Posted on 06/27/2002 3:31:07 AM PDT by kattracks
U.S. investigators believe cyber-savvy terrorists may be looking to wreak havoc with the nation's water works, oil pipelines and emergency services.
Agents found a pattern of suspicious surveillance of Silicon Valley and government networks on computer lines patched through Saudi Arabia, Indonesia and Pakistan, today's Washington Post reports.
Information about sabotaging remote control devices used to operate 911 emergency systems and power plants also has been found on computers seized from suspected Al Qaeda operatives.
"The event I fear most is a physical attack in conjunction with a successful cyber-attack on the responders' 911 system or on the power grid," The Post quotes a top FBI official saying.
Maki Becker
For cost savings, most companies have a single network. One infrastructre supporting many devices. All of the people can then get to their respective information. Some people need access to the Internet so it is easier to put the access to the Internet on to the network. That way everyone can have access. It also turns out that even those who dont need access can either get to or be reached by the internet. Firewalls and proxy servers help to control access by they can be breached by attacking devices and services that are permitted through the firewall to allow normal business.
As to your second point of a closed loop and/or telephone line remote sensor. First, there are things called "war dialers" who go through blocks of phone numbers and attempt to connect. If the connection is established and it receives modem tones, it record the number in a database and close the connection. If it does not get modem tones, it will just drop the call. It is not uncommon for a single PC with a digiboard 8 port modem to be able to sustain a war dial of over 400 numbers per hour.
Once I have a database of modem numbers, I can go back and connect to the modem. Based upon the information (logon screen) of the modem, I can fairly accurately determine what software is running on that device. If a special set of software is required, I normally do not have much difficulting obtaining the software from the manufacture. Passwords can be cracked by using password engines that go through a dictionary of common passwords and repeat tries.
The real scary thing is that all of this can be done automaticly by computers requiring very little human intervention and most are not monitored.
To let you know that I'm not some crackpot, I hold a both the CISSP #25434 certification (the highest security certification in the industry) and a CCIE #2024 certification (the highest networking certifciation). I have also been trying to raise these issues with the Feds since June of last year - with little understanding on their part. It is NOT a red herring.
In fact, a sucessful well planned and coordinated attack could kill and maim many thousands more people than the WTC attack. Do you remember Bo Pal(sp?), India and the Dow Chemical plant explosion? Most modern chemical plants are controled by computers. Mix the wrong chemicals and you have a toxic cloud drifting over down town Chicago or Atlanta - not good by anyone's measure. Also, image the pain and suffering that would be caused by turning all the lights in LA green at the same time.
The scenarios are all bad. What is worse is that very little security is being implemented across the board.
Thanks, taxcontrol. I respect and accept your detailed explanation. I can understand the cost-efficiency aspect of the shared resource allocations you described. But I would think that utility, major industrial and at least down to the state government entity controlled infrastructure wouldn't tie operational control into a publicly accessible network.
At two of the large industrial facilities I last installed a system that brought and displayed power condition and consumption data to remote workstations (Location and names withheld), I questioned whether access to the information was closed or randomly accessible. One distributed data by leased line, the other by microwave. But only acculuated data (use levels and power condition as most industrials are on the so-called 'unity power factor' reduced cost/first off programs with their local utility. Utilities, now that I think about it, have relinquished control of unmanned subs to the terminals at central dispatch, but not at the generation point. So I can see your point. Not being more than an apprentice techno-geek (there is always dirt under my nails after any job) I bow to your obviously superior knowledge of the subject.
Take care. Woofer out.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.