*Goodbye CIA's Suicide Bombers (OBL), Hello CIA's SCADA Terror (Saif al-Adel)

Author Topic: *Goodbye CIA's Suicide Bombers (OBL), Hello CIA's SCADA Terror (Saif al-Adel)  (Read 25689 times)

0 Members and 1 Guest are viewing this topic.

Offline Dig

  • All eyes are opened, or opening, to the rights of man.
  • Member
  • *****
  • Posts: 63,093
    • Git Ureself Edumacated
So now that they re-killed the frozen corpse of CIA agent Tim Osmon/Osama bin Laden, we are introduced to a no face "threat" who relies on cybernetics to fulfill "Al-CIA-duh's objectives":

Former CIA Operative and Egyptian Special Forces officer named new Al Qaeda leader
http://www.rawstory.com/rs/2011/05/17/former-egyptian-special-forces-officer-named-new-al-qaeda-leader/
By Agence France-Presse
Tuesday, May 17th, 2011 -- 9:36 pm

WASHINGTON — Al-Qaeda has chosen a former Egyptian Special Forces officer as interim leader of the violent extremist group in the wake of Osama bin Laden's death earlier this month, CNN reported Tuesday. Saif al-Adel, a top Al-Qaeda strategist and senior military leader, has been tapped as "caretaker" chief of the group, CNN reported, citing former Libyan militant Noman Benotman, who has renounced Al-Qaeda's ideology. Pakistan's The News newspaper corroborated the claim, citing unnamed sources in an article datelined Rawalpindi, a city home to the military headquarters of the Pakistani Armed Forces near the capital Islamabad. The decision to chose Adel, also known as Muhamad Ibrahim Makkawi, came as militants grew increasingly restive over the lack of a formal successor to bin Laden, who was killed in a dramatic US commando raid deep in Pakistan on May 2, Benotman told CNN. Bin Laden's long-time deputy Ayman al-Zawahiri, another Egyptian, is considered to be his presumed successor. Benotman said the appointment of Adel on a temporary basis may be a way for the group to gauge reaction to having someone outside the Muslim holy region of the Arabian Peninsula at the helm.


So who is this CIA Operative? What are his plans?

Well, he is the kind of CIA Operative who has his own CIA publishing company which distributes his CIA books all over the world to manufacture more ghosts for the Pentagon to defend against. He is a Pentagon public relations dream come true. And what space does he operate in? Why cyberspace of course...



To appear in Handbook on Internet Crime
(Y. Jewkes and M. Yar, eds.),
Willan Publishing, 2009.
Terror‟s Web: How the Internet Is
Transforming Terrorism
Dorothy E. Denning
http://faculty.nps.edu/dedennin/publications/Denning-TerrorsWeb.pdf

In January 2004, jihadists launched two educational magazines on the Internet. The first, called the Al-Battar Training Camp, was introduced to give Muslim youth jihad training without the need to travel to a terrorist training camp. Published by the Military Committee of the Mujahideen in the Arabian Peninsula, the electronic publication offered instruction and exercises in the use of arms (WorldNetDaily, 2004). The sixth issue, published in March 2004, gave a detailed description of the organization structure of a project cell, described desired skill sets, and emphasized the importance of security, including the use of compartmentalization within project cells and dead drops (including websites) for communications up and down the chain of command (Mansfield, 2004). The magazine appeared to have been discontinued by the end of the year. The second magazine, called the Base of the Vanguard, was directed at new recruits who could not break cover to undergo formal training. Spearheaded by Saif al-Adel, the manual contains quotes and articles by al-Qa‟ida leaders, including bin Laden and al-Zawhiri. It gave technical advice on physical training, operations security, and light weapons; encouraged the use of weapons of mass destruction, and warned operatives to resist counter-terrorist psychological operations: "They will try and wear down your morale by publishing false reports about the arrest of other cells‟ (Burke, 2004). In late 2006, jihadists launched a third educational magazine thatfocused on technical issues. Called The Technical Mujahid, the first two issues covered information security technologies, including software tools for encryption (discussed later in this paper). The magazine was released by the Al-Fajr Media Center (CIIR, 2007).

