[R-390] off topic interesting read

William J. Neill wjneill at consolidated.net
Wed Apr 8 15:36:23 EDT 2009 

The subject has attracted attn from DoD and DHS and herewith are a  
sampling of comments from this morning's postings on a DoD INTEL  
netserver:

We have known about China and Russia’s exploits on the NIPR front.   
This article is interesting
in the fact that critical infrastructure systems were penetrated and  
malware was left behind.

Does anyone have an UNCLASS damage assessment?

http://online.wsj.com/article/SB123914805204099085.html



On Apr 8, 2009, at 9:54 AM, Villano, Paul Mr CIV USA TRADOC wrote:
I found the CBS version of the story http://www.cbsnews.com/stories/ 
2009/04/08/national/main4928223.shtml
interesting because a former HLS employee mentions there were "a lot"  
of intrusions last year.  I wonder what the reason for his "former"  
status is.



On Apr 8, 2009, at 8:51 AM, Raines, James B Jr WO1 RES USAR USARC wrote:

> We have known about China and Russia’s exploits on the NIPR front.   
> This article is interesting
> in the fact that critical infrastructure systems were penetrated  
> and malware was left behind.
>
> Does anyone have an UNCLAS damage assessment?

You may be interested in the Task Force on Electric Grid  
Vulnerability (EGV), which maintains a host of unclassified and FOUO  
materials on Intelink-U:

http://www.intelink.gov/wiki/Electric_Grid_Vulnerability

Membership and POCs available here:

http://www.intelink.gov/wiki/Electric_Grid_Vulnerability/Membership

You may wish to contact the Task Force for additional information on  
the recent media coverage.

One important consideration is that the presence of malware on such  
systems does not always imply intentional penetration; often, the  
presence of malware on secure systems is the result of improper use,  
poor user education, or other deficient local security practices. Web  
and email vectors are common.

That said, the presence of this type of malware, much of which is  
designed to communicate with an external control server for  
instructions, is undesirable even if not the result of a concerted or  
targeted effort. Once in place, networks of individuals interested in  
more malicious activities than sending spam or bringing down a web  
site would have a considerable base of systems from which to pick, in  
all manner of sensitive areas.

- Dave



Bill Neill
Conroe, Texas


On Apr 8, 2009, at 11:47 AM, odyslim at comcast.net wrote:

I know this is off topic but worth reading. Individuals have been caught
trying to map out our power grids.

http://www.comcast.net/articles/news-general/20090408/NEWS-US- 
CYBERATTACK-USA/

Regards, Scott

More information about the R-390 mailing list