Navigation Links
Dam it! Chinese Hackers Tangling with US Infrastructure Again?

New York, NY (PRWEB) May 07, 2013

Last week, The Washington Free Beacon reported the US Army Core of Engineers suffered a potentially devastating cyber intrusion and data breach which US Intelligence agencies say was a China-based cyber attack. And the booty? How about sensitive information related to the vulnerabilities of every major dam in the US, all roughly 8,100 of them. Joe Caruso, founder and CEO/CTO of Global Digital Forensics, talks about the dangers that these type of two-pronged cyber attacks that ultimately target SCADA (Supervisory Control and Data Acquisition) systems, which are an integral part of the US infrastructure, and how regularly and professionally performed cyber threat assessments and penetration testing can play a vital role in shoring up defenses against cyber intruders, both foreign and domestic.

Cyber-spies are everywhere.

“Success on the battlefield has historically favored the side that is technologically advanced. And when you boil down technology today, at the core you always find data. Designs, simulations, production machines, delivery systems, transportation control, weapons systems, robotics, finances, healthcare, space-based systems, engineering, communications, it’s all run on data, and that makes it one precious commodity. In a technology-reliant society like ours, that also makes it a prized target for a multitude of attackers, each with their own agenda. Some attackers are politically motivated, some are driven by pure greed, some by ego, some are thrill-seekers, and yes, for some it’s about shifting the balance of power on a grand scale by using chaos and mayhem as their tools of choice. And when it comes to SCADA systems and critical infrastructure, the latter can pose a monumental threat that could actually put real lives at stake. Focusing more attention and resources on these dangerous cyber threats has never been more important for US organizations essential to our daily way of life.”

An infrastructure hack - a cascade of access

“The compromise of the U.S. Army Corps of Engineers’ National Inventory of Dams (NID) database is not only a pretty scary situation, it could also serve as a text-book example of how a cyber attack on our infrastructure can be realized. Though details have not been revealed yet about the particulars of the initial intrusion, to date the most common form of initial entry is through a successfully executed phishing or spear phishing campaign. Getting just one person in the organization to click on a link leading to a malicious site or opening an infected attachment is all it takes to get the snowball started downhill. And that’s what’s highly frustrating, it’s cyber security awareness 101, and so many organizations we go into to perform cyber threat assessments seem to be trying to get ahead of themselves, worrying primarily about the super advanced threats, which only account for a small percentage of actual intrusions, while forgetting the basics which can stop 90% or better of the cyber threats they are faced with on a daily basis. After one person is compromised an intruder uses that foothold to gain further access in a number of ways, whether it’s by nabbing network credentials, gaining access to other employees, to different internal systems, to other employees, or just navigating from there to exfiltrate precious data, like the mother load in this case, a breakdown of vulnerabilities which can be put to destructive use in the future. It’s really a cascade effect for the intruder, as they gain more and more access every step of the way.”

What can an intruder do with access to a SCADA system?

“An attack on a SCADA system is about affecting critical system and machines in the physical world by taking over low level control and functions. Stuxnet was a famous example of what can be done when an intruder gains access to a SCADA system, a switch changed here, a setting changed there, and presto, they had the Iranian centrifuges spinning so fast they broke, setting their entire uranium enrichment program back almost to the starting blocks. Now imagine what a cyber warrior, state-sponsored or otherwise, could do with control of our dams and the trillions upon trillions of gallons of water they are holding back from populations across the country, not to mention all the hydroelectric power they generate. It could certainly fall into the chaos and mayhem category, that’s for sure.”

Assess, test, rinse and repeat

"Cyber attacks are not a once in a blue moon occurrence, they are a daily reality, and infrastructure targets are tantalizing morsels to a wide range of attackers. The world of cyber threats also never stands still, with hackers constantly honing their techniques and improving their payloads. That’s why regular cyber threat assessments and penetration testing are so important. What worked yesterday from a cyber security perspective may not work today, and will probably work even worse tomorrow."

"By establishing a regular routine of having experienced cyber security professionals like Global Digital Forensics assess the cyber threat landscape as it pertains to your particular organization and digital infrastructure, including advancements in technologies and how those new technologies are implemented and used internally, like smartphones and tablets, and regularly simulating real-world attacks with comprehensive penetrations testing, not only are weaknesses in the client’s cyber security posture revealed, but cyber security awareness for employees, managers and executive is substantially improved as well. And remember, even if you are not part of our nation’s critical infrastructure as an organization, you could very easily be used as a springboard for an attacker if they can gain access to your clients or vendors, who just may be the “in” an attacker needs to move on to bigger and better targets. So our collective safety is actually everyone’s responsibility that does business in our cyber world, making the real question, are you doing your part too?"