Al-Qa‟ida‟s online training materials have been instrumental to jihadists planning attacks.  According to The Daily Telegraph, Nick Reilly, the 22-year old suicide bomber in the UK who tried unsuccessfully to detonate a series of nail bombs, learned how to make the bombs from videos posted on YouTube. The Telegraph also reported that Reilly had been "groomed by two men on the YouTube website who claimed to be living on the Afghan-Pakistan border and to be in touch with al-Qaeda‟ (Gardham, 2008).

Jihadists have expressed an interest in virtual reality tools, in particular flight simulation software (Internet Haganah, 2006a). Virtual reality might also be used for instruction in particular weapons such as surface-to-air missiles or to lead would-be suicide bombers through the process of detonating their bombs and receiving their promised virgins and other heavenly rewards.  Despite the benefits of online training, it comes at a price, as potential terrorists do not have the opportunity to meet established terrorists and develop personal bonds of trust. Further, online training in the use of physical weapons is not likely to be as effective as getting hands-on experience in a camp with experienced instructors. However, these limitations can be overcome if terrorists work in small groups that meet physically, and use on-line coaching to help them through difficulties. Al-Suri envisioned Muslim homes serving as training camps as well as staging grounds for waging jihad (CTC, 2006: 54).

In addition to learning from materials posted on jihadist websites, jihadists use the Internet for research. For example, in January 2002, the National Infrastructure Protection System (NIPC) reported that al-Qa‟ida members had "sought information on Supervisory Control and Data Acquisition (SCADA) systems available on multiple SCADA-related websites. They specifically sought information on water supply and wastewater management practices in the U.S. and abroad‟ (NIPC, 2002). Such information could be useful in planning either physical or cyber attacks against SCADA-controlled critical infrastructures.

Although most jihadist research may be conducted on public websites, there has been at least one reported incident of jihadists breaking into accounts to collect intelligence. According to Magnus Ranstorp, al-Qa‟ida hackers used simple password cracking tools, freely available on the Internet, to gain access to the e-mail account of a US diplomat in the Arab world.



The naming of Saif al-Adel as the new al-CIA-duh leader means that the CIA/SAIC/CICS/Kissinger/Ruth David are planning to blow up dams and nuclear reactors using STUXNET style attacks to blame it on this new CIA agent names Saif al-Adel.

HEY SAIF, YOU BETTER BLOW THE WHISTLE ASAP! CIA PATSIES LIKE YOU GOT A REAL HIGH MORTALITY RATE AND THEY ARE GOING TO SAY YOU WERE EATING PORK, GROWING POT, WATCHING YOURSELF ON TV, AND THAT YOU HAVE NORIEGA'S PORN STASH WHEN THEY GET DONE!
All eyes are opened, or opening, to the rights of man. The general spread of the light of science has already laid open to every view the palpable truth, that the mass of mankind has not been born with saddles on their backs, nor a favored few booted and spurred, ready to ride them legitimately

Offline Dig

  • All eyes are opened, or opening, to the rights of man.
  • Member
  • *****
  • Posts: 63,093
    • Git Ureself Edumacated
Most Wanted • Most Wanted Terrorists • SAIF AL-ADEL

Conspiracy to Kill United States Nationals, to Murder, to Destroy Buildings and Property of the United States, and to Destroy the National Defense Utilities of the United States

SAIF AL-ADEL             
http://www.fbi.gov/wanted/wanted_terrorists/saif-al-adel            

Multimedia: Images
Aliases:
Muhamad Ibrahim Makkawi, Seif Al Adel, Ibrahim Al-Madani
DESCRIPTION Date(s) of Birth Used:    April 11, 1963;
April 11, 1960
Place of Birth:    Egypt
Height:    Unknown
Weight:    Unknown
Build:    Unknown
      Hair:    Dark
Eyes:    Dark
Complexion:    Olive
Sex:    Male
Citizenship:    Egyptian
Language:    Arabic

Scars and Marks:   None known
Remarks:   Al-Adel is thought to be affiliated with the Egyptian Islamic Jihad (EIJ), and is believed to be a high-ranking member of the Al-Qaeda organization.

