Perspectives; Thoughts; Comments; Opinions; Discussions

Posts tagged ‘Cyber Attack’

DHS whistleblower: ‘Protect’ the election? Agency itself was hacked


waving flagBy J.E. Dyer September 5, 2016

URL of the original posting site: http://libertyunyielding.com/2016/09/05/dhs-whistleblower-protect-election-agency-hacked/

Masters of non-compliance. DHS whistleblower: ‘Protect’ the election? Agency itself was hacked. (Image via deadlinelive.info)

I’ve been warning against a rush to take DHS secretary Jeh Johnson up on his proposal to declare state voting systems “critical national infrastructure.”

Johnson’s plan would allow the federal government to essentially take over the state voting systems, by administering standards for their performance even more actively than is already the case under the Help America Vote Act of 2002.

My chief concern so far has been that the integrity of these systems should not be entrusted to a central, federal authority.  I’d say this no matter who was in the White House, because it’s just a bad idea.  It centralizes the power to affect every election in the country, in a way there can be no effective checks and balances on. In the case of the Obama administration, it would be setting the fox to guard the hen house.  The states need to retain control of their voting systems.  And the less centralized the standard-setters and the vendors are, the better.what could possibly go wrong

But this weekend, WND pointed out another reason to be leery of Johnson’s plan.  A WND article cites Philip Haney, the former DHS analyst and whistleblower, reminding us that DHS itself has been the target of high-profile hacking. Jeh Johnson’s interest in declaring voting systems “critical infrastructure” has reportedly increased with the FBI’s revelation that hackers penetrated the state election boards of Arizona and Illinois.*  What they gained access to was the voter registration database in each state. But DHS has also been targeted successfully by hackers, including within the last year.

In the WND article, the instance Philip Haney refers to is the massive hack of the federal Office of Personnel Management in 2014-15, which affected nearly 22 million current and former federal workers, including thousands at DHS. But DHS was hacked in a different case more recently. In that case, a group of apparently independent foreign hackers (including at least one 16-year-old) gained access to DHS and DOJ records, and published personal information about 9,000 federal employees. The hack was reported in February 2016.

DHS’s track record with hacking hasn’t been impressive.  It’s interesting to note that the state election board hacks were accomplished through the method called “SQL injection.”  The reason that’s interesting is that the method has been a known vulnerability for two decades – and DHS was itself hacked by SQL injection attacks in 2008 and 2012.

Yet an audit done by the agency’s Inspector General in 2015 revealed that DHS was deficient in guarding against attacks by SQL injection, having failed to implement adequate precautions against those and other forms of cyberattack.Oh good

It’s all very well to condescendingly assure skeptics that DHS would of course do better than that in preparing to secure America’s voting infrastructure.  But what was stopping the agency from doing better at securing sensitive things like the personnel data of ICE and CBP, between 2008 and 2015?

It’s a legitimate question, why we should let control of our voting systems become centralized in a federal agency, when neither that agency nor most of the rest of the federal government has a respectable record of avoiding cyber-intrusion. It’s quite possible that centralizing control of our voting systems would just make life easier for hackers.  That’s a serious and valid point.  If cyberattacks are as hard to ward off as they seem to be, less centralization is inherently better.

* Here, it’s important to keep in mind that the state election board websites are not inherently “voting systems,” which typically are administered separately.  There may be electronic connections between them, but they’re not the same thing.  So don’t let the hacking of state administrators’ websites mislead you to believe that the computer you cast your vote on has necessarily been hacked.

It might be possible for someone to use voter registration data from the state election board database to enter false votes into the voting system itself.  But that would require penetrating another system.  Such penetration is possible, of course, but if it has happened, it hasn’t been reported.

Category:

Political

Tagged with:

We Are On Notice: Terrorists Target Grids


by Frank Gaffney27 Jan 2015

URL of the Original Posting Site: http://www.breitbart.com/national-security/2015/01/27/we-are-on-notice-terrorists-target-grids/

Reuters

Reuters

On Sunday, jihadists attacked a main power line in Pakistani Balochistan’s Naseerabad district. As a result, 140 million Pakistanis were left in the dark and two nuclear power plants were knocked off line. This is but the latest incident in which hostile forces used sabotage to take down parts of an electrical infrastructure. Others include:

  • In the early hours of the morning on April 16, 2013, a highly professional commando-style assault took place on Pacific Gas & Electric’s Metcalf substation near San Jose, California. As many as twenty-one effectively irreplaceable high-voltage transformers were very nearly destroyed. Had that occurred, Silicon Valley and much of the San Francisco Bay area could have been without power for protracted periods, possibly for years. The yet-to-be-identified attackers got away and must be assumed to be still at large.
  • On October 27, 2013, the Knights Templar drug gang struck and disrupted the grid of Mexico’s Michoacan State. 
  • On June 9, 2014, al Qaeda in the Arabian Peninsula (AQAP) used mortars and rockets to attack the national grid of Yemen by destroying transmission towers. It was the first time that a terrorist attack resulted in an entire country being blacked-out. 