*Global Digital Forensics is a recognized industry leader in the fields of computer forensics, electronic discovery (eDiscovery), cyber security and emergency incident response, with years of experience assisting clients in the government, banking, healthcare, education and corporate arenas. For a free consultation with a Global Digital Forensics specialist, call 1-800-868-8189 about tailoring a plan which will meet your unique needs. Emergency responders are also standing by 24/7 to handle intrusion and data breach emergencies whenever and wherever they arise. Time is critical if a cyber incident has occurred, so don’t hesitate to get help. For more information, visit

Read the full story at

Source: PRWeb
Copyright©2012 Vocus, Inc.
All rights reserved

Related medicine news :

1. DNA Testing Finds Allergens, Toxins in Traditional Chinese Medicines
2. EB-5 Expert Brian Su Explores Chinese Inbound Investments in Southern California
3. Tai Chi increases brain size, benefits cognition in randomized controlled trial of Chinese elderly
4. San Francisco EB-5 Conference explores inbound Chinese investments
5. Chinese Drywall Complaint Center Now Demands Leadership From Obama & EPA, For Homeowners In Florida And In The US Southeast Stuck In Toxic Chinese Drywall Hell-Forward?
6. Feinstein Institute researchers discover that bean used in Chinese food could protect against sepsis
7. Chinese Herbal Medicine Can Reach into Prostate Gland and Treat Prostatitis Successfully As A New Option for Prostatitis Sufferers, States Wuhan Dr.Li's Clinic
8. Residents near Chinese e-waste site face greater cancer risk
9. Indoor air puts Chinese women nonsmokers at risk
10. Launch of Chinese-German Center for Bio-Inspired Materials at Mainz University Medical Center
11. Traditional Chinese Medicine Hospitals in China Industry Research Report – Now Available from IBISWorld
Post Your Comments:
(Date:10/13/2017)... ... October 13, 2017 , ... “The Journey: From the Mountains to the Mission ... lost souls in the Philippines. “The Journey: From the Mountains to the Mission Field” ... the Bible. She has taught all ages and currently teaches a class of ladies ...
(Date:10/12/2017)... San Francisco, CA (PRWEB) , ... October 12, ... ... and Dr. Cheng, are now treating sleep apnea using cutting-edge Oventus ... sleep apnea, a serious sleep disorder characterized by frequent cessation in breathing. Oral ...
(Date:10/12/2017)... ... October 12, 2017 , ... IsoComforter, Inc. ( ... the introduction of an innovative new design of the shoulder pad. The shoulder ... maximum comfort while controlling your pain while using cold therapy. By utilizing ice and ...
(Date:10/12/2017)... ... 12, 2017 , ... Information about the technology: , Otomagnetics ... enable prevention of a major side effect of chemotherapy in children. Cisplatin and ... For cisplatin, hearing loss is FDA listed on-label as a dose limiting toxicity. ...
(Date:10/12/2017)... ... October 12, 2017 , ... Leading pediatric oncology experts at ... for the 49th Congress of the International Society of Paediatric Oncology (SIOP) ... Center for Cancer and Blood Disorders at Children’s National, and Stephen P. ...
Breaking Medicine News(10 mins):
(Date:10/10/2017)... 2017  NDS received FDA 510(k) clearance in May 2017 for ... stand specifically designed for endoscopy environments. An innovative secondary monitor solution, ... solution to support the improvement of patient outcomes, procedural efficiency, and ... ... ...
(Date:10/7/2017)... , Oct. 6, 2017   Provista, ... more than $100 billion in purchasing power, today announced ... and information. The Newsroom is the online ... industry trends, infographics, expert bios, news releases, slideshows and ... access to a wealth of resources at their fingertips, ...
(Date:10/4/2017)... Oct. 4, 2017  South Korean-based healthcare product Development ... aide "cprCUBE" on Kickstarter. The device will educate the ... arrests with better efficiency compared to the dated and ... feedback on efficacy of the compression for a more ... a goal to raise $5,000. ...
Breaking Medicine Technology: