Last week, the Department of Homeland Security revealed a rash of cyber attacks on natural gas pipeline companies. Just as with previous cyber attacks on infrastructure, there was no known physical damage. But security experts worry it may only be a matter of time.
Efforts to protect pipelines and other critical systems have been halting despite broad agreement that they’re vulnerable to viruses like Stuxnet 2014 the mysterious worm that caused havoc to Iran‘s nuclear program two years ago.
The Frankenstein-like virus infected a type of industrial controller that is ubiquitous 2014 used around the world on everything from pipelines to the electric grid.
Stuxnet first made headlines when it burrowed into computers that controlled uranium centrifuges in Iran’s renegade nuclear program. Its self-replicating computer code is usually transmitted on flash drives anyone can stick into a computer. Once activated, the virus made Iran’s centrifuges spin out of control while making technicians think everything was working normally 2014 think of a scene in a bank heist movie where the robbers loop old security camera footage while they sneak into the vault.
Q. Who created it?
Whoever knows the answer to this isn’t telling 2014 but if cybersecurity researchers, the Iranian government and vocal Internet users are to be believed, the two prime suspects are the U.S. and Israeli governments.
Q. How does it work?
Stuxnet seeks out little gray computers called programmable logic controllers, or PLCs. The size and shape of a carton of cigarettes, PLCs are used in industrial settings from pretzel factories to nuclear power plants. Unfortunately, security researchers say the password requirements for the devices are often weak, creating openings that Stuxnet (or other viruses) can exploit. Siemens made the PLCs that ran Iran’s centrifuges; other makers include Modicon and Allen Bradley. Once introduced via computers running Microsoft Windows, Stuxnet looks for a PLC it can control.
Q. How big is the problem?
Millions of PLCs are in use all over the world, and Siemens is one of the top five vendors.
Q. After Iran, did Siemens fix its devices?
Siemens released a software tool for users to detect and remove the Stuxnet virus, and encourages its customers to install fixes Microsoft put out for its Windows system soon after the Iran attack became public (most PLCs are programmed from computers running Windows.) It is also planning to release a new piece of hardware for its PLCs, called a communications processor, to make them more secure 2014 though it’s unclear whether the new processor will fix the specific problems Stuxnet exploited. Meanwhile, the firm acknowledges its PLCs remain vulnerable2014 in a statement to ProPublica, Siemens said it was impossible to guard against every possible attack.
Q. Is Siemens alone?
Logic controllers made by other companies also have flaws, as researchers from NSS labs, a security research firm, have pointed out. Researchers at a consulting firm called Digital Bond drew more attention to the problem earlier this year when they released code targeting commonly used PLCs using some of Stuxnet’s techniques. A key vulnerability is password strength 2014 PLCs connected to corporate networks or the Internet are frequently left wide open, Digital Bond CEO Dale Peterson says.
Q. What makes these systems so tough to protect?
Like any computer product, industrial control systems have bugs that programmers can’t foresee. Government officials and security researchers say critical systems should never be connected to the Internet 2014 though they frequently are. But having Internet access is convenient and saves money for companies that operate water, power, transit and other systems.
Q. Is cost an issue?
System manufacturers are reluctant to patch older versions of their products, government and private sector researchers said. Utility companies and other operators don’t want to shell out money to replace systems that seem to be working fine. Dan Auerbach of the Electronic Frontier Foundation, formerly a security engineer at Google, says the pressure on tech companies to quickly release products sometimes trumps security. “There’s an incentive problem,” he said.
Q. What’s the government doing?
The Department of Energy and the Department of Homeland Security’s Computer Emergency Readiness Team, or CERT, work with infrastructure owners, operators and vendors to prevent and respond to cyber threats. Researchers at government-funded labs also assess threats and recommend fixes. But government agencies cannot 2014 and do not attempt to 2014 compel systems vendors to fix bugs.
The only national cybersecurity regulation is a set of eight standards approved by the Federal Energy Regulatory Commission 2014 but these only apply to producers of high-voltage electricity. A Department of Energy audit last year concluded the standards were weak and not well implemented.
