security

Fatal security flaw discovered in software that controls U.S. power plants

Wednesday, August 29, 2012 by: J. D. Heyes
Tags: security flaw, power plants, control software

eTrust Pro Certified

Most Viewed Articles
Popular on Facebook
BACK INTO THE CLOSET: Why U.S. reporters are not allowed to write about rainbow events in nations where being gay is still condemned
Depopulation test run? 75% of children who received vaccines in Mexican town now dead or hospitalized
INVESTIGATION: Three days before Dr. Bradstreet was found dead in a river, U.S. govt. agents raided his research facility to seize a breakthrough cancer treatment called GcMAF
A family destroyed: Six-month-old dies after clinic injects baby with 13 vaccines at once without mother's informed consent
Biologist explains how marijuana causes tumor cells to commit suicide
BOMBSHELL: China and America already at war: Tianjin explosion carried out by Pentagon space weapon in retaliation for Yuan currency devaluation... Military helicopters now patrolling Beijing
Companies begin planting microchips under employees' skin
BAM! Chipotle goes 100% non-GMO; flatly rejecting the biotech industry and its toxic food ingredients
ECONOMIC SLAVERY FOR ALL: While we were distracted with the Confederate flag flap, Congress quietly forfeited our entire economic future via fast-track trade authority
McDonald's in global profit free fall as people everywhere increasingly reject chemically-altered toxic fast food
March Against Monsanto explodes globally... World citizens stage massive protests across 38 countries, 428 cities... mainstream media pretends it never happened
SCOTUS same-sex marriage decision may have just legalized the concealed carry of loaded firearms across all 50 states, nullifying gun laws everywhere
Vicious attack on Dr. Oz actually waged by biotech mafia; plot to destroy Oz launched after episode on glyphosate toxicity went viral
Nearly every mass shooting in the last 20 years shares one surprising thing? and it's not guns
Holistic cancer treatment pioneer Dr. Nicholas Gonzalez dies suddenly; patients mourn the loss of a compassionate, innovative doctor who helped thousands heal from cancer
Inuit Elders tell NASA Earth Axis Shifted
Wild eyes and bowl cuts: Why do mass shooters always share the same hair styles and crazed zombie stares?
Genetically white woman now claims self-identify as black: If you can choose your gender, can you also choose your race? What about your species? Can a human claim to be a llama?
Delicious
(NaturalNews) A cyber-security specialist has discovered a flaw in the software that allows hackers to spy on and attack the communication of critical infrastructure operators of power plants, water systems, dams and more, and gain access to the credentials of computer systems which control those critical systems - claims the U.S. government is investigating.

Justin W. Clarke, an expert in securing industrial control systems, said a conference in Los Angeles earlier this month that he had discovered a way to spy on traffic moving into and out of networking equipment manufactured by RuggedCom, a division of Siemens.

Officials with the Department of Homeland Security said in an alert the agency released after it had learned of the potential security issue asked RuggedCom to confirm the gap Clark, 30, a security expert who has worked in the electric utility field for some time, had identified, then provide steps to mitigate the impact.

The firm, a Canadian subsidiary of Siemens which sells networking gear for use in harsh environments like areas with extreme weather, said it was looking into Clarke's allegations but did not elaborate, Reuters reported.

Clarke said his discovery is disturbing to the extent that hackers who are able to spy on communications of infrastructure operators could then also gain credentials allowing access to computer systems that control power and water plants, as well as electric grids and other critical infrastructure.

"If you can get to the inside, there is almost no authentication, there are almost no checks and balances to stop you," Clarke told Reuters.

Flaw in the system of software

Clarke, a high school grad who did not attend college, has now found two bugs in products manufactured by RuggedCom that are widely utilized by power companies which rely on its gear to support communications with remote power stations, said the Tribune.

Earlier this year, RuggedCom released an update to its Rugged Operating System software following a discovery by Clarke that it had a previously uncovered "back door" account that could provide hackers a way in to access the equipment with a password that was easily obtained.

"The Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team, which is known as ICS-CERT, said in its advisory on Tuesday that government analysts were working with RuggedCom and Clarke to figure out how to best mitigate any risks from the newly identified vulnerability," Reuters reported.

Clarke says the problem won't be easily fixed because all of the firm's Rugged Operating System software uses a single software "key" to decode traffic that's encrypted as it traverses networks. He added that he believes it's possible to extract that "key" from any piece of the software.

'It's a big deal'

Clarke told Reuters he bought RuggedCom's products through eBay. Afterward, he conducted the hacking research in his spare time with equipment he had spread out on a bed in his downtown San Francisco apartment.

Earlier this year, he was hired by Cylance, a firm specializing in the security of such vital infrastructure that was founded by former chief technology officer of Intel's McAfee security division, Stuart McClure.

Other cyber-security experts could use Clarke's discovery to wreak havoc on communications networks as part of a wider attack.

"It's a big deal," said Marcus Carey, a researcher with Rapid7, a Boston-based security firm. Carey worked previously to help defend military networks as a member of the U.S. Navy Cryptologic Security Group.

"Since communications between these devices is critical," he said, "you can totally incapacitate an organization that requires the network."

Uptick in cyber-attacks aimed at U.S. infrastructure

There have so far been no publicly reported cases of cyber-attacks that caused damage to critical U.S. infrastructure, but military and government officials, as well as some lawmakers, have expressed concerns about such attacks in recent months.

And in July, The New York Times reported that there has been a dramatic rise in cyber-attacks targeting U.S. infrastructure.

Gen. Keith B. Alexander, who heads the National Security Agency and also the newly created United States Cyber Command, said there has been a 17-fold increase in attacks by criminal enterprises, hackers and foreign nations.

Sources:

http://www.homelandsecuritynewswire.com

http://www.chicagotribune.com

http://www.nytimes.com

Follow real-time breaking news headlines on
Security flaw at FETCH.news
Join over four million monthly readers. Your privacy is protected. Unsubscribe at any time.
comments powered by Disqus
Take Action: Support NaturalNews.com by linking back to this article from your website

Permalink to this article:

Embed article link: (copy HTML code below):

Reprinting this article:
Non-commercial use OK, cite NaturalNews.com with clickable link.

Follow Natural News on Facebook, Twitter, Google Plus, and Pinterest

Colloidal Silver

Advertise with NaturalNews...

Support NaturalNews Sponsors:

Advertise with NaturalNews...

GET SHOW DETAILS
+ a FREE GIFT

Sign up for the FREE Natural News Email Newsletter

Receive breaking news on GMOs, vaccines, fluoride, radiation protection, natural cures, food safety alerts and interviews with the world's top experts on natural health and more.

Join over 7 million monthly readers of NaturalNews.com, the internet's No. 1 natural health news site. (Source: Alexa.com)

Your email address *

Please enter the code you see above*

No Thanks

Already have it and love it!

Natural News supports and helps fund these organizations:

* Required. Once you click submit, we will send you an email asking you to confirm your free registration. Your privacy is assured and your information is kept confidential. You may unsubscribe at anytime.