[R-390] off topic interesting read

[William J. Neill]

Scott:

There's far, far more to this than readily meets the eye.

The same RF control system, SCADA (check it out on Google), used by  
the electrical transmission and distribution companies is also used  
throughout the world by petroleum and natural gas pipelines, US water  
and sewage operators, railroads for signal controls, municipal  
traffic signal controls, government and industrial security systems,  
and just about anything else you can imagine using cellular and  
wireless-based comms for linkages.

This is very bad shit and the probing (from both China AND Eastern  
Europe) has been going on for at least five years.

Here are a few Web sites (with links) that you probably won't find on  
a casual basis that will give you more information:

http://www.w2cog.org/

http://www.thedarkvisitor.com/

http://www.us-cert.gov/cas/alldocs.html

http://www.fbi.gov/cyberinvest/cyberhome.htm

There are many other sites but they are primarily academic in nature,  
focusing on combinations of terrorism and technologies.

Best wishes,
Bill Neill
Conroe, Texas

On Apr 8, 2009, at 5:11 PM, odyslim at comcast.net wrote:

Hi Bill,, This could be really scary. Thanks for filling us all in.

Regards, Scott

----- Original Message -----
From: William J. Neill <wjneill at consolidated.net>
To: odyslim at comcast.net
Cc: milcom <milcom at mailman.qth.net>, r390 list <r-390 at mailman.qth.net>
Sent: Wed, 8 Apr 2009 19:36:23 +0000 (UTC)
Subject: Re: [R-390] off topic interesting read

The subject has attracted attn from DoD and DHS and herewith are a
sampling of comments from this morning's postings on a DoD INTEL
netserver:

We have known about China and Russia’s exploits on the NIPR front.
This article is interesting
in the fact that critical infrastructure systems were penetrated and
malware was left behind.

Does anyone have an UNCLASS damage assessment?

http://online.wsj.com/article/SB123914805204099085.html

On Apr 8, 2009, at 9:54 AM, Villano, Paul Mr CIV USA TRADOC wrote:
I found the CBS version of the story http://www.cbsnews.com/stories/
2009/04/08/national/main4928223.shtml
interesting because a former HLS employee mentions there were "a lot"
of intrusions last year.  I wonder what the reason for his "former"
status is.

On Apr 8, 2009, at 8:51 AM, Raines, James B Jr WO1 RES USAR USARC wrote:

> We have known about China and Russia’s exploits on the NIPR front.
> This article is interesting
> in the fact that critical infrastructure systems were penetrated
> and malware was left behind.
>
> Does anyone have an UNCLAS damage assessment?

You may be interested in the Task Force on Electric Grid
Vulnerability (EGV), which maintains a host of unclassified and FOUO
materials on Intelink-U:

http://www.intelink.gov/wiki/Electric_Grid_Vulnerability

Membership and POCs available here:

http://www.intelink.gov/wiki/Electric_Grid_Vulnerability/Membership

You may wish to contact the Task Force for additional information on
the recent media coverage.

One important consideration is that the presence of malware on such
systems does not always imply intentional penetration; often, the
presence of malware on secure systems is the result of improper use,
poor user education, or other deficient local security practices. Web
and email vectors are common.

That said, the presence of this type of malware, much of which is
designed to communicate with an external control server for
instructions, is undesirable even if not the result of a concerted or
targeted effort. Once in place, networks of individuals interested in
more malicious activities than sending spam or bringing down a web
site would have a considerable base of systems from which to pick, in
all manner of sensitive areas.

- Dave



Bill Neill
Conroe, Texas


On Apr 8, 2009, at 11:47 AM, odyslim at comcast.net wrote:

I know this is off topic but worth reading. Individuals have been caught
trying to map out our power grids.

http://www.comcast.net/articles/news-general/20090408/NEWS-US-
CYBERATTACK-USA/

Regards, Scott