CAUTION Saif Al-Adel is wanted in connection with the August 7, 1998, bombings of the United States Embassies in Dar es Salaam, Tanzania, and Nairobi, Kenya.
REWARD The Rewards For Justice Program, United States Department of State, is offering a reward of up to $5 million for information leading directly to the apprehension or conviction of Saif Al-Adel.
REWARD The Rewards For Justice Program, United States Department of State, is offering a reward of up to $5 million for information leading directly to the apprehension or conviction of Saif Al-Adel.
SHOULD BE CONSIDERED ARMED AND DANGEROUS

If you have any information concerning this person, please contact your local FBI office or the nearest American Embassy or Consulate.

Field Office: New York
Date(s) of Birth Used:    April 11, 1963;
April 11, 1960
Place of Birth:    Egypt
Height:    Unknown
Weight:    Unknown
Build:    Unknown
      Hair:    Dark
Eyes:    Dark
Complexion:    Olive
Sex:    Male
Citizenship:    Egyptian
Language:    Arabic

Scars and Marks:   None known
Remarks:   Al-Adel is thought to be affiliated with the Egyptian Islamic Jihad (EIJ), and is believed to be a high-ranking member of the Al-Qaeda organization.

CAUTION Saif Al-Adel is wanted in connection with the August 7, 1998, bombings of the United States Embassies in Dar es Salaam, Tanzania, and Nairobi, Kenya.
REWARD The Rewards For Justice Program, United States Department of State, is offering a reward of up to $5 million for information leading directly to the apprehension or conviction of Saif Al-Adel.
SHOULD BE CONSIDERED ARMED AND DANGEROUS

If you have any information concerning this person, please contact your local FBI office or the nearest American Embassy or Consulate.

Field Office: New York

Poster Classification: Most Wanted Terrorists
All eyes are opened, or opening, to the rights of man. The general spread of the light of science has already laid open to every view the palpable truth, that the mass of mankind has not been born with saddles on their backs, nor a favored few booted and spurred, ready to ride them legitimately

Offline Dig

  • All eyes are opened, or opening, to the rights of man.
  • Member
  • *****
  • Posts: 63,093
    • Git Ureself Edumacated
http://en.wikipedia.org/wiki/Saif_al-Adel
In 2004, al-Adel was also alleged to be the author behind The Al-Battar Military Camp, a manual that advised prospective militants about how to strike easy targets.[23] On March 11, 2005, Al-Quds Al-Arabi published extracts from al-Adel's document "Al Quaeda's Strategy to the Year 2020".[24]


Remember how the Air Force wrote their 2020 manual?

How is this guy not Military Intelligence used to manufacture future conflicts?
All eyes are opened, or opening, to the rights of man. The general spread of the light of science has already laid open to every view the palpable truth, that the mass of mankind has not been born with saddles on their backs, nor a favored few booted and spurred, ready to ride them legitimately

Offline Dig

  • All eyes are opened, or opening, to the rights of man.
  • Member
  • *****
  • Posts: 63,093
    • Git Ureself Edumacated
Guess what...he was captured in 2003.

Guess where...

IRAN

derrrr deeeeeeee  derrrrrrrrrrrrrrrrrrr



Al-Qaeda No.3, Saif al-Adel, captured in Iran
http://www.theage.com.au/articles/2003/05/27/1053801392866.html
May 28 2003 By Mark Forbes Foreign Affairs Correspondent Tehran

