Shuyuan Mary Ho Metcalfe

Federal investigators are looking into a report that hackers managed to remotely shut down a utility’s water pump in central Illinois last week, in what could be the first known foreign cyber attack on a U.S. industrial system.

The Nov. 8 incident was described in a one-page report from the Illinois Statewide Terrorism and Intelligence Center, according to Joe Weiss, a prominent expert on protecting infrastructure from cyber attacks.

The attackers obtained access to the network of a water utility in a rural community west of the state capital Springfield with credentials stolen from a company that makes software used to control industrial systems, according to the account obtained by Weiss. It did not explain the motive of the attackers.

In 2007, researchers at the U.S. government’s Idaho National Laboratories identified a vulnerability in the electric grid, demonstrating how much damage a cyber attack could inflict on a large diesel generator. (To see video that was leaked to CNN: here)

Lani Kass, who retired in September as senior policy adviser to the chairman of the U.S. Joint Chiefs of Staff, said the United States should take the possibility of a cyber attack seriously.

“The going in hypothesis is always that it’s just an incident or coincidence. And if every incident is seen in isolation, it’s hard — if not impossible — to discern a pattern or connect the dots,” Kass told Reuters.

“Failure to connect the dots led us to be surprised on 9/11,” she said, describing the Sept. 11, 2001 hijacking attacks as a prime example in which authorities dismissed indicators of an impending disaster and were caught unaware.

From Reuters: http://www.reuters.com/article/2011/11/19/cybersecurity-attack-idUSN1E7AH1QU20111119

Picture from kiwicommoms.com

The Department of Energy’s non-classified IT systems have recently come under successful cyberattacks at least four times, costing the department more than $2 million, the DoE inspector general said in an audit made public Monday.
The report, part of the department’s annual Federal Information Security Management Act review, didn’t provide details on the cyberattacks, except to peg the cost of three of the four breaches at over $2 million.

“As noted by recent successful attacks at four department locations, exploitation of vulnerabilities can cause significant disruption to operations and/or increases the risk of modification or destruction of sensitive data or programs, and possible theft or improper disclosure of confidential information,” Inspector General Gregory Friedman wrote in the report.

In July, a sophisticated cyberattack shut down Internet and e-mail services at the Pacific Northwest National Laboratory, an Energy Department facility that conducts IT security research.

Though DoE had expanded efforts to mitigate these risks in the last fiscal year, which ended Sept. 30, more steps must be taken to strengthen department IT from attackers seeking to exploit vulnerabilities in applicatons and products, the inspector general audit said.

From GovInfoSecurity.com: http://www.govinfosecurity.com/p_print.php?t=a&id=4184

A sophisticated cyberattack has shut down Internet and e-mail services at the Pacific Northwest National Laboratory, an Energy Department facility that conducts IT security research.

An Energy Department spokesman was unavailable for comment, but a posting on Twitter by the lab Wednesday stated: “A sophisticated cyberattack has shut down Internet and e-mail at PNNL. Full access will be restored once we can repel further attacks.”

As of midmorning Friday EDT, the Pacific Northwest website remained down.

According to the Department of Homeland Security’s Daily Open Source Infrastructure Report, citing local media, Pacific Northwest shuttered its website and blocked incoming e-mail after discovering on July 1 that it was targeted in a highly sophisticated cyberattack.

The report said no classified information was compromised. The lab’s website was backed up. Its external e-mail service was not scheduled to be restored until the lab staff fully diagnosed what occurred and added any needed security patch, the DHS report said.

The DHS report cites a Pacific Northwest spokesman as saying the lab’s external computer network averages 4 million unauthorized access attempts each day.

From GovInfoSecurity.com: http://www.govinfosecurity.com/articles.php?art_id=3825

As computers, databases and networks come to intermediate almost every aspect of modern human life, the volume of electronic breadcrumbs generated from our daily activities and transactions has exploded. Academic researchers, marketers, governments, and social scientists are all clamoring to record, save and crunch all that information to gain new insights in order to move society, as well as their own interests, forward.

