[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[infowar.de] noch 'ne Warnung: "Al Qaeda will US-Wasserversorgung hacken"

To: "Infowar.de" <infowar - de -! - infopeace - de>
Subject: [infowar.de] noch 'ne Warnung: "Al Qaeda will US-Wasserversorgung hacken"
From: Ralf Bendrath <bendrath -! - zedat - fu-berlin - de>
Date: Wed, 06 Feb 2002 12:41:59 +0100
Organization: http://www.fogis.de
Reply-to: infowar - de -! - infopeace - de
Sender: bendrath -! - zedat - fu-berlin - de

Infowar.de, http://userpage.fu-berlin.de/~bendrath/liste.html
-------------------------------------------------------------

FBI Issues Water Supply Cyberterror Warning

By Kevin Poulsen

http://www.securityfocus.com/news/0319

Members of Osama bin Laden's al-Qaida terrorist network have sought
information on the Web about the networks that U.S. utility companies
use to
remotely control water supply distribution and treatment systems,
according
to a bulletin issued by the FBI's National Infrastructure Protection
Center
(NIPC) Wednesday.

"U.S. law enforcement and intelligence agencies have received
indications
that Al-Qaida members have sought information on Supervisory Control And
Data Acquisition (SCADA) systems available on multiple SCADA-related Web
sites," reads the bulletin. "They specifically sought information on
water
supply and wastewater management practices in the U.S. and abroad."

SCADA systems allow utility companies and municipalities to monitor and
direct equipment at unmanned facilities from a central location.
Dedicated
communications channels link a control center to hundreds of "remote
terminal units," which in turn control water pumps and other equipment.

The NIPC bulletin went to some 3,000 members of the center's InfraGard
program, an information-sharing partnership between the NIPC and private
industry.

An FBI spokesman emphasized that the bulletin is not a full blown alert.
"It
just says be on the lookout," says FBI supervisory special agent Steven
Berry. "There's some information that suggests that they [Al-Quada] are
looking at this... There are potential interests in water supplies, and
other infrastructures."

Automated water supply control systems have long been a subject of
concern from U.S. infrastructure protection specialists, who fear that
they could be hacked by foreign governments or terrorists. A 1997 report
by the Clinton administration's Presidential Commission on Critical
Infrastructure Protection noted, "Cyber vulnerabilities include the
increasing reliance on SCADA systems for control of the flow and
pressure of water supplies." 

If terrorists are able to penetrate such a system, the danger could
extend beyond merely interrupting water flow. 

"If they had the time to infiltrate and get the knowledge, certainly
they could create havoc," says Brian Brewer, a senior engineer at ECS
Engineering, a Pacific Northwest company that specializes in building
SCADA systems for water utilities. "Other than turning pumps off,
typically there are chemicals that are injected, like chlorine or
fluoride. If you overdose any of that into a water system, it can affect
it, and you can hurt people." 

But Brewer says such an attack is far-fetched, and would require much
more specialized knowledge than could be obtained from surfing the Web.
"It would be a lot harder than learning to fly a plane," says Brewer.
Moreover, while some utilities have moved their SCADA monitoring to the
Internet, the far more critical control channels remain on dedicated
leased lines and radio links that are not as easily accessed remotely. 

"Breaking into where a water source exists, and physically dropping
whatever the contaminate would be, is the real concern," Brewer says. 

In addition to the cyber terror warning, the NIPC bulletin noted
al-Qaida interest in "insecticides and pest control products at several
Web sites." 

Also according to the bulletin, a computer belonging to a bin Laden
associate was found to contain structural architecture computer
programs, including AutoCAD, CATIGE, Microstran and BEAM, "that
suggested the individual was interested in structural engineering as it
related to dams and other water-retaining structures." 

The same unnamed individual had a program used to identify soil types
using the Unified Soil Classification System, according to the bulletin. 

Earlier this month the NIPC issued a public advisory urging
organizations to review what critical infrastructure-related information
is available on their public Web sites, after the center "received
reporting that infrastructure related information, available on the
Internet, is being accessed from sites around the world."

---------------------------------------------------------------
Liste verlassen: 
Mail an infowar -
 de-request -!
- infopeace -
 de mit "unsubscribe" im Text.

Prev by Date: [infowar.de] Ron Dick gibt Update zur Arbeit des NIPC
Next by Date: [infowar.de] US-Justizministerium gründet neue Abteilung zu Cybercrime
Previous by thread: [infowar.de] Ron Dick gibt Update zur Arbeit des NIPC
Next by thread: [infowar.de] US-Justizministerium gründet neue Abteilung zu Cybercrime
Index(es):
- Date
- Thread