http://www.washingtontimes.com/news/2011/may/24/homemade-cyberweapon-worries -feds/
Homemade cyberweapon worries federal officials Capable of crippling key industrial controls 4 Comments and 51 Reactions <http://www.washingtontimes.com/news/2011/may/24/homemade-cyberweapon-worrie s-feds/#disqus_thread> |Tweet|Share <http://www.addthis.com/bookmark.php?v=250&winname=addthis&pub=washtimes&sou rce=tbx-250&lng=en-us&s=facebook&url=http%3A%2F%2Fwww.washingtontimes.com%2F news%2F2011%2Fmay%2F24%2Fhomemade-cyberweapon-worries-feds%2F&title=Homemade %20cyberweapon%20worries%20federal%20officials%20-%20Washington%20Times&ate= AT-washtimes/-/-/4ddd83ce259a0d16/1&uid=4ddd83cea9eca7c5&sms_ss=1&at_xt=1&pr e=http%3A%2F%2Fwww.familysecuritymatters.org%2Fpublications%2Fid.1685%2Fpub_ detail.asp&tt=0> |Print <http://www.washingtontimes.com/news/2011/may/24/homemade-cyberweapon-worrie s-feds/print/> |Email|More <http://www.addthis.com/bookmark.php?v=250&pubid=washtimes> <http://www.addthis.com/bookmark.php?v=250&pubid=washtimes> By Shaun Waterman <http://www.washingtontimes.com/staff/shaun-waterman/> - <http://www.washingtontimes.com/staff/shaun-waterman/> The Washington Times <http://www.washingtontimes.com/staff/shaun-waterman/> 8:45 p.m., Tuesday, May 24, 2011 <http://www.washingtontimes.com/staff/shaun-waterman/> Two security researchers, working at home in their spare time, have created a cyberweapon similar to the sophisticated Stuxnet computer worm that was discovered last year to have disrupted computer systems running Iran's nuclear program. <http://www.washingtontimes.com/topics/islamic-republic-of-iran/> The private efforts by Dillon Beresford and Brian Meixell are raising concerns among U.S. government officials that hackers will launch copycat cyber-attacks that could cripple computer controls at industrial sites such as refineries, dams and power plants. <http://www.washingtontimes.com/topics/us-government/> Officials at the Department of Homeland Security were so distressed by the researchers' findings that they asked the two men to cancel a planned presentation at a computer security conference in Dallas last week called TakeDownCon. <http://www.washingtontimes.com/topics/us-government/> "They requested that I not share the data, but it was absolutely my decision to cancel," Mr. Beresford told The Washington Times. Homeland Security "in no way tried to censor the presentation, and the conference organizers were very supportive. . We did the right thing." <http://www.washingtontimes.com/topics/dillon-beresford/> Initial analysis of the 2009 Stuxnet attack on Iran suggested that replicating it would require the resources of a nation-state or large organization and detailed information on how the target computer system was set up. The origin of Stuxnet has not been discovered. <http://www.washingtontimes.com/topics/islamic-republic-of-iran/> But Mr. Beresford said he developed the cyberweapon "in my bedroom, on my laptop" in 2 1/2 months. The malicious software, or malware, was tested on equipment made by Siemens, the German-based industrial giant that makes the system that was attacked by the Stuxnet worm. <http://www.washingtontimes.com/topics/siemens-ag/> Siemens products - known as industrial control systems - are used in thousands of power stations, chemical plants and other industrial settings worldwide. Stuxnet was designed to make the machinery controlled by an industrial control system destroy itself. <http://www.washingtontimes.com/topics/siemens-ag/> Once Siemens saw Mr. Beresford's presentation, the company renewed laboratory work on software patches for controllers that were developed after Stuxnet, Mr. Beresford said. He said he worked last week with officials from a special Homeland Security unit in charge of protecting industrial computer programs but was becoming impatient with Siemens' response. <http://www.washingtontimes.com/topics/siemens-ag/> "This is another egregious example of a vendor trying to minimize the impact of multiple security vulnerabilities in their products and being somewhat evasive about the truth," he said, noting that the company tried to downplay concern in its public statements and had yet to publish a fix for the flaws he had found. <http://www.washingtontimes.com/topics/siemens-ag/> "The clock is ticking, and time is of the essence. I expect more from a company worth $80 billion, and so do [their] customers," Mr. Beresford said. <http://www.washingtontimes.com/topics/dillon-beresford/> Siemens spokesman Robert Bartels told The Times that the company is testing fixes and expects to release them "within the next few weeks." <http://www.washingtontimes.com/topics/siemens-ag/> Homeland Security Department officials asked the researchers to delay their presentation until special repair measures aimed at patching security holes they identified are fully developed. They praised the researchers for postponing public release of data that hackers could use to attack computers that control critical infrastructure around the world. <http://www.washingtontimes.com/topics/siemens-ag/> "Responsible disclosure . does not encourage the release of sensitive vulnerability information without also validating and releasing a solution," a Homeland Security official said in an email. <http://www.washingtontimes.com/topics/siemens-ag/> The disclosure that independent researchers could replicate Stuxnet - which security specialists said at the time likely required a large design team to produce and an industrial plant for testing - will increase concerns about the proliferation of advanced cyberweapons that could cause large-scale death and destruction if unleashed by terrorist groups, criminal gangs or foreign governments. [Non-text portions of this message have been removed] ------------------------------------ -------------------------- Want to discuss this topic? Head on over to our discussion list, [email protected]. -------------------------- Brooks Isoldi, editor [email protected] http://www.intellnet.org Post message: [email protected] Subscribe: [email protected] Unsubscribe: [email protected] *** FAIR USE NOTICE. This message contains copyrighted material whose use has not been specifically authorized by the copyright owner. OSINT, as a part of The Intelligence Network, is making it available without profit to OSINT YahooGroups members who have expressed a prior interest in receiving the included information in their efforts to advance the understanding of intelligence and law enforcement organizations, their activities, methods, techniques, human rights, civil liberties, social justice and other intelligence related issues, for non-profit research and educational purposes only. We believe that this constitutes a 'fair use' of the copyrighted material as provided for in section 107 of the U.S. Copyright Law. If you wish to use this copyrighted material for purposes of your own that go beyond 'fair use,' you must obtain permission from the copyright owner. For more information go to: http://www.law.cornell.edu/uscode/17/107.shtmlYahoo! Groups Links <*> To visit your group on the web, go to: http://groups.yahoo.com/group/osint/ <*> Your email settings: Individual Email | Traditional <*> To change settings online go to: http://groups.yahoo.com/group/osint/join (Yahoo! ID required) <*> To change settings via email: [email protected] [email protected] <*> To unsubscribe from this group, send an email to: [email protected] <*> Your use of Yahoo! Groups is subject to: http://docs.yahoo.com/info/terms/
