a few major trunks and hubs that will cause major traffic congestions if they are taken out - looking at the atlantic lines it looks like there's a good number of trans-atlantic cables, for instance, but a lot of those fiber lines are actually in the same cable. You can't really isolate most countries' internet easily, but you can reduce quality of service a LOT.

The internet challenge is much more about getting and adjusting information than 'destructive terrorism'. As for the OP's post, I'd say this is not a case of the US being asleep... the US is one of the more paranoid states that wants to keep a tab on global (rather than domestic) oil companies, the same way that the recent cyberattack on Iran's nuclear programs were rather likely to originate from a certain western country than, say, China.

 

No, 2009.

Not worried. Explaining.

No, it goes further, and it's implications far more.

The Internet's most serious vulnerability is due to the way it works, Khardis. You will be able to read more about that later today.

So we have noted.  Great article, although this one I had already read about.  Industrial espionage.  China is bursting at the seems, and it cannot keep up fast enough economically.  So it has to steal what it does not have (instead of buying or inventing it).

That is the consensus I take away from this and similar episodes occurring in other industries (in my organization, we know of Chinese infiltrations very well).

I think you mean technologically.The Chinese economy is huge, and getting huger. And while they are currently behind the US in most technological areas, with all the cash they're pouring into new universities and research centers, I doubt that they'll stay there.

Well, now that the Republicans are back in control in Congress and looking to cut back on almost everything you can bet China will have no problem with catching up and soon after passing us right on by. They always manage to cut off their nose to spite their face.

BTW - In reading the white paper MacAffee wrote it sounds more like spam than anything else in that it seems to be pushing all the different applications they have for combating Night Dragon. Lets see ... if I were a conspiracy theorist I'd say MacAffee created Night Dragon, hacked into the global energy net and is now playing the hero. Now that is really stretching it, right?

Why are these important infrastructure systems even connected to the WEB. These people need to get off their ass and go to work like everyone else. They should watch the latest Battlestar Galactica where there are no inter connected systems at all but no, lets wait until everything falls apart before we do something as usual.

I'm assuming they were stupid enough to put their "intra"net on the same servers that manage, for instance, the company web site.

It is very easy to have 1 office managing the web server or even most companies outsource that stuff.

It is a combination of sheer stupidity and absolute laziness that you cant walk from one machine to another when you want to check your damn face book page or surf porn while you are at work.

Maybe it is that they want to outsource all there data entry people to India and other countries making the WEB connection a must. In that case it deserves to have a back door operation in place that the enemy can flick a switch 5 years from now when the war begins.

No, their economy will fail with out it.  yes, they need technology, but that is just to drive the economy.  They have to keep up the breakneck speed of growth in their economy or risk revolution.  That is what killed the USSR.  When you give people the taste of the good life, it is hard to put them back in mud huts.

You're going off sideways, but I think you're saying kind of the same thing I am. Technological and economic growth feed into each other, of course, and China has been expanding economically at an incredible rate without much technological growth, especially when you consider the ungodly mess the cultural revolution created just a few decades ago. That will soon change. But I don't think they want to wait for homegrown R&D to get up to speed, which is why the powers that be over there seem not to care too much about industrial espionage going on.

Quite the opposite. They encourage it by doing nothing to suppress it and reap the 'benefits' on the side. It eases my fears somewhat that their system is basically corrupt.

What bothers me so much is that on the average person level there is little or no security awareness and that permeates the systems developed. Security is the IT guy's job. It also bothers me that the hackers are state and crime supported.