{"id":68,"date":"2008-01-19T21:53:56","date_gmt":"2008-01-20T05:53:56","guid":{"rendered":"http:\/\/cubist.cs.washington.edu\/Security\/2008\/01\/19\/hackers-extort-utility-companies\/"},"modified":"2008-01-19T21:57:16","modified_gmt":"2008-01-20T05:57:16","slug":"hackers-extort-utility-companies","status":"publish","type":"post","link":"https:\/\/secblog.cs.washington.edu\/Security\/2008\/01\/19\/hackers-extort-utility-companies\/","title":{"rendered":"Hackers Extort Utility Companies"},"content":{"rendered":"<p>Tom Donahue, the CIA\u2019s top security analyst, announced this week that attackers hacked into the computer systems of foreign utility companies and held power grids hostage until their demands were met. In one case, they also caused a power outage that affected multiple cities. According to a <a href=\"http:\/\/www.forbes.com\/2008\/01\/18\/cyber-attack-utilities-tech-intel-cx_ag_0118attack.html\">Forbes.com<\/a> article, the attacks occurred over the last two years, and an unknown amount of money was extorted.<\/p>\n<p><!--more--><\/p>\n<p>An article on <a href=\"http:\/\/www.washingtonpost.com\/wp-dyn\/content\/article\/2008\/01\/18\/AR2008011803277.html?hpid=moreheadlines\">washingtonpost.com<\/a> suggests that the reason extortion events like this continue to occur is because large corporations like banks and online gambling sites simply pay the extortionist\u2019s demands to keep their websites up and to keep their names out of the papers. Unfortunately, by caving to and attacker\u2019s demands the companies set up a precedent of payout that will keep attackers coming back for more money as long as they can. It is true that an online gambling site likely makes most of its money by having the site up and accessible to users at all times and having a good reputation, but allowing the attackers to go free just perpetuates the problem. Setting a precedent of a very strong response would let the attackers know that they aren\u2019t going to get away with anything, and could serve as a very strong deterrent against future attacks.<\/p>\n<p>It\u2019s unclear from the articles how serious the threat posed to the United States is, but as a consumer of electricity I would like to know that steps are being taken to keep my coffee maker running. These steps should include more stringent security standards for the technologies used by utility companies for remote access, and the companies themselves should also be sure to provide security training for employees. The security training is only worthwhile if you trust your employees though: at least <a href=\"http:\/\/www.forbes.com\/2008\/01\/18\/cyber-attack-utilities-tech-intel-cx_ag_0118attack.html\">the Forbes article<\/a> referenced a source who believed that inside knowledge had been used to hack into the systems. It can easily be inferred from this that some care should be taken to strengthen measures within the system to prevent disgruntled employees from doing damage internally.<\/p>\n<p>In an increasingly wired (wireless?) world, companies can save a lot of man-hours and money by allowing their employees to access resources remotely. However, these resources need to be adequately protected in order to ensure that only authorized personnel can access them, and the systems should ideally be read-only to ensure that even if a malicious use gained access, they couldn\u2019t make changes that could affect power grids.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Tom Donahue, the CIA\u2019s top security analyst, announced this week that attackers hacked into the computer systems of foreign utility companies and held power grids hostage until their demands were met. In one case, they also caused a power outage &hellip; <a href=\"https:\/\/secblog.cs.washington.edu\/Security\/2008\/01\/19\/hackers-extort-utility-companies\/\">Continue reading <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":19,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[4],"tags":[],"class_list":["post-68","post","type-post","status-publish","format-standard","hentry","category-current-events"],"_links":{"self":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/68","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/users\/19"}],"replies":[{"embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/comments?post=68"}],"version-history":[{"count":0,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/posts\/68\/revisions"}],"wp:attachment":[{"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/media?parent=68"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/categories?post=68"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/secblog.cs.washington.edu\/Security\/wp-json\/wp\/v2\/tags?post=68"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}