Monday, November 21, 2011

SCADA Attacks, are very similar to the Stuxnet attack, basic yet effective

SCADA Attacks, are very similar to the Stuxnet attack, basic yet effective

This attack like the Stuxnet attack, went after some very simple code, that is used to control valves, security gates, and other peripheral devices. Normally a SCADA control program is a fairly sophisticated deal, but when it hands off simple routines like controlling valves, the use of a PLC or programmable logic controller is used. The code for PLC operations is fairly simple, it only handles very small tasks. To insert a bogus code into a PLC is not all that hard, PLC's are designed to be programmed in the field, as such no compiler or at least a sophisticated compiler is needed. This makes them great targets, as one recent article pointed out correctly that most Prison's use SCADA systems, which use PLC's to control doors and gates at the Prison, meaning that it would be possible to program them to open if attacked. Now this would be a more sophisticated attack than a normal Stuxnet would attempt. In fact most of the sophistication of the Stuxnet was in getting the code to the PLC.

Remember PLC's have simple short codes, so getting it to do simple actions like keep opening and closing a valve or door, is pretty easy, to open a door at a predetermined time is really going to have to attack the main SCADA program, a much harder task, not impossible, but harder that attacking the PLC's.

Most SCADA systems should be off line from the internet, and as such it would take an attack like the one used against the Iran nuclear facility. In that case it was introduced via a USB flash device. That takes physical access to the system, or spoofing someone else to have access. If the attack was on part of a SCADA system that was hooked up to the internet,  a big no no usually. Then it is a matter of loose or no passwords to protect the system, which would have at least make it harder for the bad guys to attack the system.

Maintenance contracts for SCADA systems, often require internet access, but these contracts should be reviewed for security purposes. If possible internet hookups should be only physically connected during a time when the maintenance vendor needs access. Often security guards are trained to manually make the connection, and then physically disconnect it when the vendor is done. IT departments make a very big issue of the fact that they can put security controls in place that can stop anything. The bad news is that it is harder and harder to stop everything.

Rich

Borderland Beat: New Routes for Mexico's Black Market Arms

Borderland Beat: New Routes for Mexico's Black Market Arms

I am definitely not a big supporter of our Attorney General Holder, I am how ever not a believer that he has had anything to do with our US Agents death. His crime if there is one, is the same as the Agent that was just sent to jail for two years, he lied and tried to cover up his knowledge of the Fast and Furious program, as such he should I think suffer the same fate, or at least have the sentence against the agent, vacated in some way.

But to the point, as bad as some think Fast and Furious was, the truth is that the vast predominance of arms come from other than the US or at least not directly from the US. In the article 60%, of the weapons recovered are from thefts of Mexico Government military storage. So the speeches of the President of Mexico over the US providing the weapons used by the Cartels is not factually true. The article point to new routes, yet in the article it talks of this weapons traffic from South America, and internal thefts have been happening for years. To make a training video on weapons and training Sheriff's departments all over the US, I have had to study weapons transfers and where they are made. For instance an AK 47, good weapon of choice for Cartel members, cost roughly 5 times as much coming from the US, as it does from South American countries, that have been provided these weapons by Russia, China, and other countries for years. There are stock piles of these weapons all over South America, some countries even have been licensed to make the weapon.

Another weapon of choice for the Cartels, is the Uzi sub machine gun, once again way to expensive in the US, in fact US gangs use Tec 9s and such, that are cheap knock offs, that fire the same caliber cartridges and bullets. In fact the Tec 9 can fire a normal 9mm, which tends to make Uzi's jam. In fact the high end folks in the US moved off Uzi's with the open bolt problem years ago, in favor of H&K MP 5s, and in most case have even moved on from them to newer weapons. But the Uzi is still a big player in the Cartels, and they can get them also from many places in South America. In fact when Israel was training South American Police in the 80's thru till today, they often pushed the Uzi as the weapon of choice. Thefts from the South American countries, are probably the main source of Uzi's for the Cartels.

So if in some way we can stop all weapons from going to the Mexico from the US, it will hardly make a dent in the Cartel's capabilities of procuring weapons. Holder may be guilty of many things, but of the death of our US Agent? Bad people are the cause of the Agents death, and we should be after them, a focus on the Cartels, and their inroads to the US should be our first priority.

