• Tag Archives hack
  • Electricity grid hacked – again

    Due to a lack of time, I did not blog about what seemed to be the world’s first recorded case of a computer breach taking down a sizable chunk of an electricity grid.
    So, here there is a case of the second hack. Nothing went black (according to the report), but the grid was/is out of control.

    http://arstechnica.com/security/2016/01/israels-electric-grid-hit-by-severe-hack-attack/

    Israel’s Electricity Authority experienced a serious hack attack that officials are still working to repel, the country’s energy minister said Tuesday.

    “The virus was already identified and the right software was already prepared to neutralize it,” Israeli Energy Minister Yuval Steinitz told attendees of a computer security conference in Tel Aviv, according to this article published Tuesday by The Times of Israel. “We had to paralyze many of the computers of the Israeli Electricity Authority. We are handling the situation and I hope that soon, this very serious event will be over … but as of now, computer systems are still not working as they should.”

    The “severe” attack was detected on Monday as temperatures in Jerusalem dipped to below freezing, creating two days of record-breaking electricity consumption, according to The Jerusalem Post. Steinitz said it was one of the biggest computer-based attacks Israel’s power authority has experienced and that it was responded to by members of his ministry and the country’s National Cyber Bureau. The response included shutting down portions of Israel’s electricity grid. The energy minister didn’t identify any suspects behind the attack or provide details about how it was carried out.

    The attack comes five weeks after Ukraine’s power grid was successfully disrupted in what’s believed to be the world’s first known hacker-caused power outage.

    Hard to draw any conclusions from this. I found it interesting that they said they were sort of waiting for it and that they were ready to neutralize it.

    The one thing we can be sure about, we are going to see more of this, and it is only a matter of time till one or more of us are impacted by it.

    [Update, unlike this attack on Israel’s grid, the Ukraine outage was a very long and deliberate attack on just the electrical grid. The attackers first gained access to the workers remote log on system. Rather than doing anything there and then, they apparently spent months looking over the system layout and planed to take down as much of the system AND make it as difficult as possible to get back on line.
    Roughly, in order. They first replaced the firmware in the Ethernet to serial converters at many substations.
    Then, they replaced the firmware in several key UPS’s so that they would not do their job.
    Then, they simply turned off the breakers in the substations via the control system graphical interface.
    Once that was done, they formatted the computer hard drives as they backed out of the system.
    The last breaker they flipped was the control center, which, since the UPS was now out of action, even when the operators got the power back on for themselves, their computers would not boot…. Once they got that solved, they still had to drive out to the substations because they could not command the breakers to turn back on because of the borked firmware in the protocol converters.
    It was a spectacular hack. Key because it started with a human interface. Remote (from home) login].



  • Amazon is easy to social hack

    If you have registered a website URL, you have to put a physical address for your ‘home’. You can pay extra to keep it unlisted, but that’s a yearly fee for what?
    After reading this poor guys hassles, I am rethinking my listing…..

    http://arstechnica.com/security/2016/01/how-amazon-customer-service-was-the-weak-link-that-spilled-my-data/

    As a security conscious user who follows the best practices—using unique passwords, two-factor authentication, only using a secure computer, and being able to spot phishing attacks from a mile away—I thought my accounts and details would be pretty safe. I was wrong.

    That’s because when someone went after me, all those precautions were for nothing. That’s because most systems come with a backdoor called customer support. In this post I’m going to focus on the most grievous offender: Amazon.com. Amazon.com was one of the few companies I trusted with my personal information. I shop there, I am a heavy AWS user (raking up well over $600/month), and I used to work there as a software developer.

    My story began with a rather innocuous e-mail:

    It is a bit of read, but the long story short is that a hacker got his web site registered address and used that to call Amazon and by asking them about where a ‘their’ last order was sent (turns out, the guy was smart and used the address of a nearby motel to register as his website URL address) and thus got his home address and phone number.
    They then used this information to get his bank to send them a new credit card.
    Once they had that, they went back to Amazon and got more information about the guy via their online chat.

    Enough to say the guy has closed all his Amazon accounts and will never do business again with them.

    I have no answer for this one. I am in the same place… I have a website, I have an Amazon account.
    I am a ticking clock, just waiting to have my details leaked by some clueless customer rep. Bleh.



  • Physical blackmail from a cyber hack

    I did not blog about it, but wrote an offline ‘paper’ on it….
    The Ashley Madison hack. You have probably heard about it, but just in case… It was an online ‘dating’ website. The twist was that it encouraged you to cheat on your spouse. Their motto was ‘life is short, have an affair’.
    Ok, not very nice, moving on….. They got hacked. Big time. Millions of account names, passwords, addresses, GPS locations and chat history was leaked into the public interwebs.
    A bunch of people got outed, there were some suicides, public shaming and well, the fall out still continues.
    Now the physical blackmailing has begun.

    It is not that long of a read, and I can not cut/paste the text from the letter since it is an image, but please follow the link and read the letter.

    http://betanews.com/2016/01/21/would-you-pay-up-if-you-received-an-ashley-madison-blackmail-letter-like-this/

    That is just a little bit scary.
    Ok, that is very very scary.

    Now, granted, most of us were not on the Ashley Madison website, so we are not going to get letters like this, also, most of us live lives that we are happy to tell our friends and spouses about….. But, what if our online lives lead to a letter like this?

    Man, there are some seriously deranged people in the world.