back to article No big deal... Kremlin hackers 'jumped air-gapped networks' to pwn US power utilities

The US Department of Homeland Security is once again accusing Russian government hackers of penetrating America's critical infrastructure. Uncle Sam's finest reckon Moscow's agents managed to infiltrate computers networks within US electric utilities – to the point where the miscreants could have virtually pressed the off …

  1. tip pc

    More detail please

    Would love to read more detail on how they exploited the air gapped systems, I assume from Russia.

    1. diodesign (Written by Reg staff) Silver badge

      Re: More detail please

      There is no more detail right now – just a strategic exclusive briefing by Homeland Sec officials with the WSJ.

      [ Edit: There's more detail here ]

      Presumably the equipment suppliers have access to the utilities' networks so they can provide remote support. That's one way in. The other way is to hack vendors, infect devices, wait for them to be shipped to power plants. Phone home, somehow.

      Relevant bits from the Journal:

      "The Russian hackers, who worked for a shadowy state-sponsored group previously identified as Dragonfly or Energetic Bear, broke into supposedly secure, 'air-gapped' or isolated networks owned by utilities with relative ease by first penetrating the networks of key vendors who had trusted relationships with the power companies, said officials at the Department of Homeland Security.

      "The cyber-attack, which surfaced in the U.S. in the spring of 2016 and continued throughout 2017, exploited relationships that utilities have with vendors who have special access to update software, run diagnostics on equipment and perform other services that are needed to keep millions of pieces of gear in working order.

      "The attackers began by using conventional tools—spear-phishing emails and watering-hole attacks, which trick victims into entering their passwords on spoofed websites—to compromise the corporate networks of suppliers, many of whom were smaller companies without big budgets for cybersecurity.

      "Once inside the vendor networks, they pivoted to their real focus: the utilities. It was a relatively easy process, in many cases, for them to steal credentials from vendors and gain direct access to utility networks."

      C.

      1. Jack of Shadows Silver badge

        Re: More detail please

        Tried and true technique and exactly my approach. Remember Target?

        1. John Smith 19 Gold badge

          "Tried and true technique and exactly my approach. Remember Target?"

          I was thinking "Isn't this exactly how STUXNET was infected into the Iranian nuclear programme?

          Who thought US companies would be so dumb to fall for this?*

          *Kidding. If a nation state started laying explosives around the infrastructure of another nation state this would be called an act of war. It is time alien code running on strategic servers was viewed in the same way.

      2. DougS Silver badge

        Re: More detail please

        Probably the same way those attacks always seem to go. Either the system is only air gapped 99% of the time (i.e. they have to temporarily connect it for vendor service/diagnosis) or they use USB devices as their sneakernet medium. Yes, it would be stupid to have autorun enabled on those air gapped machines, but often you see TERRIBLE security settings on air gapped machines because "they're safe from hackers, so why bother?"

        1. hammarbtyp Silver badge

          Re: More detail please

          You don't need autorun. With enough resources you can compromise the USB key itself to attack the system, for example by looking like a USB keyboard

          1. DougS Silver badge

            Re: More detail please

            With enough resources you can compromise the USB key itself to attack the system

            Don't you need to modify hardware to do that? If it is even theoretically possible for software to remotely hack a USB flash storage device connected to a standard PC to make it act like a keyboard when connected to a different standard PC, color me shocked (and I'd like a link, please)

            If you can leave USB keys laying around the parking lot and they're dumb enough to use that in the air gapped system, then they probably have so many other security failures you don't need this attack. If you're able to do a black bag job and break in to swap out the USB keys they use on the air gapped systems with one that's been modified, then you might as well just go directly to the air gapped system and do what you please.

            1. usbac

              Re: More detail please

              @DougS,

              There was a research paper a while back where they were able to re-program the microcontroller in some USB flash drives to turn them into a keyboard emulator.