Rich

Friday, November 4, 2011

U.S. Report Blasts China, Russia for Cybercrime | Product Design and Development

U.S. Report Blasts China, Russia for Cybercrime | Product Design and Development

The key point here is, it will be hard if not impossible to stop. China is also correct that they are a target as well, mainly from within. With a Government that often picks winners and losers, China has a lot of people inside that fight to get what has been stolen from the US and others, so they can get to market with it.

Russia it would seem is still using info to steal actual funds, more than ideas for new products. But everyone is doing it, sometimes by just allowing it to happen, by hackers in their countries and then monitoring their finds. It is not going to get better any time soon, and for those that are still in love with VPN's, they are but another fence hackers have to jump over. Like in most intelligence groups, they tend to focus on things being encrypted and that are on VPN's. It is sort of a sign post that important stuff is here, so focus on this.

Now this does not mean that they beat them all the time, it does mean we need to look for a weak link here, something we can exploit. Which is what normally happens.

The other part is to remember the attack plan of Intel agencies,is to get 10% of information from each attack, and just keep attacking till you get enough of the picture to work with. So if China allows their hackers loose, then just waits for bits and pieces of the info they want to flow by, they are very happy. Now tell a Russian mob boss you have only gotten 10% of the info they want, you could be in a bit of trouble, but Governments do not have to work that way.

No country is clean in this arena, and very few companies are totally clean. It is sort of like when intel types would capture faxes over telephone lines, print them out, and rumple them a bit and claim they got them from looking at your garbage. In fact emails with PDF's that have the letter head and signatures on them, it is quite simple to make the same claim, and even change the wording in the PDF, so it is more incriminating and printing that out. I am not sure courts can ever trust documents presented as evidence anymore.

With fully 90% of all voice communications going digital at some point of the communications path, taping telephone lines is pretty old school. It still happens, but I would look for some cyber criminal, being the go to guy in this case as well.

So Cybercrime is here to stay, and is growing, it covers everything from espionage to terrorist attacks. Extortion is becoming a big part of cyber crime, which is breathing life into some old and new mafia types. The new moves to virtual and cloud computing, have not helped, but you have to look at risk vs reward in going forward with IT plans, and many experts will tell you virtual and cloud, will not really make it any easier to attack, maybe harder to detect an attack, maybe.

Rich Roth

Tuesday, November 1, 2011

CDC Vital Signs - Prescription Painkiller Overdoses in the US

CDC Vital Signs - Prescription Painkiller Overdoses in the US

Deaths from prescription painkillers* have reached epidemic levels in the past decade. The number of overdose deaths is now greater than those of deaths from heroin and cocaine combined.

Security practitioners need to be aware of both the signs of these problems, as well as emergency medicine for keeping clients alive. There is more and more accreditation and licensing requirements added to the Security profession every year, body guards are one of the most controlled. As such, they are supposed to be trained to handle their clients problems, which more and more include addiction issues. I think the court battle of the M. Jackson doctor, may well involve a security person next time. The initial designation of the security personal around Jackson as Security Guards gave them an out, that perhaps a body guard is not going to get.

I have been brought into addiction issues in the past, and luckily for me, they addiction was a known problem in each case, even the client knew they had a problem. Most where just getting out of a formal recovery program. In many cases, even if the world may believe the person you are protecting is having an addiction issue, and may I mention, I have only worked with business executives to date not entertainment types, at least not the entertainers themselves, they may not know or want to know they may have a problem. Still, knowing warning signs and how to use basic medical devices like air ventilators and defibrillators is becoming as needed as your Red Cross first aid certificates.

There are on line classes for CBT (cognitive behavioral therapy) that may help you deal with the issues more effectively, not as a therapist, but as an observer and aid to the situation. AA & NA have open sessions where you can attended and see how that process works as well, all can lead to a more effective support of the client or their family.

In the past it seemed all we had to do was insure our clients knew illegal drugs where being used at some event to keep the security in the clear, now days with prescription drugs being so much a part of the problem, added to alcohol issues, Security needs to step up its game a bit. As I have dealt with on other blog entries, Contracts in these situations can be tricky.

Rich