Ransom ware attack on pipeline

Obreid

Power Poster
This very well might not be an actual case of terrorism.
It has similar effects of cyber terror attack so I placed it here.
The place I work suffered one of these before on a non-scada control system.
There tough and debilitating if on the wrong system.
I suppose it will matter if it’s a system wide infection or local.
Can anyone say if ransomware effects are limited to only one sites system or can it spread network wide.
ive only every heard of localized networks or terminals being corrupted


 

RiffRaff

Deputy Director
Staff member
Ransomware can spread from one computer to any other computer it is networked with. That would include not only the local area network, but also possibly a wide area network across multiple site locations, especially if network security is lax.
 

Obreid

Power Poster
I was thinking I’d hate to be the employee who gets pinned for letting the ransomware in.
or equally worse the the two bit hackers who pulled it off.
I hope that it can be shown clearly one way or the other this was or wasn’t a state sponsored event.
 
So, i know i am not the brightest bulb in the box, but in what world does it make sense to connect critical infrastructure to the internet?? i think the benefit of having systems that are 1. hard wired, and 2. old enough (or proprietary enough) that they are not compatible with current technology is a good thing. the water district i worked for, didn't even have computer equipment in the system. we did everything on paper, with gauges, and manual valves. the only thing that used computers was the billing software. and that was read and entered by hand.
 
G

Guest

Guest
The forensic guys are going over everything to determine where the breach was. All IT people think their systems are impenetrable. Then info will be shared with similar software companies. Code will be re written then the corporate “hackers” will come in and try to breach it. Then they will be back on line. The question is what information they accessed and if their flow transmissions were digital or manual. That could cause a major terror attack if they could reroute the flow and increase pressures. Not just a supply and demand issue
 

Obreid

Power Poster
So, i know i am not the brightest bulb in the box, but in what world does it make sense to connect critical infrastructure to the internet?? i think the benefit of having systems that are 1. hard wired, and 2. old enough (or proprietary enough) that they are not compatible with current technology is a good thing. the water district i worked for, didn't even have computer equipment in the system. we did everything on paper, with gauges, and manual valves. the only thing that used computers was the billing software. and that was read and entered by hand.
Today there are two preeminent pushes in public works beyond just delivery and processing.
The 1st is energy cost savings.

Many systems are being designed and or retrofitted to use VFD drives and facilitating unmanned back shifts.
Cant do either without computerized controls and connectivity.
I currently monitor and run samples at night of two separate treatment plants.
monitoring two dozen VFD drives and assorted remotely controlled gates. As well as flow levels in various tanks and influential and effluent pipes. On top of that monitor over a dozen lift stations operations and statuses.
cant do that without connecting to the net.
Don’t complain to me though I know how you feel. I’d still be on a well, wood heat, and oil lamps if I had a choice.
 

RiffRaff

Deputy Director
Staff member
So, i know i am not the brightest bulb in the box, but in what world does it make sense to connect critical infrastructure to the internet?? i think the benefit of having systems that are 1. hard wired, and 2. old enough (or proprietary enough) that they are not compatible with current technology is a good thing. the water district i worked for, didn't even have computer equipment in the system. we did everything on paper, with gauges, and manual valves. the only thing that used computers was the billing software. and that was read and entered by hand.
It makes sense if computers at multiple pumping stations across the country have to coordinate operations. This *can* be done securely, but it takes someone who knows what they're doing and executives don't want to spend money on something they don't understand and don't think can happen to them.
 

Obreid

Power Poster
It makes sense if computers at multiple pumping stations across the country have to coordinate operations. This *can* be done securely, but it takes someone who knows what they're doing and executives don't want to spend money on something they don't understand and don't think can happen to them.
Don’t forget gov exec and politicians in that list.
 

MikeG

Member
So alleged "non-state-sponsored" hackers who are known to never attack Eastern European/Russian web sites attack a critical piece of the United States infrastructure, then later send a message ensuring everyone that 1) They are not state sponsored 2) they did it for the money and not to cause societal pain despite the obvious fact that they chose something that would cause pain and 3) they promise that going forward, they wont hack something so vital again. 2+2=. a) Russia. b) China. c) All of the Abouve
 

RiffRaff

Deputy Director
Staff member
2+2 can also = 3 for extremely small values of 2.