              What do you know, it was on El Reg...

              https://www.theregister.co.uk/2014/07/31/black_hat_hackers_drive_truck_through_hole_in_usb_security/

              1. Unoriginal Handle

                Re: More detail please

                https://malduino.com/

            2. DCFusor Silver badge

              Re: More detail please

              https://www.bunniestudios.com/blog/?p=3554

              Here's your link, other Doug. Bunnie and Xobs figured out how long ago, but didn't go too far into the black hat part so as to stay out of jail. But if you know computers, and know that USB sticks and SD cards can indeed be programmed with the right code (knocking sequence) then the rest follows.

      3. Peter Gathercole Silver badge

        Re: More detail please

        Um. If somebody/anybody has remote access to a network, then it is not "air-gapped".

        A properly air-gapped environment has absolutely no communications connections with any other environment, and is completely self-contained in one location.

        Anything else should probably be described as "firewalled" (assuming that there are firewalls in place!)

      4. Laura Kerr
        Mushroom

        Re: More detail please

        Hang on a tick. You could try crossing an air-gapped network by infecting a software package destined for it before it's taken across the gap, but then what?

        Basic security (granted, that's a bit of an assumption) would require that you check everything coming in from outside, even a vendor's network. A simple checksum calculation would show if a package has been tampered with. For that to pass, the correct checksum would have to be replaced by that of the compromised package.

        OK, that might be achievable. But once you've installed your malware, how do you pass commands to it?

        TBH, this reads like Cold War reds under the bed. Time to set up camp at Greenham Common again?

        1. hammarbtyp Silver badge

          Re: More detail please

          asic security (granted, that's a bit of an assumption) would require that you check everything coming in from outside, even a vendor's network. A simple checksum calculation would show if a package has been tampered with. For that to pass, the correct checksum would have to be replaced by that of the compromised package.

          A simple checksum would be easy to spoof, but if checksum was HMAC'd or encrypted, then less so

          1. Claptrap314 Bronze badge

            Re: More detail please

            I upvoted this, but I'm assuming that the poster meant "a cryptographically secure checksum".

            1. Laura Kerr

              Re: More detail please

              She did.

      5. jmch Silver badge

        Re: More detail please

        I noticed this.... BUT

        "We're told, and can well believe, that the equipment makers and suppliers have special access into the utilities' networks in order to provide remote around-the-clock support and patch deployment"

        So... not air-gapped then if suppliers could log in to provide remote support?

      6. magickmark

        Re: More detail please

        Ok try this:

        Infect vendors networks

        Conntect Laptop to network

        Laptop infected

        Take laptop on service call to air gaped network & plugin

        Air gaped network infected

        Malware delivers payload/slurps info

        Passed info back to laptop

        Take laptop back to vendor and plug into network

        Data sent home

        Simples?

    2. Christian Berger Silver badge

      It's most likely a combination of the following...

      Gaining access to unrelated systems in order to know about the social graph of the target.

      You then use that information to pose as a trusted partner, e.g. the vendor of the software, and send "updates" or office documents with which you can infiltrate the system.

      This can be done via e-mail or, depending on the typical way software updates are distributed, postal mail. If your vendor sends you software updates via mail, sending a fake update which looks the same as a real one won't raise any suspicion and it will be installed.

      BTW probably _all_ secret services do that kind of thing.

    3. veti Silver badge

      Re: More detail please

      You can always read up on Stuxnet, which did exactly this. The Russians' approach might be similar. Or it might be completely different, they've got the skills.

      1. Red Bren
        Mushroom

        Re: More detail please

        Yeah, but they used to be commies and they're probably still commies really so they're the bad guys and they were infecting US computers with malware and everyone knows that is an ACT OF WAR.

        Stuxnet was just a prank that got a little out of hand but it didn't do any harm and even if it did those eye-ranians are bad guys and they deserved it and they were going to attack us so we retaliated in self defence first.

    4. Robert Carnegie Silver badge

      How?

      Two words: power lines.

      two more words: Carrington event.

      By manipulating sunspots and the solar wind, Russian scientists were able to signal to the power company computer systems... but why would they even need to, if they can do the first thing!