Al-Qaeda's third-ranked leader and alleged mastermind of this month's bombings in Riyadh, Saudi Arabia, has been seized in Iran, according to senior intelligence sources. The United States has identified Saif al-Adel as the most senior al-Qaeda member linked to the attacks that killed 34 people, including one Australian.  US intelligence believes al-Adel maintained contact with an al-Qaeda operative in Saudi Arabia, Abu Bakr al-Azdi, who directed the bombings on the ground. Intelligence sources said al-Adel, who used to be Osama bin Laden's personal bodyguard, approved the bombing plans before his capture by Iranian security forces at the start of the month, nine days before the attack. A reward of $US25 million ($A38 million), offered by the US Government for his capture, hangs over the head of al-Adel, who was promoted to number three after the capture of Khalid Sheikh Mohammed in Pakistan in March. Iran appears to be hoping to exchange al-Adel with Washington, in return for the handover of senior leaders in the anti-Iranian terrorist group Mujahideen-e-Khalq (MEK). Al-Adel would probably be initially deported to Egypt, his place of birth.  Washington has demanded Iran act against al-Qaeda leaders in the country and has conveyed a message via the United Nations of its "deep, deep concern that individuals associated with al-Qaeda have planned and directed the attack in Saudi Arabia from inside Iran". US officials identified al-Adel's presence in Iran as a major concern.  The Pentagon has recently forwarded plans to the White House on destabilising Iran's clerical government. If al-Adel was put into US hands, it would be a major blow to al-Qaeda and a significant move by Iran in the war on terror. It effectively removes one of the few remaining haven countries for the terrorist group. Al-Adel is believed to be one of several al-Qaeda figures being held, although publicly Iran has denied holding any senior operatives. It is believed that Iran, in talks with Australian Foreign Minister Alexander Downer this week, proposed a deal to take significant action on al-Qaeda if the US cracked down on the militant MEK. Formerly funded by Iraq's Saddam Hussein, the MEK are based in northern Iraq but were not heavily attacked during the US-led invasion.  Iran is concerned that the US military has talked of signing a ceasefire with the MEK, which is listed by the US State Department as a terrorist organisation. However, US sources said the group was being disbanded. Mr Downer delivered a strong message to the Iranians to be tougher on al-Qaeda, on behalf of both Canberra and Washington. The Iranians are believed to have used the meeting to convey messages back to the US. Iran wants the MEK leadership deported to Tehran for trial for assassinations and bombings. The US is believed to be prepared to remove the leadership from the region, but is reluctant to give them to the Iranians. Dr Rohan Gunaratna, author of Inside al Qaeda, last week said al-Adel was effectively al-Qaeda's operational commander. Previously he was Osama bin Laden's bodyguard, Dr Gunaratna said. Following the talks with Mr Downer, the secretary of Iran's Supreme National Security Council, Hassan Rowhani, said Iran would show no leniency to al-Qaeda members. "If they commit an offence inside Iran we will try them," he said.

Saif al-Adel in Iranian hands
http://www.washingtonpost.com/wp-srv/world/specials/terror/adel.html
Washington Post, a Bilderberg Subsidiary

Adel is the key figure in a small group of al-Qaeda leaders believed to be under house arrest in Iran. The others include Sulaiman abu Ghaith, a Kuwaiti, and Saad bin Laden, a son of al-Qaeda's emir. U.S. intelligence officials said the group was detained when crossing into Iran from Afghanistan after the Sept. 11, 2001, attacks to avoid capture by U.S. forces. The Iranian government has never publicly acknowledged their presence, leading to much speculation about what restrictions they face and whether they can communicate with al-Qaeda operatives outside the country. "The question is, what does house arrest mean in the Iranian context?" said Michael Scheuer, a former CIA analyst who led the agency's unit dedicated to tracking Osama bin Laden. Scheuer and other analysts said it was likely that Adel and the others were being held by the Iranian government as a bargaining chip as well as a deterrent in its strained dealings with the U.S. government. Some U.S. officials worry that Iran could release the group or loosen their restrictions if the Bush administration presses too hard on other diplomatic disputes. "They're a guarantee against bad behavior," Scheuer said. The U.S. government has posted a $5 million reward for information leading to Adel's capture. He has been indicted for his role in the 1998 bombings of the U.S. embassies in Kenya and Tanzania, which killed more than 200 people. Al-Qaeda later claimed responsibility for the attacks. Also known as Mohammad Ibrahim al-Makkawi, Adel is believed to be about 44 years old and is a veteran of the Egyptian military. He traveled to Afghanistan in the 1980s to fight Soviet forces. He was valued for his military skills and became a key player in al-Qaeda's inner circle. But he often had bitter disagreements over strategy with bin Laden and his chief deputy, Ayman al-Zawahiri. "He clashed with them," said Osama Rushdi, an Egyptian political exile who worked alongside them in Afghanistan and Pakistan more than 15 years ago. "They didn't respect him as a military man and he didn't respect civilians." Several letters and Internet statements have been released since 2002 bearing Adel's name or aliases, leading analysts to believe that he maintains contact with al-Qaeda leaders in the region. Some U.S. intelligence officials think he may have played a direct role in organizing attacks in Saudi Arabia and elsewhere. One of the few clues to his whereabouts came in February, when an Egyptian relative of Adel's gave an interview to the London-based Arabic newspaper Asharq Al-Awsat, saying that Adel and other members of his family were in the custody of the Iranian Revolutionary Guards in Tehran.