Q. So is Congress weighing in?
Cybersecurity has been a much-debated issue. Leading bills, including the Cyber Intelligence Sharing and Protection Act, would enable government and the private sector to share more threat information. But while CISPA and other bills give the Department of Homeland Security and other agencies more power to monitor problems, they all take voluntary approaches.
“Some of my colleagues have said nothing will change until something really bad happens,” said Peterson, whose consulting firm exposed vulnerabilities. “I’m hoping that’s not true.”
Q. What does the Obama administration want?
The White House has called for legislation that encourages private companies to notify government agencies after they’ve faced cyber intrusions, and recommends private companies secure their own systems against hackers. But the White House stops short of calling for mandatory cybersecurity standards for the private sector.
Malware can allow someone to take control of your computer, record passwords and personal information or disable the machine altogether. (Shutterstock)
Sonia Bovio, tired but unable to sleep after her long journey from Phoenix to London last week, settled into her hotel room and was fiddling around on her laptop. One inadvertent click later, a file downloaded and she realized she had made a big mistake.
“It was terrifying,” said the 43-year-old senior vice president with communications firm Brodeur Partners. “I had a pit in my stomach. My biggest concern was that I didn’t want to be presenting to a roomful of executives and have something pop up on my screen.”
About the same time that was happening, the Internet Crime Complaint Center (IC3) – run in part by the FBI – was issuing a warning to Americans traveling abroad about getting duped into downloading malware while connecting to the Internet at their hotels. Malware can allow someone to take control of your computer, record passwords and personal information or disable the machine altogether.
The warning was specifically directed at “government, private industry, and academic personnel,” suggesting this threat was more about what is on their machines and less about bank accounts and personal identities. Travelers, the FBI said, are allowing malware to infect their computers by clicking on pop-up windows that appear while they are getting on the hotel Internet connection. The pop-ups appear to be part of what looks like a routine software update.
It’s very easy for someone trying to dupe you to make a pop-up appear to be from a legitimate source, said Robert Siciliano, a consultant for the computer security firm McAfee Inc, a division of Intel Corp. “Be smart about what you click,” he said. Just because it pops up and provides a message doesn’t mean it’s legitimate.”
Jonathan Halloran-Koren, president of New Jersey-based United Global Concierge Inc, said he was at a hotel in Hong Kong in 2009 using the hotel Internet connection when he got multiple warnings from his Internet security software. He later found more than 50 viruses on his machine.
“I was so freaked out that when I got back to the States I moved all my important files to a USB drive, wiped my hard drive and reinstalled everything,” said Halloran-Koren, 29.
Even an Internet security expert faced similar attacks. Damon Petraglia, director of forensic and information security services for Chartstone Llc, said that in both Romania and the Turks and Caicos his laptop came under attack. The attacks were blocked by his security software, he said.
INTERNATIONAL ESPIONAGE
Serious precautions need to be taken by anyone with anything of importance on their computers, said former Scotland Yard computer crime unit detective Steve Santorelli, now with the Internet security research firm Team Cymru.
“You’ve got to develop a healthy dose of paranoia,” he said. “If you’ve got blueprints to the next big thing on your hard drive, they’ve got resources to come at you with a pretty good attack. If you’re a regular tourist you don’t have as much to worry about.”
Both Santorelli and Rich Baich, principal in the Security & Privacy Practice division of consultancy Deloitte LLP, suggest the concern isn’t only about criminals, but about how certain governments conduct themselves. The rules that apply in the U.S. are not necessarily the same ones in other countries, they warn. “Whether it’s a hotel, whether it’s a cell phone or whether it’s a Wi-Fi you’re using, you could be subject to monitoring,” Baich said.
Such concerns were highlighted in 2008 when the U.S. government issued a warning to those traveling to the Olympics in China that the contents of their electronic devices were at risk of theft. The Chinese government denied any effort was under way to steal intellectual property or trade secrets from visitors.
Companies are becoming so sensitive to the threat that they are issuing special travel laptops to executives that are then wiped clean upon their return, Baich said. And Santorelli said he knows of executives who simply throw away their travel laptops upon their return because they’re that worried about what might have been installed while overseas.