The big questions: How should they responsibly handle it all, and how can they intelligently interpret what they find?

It’s a question that is so profound that it’s going to take decades to figure out, if at all. Some people are calling this next stage of the information revolution the “industrial revolution of data.” The Economist notes, “The effect is being felt everywhere, from business to science, from government to the arts.”

Indeed, two influential researchers Danah Boyd of Microsoft Research and Kate Crawford of the University of New South Wales in Australia predict that “Big Data,” as the phenomenon is being called, will realign our fundamental assumptions and operations in life, just as Henry Ford’s revolutionary automation of making products “produced a new understanding of labor, the human relationship to work, and society at large.”

“Big Data,” and its implications for society are a big theme among the technorati these days. This week, for example, the theme for the big Web 2.0 Summit in San Francisco was focused on this very issue. When introducing the conference on Monday, conference co-chair and publisher Tim O’Reilly used a vivid example to illustrate the point: Google’s self-driving car is only able to do what it can do because all the equipment it is decked out with is gathering and processing huge amounts of information to navigate.

From TPM IdeaLab: http://idealab.talkingpointsmemo.com/2011/10/beyond-big-brother-big-data.php?ref=fpc

At first glance it seems like a fairly routine military tech project: DARPA, the Defense Advanced Research Projects Agency, is developing a miniature unmanned air vehicle that can be carried into the field in a rucksack and sent out to a remote urban location, where it will find a spot from which to perch and transmit surveillance video.

The technology for this vulture-like “Perch and Stare” device is within reach, but DARPA has taken a rather extraordinary approach to getting the concept into production.

Rather than contracting out with domestic research institutions or defense industry companies, DARPA has extended a welcome mat to everyone around the world through an elaborately crowd-sourced competition called UAVForge, which launched last May.

From TPM: http://idealab.talkingpointsmemo.com/2011/10/at-first-glance-it-seems.php?ref=fpblg

Love the idea of the US being patrolled by the same type of pilot-less drones that keep accidentally attacking innocent people in Afghanistan? Then you should reaally appreciate this story…

A virus has infected America’s drone fleet, Wired’s Noah Shachtman reports. It logs every keystroke operators type from their base in Creech Air Force Base in Nevada, but that hasn’t halted their missions. Though the military hasn’t found any incidents of the virus sending information to an outside source, they haven’t been able to get rid of it. Shachtman explains:
“We keep wiping it off, and it keeps coming back,” says a source familiar with the network infection, one of three that told Danger Room about the virus. “We think it’s benign. But we just don’t know.”

Military network security specialists aren’t sure whether the virus and its so-called “keylogger” payload were introduced intentionally or by accident; it may be a common piece of malware that just happened to make its way into these sensitive networks. The specialists don’t know exactly how far the virus has spread. But they’re sure that the infection has hit both classified and unclassified machines at Creech.

The U.S. has increasingly relied on drones to carry out the war on terror in Afghanistan in recent years. Al Qaeda YouTube preacher Anwar al-Awlaki was killed last month by a drone strike in Yemen.

Coming to your neighborhood soon…
From Yahoo news: http://news.yahoo.com/american-drones-infected-computer-virus-180019767.html

Both the U.S. government and the country’s internet service providers (ISP) agree that botnets are among the greatest threats facing Web users.

But they can’t yet agree on what to do about it, because the ISPs aren’t exactly the biggest fans of a government document calling for them to establish voluntarily, industry-wide standards for detecting and fighting threats.

That was the major, unfortunate conclusion that came out of a contentious panel discussion on Tuesday featuring the White House cyber security coordinator, cyber experts at the Department of Homeland Security and the Department of Commerce and an ISP industry trade representative.

The U.S. government defines botnets as collections of compromised computers that are remotely controlled by a malevolent party. The networks are often used to launch crippling attacks against third parties online.