    5. Anonymous Coward
      Anonymous Coward

      Re: More detail please

      Throw one switch, blow the whole cover...this is just hype.

  2. Flocke Kroes Silver badge

    What are they waiting for

    Clearly it is time for the US to team up with fancy bear and properly secure banks, voting machines and nuclear missile launch controls.

    1. rmason Silver badge

      Re: What are they waiting for

      The US will have their NSA equivalent (or whichever agency it is).

      They will know how to properly secure such things. No one will ask them, no one will listen to their answers if they do.

      It'll be too expensive to implement. I.E any cost higher than the current one.

    2. Rich 11 Silver badge

      Re: What are they waiting for

      I'm sure Vladimir proposed this at Helsinki and Donald was only too happy to agree.

      1. Version 1.0 Silver badge

        Re: What are they waiting for

        "Hi Donald, good to see you again - here's a USB stick with all the information on Hillary that I promised"

        "Thanks Vladimir I'll check it out as soon as I get back to the WH - we'll keep this just between ourselves"

        1. stiine
          Gimp

          Re: What are they waiting for

          And you think the KGB didn't stick that Easy Button in their microwave for 10 minutes before giving it back?

    3. Voland's right hand Silver badge

      Re: What are they waiting for

      BBbbbbut sir...

      What about all the k1dd13 college funds, pensions, retirement boats and timeshares in the Caribbean?

      If the networks are properly secured and there is no more Red Bear threat there will be no jobs for the people who draft these announcements.

      On a more serious note, this is more believable than the usual crap fed by the 3 letters to the press including the air-gapped story. While the networks are air-gapped at the utility, they quite often have remote out-of-band or private network access from the vendor which is supposed to be accessing it from an air gapped machine. Quite clearly they do not. That is believable (same as using vendors as a vector).

      1. DougS Silver badge

        Re: What are they waiting for

        I'll bet some of these "air gapped" systems have a modem or possibly a leased line connected to a private network (the beancounter says "air gapped from the internet is good enough, right?")

        Air gapped systems still need to be supported, which implies something gets access to them at some point. You could say "fine, everything that touches them has to be air gapped" but that's reductio ad absurdum.

        A vendor creates a software update, intending to deliver it to the air gapped customer systems. How do they get that software update off their non-gapped developer machines onto an air gapped system in a 100% secure manner. Answer: you can't. They'd have to have 100% air gapped developer machines, which is totally infeasible.

        Another issue is that too many will assume that because systems are air gapped, they're secure by default and thus don't need to be locked down, don't need good passwords, don't need patching, etc.

      2. Ledswinger Silver badge

        Re: What are they waiting for

        On a more serious note, this is more believable than the usual crap fed by the 3 letters to the press including the air-gapped story.

        I'm unconvinced. First there's a logic flaw that all if there's all these holes in SCADA systems, why do they need this remote access yet without fixing the flaws, particularly when the TLAs are telling them there's all these issues? Second, we've been told for years that Iran/Norks/ISIS et al have staggeringly capable state sponsored hackers. If all the holes are there, and there are adversaries who don't see any downside, why haven't they been exploited? Even for the usual state sponsored nasties (Russia/China/Israel) there would be the potential for "fun" false flag attacks.

        More Chicken Little shit from the TLAs, in my view. Which isn't to say that there are no problems with SCADA, merely that the current "news" is deliberate attempts to create a moral panic to justify some bureaucrat's job, or some commercially preferred course of action.

        1. Anonymous Coward
          Anonymous Coward

          Re: What are they waiting for

          I'm unconvinced. First there's a logic flaw that all if there's all these holes in SCADA systems, why do they need this remote access yet without fixing the flaws, particularly when the TLAs are telling them there's all these issues?

          =============================================================================

          Do you really want to start messing around with the PDP-11 assembler code that controls a running nuclear power plant? Years after the person who understood all the issues and wrote it retired and/or died?

          Some things, if working properly, should not be changed.