In addition, there have been a number of incidents in which hackers believed to be associated with Russia, China, North Korea, and Iran have demonstrated the capability to use cyber techniques to penetrate and potentially to exercise destructive control over critical infrastructures like electric grids.

In addition, Rep. Trent Franks (R-AZ) has observed that a recently translated Iranian doctrinal statement makes reference in twenty different places to the use of electromagnetic pulse (EMP) to attack that nation’s enemies. The Russians, Chinese, and North Koreans similarly regard EMP as simply a type of cyberwarfare, to be employed offensively against their enemies, including this country.

It appears that official Washington has finally begun to pay attention to the vulnerability of the U.S. electric grid. Notably, the chairman of the House Homeland Security Committee’s Subcommittee on Cyber-security, Congressman Patrick Meehan (R-PA) hinted that the December 2014 North Korean cyber attack on Sony could portend that the United States’ critical infrastructure could be its next target. He observed:

American businesses, financial networks, government agencies and infrastructure systems like power grids are at continual risk. They’re targeted not just by lone hackers and criminal syndicates, but by well-funded nation-states like North Korea and Iran. A lack of consequences for when nation states carry out cyberattacks has only emboldened these adversaries to do more harm.

Even if no jihadist or other terrorist, hacker or hostile nation tries to disrupt our most critical of critical infrastructures via one technique or another, we still have to “harden” the grid. After all, we are overdue for the sort of intense solar storm that occurs roughly every 150 years. And when it hits, by one estimate issued by the National Oceanographic and Atmospheric Administration, 130 million Americans will be without power for years. Needless to say, most of those affected will perish before the lights come back on.

Fortunately, on December 1, 2014 in what may have been the only laudable action to come out of the lame duck session, the House of Representatives took a small, but important, step to address the vulnerability of the U.S. bulk power distribution system. It unanimously approved the Critical Infrastructure Protection Act (CIPA), a bill that requires the Department of Homeland Security to develop a plan for protecting the grid against solar weather, cyber attack, EMP and more. Rep. Meehan co-sponsored this legislation, along with its lead sponsors, Reps. Franks and Pete Sessions (R-TX).

With the new Congress, the CIPA bill will have to start from scratch – as would any other legislation designed to achieve grid resiliency on the more accelerated basis that is needed in the face of the aforementioned human-induced and naturally occurring threats to the grid. Still, the elevation of Sen. Ron Johnson (R-WI) to the chairmanship of the Senate Homeland Security Committee and his commitment and that of his House counterpart, Rep. Michael McCaul, to swift action on CIPA is heartening. 

But will it be in time?

Freedom with Prayer

Category:

Political

Tagged with:


Normal

Posted on January 5, 2015

URL of the Original Posting Site: http://conservativebyte.com/2015/01/normal/

Normal

Dupe and Chains

Imperial President Obama

By WhatDidYouSay.org

By WhatDidYouSay.org

Category:

Political

Tagged with:

This From Breitbart News: Report: ‘Sustained Cyberattack’ Crippled White House for Two Weeks


MId Term drawing

by 29 Oct 2014

 URL of Original Posting: http://www.breitbart.com/Big-Government/2014/10/29/Report-Sustained-Cyberattack-Crippled-White-House-for-Two-Weeks

A “sustained cyberattack” has crippled the White House for at least two weeks or longer, reports the Huffington Post.

The Obama White House confirmed that it “identified activity of concern on the unclassified EOP [Executive Office of the President] network.” The Huffington Post cites sources familiar with the situation as saying that this attack was much more significant than usual cyberattacks and was responsible for “putting the system on the fritz for nearly two weeks, if not longer.”

The White House said it was not in a position to offer details.

However, as the Post notes, “Network outages are not uncommon in the White House, but they typically last no more than a few hours. For the system to be damaged for days on end indicates an attack of significant strength.”

The White House cyberattack revelation comes just weeks after President Barack Obama reportedly told wealthy Democratic donors of a “doomsday” scenario wherein “cyber criminals could literally wipe out the identities of millions of people through some breach of government systems and that could lead to massive chaos,” one person with firsthand knowledge of the meeting told Fox Business.

Article collective closing

Category:

Political

Tagged with:

Tag Cloud