A recent study by Microsoft found the U.S. leads the world in terms of the number of computers infected with botnet malware, 2.2 million, compared to second-place Brazil’s 500,000. Globally, McAfee reported in late 2010 that it was seeing an average of 6 million new botnet infections every month.

From TPM IdeaLab at http://idealab.talkingpointsmemo.com/2011/10/the-government-and-isps-cant-agree-what-to-do-about-botnets.php?ref=fpblg

As hackers and hostile nations launch increasingly sophisticated cyberattacks against U.S. defense contractors, the Pentagon is extending a pilot program to help protect its prime suppliers.

That program could possibly serve as a model for other government agencies. It is being evaluated by the Department of Homeland Security, as part of a potential effort to extend similar protections to power plants, the electric grid and other critical infrastructure.

Efforts to better harden the networks of defense contractors come as Pentagon analysts investigate a growing number of cases involving the mishandling or removal of classified data from military and corporate systems. Intrusions into defense networks are now close to 30 percent of the Pentagon’s Cyber Crime Center’s workload, according to senior defense officials. And they say it continues to increase.

The Pentagon’s pilot program represents a key breakthrough in the Obama administration’s push to make critical networks more secure by sharing intelligence with the private sector and helping companies better protect their systems.

From the Associated Press via Yahoo News at: http://news.yahoo.com/pentagon-extends-program-defend-cyber-networks-072651256.html

Online games are being used for research in ways that are really having a huge impact!

Online gamers have achieved a feat beyond the realm of Second Life or Dungeons and Dragons: they have deciphered the structure of an enzyme of an AIDS-like virus that had thwarted scientists for a decade.

Photo by AFP
The exploit is published on Sunday in the journal Nature Structural & Molecular Biology, where — exceptionally in scientific publishing — both gamers and researchers are honoured as co-authors.

Their target was a monomeric protease enzyme, a cutting agent in the complex molecular tailoring of retroviruses, a family that includes HIV.

Figuring out the structure of proteins is vital for understanding the causes of many diseases and developing drugs to block them.

But a microscope gives only a flat image of what to the outsider looks like a plate of one-dimensional scrunched-up spaghetti. Pharmacologists, though, need a 3-D picture that “unfolds” the molecule and rotates it in order to reveal potential targets for drugs.

From Yahoo News: http://games.yahoo.com/blogs/plugged-in/online-gamers-crack-aids-enzyme-puzzle-161920724.html;_ylc=X3oDMTNtczRvcjZnBF9TAzU2NzAwMTEyNQRhY3QDbWFpbF9jYgRjdANhBGludGwDdXMEbGFuZwNlbi1VUwRwa2cDNWM1YWExY2UtNmQwNS0zYThiLTk1YzUtOTYwZmY3MDc5ZmRmBHNlYwNtaXRfc2hhcmUEc2xrA21haWwEdGVzdAM-

The police department in Santa Cruz, California, has begun an experiment that uses a mathematical algorithm to predict when and where certain crimes will be committed, and puts police on the scene before they happen.

So far police have arrested five people using this technique of “predictive policing” and the rates of certain categories of crimes in the city have dropped significantly, perhaps as a result. The program has correctly predicted 40 percent of the crimes it was designed to monitor.

Police departments have said that programs such as these, if proved to be reliable, could help them to deploy their resources more efficiently.
The program comes from the field of applied mathematics or operations research, and the algorithm was developed by a 29-year-old mathematician at Santa Clara University.

Other mathematical techniques have been developed to predict crimes, most famously Compstat, used in the mid-90s by the New York City Police Department to track serious crimes, like those depicted in the the Minority Report. The Santa Cruz program, which does not appear to have a name, concentrates of property crimes, such as car break-ins and burglaries.

The program was developed by George Mohler, an assistant professor of mathematics.

The algorithm he uses is based on computations used to predict aftershocks following a large earthquake.

From TPM Idea Lab: http://idealab.talkingpointsmemo.com/2011/09/santa-cruz-cops-experiment-with-predictive-policing.php?ref=fpblg