Monday, November 21, 2011

Hackers 'attack' US water system

Hackers are alleged to have destroyed a pump used to pipe water to thousands of homes in a US city in Illinois.

Hackers with access to the utility's network are thought to have broken the pump by turning it on and off quickly.

The FBI and Department for Homeland Security (DHS) are investigating the incident as details emerge of what could be a separate second attack.

Experts said the news revealed a growing interest in critical infrastructure by cyber criminals.

Information about the 8 November incident came to light via the blog of Joe Weiss who advises utilities on how to protect hardware against attack.

Mr Weiss quoted from a short report by the Illinois Statewide Terrorism and Intelligence Center which said hackers obtained access using stolen login names and passwords. These were taken from a company which writes control software for industrial systems.

The net address through which the attack was carried out was traced to Russia, according to Mr Weiss. The report said "glitches" in the remote access system for the pump had been noticed for months before the burn out, said Mr Weiss.

Peter Boogaard, A spokesman for the DHS, said it was gathering facts about the incident.

"At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety," he said.

Industrial action

The comments by the DHS prompted a hacker using the handle "pr0f" to claim he had access to the control systems for a second US water utility.

He posted a document to the Pastebin website which purportedly contained links to screenshots of the internal control systems for a waste water treatment plant in South Houston.

The hacker's claims about their ability to penetrate the control systems have yet to be confirmed or denied by South Houston's Water and Sewer Department.

In an interview with the Threat Post website, Pr0f said the hack of the South Houston network barely deserved the name because only a three-character password had been used to protect the system.

The attacks are the latest in a series in which different hackers and groups have targeted so called Supervisory Control And Data Acquisition (SCADA) systems. These specialised computer systems are used to control machinery used to filter water, mix chemicals, generate power and route trains and trams.

One of the best known SCADA attacks involved the Stuxnet worm which caused problems for Iran.

There were reports that the malware crippled centrifuges used in the nation's uranium enrichment program. Iran denied the claims saying that it had caught the worm before it reached its intended target.

Earlier this year, security researchers who investigated ways to attack SCADA systems were persuaded to cancel a public talk about their findings because of the "serious physical, financial impact these issues could have on a worldwide basis".

Lani Kass, a former advisor to the US Joint Chiefs of Staff on security issues, said America had to start doing more work to understand attacks on critical infrastructure.

"The going in hypothesis is always that it's just an incident or coincidence," she said. "And if every incident is seen in isolation, it's hard - if not impossible - to discern a pattern or connect the dots."

"Failure to connect the dots led us to be surprised on 9/11," she said.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement

Sony clamps down on game sharing

UK gamers can no longer play the same copy of a new PlayStation Store game on more than two devices.

On 18 November Sony cut the number of consoles and handheld devices that users can tie to their PlayStation Network (PSN) account from five to two.

The change only applies to games and other content bought via the PlayStation Store after 18 November.

The limits are believed to have been imposed to stop people sharing games with friends.

Sony unveiled the changes via a blog posting in which it said that PS3 users will only be able to use their games on two activated PS3 consoles. Similarly, games for the PlayStation Portable will only be playable on two of the handheld gadgets.

This means that a single PSN account will be able to support a maximum of two consoles and two handhelds.

The electronics firm said it was setting up account management pages for PSN users through which they will be able to decide on which consoles or handhelds their games can be played.

Prior to the 18 November change, up to five different PlayStation consoles could be connected to a PSN account and used to play games. Many gamers used this to activate consoles of their friends effectively giving them free access to games.

Eurogamer news editor Wesley Yin-Poole said the change had not prompted a backlash.

"It's only a problem to those who share downloaded games and have multiple devices in the home, but that's a minority of users," he said. "Most players use a single PlayStation 3 and a single PlayStation Portable, if that."

He said it was a move intended to support the upcoming launch of the PlayStation Vita which will count as one of the activated devices.

The changes apply to gamers based in the UK, Australia, Ireland, New Zealand and the Middle East. However, it is thought the policy will soon be applied to other territories including the key markets of Japan and the US.



Powered By WizardRSS.com | Full Text RSS Feed | Amazon Plugin | Settlement Statement