This organization has always stated they will never target medical facilities or anything that would directly result in deaths. As for attacking an American infrastructure company instead of Europe, that might be because Europe invests much more in cyber security than the US does, therefore we are easier targets.

You're providing "guilt by association" evidence, which isn't enough for me. Give me something more solid.
 

MikeG

Member
2+2 can also = 3 for extremely small values of 2.

This organization has always stated they will never target medical facilities or anything that would directly result in deaths. As for attacking an American infrastructure company instead of Europe, that might be because Europe invests much more in cyber security than the US does, therefore we are easier targets.

You're providing "guilt by association" evidence, which isn't enough for me. Give me something more solid.
I dont have anything solid. It was just my opinion and I could very likely be 100% wrong. Honestly, I hope you are right and my opinion is out to lunch. I would also really really like to think that this is the wakeup call we needed before something much worse and longer-lasting is attempted by someone with far worse intentions. I also apologize for jumping to conclusions.
 

RiffRaff

Deputy Director
Staff member
I dont have anything solid. It was just my opinion and I could very likely be 100% wrong. Honestly, I hope you are right and my opinion is out to lunch. I would also really really like to think that this is the wakeup call we needed before something much worse and longer-lasting is attempted by someone with far worse intentions. I also apologize for jumping to conclusions.
No need to apologize; I just wondered if you had seen something I missed that was leading you in that direction.

As for the wakeup call, you would think so, but I'm not holding my breath, for reasons discussed earlier in the thread. DHS has been warning for a decade now that the power grid is vulnerable. A massive infrastructure cyber attack is scenario #15 out of the 15 scenarios detalied in the DHS National Response Framework. A nuclear attack is #1.
 

Incognito

Active member
I was 10 years old in 1979. I don't remember the gas rationing and shortage then because I didn't pay attention to stuff like that. I was a kid, I played.

I have never seen it, gas shortage. I live in a county with 56,042 citizens in Virginia (don't ask me specifically where in VA). There is no gas at 9:30pm EST in my area. Another thing I can't believe...I drove past the lake on the way home. Boats, lots of them. Maybe 100+ lined up to get gas. Why fill your boat?

I hadn't heard of the gas shortage or the state of emergency all day. I got home and saw it on the news. I got in my SUV to go get it filled up at 8pm EST. No gas. I had to go to the nearest city and lots of places are out. One truck stop had none for the big rigs.

Someone's got to pay for this. I think its the Russians, China, or Iran in my opinion.
 

Obreid

Power Poster
2+2 can also = 3 for extremely small values of 2.

This organization has always stated they will never target medical facilities or anything that would directly result in deaths. As for attacking an American infrastructure company instead of Europe, that might be because Europe invests much more in cyber security than the US does, therefore we are easier targets.

You're providing "guilt by association" evidence, which isn't enough for me. Give me something more solid.
Is Europe a continent wide electric grid or by nation.
Would be much easier to contain and or guard against a grid attack in smaller units. Although I have no doubt they might do a better job than the US.
I agree guilt by association isn’t enough.
 

Obreid

Power Poster
No need to apologize; I just wondered if you had seen something I missed that was leading you in that direction.

As for the wakeup call, you would think so, but I'm not holding my breath, for reasons discussed earlier in the thread. DHS has been warning for a decade now that the power grid is vulnerable. A massive infrastructure cyber attack is scenario #15 out of the 15 scenarios detalied in the DHS National Response Framework. A nuclear attack is #1.
Nope your right nothing will be done.
congress has reviewed this numerous times.
I do not favor a nationalized electric grid. But it is not out of bounds to raise the standards electric utilities have to operate at.
The military doesn’t even take it too seriously. Aside from temporary power generation US military bases are totally dependent on the grid as well.
 
Top