Chinese Army Unit Is Seen as Tied to Hacking Against U.S.
20/02/2013 7 comentarios
(…..) What most worries American investigators is that the latest set of attacks believed coming from Unit 61398 focus not just on stealing the information, but obtaining ability to manipulate American critical infrastructure: the power grids and other utilities. Staff at Digital Bond, a small security firm that specializes in those industrial-control computers, said that last June Comment Crew unsuccessfully attacked it. A part-time employee at Digital Bond received an e-mail that appeared to come from his boss, Dale Peterson. The e-mail, in quite a perfect English, discussed security weaknesses in critical infrastructure systems, and asked the employee to click a link to a document for more information. Mr. Peterson caught the e-mail and shared it with other researchers, who found the link contained a remote-access tool would have given the attackers control over employee’s computer and potentially given them a front-row seat to confidential information about Digital Bond’s clients, which include a major water project, a power plant, a mining company. Jaime Blasco, security researcher at AlienVault, analyzed computer servers used in the attack, which led him to other victims, including Chertoff Group. That firm, headed by the former secretary of Department of Homeland Security, Michael Chertoff, has run simulations of an extensive digital attack on the United States. Other attacks were made on a contractor for the National Geospatial-Intelligence Agency, and National Electrical Manufacturers Association, lobbying group represents companies that make components for power grids. Those organizations confirmed they were attacked but have said they prevented attackers from gaining access to their network. Mr. Blasco said that, based on the forensics, all the victims had been hit by Comment Crew. But the most troubling attack to date, security experts say, was a successful invasion of the Canadian arm of Telvent. The company, now owned by Schneider Electric, designs software gives oil and gas pipeline companies and power grid operators remote access to valves, switches, security systems. Telvent keeps detailed blueprints on more than half of all oil and gas pipelines in North and South America, and has access to their systems. In September, Telvent Canada told customers attackers had broken into its systems + taken project files. That access was immediately cut, so intruders could not take command of the systems. Martin Hanna, Schneider Electric spokesman, did not return requests for comment, security researchers who studied the malware used in the attack, including Stewart at Dell SecureWorks and Blasco at AlienVault, confirmed that the perpetrators were the Comment Crew. “This is terrifying because (forget about the country) if someone hired me and told me they wanted to have the offensive capability to take out as many critical systems as possible, I would be going after the vendors and do things like what happened to Telvent,“ Mr. Peterson of Digital Bond said. “It’s the holy grail.” Obama alluded to this concern in the State of the Union speech, without mentioning China or any other nation. “We know foreign countries and companies swipe our corporate secrets”. “Now our enemies are seeking ability to sabotage our power grid, financial institutions, air-traffic control systems. We cannot look back years from now, wonder why we did nothing”. Obama faces a vexing choice: In a sprawling, vital relationship with China, is it worth a major confrontation between world’s largest and second largest economy over a computer hacking? A few years ago, administration officials say, theft of intellectual property was an annoyance, resulting in loss of billions of dollars of revenue. But clearly something has changed. The mounting evidence of state sponsorship, increasing boldness of Unit 61398, and the growing threat to American infrastructure are leading officials to conclude a far stronger response. “Right now there is no incentive for the Chinese to stop doing this,” said Mr. Rogers, House intelligence chairman. “If we don’t create a high price, it’s only going to keep accelerating.”