Posted on

Increasing risks to SCADA security

It seems, hackers will be hackers. The advent of single point remote control systems like SCADA (Supervisory Control And Data Acquisition) which are connected to the internet means that obscurity of their existence is only a matter of social engineering or port scanning.

What happens to say a electricity grid that is managed by SCADA? Is it possible to orchestrate weather based resource terrrorism like the recent event in Brazil? Not a few days ago, a blackout across the southern half of Brazil sends 50 million people into darkness and prompts a major police mobilisation amid fears of an opportunistic crime wave.

Source: http://www.news.com.au/story/0,,26335596-401,00.html

So a “cyber” hacker sits in a remote location, usually outside of the target country itself, finds some holes in the SCADA’s security, and 50 million people are thrown into a state of confusion and fear about their safety. To contextualise this, more than double the Australian population put together was affected by one SCADA system failing to deliver 17000 megawatts.

In Australia, we are heading towards the SCADA control of our electricity grid. What measures are being taken by law enforcement agencies to ensure that our SCADA systems are safe?

What is the risk posed to ‘weather-fragile’ individuals like the elderly and ill, in a seriously hot period of weather when a hacker decides to mount a DOS/malicious attack on a SCADA system?

Posted on

Adelaide Hacker Compromised 3000 Machines!

Adelaide Hacker compromised over 3000 machines and infected them with a known computer virus that can phish data like credit cards, banking logon details etc. He also tried to launch the virus globally and to potentially infect 74000 machines. He is facing a jail sentence of 2 to 10 years if convicted.

He is being charged with:

– unauthorised modification of computer data, supply and possession of a computer virus with intent to commit a serious computer offence,
– unlawful possession of a computer system, theft and
– trafficking a controlled substance.

“The arrest has resulted in the acquisition of intelligence which can be utilised to identify further offenders,” said Detective Inspector Jim Jeffrey of SAPOL.

Could this uncover a ring of hackers in Adelaide?

AdeladeNow Story: http://www.news.com.au/adelaidenow/story/0,22606,25923434-5006301,00.html

Posted on

Black Hats no longer behind White Hats

Research has shown that Black Hat hackers in many cases are far ahead of their White Hat counterparts. Many of the wares produced by Black Hats are now “dormant” and waiting on your system to be activated when signaled. They are mainly trojans that wait for you use your online banking.   Viruses have quadrupled from over 15,000 in 2007 to almost 60,000 in 2008. F-Secure says there were 59,177 programs called “Trojans,” circulating on the Internet since last year, compared with 15,969 in 2007 (USA Today).

Things to consider to have a fighting chance:

  1. Keep your PC up to date. If running Linux, make sure you keep up with the system updates (especially the critical updates). On a Windows box, ensure that Updates are enabled.
  2. An anti-virus software must be installed. I suggest AVG. Even on a linux machine you should run anti-virus software to prevent the propagation of viruses to Windows based machines.
  3. Install some form of Spyware Removal Tool.
  4. It seems Microsoft’s Internet Explorer is at the top of the list of “most hacked” browser. Firefox and Chrome are far less susceptible to attacks, making them safer browsers. Use them instead.
  5. Secure your wireless network. Try to use WPA2-PSK at the very least with a more secure pseudo-random generated key. A good key generator is found here.
  6. Ensure a firewall of some sort is running. Windows Firewall is the absolute bare minimum.

It seems, after all that, it sometimes comes down to just plain common-sense sometimes. A lot of trojans and viruses make their way into your system when certain executables are run. If you receive a file by email, always check the extension on the file. For example, spears.jpg.vbs is not a picture but a vbscript that could be potentially dangerous.

Technorati Tags: , , , , , , , ,

Posted on

Govtrip.com hacked!

A prominent US Government travel website used by federal agencies has been hacked. The site which is operated by defence contractor Northrop Grumman Corp, was breached and changes made so that unsuspecting users would be redirected to a rogue URL where malicious software was thrust upon their systems.

GovTrip is used by several U.S. government agencies, including the EPA and the departments of Energy, Health and Human Services, the Interior, Transportation, and the Treasury, to make travel reservations, as well as to reimburse workers for travel expenses.