          If you want to know how old the hardware and software at a nuclear plant may be, look at how long ago the first of that model/submodel of reactor powered up, then add a few years for testing, certification of hardware and software, retesting, etc.

          I suspect that the more critical the system, the older the hardware and software is likely to be. There is a reason the space shuttles were run by 286s, generations obsolete in the outside world.

          1. John Smith 19 Gold badge
            Unhappy

            There is a reason the space shuttles were run by 286s,

            Actually they ran a military version of an IBM 360 architecture called the 4Pi (lots of stuff running on it were related to navigation, spheres of Earth, etc). Made of discrete (military grade) TTL chips

    4. Anonymous Coward
      Anonymous Coward

      Re: What are they waiting for

      Fancy bear don't like who runs your Banks or have you already forgotten?

  3. Chris G Silver badge

    Special access

    So access that is 'special' doesn't count in a not really airgapped system?

    Either it has an air gap or it doesn't, remote access no matter how 'special' by definition cannot be an air gap.

    General: "Okay, this is all out nukular war, launch a strike"

    Minion pressing big red button: " Erm the button doesn't seem to be working Sir.

    General: "I said launch a strike....... anyone got a box of matches?

    1. Anonymous Coward
      Anonymous Coward

      Re: Special access

      I would assume it's two machines on something like GSM modems that allow access to the control system in emergencies. If it was me I'd also put a 5 second delay when the modem picks up, wrap the them in foil and put a sticker on them saying beware of the budgie, that's why I don't work with control systems.

    2. Steve Evans

      Re: Special access

      In a world of off-site support, putting a complex device behind a real air-gap is not going to be popular.

      So unless the bean-counters are going to splash the cash for on-site expertise (preferably not a gentleman called Ivan), security will be compromised.

  4. _LC_
    Megaphone

    Kremlin hackers broke my bicycle

    I found it with a flat tire today. The door to the cellar was closed. I assume the Russians must've jumped the air-gap via the window. Those devils!

    1. Dave 126 Silver badge

      Re: Kremlin hackers broke my bicycle

      You didn't explicitly state your bicycle was in the cellar when you found it with a flat tyre. I can't assume you didn't leave it chained up outside your house.

      Even if it was stored in your cellar, the Russians could have used a needle when you popped into the corner shop the previous day to give you a slow puncture that takes time to manifest.

      1. _LC_

        Re: Kremlin hackers broke my bicycle

        And here I was, thinking that only the North Koreans would be THAT mean. :-(

  5. Adam 1 Silver badge

    I don't see any reason why Russia would have jumped air gaps to pwn power utilities.

  6. Anonymous Coward
    Anonymous Coward

    Air-Gapped or not?

    Quote: "...special access into the utilities' networks..."

    Keyword here: "networks". So were these "networks" air-gapped....or not? I think we should be told, and a bit more clearly than this report manages.

  7. Prst. V.Jeltz Silver badge

    wtf is an Air GAP

    I think there needs to be a discussion on the meaning of "Air Gapped"

    The last article throwing that phrase around seemed to imply some malware had achieved magic powers , and caused more confusion than it enlightened - and that was malware that didnt need to phone home. This hack apparently does , if the russians want to "throw switches" , so it navigates the "air gap" at will , not just once.

    I think what we are learning here is that very few systems are indeed "Air gapped" . Were these power companies claiming that?

    1. Steve Evans

      Re: wtf is an Air GAP

      Indeed. A true air-gapped network will have no physical or ethereal (wifi) connection other networks i.e. the outside world.

      Although there have been a couple of clever proof of concept ways to breach this (acoustic for example), they always initially require physical access to the "gapped" network (or components of) to install required components (malware). You can't get roll up and access a gapped network unless it has already been compromised.

      A true air-gapped network can only transfer data to and from another network via physical media transfer.

      1. stiine

        Re: wtf is an Air GAP

        Like Stuxnet? I've heard the phrase 'what goes around comes around' before. Let me know when its appropriate to use it.

