| 10 October |
Threatened Government Assests |
I’m a little bemused at times that reports of major virus infections don’t raise concerns higher up the Government food chain. I draw your attention to two recent news reports (‘Sinister’ Integral Energy virus outbreak a threat to power grid – Sydney Morning Herald Oct 1 2009, RailCorp wrestles with Conficker – ZdNet Australia Oct 6 2009) Yeah, I know that the media is hungry for news and happy to beef up any story to make it more news worthy, but seriously folks, is anyone else sharing my concern?
I’m sure, or at least would like think, that the control systems that operate the ‘power grid’, and our wonderful rail network are somewhat protected from these little nasties but neither of these stories instill major confidence. I read an article in April this year on Bruce Schneier’s Blog called ‘U.S. Power Grid Hacked, Everyone Panic! which spoke about how ‘Cyberspies penetrated the U.S. electrical grid’ and left behind malware that could be used to disrupt the power system. Sound familiar? In the same month, a NetworkWorld article discussed how Ira Winkler, a security consultant, was hired by a US Utility to check their security. Ira and a merry team of experts took just a day to set up attack tools they needed then launched their attack, which paired social engineering with corrupting browsers on the power company’s desktops. By the end of a full day of the attack, they had taken over several machines, giving the team the ability to hack into the control network overseeing power production and distribution.
Wow, and this one was a planned attack. Regardless of the infection, if the same kinds of malware or virii can be used to exploit similar vulnerabilties as in the US cases we’re in all sorts of trouble. The conditions that allow Conficker to spread mean that any semi-skilled hacker or malware author can do the same and much worse with complete and total impunity.
Conficker for example, was one of the first worms to exploit a serious security vulnerability in Windows (MS08-067). But Conficker doesn’t stop there, it also is able to guess ‘weak’passwords and exploit autorun, a common utility Companies that make digital photo frames, MP3 players, GPS systems, and other assorted USB devices have really embraced.
This should be a complete non-story, and actually it is not the ‘real’ story. The real story is that companies are still not doing the basics. Keep your systems patched, keep your applications patched, and require and use strong passwords. Some of this is just common sense.
If you are still worried about Conficker or other infections, follow these steps:
- Go to http://update.microsoft.com/microsoftupdate to verify your settings and check for updates.
- If you can’t access http://update.microsoft.com/microsoftupdate, go to http://safety.live.com and scan your system.
If you have questions or want advice please don’t hesitate to contact me.
