manafort is states evidence!!!!!!
@thegibson Hey, question for you:
While the mundane explanation is the most likely in the recent Boston gas explosions, could it also be caused by a cyber attack? It's no secret that foreign agents have been not only getting into our power grid, but into local systems themselves. And, apparently, no real action has been taken to stop this.
I'm not, like, panicking or anything. It's just an honest question.
@thegibson I figured that it was highly unlikely, but I sort of have an interest in this stuff because 1.) it's neat, and 2.) I swear to God, whenever I worked at the hospital, I knew more about cyber security than the entire IT department -- as inexperienced as I am in a topic that's totally foreign to me, so I'd like to learn even more.
it all depends if the pipelines are computer controlled, and an ip enabled system that can access it and finding a nearby system that could generate a spark of some
If both systems were in proximity, and had exploitable vulnerabilities, then I wouldn't rule it out.
It is possible, but unlikely.
Adding to the conversation. If such systems were remotely accessible, a poorly implemented exploit or a general lack of understanding of the systems involved could inadvertantly cause catastrophic damage.
Poor maintenance or human fuckups are perhaps more likely.
@remotenemesis @thegibson See, that's my other big interest in this. Yeah, the mechanics of cyber attacks are neat, but I'm also interested in the security end as well -- how to defend against this stuff.
And then there's the social engineering end of this, too. If I learned any one thing from Kevin Mitnik, it was how just simple observation is probably your best tool for breaching someone's stuff. So, how much is cyber defence being beefed up along THESE parameters, too?
so currently they are used largely for disinformation, supply chain disruption, Service disruption, recon, intel gathering and collateral damage.
Most machines of war would not be easy to disrupt on the battlefield... although, there are indicators that DPRK's failed missile launches were due to American intervention (think Stuxnet)...
Critical weapons systems should not be put into a vulnerable stance to start with.
@remotenemesis @thegibson Ukraine, in general, used to be a big thing for me. It has to partially do with my decades-long interest in Chernobyl, and that sort of led me into Ukrainian history and politics.
I'm nowhere near into it as I used to be, and I'm absolutely not an expert by any stretch of the imagination, but, God, Ukraine is probably one of the most interesting counties on Earth.
So, yeah, I've been watching the Russian attacks somewhat closely, but not as much as I probably should.
Wired recently had a in-depth story on how NotPetya took Maersk down.
Here's a timeline from a broader perspective.
See, that's my OTHER thing. My interest in all things radiological makes me REALLY interested in attacks on nuclear power plants.
That's what Stuxnet ultimately did -- well, mess with the process of refining Uranium and overwork the centrifuges.
So, how much farther could that go? Would it be possible to start at least a partial meltdown, much in the same way that Three Mile Island went down?
This is the fun theoretical.
The best way to stop this is to utilize a security model that mitigates thoughts not by solely file signature, but monitoring processes on the endpoint and killing processes that appear to be malicious before they can do damage.
It's why I sell the products I do in particular... they do both.
If it's a system you HAD to learn for work, well, come on. I had to learn how the various patient/orders/charts/film transfer system worked. They were all different things, but I didn't have a problem! It can be done!
Linux is malleable. Can't they make a special one for, say, nuclear power plants?
Industrial PLCs are embedded systems, often running on less mainstream hardware like NXP POWER processors and the like.
An attacker might look to gain persistent access on the IT Network as a vector to attack the Operations Network.
Here's a very entertaining talk on how that first part could happen
So here's what I see out there... as a blue team professional.
The people to handle these vulnerabilities are in short supply, and they are human.
The tools to handle these threats exist, but aren't cheap.
Companies often don't take the threats seriously enough to spend the money "that wouldn't happen here"
They are gambling.
These problems can be mitigated.
BUT... you are just making yourself a harder target ultimately.
If a state actor is determined...
@remotenemesis @TheGibson @fidgety even if not remotely accessible it's possible for an attack to jump the airgap. Stuxnet did. https://www.wired.com/2011/07/how-digital-detectives-deciphered-stuxnet/ and https://www.csmonitor.com/USA/2010/1003/Stuxnet-worm-Private-security-experts-want-US-to-tell-them-more
Now, its almost certain that the gas main explosion in MA (and the similar one here in SFBA in 2010 https://en.m.wikipedia.org/wiki/San_Bruno_pipeline_explosion ) are due to infrastructure underinvestment and financial rigamarole at the utility companies leading to incompetent maintenance and ops staff.