Re: Hacking how dangerous can it get to the public?

Search this forum for SCADA. You'll find a couple of discussions that relate to this.

Re: Hacking how dangerous can it get to the public?

Mr. Google is also your friend. Along with Streaker's appropriate suggestion, use the following in any creative combination you choose: "Pentagon" "troop movement" "logistics" "hacked" "rogue internet connection." Test your google-fu and see what you can come up with.

Regards,

valkyrie
__________________________________________
sapere aude

Re: Hacking how dangerous can it get to the public?

Subject of my research paper advocating more funding to U.S Cyber Warfare capabilities (offensively) bearing in mind the fact that the mass amount of money being diverted to the creation and implementation of new IDS systems are not cost effective. The truth, with examples like the field reports generated from events like the military utilization of it's Botnet in the Georgian-United States -Russian debacle, the sky is the limit (damage wise). Since the initial host IP addresses that were utilized to hit Georgian websites and disrupt communications were American in origin, but known to be commanded by Russian rogue agents (reports differ here), theoretically a well orchestrated DDOS hit on an enemy target utilizing another countries resources could be the start to a nasty political/military situation. The Botnet research speech given at Stanford is perhaps the best introductory speech on the topic. Like the other author I will omit the names of certain large corporations that seem to do a little "less" than turn the other way in response to the problem. I think starting a possibly devastating, unauthorized conflict would be near the top... my 2cents. I also dictate a theoretical story about what would be possible in a place like Thai land.... do not want to get flagged for being too political

Just curious why is the emphasis always on bnet DDOS capabilities? They are equally if not more dangerous and effective at data mining and malware installation

Sorry if the answer I am supplying is too political btw, have read the posts, but admittedly new to the site. Research paper is legitimate(abstract was approved and presentation will be given at two conferences), PM me for more info, also (this is not a joke I swear) says, "Yes, you can use quotes from Defcon community members, I display some of their projects for my computer ethics class, they often get a kick..."). If you want to legitimately opine on the subject send me a message with your thoughts, I can substitute a handle for a name for citation.

Re: Hacking how dangerous can it get to the public?

Well, I can attest that trying to help secure things without the feds being in the loop can have interesting consequences as I found out last week:

http://www.renderlab.net/articles/parliament/

Re: Hacking how dangerous can it get to the public?

I'm doing a paper on information warfare and have some sources that may be of use. Just PM me if you think of anything specific. Also, as streaker69 said, search for SCADA on here. He has a ginormous collection of articles about SCADA hacking, and he put the link in a post. A couple good books to get are Information Warfare by Winn Schwartau and Conquest in Cyberspace: National Security and Information Warfare by Martin C. Libicki. They both have a lot to say about how hacking/technology can be used for information warfare and cyber terror. Another good place to look is http://www.fas.org/. Use your keywords and try to find reports to Congress - I found some really good ones on IW, botnets, etc. Here is a partial list of some of the sources I've found, but I haven't updated it in a while and have lots more http://web.me.com/agentdarkapple/Age...r_Warfare.html

Re: Hacking how dangerous can it get to the public?

What the fuck is with everyone coming here, asking for help on their homework/research papers?

Re: Hacking how dangerous can it get to the public?

Just about time for fall term papers to be due...

Re: Hacking how dangerous can it get to the public?

I can't speak for the others, but I joined the forums because I want to go to Defcon next year and wanted to get to know people. I wanted to go this year, but the con was a few days before my husband was to be deployed. I figured I could learn a lot from the people here, especially since I'm only getting started in information systems security and don't know a whole lot. I just happened to end up with a paper topic that needed a little help beyond the common research sources (and it's also something I am interested in beyond just for the class). It wasn't pre-planned, as I joined the forum in August, and the class I'm writing the paper for didn't start until October. I just lurked on here before then and didn't login when I read the posts. I guess the real test of who is just mooching is this: let's see how many people stick it out and actually post once their papers are graded.

Re: Hacking how dangerous can it get to the public?

Alright thank you all!!! This actually got me some new stuff to research!! Pardon my Noobiesness!

Re: Hacking how dangerous can it get to the public?

I'd be more interested in seeing who sticks with it past the grade. I'm tired of dealing with braindead idiots in the real world. Companies that don't see a problem with all their clients sharing the same login credentials for an FTP server. Companies that feel that perimeter security is enough and they don't need to build any security into their own embedded devices.

It would be nice to see a crop of developers out there that think of security first and then move forward with the other stuff. Websites don't need to have idiotic flash items and stupid skins. If the developers out there would spend as much time on security as they do on making sure that they're using the correct shade of cerulean blue, we wouldn't be in as sorry a state as we're in right now.

BTW, if anyone wants to hear a really good story about a group of idiot developers, find me at Shmoocon, you'll be shocked at their stupidity.

Re: Hacking how dangerous can it get to the public?

I'll buy you a drink and ask you all about it.


How stupid people get around computers, even The manager I've worked for who have been in the field for 15 or so years has shocked me in the last year. Things that are sacrificed for ye olde 'customer service', like network security, proper procedure and other things is just stupid. We're lucky that we are in the armpit of the US, where the only security method that's protected us is that we're nobody. Shit if we got hacked, that would make my day, cause it would be something vastly more interesting than dealing with the stupid politics of a small town/county government.

to the OP: The effects of us being hacked would be terrible. I work in a 911 enviornment, if service got interrupted and somebody died or worse while someone dicked with our network, there would be an Inquiry from FDLE. We got hit with conficker this last year. Despite my best efforts, and because the GPO I wrote that disabled scheduled tasks was too inconvienent, it is back for no good reason. Jaded Network IT will be jaded and the network will suffer. The type of enviornment I work in is soul crushing, leading the people I work with to be lazy, including myself.

(apologies for grammar, spelling, and loosely joined paragraphed. I'm posting from my phone)

Re: Hacking how dangerous can it get to the public?

one thing that i didn't see talked about is the fact that most of the power grids are currently/are soon going to be connected to the web. A co-worker worked at a power plant doing IDS and he said that a new machine that has never been on the network before with a new(unused) IP it took < 10 minutes to start being scanned by other countries. They supplied power to 25 million people.

Re: Hacking how dangerous can it get to the public?

I mentioned that many control networks are connected to the internet in a previous thread. It's normally done to establish inexpensive communications between sites and normally a strong VPN is employed, as well as all the normal perimeter defenses.

It's unfortunate that we have to do that to establish communications, but it's really the most cost effective way to do it. The phone companies just want too much money for private lines.

Just as an example, we had two 56K leased lines that I could only get a max of 1200baud out of them. We were paying about $330/month for those lines and we could barely use them. I converted those sites to broadband and added some other sites using VPN connections and I'm only paying $60/month. It's hard to justify the private line cost to management when we're getting such better performance out of using the VPN. I just make sure that my perimeter defenses are strong and that I continually monitor the logs.

Re: Hacking how dangerous can it get to the public?


Be careful when viewing this... http://www.fas.org/