        1. DCFusor Silver badge

          Re: wtf is an Air GAP

          Stuxnet only needed to work in one direction, it needed no command and control and it didn't need to send any data back. The perp could find out it worked via the failure and reorder rate of centrifuges and other info likely to leak out.

          It's a different case.

          Now, what goes around DOES come around, sooner or later. Why are they in such a panic? Even if it isn't true just now (likely) then, well, later...

          And they need to whip up fear to keep their jobs. HL Mencken had a few tasty quotes on that one.

          1. tom dial Silver badge

            Re: wtf is an Air GAP

            Have another upvote for the Mencken reference. Too many people haven't read Mencken, or don't even know of him and think this sort of thing is new and different when it really is only different and only in detail.

      2. Anonymous Coward
        Anonymous Coward

        Re: wtf is an Air GAP

        "A true air-gapped network"

        OFFS, saying this is as bad as those Interns looking for the Stand Alone Internet

        Terminals and this Industry calling itself the Cloud. You've marketed away your security.

        Like it matters anyway since China and the CIA has backdoored every Router and Switch so....

  8. Anonymous Coward
    Anonymous Coward

    Is this a cover up for what the DHS has been doing for the past few years because they fear they have been found out?

    The DHS piece is far too high on speculation and very low on actual detail.

    1. thames

      The usual pattern for this sort of thing is that it starts when the US do this to someone else. The US counter-intelligence department then find out what their colleges on the floor above have been up to and crap their pants over the thought that someone might do the same to them. They then stage a series of leaks into the press that someone else has been doing it to them in an effort to whip up enough publicity to spur the industry into taking some preventive measures.

      Prior to the news of what the Americans did to Iran with Stuxnet, there was a long series of "confidential intelligence briefings" to selected newspapers and politicians about how US utilities may be vulnerable to being hacked. A demonstration using a specially set up diesel generator (simulating a power plant) was conducted which was supposed to show how SCADA systems could be infiltrated.

      The utility industry just shrugged it off, as they weren't seeing any of this in practice. And then Stuxnet hit the news and we saw that it had done exactly the sort of SCADA infiltration that the Americans had claimed was the threat to US utilities.

      And then there was the big campaign using the same PR techniques over how Chinese IT gear might have back doors in it. Nobody could find these back doors, but we were assured they might be there and it was a huge national security risk. And then it turned out that the American NSA was putting back doors in Cisco kit.

      I could go on with more examples, but the pattern follows a well-worn groove by now. The US hacks someone else, they crap themselves over the thought that someone might do the same to them, they start a propaganda campaign via the channel of suitably compliant major news media to whom they give an "exclusive" in return for not asking the wrong sort of questions, and industry is left to wonder "WTF?" because the story is full of holes due to so many details being held back because of course the US doesn't want the target they had actually hacked to find out what had been done.

      To address the story in particular, very likely the "air gapped" systems aren't actually air gapped. The utility has an "air gap" policy, but an exception was made for remote vendor support. The vendor isn't air gapped because they're too small to have a dedicated IT security team who could plan such a thing. And true "air gapping" probably isn't practical to begin with because the vendors are software developers who need to get software updates from Microsoft and their PCs need to connect to the Internet on a regular basis to validate software licenses, etc., etc.

      And if software updates from the vendors to the utilities aren't conducted on a timely basis, ordinary bugs can crash the electric network just as surely as malicious action could.

      Genuine security is probably possible, but it would require a complete overhaul of the industry and the relationships with vendors and the software development environments they use, and that simply isn't going to happen any time soon.

      1. stiine

        upvote x 1000

        I could only upvote your post once, so here're a thousand more.

        Its like 'do unto others...something', right

  9. sanmigueelbeer Silver badge
    FAIL

    hacked into the utilities' equipment vendors and suppliers by spear-phishing staff for their login credentials or installing malware on their machines via boobytrapped webpages

    Taken from the same page as the hack on Target of 2013. Some people just can't/don't learn.

    that the equipment makers and suppliers have special access into the utilities' networks in order to provide remote around-the-clock support and patch deployment

    I'm going to wait for the official report but I suspect everyone is given admin access to the network.