If you’re not in a position to use a throwaway laptop or your company isn’t providing travel laptops, Santorelli, other security experts and the FBI urge the following steps be taken:
* Update your operating system and applications regularly – particularly before travel
* Use an up-to-date browser
* Do not use the same password for multiple accounts
* Change passwords before you leave on a trip and when you return
* Keep your anti-virus software updated
* Back up your data
* Encrypt your files
* Use a secure company virtual private network VPN.L to access work files
* Keep your device with you at all times
Two big players in providing Internet connections at hotels, iBAHN and Swisscom Hospitality Services, said they’re doing what they can to protect users and that they have had no security breaches. Some attacks could appear to come from the network, but are really from another source, according to an iBAHN spokeswoman.
“iBAHN takes the security and protection of its customers’ information very seriously, provides its customers with the highest possible level of security, and relentlessly monitors attempted attacks,” said senior global communications director Shannon R. Michael.
Swisscom spokesman Carsten Roetz said they have preventive and detective measures in place, and further suggests corporate users connect to their enterprise Virtual Private Network VPN.L to protect any potentially sensitive data.
If you’re aware of the threat, keep it in mind, and prepare, you should be able to protect your data, Santorelli said. “It’s all about risk,” and just having virus protection is not enough, he said. “People can no longer abrogate responsibility for Internet safety.”
Last week, the Department of Homeland Security revealed a rash of cyber attacks on natural gas pipeline companies. Just as with previous cyber attacks on infrastructure, there was no known physical damage. But security experts worry it may only be a matter of time.
Efforts to protect pipelines and other critical systems have been halting despite broad agreement that they’re vulnerable to viruses like Stuxnet 2014 the mysterious worm that caused havoc to Iran‘s nuclear program two years ago.
The Frankenstein-like virus infected a type of industrial controller that is ubiquitous 2014 used around the world on everything from pipelines to the electric grid.
Stuxnet first made headlines when it burrowed into computers that controlled uranium centrifuges in Iran’s renegade nuclear program. Its self-replicating computer code is usually transmitted on flash drives anyone can stick into a computer. Once activated, the virus made Iran’s centrifuges spin out of control while making technicians think everything was working normally 2014 think of a scene in a bank heist movie where the robbers loop old security camera footage while they sneak into the vault.
Q. Who created it?
Whoever knows the answer to this isn’t telling 2014 but if cybersecurity researchers, the Iranian government and vocal Internet users are to be believed, the two prime suspects are the U.S. and Israeli governments.
Q. How does it work?
Stuxnet seeks out little gray computers called programmable logic controllers, or PLCs. The size and shape of a carton of cigarettes, PLCs are used in industrial settings from pretzel factories to nuclear power plants. Unfortunately, security researchers say the password requirements for the devices are often weak, creating openings that Stuxnet (or other viruses) can exploit. Siemens made the PLCs that ran Iran’s centrifuges; other makers include Modicon and Allen Bradley. Once introduced via computers running Microsoft Windows, Stuxnet looks for a PLC it can control.
Q. How big is the problem?
Millions of PLCs are in use all over the world, and Siemens is one of the top five vendors.
Q. After Iran, did Siemens fix its devices?
Siemens released a software tool for users to detect and remove the Stuxnet virus, and encourages its customers to install fixes Microsoft put out for its Windows system soon after the Iran attack became public (most PLCs are programmed from computers running Windows.) It is also planning to release a new piece of hardware for its PLCs, called a communications processor, to make them more secure 2014 though it’s unclear whether the new processor will fix the specific problems Stuxnet exploited. Meanwhile, the firm acknowledges its PLCs remain vulnerable2014 in a statement to ProPublica, Siemens said it was impossible to guard against every possible attack.
Q. Is Siemens alone?
Logic controllers made by other companies also have flaws, as researchers from NSS labs, a security research firm, have pointed out. Researchers at a consulting firm called Digital Bond drew more attention to the problem earlier this year when they released code targeting commonly used PLCs using some of Stuxnet’s techniques. A key vulnerability is password strength 2014 PLCs connected to corporate networks or the Internet are frequently left wide open, Digital Bond CEO Dale Peterson says.
