We’ve all read a lot about the potentially devastating impact of a pre-emptive, nation-state backed cyber attack on our critical infrastructure in recent years. Why, it wasn’t more than two weeks ago that Defense Secretary Leon Panetta warned about the dire consequences of a “digital Pearl Harbor.” An “aggressor nation or extremist group,” he warned “could use these kinds of cybertools to gain control of critical switches … [and] derail passenger trains, or even more dangerous, trains loaded with lethal chemicals,” according to a report in Stars and Stripes. “They could contaminate the water supply in major cities, or shut down the power grid across large parts of the country.” It’s scary stuff, for sure. But not unprecedented. In fact: anyone on the Eastern Seaboard of the United States can look out their window right now and see a major dry run (more like a wet run) of a massive […]
Infrastructure
FBI Surveillance of NY Fed Terror Suspect Included Facebook Chats
The FBI’s surveillance of Quazi Nafis, the alleged terror suspect who tried to blow up the New York Federal Reserve Bank, included Facebook chats between Nafis, a co-conspirator and a confidential FBI source, according to a copy of the indictment released on Wednesday. The indictment details a months-long investigation of Nafis, a 21 year-old Bangladeshi and Queens, New York, resident who entered the U.S. on a visa in January, 2012. While much of the surveillance consisted of recorded phone- and in person conversations, Nafis also used Facebook in July to debate with his co-conspirators about whether his planned act of jihad was sanctioned under Muslim law. Nafis was arrested in New York’s financial district Wednesday after he attempted to detonate what he believed was a truck bomb parked outside the New York Federal Reserve bank. The bomb was assembled by Nafis and a co-conspirator using inert materials supplied by the […]
Are Security Firms Ducking Attribution for VOHO? (Rhymes with ‘Carolina’)
RSA left few stones unturned in its recent report (PDF) on the so-called “VOHO” attacks against pro democracy, military industrial base and high finance firms. But one question that was notably left unanswered was perhaps the most important: “Who, or what, was behind the attacks?” Now the lead RSA security researcher trusted with analyzing the malware used in recent “watering hole” attacks tells Security Ledger that the malware left some clues as to the origins of the attacks, which affected tens of thousands of systems in more than 700 organizations, but not enough to conclusively link VOHO to a specific group, country or actor. “It’s hard to tell,” said Chris Elisan, a Principal Malware Scientist at RSA and the lead investigator into the malware used in the VOHO attacks. “The malware is only part of it,” he said. Other parts of what Elisan called the “attack chain” are needed to identify […]
After VOHO Attacks, Organizations Face Arduous Clean Up
News about the so-called VOHO “watering hole” attacks have faded from the headlines, but the hard work for hundreds of organizations who were victims of the attacks has just begun. The first step for many firms is figuring out if they were victims.
