[Infowarrior] - Cyberattacks: Scary Stories At Budget Time

Richard Forno rforno at infowarrior.org
Wed Apr 8 21:06:58 UTC 2009 

(thanks to K for passing along this gem....--rf)

Scary Stories At Budget Time

By Steve Hynd

http://www.newshoggers.com/blog/2009/04/scary-stories-at-budget-time.html

The WSJ's Siobhan Gorman has a tale today about deep penetration of  
America's power grid by foreign hackers that has several on the  
wingnut side of The Force hyperventilating.

However, Gordon's story hangs mainly on the anonymous say so of "and  
former national-security officials". The nearest she gets to named  
sources confirming this alleged penetration is Dennis Blair saying "we  
have seen cyberattacks against critical infrastructures abroad, and  
many of our own infrastructures are as vulnerable as their foreign  
counterparts.", which doesn't actually pinpoint power companies at  
all. In fact, the best knows infrastructure cyber attack, in  
Australia, was aimed at sewage infrastructure.

She also has this:

     Last year, a senior Central Intelligence Agency official, Tom  
Donahue, told a meeting of utility company representatives in New  
Orleans that a cyberattack had taken out power equipment in multiple  
regions outside the U.S. The outage was followed with extortion  
demands, he said.

But that's misleading in the extreme, as the original report  
highlighting what Donahue allegedly claimed makes clear:

     Alan Paller, director of research at the SANS Institute, said  
that CIA senior analyst Tom Donahue confirmed that online attackers  
had caused at least one blackout. The disclosure was made at a New  
Orleans security conference Friday attended by international  
government officials, engineers, and security managers from North  
American energy companies and utilities.

     Paller said that Donahue presented him with a written statement  
that read, "We have information, from multiple regions outside the  
United States, of cyber intrusions into utilities, followed by  
extortion demands. We suspect, but cannot confirm, that some of these  
attackers had the benefit of inside knowledge. We have information  
that cyberattacks have been used to disrupt power equipment in several  
regions outside the United States. In at least one case, the  
disruption caused a power outage affecting multiple cities. We do not  
know who executed these attacks or why, but all involved intrusions  
through the Internet."

     Information about which foreign cities were affected by the  
outage and other information related to the attack was not mentioned  
and is unlikely to be forthcoming, said Paller.

     A call to the CIA asking for further comment was not immediately  
returned.

Donahue wasn't actually there. Paller's company, SANS Insitute, touts  
for business securing companies against cyberattacks. Even Paller  
admits he has no corroberating details. And the CIA refused even to  
confirm Donahue had written anything at all.

As Mark Silva at The Swamp notes, it's a tale that "begs the question:  
How safe are you feeling these days? Or, where will your tax dollars  
go?":

     Now, in the Washington realm of the annual fight for a share of  
the $3.5 trillion federal budget - that "closing the Washington  
Monument'' mentality that sets in during this season -- it's worth  
noting, as the Journal does, that this tale has emerged at a time when:

     "Protecting the electrical grid and other infrastructure is a key  
part of the Obama administration's cybersecurity review, which is to  
be completed next week,'' the Journal reports.

     ...Time to start marking up those Intel budgets.

Siobhan Gorman has been described as "deeply sourced on NSA issues"  
and has certainly been partisanly inclined to sympathy with the Bush  
era intelligence community when it came to torture and destruction of  
evidence. I've a feeling her sources are using her on this scary story  
at budget time.

More information about the Infowarrior mailing list