Q. What makes these systems so tough to protect?
Like any computer product, industrial control systems have bugs that programmers can’t foresee. Government officials and security researchers say critical systems should never be connected to the Internet 2014 though they frequently are. But having Internet access is convenient and saves money for companies that operate water, power, transit and other systems.
Q. Is cost an issue?
System manufacturers are reluctant to patch older versions of their products, government and private sector researchers said. Utility companies and other operators don’t want to shell out money to replace systems that seem to be working fine. Dan Auerbach of the Electronic Frontier Foundation, formerly a security engineer at Google, says the pressure on tech companies to quickly release products sometimes trumps security. “There’s an incentive problem,” he said.
Q. What’s the government doing?
The Department of Energy and the Department of Homeland Security’s Computer Emergency Readiness Team, or CERT, work with infrastructure owners, operators and vendors to prevent and respond to cyber threats. Researchers at government-funded labs also assess threats and recommend fixes. But government agencies cannot 2014 and do not attempt to 2014 compel systems vendors to fix bugs.
The only national cybersecurity regulation is a set of eight standards approved by the Federal Energy Regulatory Commission 2014 but these only apply to producers of high-voltage electricity. A Department of Energy audit last year concluded the standards were weak and not well implemented.
Q. So is Congress weighing in?
Cybersecurity has been a much-debated issue. Leading bills, including the Cyber Intelligence Sharing and Protection Act, would enable government and the private sector to share more threat information. But while CISPA and other bills give the Department of Homeland Security and other agencies more power to monitor problems, they all take voluntary approaches.
“Some of my colleagues have said nothing will change until something really bad happens,” said Peterson, whose consulting firm exposed vulnerabilities. “I’m hoping that’s not true.”
Q. What does the Obama administration want?
The White House has called for legislation that encourages private companies to notify government agencies after they’ve faced cyber intrusions, and recommends private companies secure their own systems against hackers. But the White House stops short of calling for mandatory cybersecurity standards for the private sector.
KEY ACTION Shawn Dakin, technology director at Newcomerstown Schools, reported that three new computer labs were replaced this year — one at the high school, one at the middle school and one at West Elementary. He said each lab cost about $8,500 to replace — half the original cost of the labs.
Also in his annual report to the Board of Education, Dakin said a new printer-management contract with MT Business Technologies of Mansfield took effect this year and should provide significant savings.
A new fiber optic Internet connection was installed with a 10-fold bandwidth increase over previous years. Dakin said the Internet connection speed determines how many students can be online at one time and how fast they can connect — important details when state-mandated online testing begins in 2014.
Upcoming projects include upgrading all PCs to Windows 7, a requirement for online testing; replacement of the core network switch; a new virus protection service contract with Thirtyseven4 of Medina; and a switch from Novell eDirectory to Open DAP for user authentication.
Dakin said that there are about 600 computers in the 1,200-student district and all of them will be in use when the online testing takes effect for grades 2-12.
OTHER ACTION
Football coach Eric Brock was named athletic director for the 2012-13 school year. He assumes the position held formerly by assistant high school principal Matt Ritzert, who has served as athletic director since August 2006.
In addition to coaching, Brock has been a health/intervention teacher at the high school for five years.
Other extracurricular contracts went to John Dupke, volleyball; Jack Lenhoff, wrestling; and Trip Hisrich, girls’ basketball.
Kathleen O’Donnell, business/computer teacher and senior class adviser, will retire effective May 31. Donna Mason, secretary to the superintendent, will resign effective July 20.
Mark Sommer was hired as high school chemistry/physics teacher for next year, and preschool teacher Tracy Rominger was transferred to a fifth-grade teaching position at West Elementary.
The 2012-13 parent/student handbooks for all district schools — plus the Athletic Department student handbook — were approved. A new two-sport policy was initially tabled at the request of board President Arlene Mayhew, but was approved as written following discussion in executive session. The new policy has some new features not included in the previous handbook.
FOR YOUR INFO
Two monetary gifts were accepted: $500 from Richard Wenzelberger for scholarship banquet expenses, and $256 from the Moose Lodge for general use.
A baccalaureate service will be at the St. Paul Lutheran Church at 2 p.m. Sunday. Graduation will be May 27 at Lee Stadium. The general public is invited to attend both events.
