According to a provocative article from the Associated Press (AP) wire last week (which draws information from a Los Angeles Times report), US power and energy companies "have become targets for computer hackers who have managed to penetrate energy control networks as well as administrative systems."
The article reports that the online power and energy companies surveyed have experienced an average of 1280 attacks in the past 6 months alone. Riptech, which performed the study, said that the number of attacks represents a 77 percent increase over the number of attacks experienced last year. According to the article, FBI Cybercrime Director Ronald Dick said, "The event that I fear most is a physical attack in conjunction with the success of a cyber attack on an infrastructure such as electric power or 911."
The report points out the weakest link in the energy and power companies' infrastructure: control systems that monitor power grids and govern the flow of oil and water through pipelines. Formerly, these systems weren't connected to public networks such as the Internet, but now they are—and, as a result, they're vulnerable to attack.
The story begs the obvious question: Why would any entity connect extremely critical infrastructures (e.g., power companies, national 911 services) to the Internet? By doing so, they ask for serious trouble. Is that wise in times such as these? I don't think so.
In other recent and interesting news, PC World reported that Microsoft has adopted NetScreen-500 to help protect its corporate network. NetScreen Technologies issued a press release regarding the adoption. NetScreen-500 is a firewall/VPN combination appliance that, among other things, helps stop viruses and worms from propagating into a network. What makes this news strange is that Microsoft touts its Internet Security and Acceleration (ISA) Server 2000 as a product that "protects the enterprise network from hacker intrusion and malicious worms through application-level filtering."
Are you looking for a way to transmit sensitive information? A group that calls itself Hacktivismo has released a new tool called Camera/Shy at the Hackers On Planet Earth (HOPE) Conference in New York. Camera/Shy is a steganography tool that encrypts and stores data in graphical image files. Steganography adds extra data to a typical image file so that when someone views the file, it seems to contain an ordinary image. After data is stored in an image file, you can transmit the file, and the recipient can recover the data stored therein. According to Hacktivismo, the tool is easy to use. Camera/Shy targets users who work behind network border devices that filter or censor Internet content. You can find a temporary download site for Camera/Shy and its documentation. Let's hope nobody uses Camera/Shy to attack power and energy companies.