You would have to ask why federal agencies would need to expose a travel website to the WWW when they have their own intranets.

Technorati Tags: , , , ,

Source: www.computerworld.com

Posted on

Virus Infected Valentine’s Day e-cards

Spammers are targeting both loved-up and single Australians with Valentine’s Day-themed malware that tricks users into downloading what look like legitimate Valentine’s Day e-cards but are cleverly disguised computer viruses. Phishing attempts have also been reported. Email attacks contain attachments like  “meandyou.exe” and “onlyyou.exe” which have the potential to spread to everyone the victim knows via unauthorised access to address books within their email client, social networking or instant messaging applications.

Technorati Tags: , , , ,

Source: http://www.news.com.au/story/0,,25045134-5015723,00.html

Posted on

Security company’s customer database hacked by SQL Injection

Kaspersky Lab, a Moscow-based security company, admitted today that a database containing customer information had been exposed for almost 11 days and that it only learned of the breach when Romanian hackers told the firm about it (the hackers in this instance were white hats). No data was actually downloaded or looked at.

The hackers (presumed from Romania), went public in a blog post. They claimed that after launching a SQL injection attack on Kaspersky’s U.S. support site, they were able to access a customer database that included e-mail addresses and software activation codes.

Roel Schouwenberg,  a Kaspersky senior antivirus researcher,  confirmed that the database was hacked via a SQL injection attack, but he reiterated that only the database’s table labels had been accessed by the hackers, not the data itself. “A more advanced hacker could have gotten access to the information,”  Schouwenberg acknowledged, “including activation codes for the product and e-mail addresses. But that didn’t happen.”

A combination of vulnerable code crafted by an unnamed third-party vendor and poor code review by Kaspersky was to blame, thus an Application Security issue.

Kaspersky has hired Next Generation Security Software Ltd.’s David Litchfield, one of the world’s experts on SQL injection attacks and database security, to do an independent audit of the company’s systems.  Considering that if Kapersky had been using Rational Appscan to look after their site, they would have been notified during a scan of the vulnerability and other issues without having to extend to external “experts” in SQL injection.

SQL Injection seems to be the major choice by hackers to compromise applications through the web frontend. Rational Appscan can test and identify SQL Injection vulnerabilities in a given system being tested.

Technorati Tags: , , , , , ,

Source: www.computerworld.com

Posted on

Government jobs site hacked

jobs.nsw.gov.au was forced to be shut down after it was found hackers had targeted the site.  The department was alerted by job seekers who began receiving unsolicited emails purporting to be from the site, alerting them to hoax job vacancies. Fears were raised about the personal details of job seekers having being compromised and the Government commissioned Ernst & Young to investigate how the security breach occurred.

This is yet another reason for the focus on application security.

Technorati Tags: , ,

Source: http://www.news.com.au/story/0,,25003695-1242,00.html

Posted on

NT Government systems compromised

A former employee of the Northern Territory Government has admitted to deleting over 10,000 public servant records. The hacker, a computer engineer, used his flatmate’s computer and a former workmate’s access details to hack into the system. His cyber-sabotage crashed multiple government servers, including those of the Health Department, Royal Darwin Hospital, Berrimah Prison and the Supreme Court resulting in $1m in damage. He was previously cleared as part of his job to upgrade and maintain the NT Government’s computer system. He claims he committed the crime because of a perceived slight from his former employer.

Technorati Tags: , , , ,

Source: http://www.news.com.au/story/0,,24952994-17001,00.html

In an earlier report, the same hacker admitted to taking down other NT Government computers.

Source: http://www.news.com.au/story/0,,23707457-2,00.html

Posted on

Compromised VOIP Racks Huge Bill

Hackers have compromised the VOIP communications of a company in WA. The hackers racked up a bill of  AU$120,000 when they used it to make 11,000 international calls in just 46 hours.  WA Police Technology Crime Investigations detectives have warned that hackers are targeting VOIP based iPBX systems. The Call-Forward functions are being used to make international calls.

Technorati Tags: , , , ,

Source: http://www.news.com.au/story/0,,24939188-2,00.html