  10. This post has been deleted by a moderator

  11. adam payne Silver badge

    We're told, and can well believe, that the equipment makers and suppliers have special access into the utilities' networks in order to provide remote around-the-clock support and patch deployment – access that, it seems, turned into a handy conduit for Kremlin spies.

    Not the first time that vendors have been used to access the real target.

    Trusted connections between customer and vendor, sorry not happening on my network.

    Seems like security measures need to be improved in both camps.

  12. 78910

    Air gapped? With vendor remote access?

    Clearly my understanding of 'air gapped' is wrong. I understand the need for patching systems and regular maintenance but I had always assumed air gapped meant exactly that, that there was air in between this here system and any possible outside influence i.e. not wired up to any outside network at all ever.

    Wouldn't stop malware-ridden patches being deployed in the normal course of things, if the vendors were pwned of course, so a timebomb could still be planted. But it would stop the ability for said systems to phone home, to be taken over at will.

    Never worked in that environment so it's a genuine question. Is it just too hard to patch and maintain genuinely air gapped large systems?

  13. Eclectic Man

    Ukraine?

    How does this compare with the attack on Ukraine's power suppliers and grid a few years ago?

    1. An nonymous Cowerd

      Re: Ukraine? caution there be много spooks, playing

      "the attack" ?

      "journalist murdered" ?? !!

      'nuff said

    2. Anonymous Coward
      Anonymous Coward

      Re: Ukraine?

      nice to see such heavy moderation on such an information-war related topic,

      I just tried to reply to one comment, up/down vote it and I was hit with:

      "Gone/ The requested resource /post/reply/3573596 is no longer available on this server and there is no forwarding address. Please remove all references to this resource. Apache/2.4.10 (Debian) Server at forums.theregister.co.uk Port 80"

      Apache HTTP Server 2.4.10 [was] Released Jul 21, 2014 so exactly four years old, No chance that the Bears will eat your wares then!

      :-)

    3. hammarbtyp Silver badge

      Re: Ukraine?

      In the Ukraine attack there was a network connection and it wasn't truly air-gapped so its not equivalent

  14. Domquark

    Air Gapped?

    If there is a back door into the system, even if it is only for maintenance purposes, then the system isn't truly air gapped is it?

    War Games (the film) should be compulsory viewing for the system designers! Shall we play a game?

    1. Steve Evans

      Re: Air Gapped?

      How about a nice game of chess?

  15. trisul

    where have we heard this before?

    We heard it when Russian hackers successfully brought down Ukraine's power grid.

  16. Gordon Pryra

    "FAKE NEWS"

    Trump said they didn't do it, cos Putin said so, and hes a good guy, like the other murderous dictators that are good guys hes met.

    So there you have it, nothing to see here, move along.

    Also there is no global warming and foreign sales of American drugs meas Americans pay more for their prescriptions....

  17. hammarbtyp Silver badge

    Not sure what the motive of the attcak is

    OK, so as far as we can tell, they infected vendors diagnostic laptops (which says more about the vendors corporate IT than the systems involved), then when the vendor connected to the airgapped system, it infected that.

    One thing missing here. How did they control the air gapped system? It could cause an issue immediately or after a time delay, but both this degrades the system, but does not control it. In most of these scenarios the idea is to present backdoors so that a system can be controlled in event of war or Donald is no longer on office.

    It sounds more like the Stuknet attack, where the idea is to gently degrade a system to the point where it fails causing infrastructure cost. It makes sense in that scenario, because US/Israel wanted to slow Iran's nuclear program, less so here

    Another possibility is just intelligence gathering and looking for errant network connections. That would make more sense, since the infected PC could then phone home the details when connected

    1. stiine
      Unhappy

      Re: Not sure what the motive of the attcak is

      What if they decide to shut down NYC's and LA's power on Nov 10th?

