Pages

Categories

Search

 

You And Everyone You Know Should Study This Report On The Cyber Threat

by
June 19, 2014
CTOvision
No Comment

By Bob Gourley

Michael Riley and Jordan Robertson published an important piece for Bloomberg news titled:

UglyGorilla Hack of U.S. Utility Exposes Cyberwar Threat

This well researched piece provides context on the threat I believe all technologists should understand. In fact, it is so important, I think every citizen should read it and think about its implications.

A preview from the piece:

Somewhere in China, a man typed his user name, “ghost,” and password, “hijack,” and proceeded to rifle the computers of a utility in the Northeastern U.S.

He plucked schematics of its pipelines. He copied security-guard patrol memos. He sought access to systems that regulate the flow of natural gas. He cruised channels where keystrokes could cut off a city’s heat, or make a pipeline explode.

That didn’t appear to be his intention, and neither was economic espionage. While he was one of the Chinese officers the U.S. charged last month with infiltrating computers to steal corporate secrets, this raid was different. The hacker called UglyGorilla invaded the utility on what was probably a scouting mission, looking for information China could use to wage war.

UglyGorilla is one of many hackers the FBI has watched. Agents have recorded raids by other operatives in China and in Russia and Iran, all apparently looking for security weaknesses that could be employed to disrupt the delivery of water and electricity and impede other functions critical to the economy, according to former intelligence officials with knowledge of the investigation. The incursions spurred a debate in the Obama administration over whether and how to respond, and raised alarms among lawmakers briefed on the incidents.

Read more at: UglyGorilla Hack of U.S. Utility Exposes Cyberwar Threat


I’m reminded this is a perfect example of something Matt Devost has been talking about for years including at the first FedCyber Summit (http://www.fedcyber.com).  For additional context, check out this blog post discussing attacks against critical infrastructure:

http://www.oodaloop.com/technology/2012/09/27/statecyber/

That is totally spot-on, don’t you think?