An executive session was held to consider the employment of personnel.
UP NEXT Meet at 6:30 p.m. June 26 in the high school conference room.
www.freeremovalofspyware.org If your computer has been infected with Antivirus Protection 2012, then use these easy to follow instructions to remove Antivirus Protection 2012. More Tags: Remove Antivirus Protection 2012, Antivirus Protection 2012 removal, remove Antivirus Protection 2012…
OROVILLE — The Butte County District Attorney’s Office said it has received enough calls about a suspected computer virus scam to prompt an alert.
District Attorney Mike Ramsey said his Consumer Protection Unit is looking into reports from several potential victims contacted by people claiming to represent “Microsoft,” or a company with names similar to “Windows Care Corp.”
The callers, who reportedly often have heavy East Indian accents, claim Internet records show the intended victim’s computer is infected.
According to a press release, the caller then has the intended victim turn on their computer, go online, and download a program that allows the caller to control the computer remotely.
The caller claims the action is necessary to “clean the computer of virus infections.”
Ramsey warned that falling for the scam can lead to malicious software being installed, or setting adjustments that leave the victim’s computer vulnerable to later attacks.
He said it also lets scammers search for personal information that can lead to identity theft and other crimes.
Ramsey said Microsoft has confirmed it doesn’t make unsolicited calls to help with computer issues. He said the scam started in 2008 and was prevalent in Europe and Australia before migrating to the U.S.
The Enterprise-Record has received two phone calls from Chico residents reporting the scam in recent weeks, and identify the calls as coming from Windows Care Corp.
Ramsey said the
best way to handle such unsolicited calls is to simply hang up.
The DA website has additional resources on a variety of consumer scams and frauds, and is located at: www.buttecounty.net/da/Eco.htm.
G Data Total Protection 2013 è una suite per la sicurezza dei computer Windows che protegge da attacchi hacker, virus, trojan, malware e da ogni tipo di minaccia della rete. Troviamo un antivirus intelligente che combina due motori di scansioni e un servizio di rilevamento cloud per offrire la massima sicurezza sul web e nella gestione della nostra corrispondenza elettronica.
G Data Total Protection 2013 offre ancora un potente firewall configurabile con cui proteggersi da eventuali tentativi di accesso non autorizzati. La suite integra anche un efficace sistema di parental controll che consente di limitare l’uso di internet ai più giovani, bloccando l’accesso ai siti ritenuti non adatti o pericolosi.
G Data Total Protection 2013 integra anche un comodo sistema di backup per mettere al sicuro i nostri dati personali e sensibili come documenti, foto e video. La suite presenta anche un interessante sistema di “Security Tuning” che verifica gli eventuali buchi di sicurezza del nostro computer e ci consiglia come risolverli. infine, chi acquisterà G Data Total Protection 2013, riceverà anche in omaggio la versione per device android dell’antivirus.
The worldwide web is a very useful place, particularly in our business.
It is also a very dangerous place for your computer.
Now, we all know not to web-surf in dangerous waters.
But who would have thought that danger could lurk in an innocent website.
We all know there are risks out there when you surf the internet.
There are 32-billion spam messages sent per day.
40% of them are for drugs.
There are 403 million kinds of malware that can attack your computer today.
1 out of every 239 emails contains a virus.
A lot of the attackers have moved away from spam and onto the social network sites, and other kinds of attacks. So it’s not that the attackers have gone away, it’s that they’re trying other kinds of techniques.
And now the virus protection company Symantec has compiled a list of websites that are most likely to give you trouble, or pass on a virus.
And the list may surprise you.
You don’t need to go to the dark side of the web to get infected. You can just be visiting religious websites, ideological websites, literary websites that have been infected and the attackers are using them to host their malware.
That’s right, there are more viruses attached to religious websites than adult ones.
And the most common virus is fake anti-virus installation to fight…you guessed it, a virus installed by the attacker.
Think of a fireman who starts fires to keep himself employed.
So the key is, keep your real anti-virus updated.
By the way, businesses are particularly good and juicy targets for these sorts of attacks.
And it’s split roughly even between large and small companies.
And the country where more hackers and spammers are based than any other?
Pakistan.