    2. Kernel

      Re: Not sure what the motive of the attcak is

      "One thing missing here. How did they control the air gapped system? It could cause an issue immediately or after a time delay, but both this degrades the system, but does not control it. "

      If they have access to enough of a national network and can drop a few of the larger generators at the same time, the grid operator will lose control of the frequency - and when that happens the entire network has to be shut down and started form scratch.

      A few of years ago I was at a national grid operator's operations centre, doing support on their comms equipment and I was invited to sit in on one of their induction sessions. Apart form seeing soime great foo0tage of what can go wrong when switching high voltages and why you don't use water on a transformer fire, there was an interesting discussion of how long it takes to bring a power network up from a 'black start' - even for a small country like NZ the answer is in days rather than hours, as the connected load has to be carefully matched to the on line generation capacity in order to prevent another loss of control of frequency event.

      What better time to launch a nuclear attack?

      1. John Smith 19 Gold badge
        Unhappy

        What better time to launch a nuclear attack?

        Ummm.

        If you've shut down the entire generating capacity for a modern country like the US for a few days you don't need a nuclear attack (miltary systems have backup non grid generators).

        A 2 day outage on the US's JIT delivery systems will make it feel like a nuclear attack anyway.

  18. Gordon Pryra

    Air Gapped?

    While the network may have once been "Air Gapped" to the point where it ticked the boxes on the spreadsheet.

    You find all sorts of connections added to make some support monkeys life easier.

    I've found old 52k modems plugged into supposedly secure networks to give ops the chance to dial in instead of coming into London on a Saturday night.....

    Also peoples idea of what makes an "Air Gapped" network is generally pretty fluid when the people getting the contact to supply and maintain it are the mates of the people giving the jobs out...

  19. Bruce Woolman

    Perhaps it is time all parties concerned engaged in cyber treaty talks

    Hardware hacking. Election interference. We can give as good as we get in this regard and no doubt have done so. So can the Chinese, and the Indians. Even smaller states with talented computerists can engage at a high level. Moreover, this kind of interference can easily escalate into kinetic battle. It seems clear that some sort of systems treaty is needed lest something nobody really wants comes to pass.

    There are very real and complex technical barriers to setting sensible limits and to getting verification, but sooner or later we must try. Technology is always way ahead of the law. But sooner or later we will need a body of international law to deal with this $#!+.

    1. John Smith 19 Gold badge
      Coat

      sooner or later we will need a body of international law to deal with this $#!+.

      True.

      All major powers have this capability. Enough of them have f**ked other countries in various ways over the years that they've left a bunch of very angry people.

      But this stuff doesn't need the infrastructure of nuclear, biological or even chemical weapons.

      IOW it's a game everyone can play.

      Cyberwarfare is the equalizer.

  20. Mike Street

    You're Missing the Point

    Its obvious that the spooks are trying to tell us that the Russians have weaponized Telekinesis.

    Its definitely not that they didn't' understand what they were briefing about, and knew that the reporters didn't either.

    No siree.

  21. Velv Silver badge
    Holmes

    OK, does anyone here not think there are state sponsored operatives in America (or most other countries) attempting to gain access to almost every service in most other countries in the world?

    You’re not going to tell me the US doesn’t have thousands of (patriotic) people who’s job is to investigate foreign entities.

    Or are we only meant to believe it’s other countries that undertake such underhand and covert operations. Bad.

  22. Version 1.0 Silver badge
    Big Brother

    Time Out

    Maybe there's a job opportunity here - start work on a new operating system that is not based on any current system and is written to be continuously secure ...

  23. Runilwzlb

    Fish gonna swim

    Fish gonna swim

    Birds gonna fly

    Spies gonna spy

  24. Mystery Machine

    Don't forget the data diodes in all this 'what is airgapped anyway'?

    https://en.wikipedia.org/wiki/Unidirectional_network

    Although they're proprietary and expensive so rarely used.

  25. Primus Secundus Tertius Silver badge

    Revenge measures

    One would expect the US to have computers in place to retaliate against any such attack. But I hope those computers have a reliable UPS.

  26. Florida1920 Silver badge
    Alert

    In a way, worse than Pearl Harbor

    So the story goes, the attack on Pearl Harbor was a surprise. Now we know the attacks are ongoing and we even know the targets. But the response from the White House continues to be "meh." Note to self: Stock up on batteries and candles.

  27. Dal90

    >Keyword here: "networks". So were these "networks" air-gapped....or not?

    What is your definition of network and air-gap?

    If copying words off a printed page by typing it into my computer, have I just bridged the networks?

    What I don't think I've seen a previous post mention is KVM systems. My guess is the most practical definition of air gap for commercial systems would exclude the connected, networked KVMs from being considered breaching the air gap.

    These companies aren't going to have top talent staff in their data centers -- or remote sites -- around the clock. They also can't wait several hours in a snow storm for a senior sysadmin to drive in and take a look at realize its a fat fingered DNS entry that will take 15 seconds to fix and 45 minutes to fill out the emergency change record afterwards.

    Isolate the critical systems from the internet on a fully "air gapped" network which has no router to outside systems. Tech support KVMs in, see they need to patch, tell the 24x7 Operations staff where to download it so they can transfer it by USB/DVD/Zip Disk/1.2 Quadrillion Floppies to the secure network, tech support then continues the patch via KVM.

    Now if you happen to compromise a networked KVM, you can have fun with #!/bin/sh or powersHell sneaking in scripts here and there. Find a system with a C or other compiler installed things could be really interesting.

    If you can't stay online to see grab the video output, write to innocuous looking files (or right into a log file so it is hidden in plain sight) and come back later to take snap shots of the screen as you look through the files.

  28. Test Man

    Re: airgapped

    One theory:

    Compromise device of mark with physical access to isolated network.

    Send messages purporting to be from a higher authority, and purporting to be "secure", to gain information, and to then ask them to do something that would normally be dodgy in itself e.g. throw the on/off switch.

    For example, compromised "secure" messages could be sent from a higher authority stating that a project to test the fall-back capabilities of the isolated network is in operation, messages are sent back and forth requesting certain information based on valid information already sent to mark, then mark is finally asked to switch off "isolated and important system" off. Mark doesn't question anything, including the "switch isolated and important system off" message, because messages sound like they are from someone in the know.

  29. Anonymous Coward
    Anonymous Coward

    advice to the government

    ok we have let the twat hoxton app kids play but its time to go back to cold war era paranoia levels.

    2 blokes in seperate silos keying in a long p/w string known only to themselves when access to a critical system is required.

    Yes it will be slow and everything will happen in realtime but a fast typist may claw back some of the trillion's of instructions lost per day.

    Entry requirments to any company will require a long exam onsite before the interview to weed out the woman that ran talktalk and the last home sec.

    1. Stevie Silver badge

      Re: advice to the government

      Forget long password strings.

      Personal Identification Devices. Old as Secret Government Computing and working since steel-jacketed greenscreen TTY-era VDUs.

      In order to enact a hack one would not only need to make copies of the PIDs used (which can be themselves time-limited), but you would need to have physical access to the equipment they permit access to as well, involving getting through whatever hard security is in place.

  30. Anonymous Coward
    Anonymous Coward

    Crazy idea but power is a perfect communication medium

    Call me crazy but a power station couldd communicate with the outside world without cat5/wan/lan etc using frequency changes and other techniques used by ham radio ops.

    They would just need to attack a vendor and then mod the code to detect outside plant changes to environment. E.g. if you could make the power hit 60.3hz (us) on a pattern basis and send a signal from outside the plant to an internal module you have compromised you could in theory program it to turn off switches internally.

    I remember when powerline broadband was touted as well in the uk but it died a death because it would turn power lines into very large broadcast antennas and ruin the broadcast bands I.e no more radio 4 law shopping forecasts. However it is commonly used in the home with network range extenders etc.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2019