The mythology noosphere narrative has been being built up for over 8 years!
All eyes are opened, or opening, to the rights of man. The general spread of the light of science has already laid open to every view the palpable truth, that the mass of mankind has not been born with saddles on their backs, nor a favored few booted and spurred, ready to ride them legitimately

Offline Dig

  • All eyes are opened, or opening, to the rights of man.
  • Member
  • *****
  • Posts: 63,093
    • Git Ureself Edumacated
Hey look at the super elusive Saif al-Adel, he always shows up just exactly where the CIA needs more funding or to cover up war crimes with spooky threats (you cannot make up this narrative if you wanted to):


 
Saif al-Adel Back in Waziristan Region to help weakened Terror Network
http://www.spiegel.de/international/world/0,1518,725181,00.html
By Yassin Musharbash 10/25/2010

Former al-Qaida military chief Saif al-Adel spent the last nine years under house arrest in Iran. He has now returned to Waziristan in the border area between Pakistan and Afghanistan and appears to have got his old job back. With his help, the weakened terror network could reorganize itself. Saif al-Adel enjoys a truly outstanding reputation among Islamic militants around the world. The Egyptian, whose nom-de-guerre means "sword of justice," is considered a seasoned operational planner and an experienced field commander. He is often mentioned together with Khalid Sheikh Mohammed, the mastermind of the Sept. 11, 2001 attacks on New York and Washington. Among other things, the United States accuses him of involvement in the bombing of two US embassies in Africa in 1998. The last position Saif al-Adel held within Osama bin Laden's terror network was that of a very senior al-Qaida military chief, a role which put al-Adel at the very pinnacle of international jihadist terrorism.
All eyes are opened, or opening, to the rights of man. The general spread of the light of science has already laid open to every view the palpable truth, that the mass of mankind has not been born with saddles on their backs, nor a favored few booted and spurred, ready to ride them legitimately

Offline Effie Trinket

  • member
  • Member
  • *
  • Posts: 2,293
Quote
If your local power plant can't get coal to power it, IT'S AL-CIA-DUH'S FAULT!!!!!

The DHS is setting this up in their own news wire.  Even though power plants are not mentioned you can see the writing on the wall.  Note that they like to use the word 'appears'.  Yeah the evidence simply 'appears' out of nowhere.


Al Qaeda's plans for 9/11 anniversary: attack U.S. rail
Published 6 May 2011
http://homelandsecuritynewswire.com/al-qaedas-plans-911-anniversary-attack-us-rail

It appears that al Qaeda was planning an attack on U.S. railroads to mark the anniversary of the 9/11 attacks. U.S. officials confirmed to Fox News that documents retrieved from bin Laden’s hideout in Abbottabad, Pakistan, show discussions, in February 2010, of how to derail a train to achieve a large number of casualties.

NARRATIVE ALERT, NARRATIVE ALERT, NARRATIVE ALERT:

http://forums.somd.com/256135-post1.html

To assess Al Qaeda's potential as a cyberthreat, Ashley pored over reports of the contents of computers captured in Afghanistan as well as information gathered through prisoner interrogations. In each of the five critical areas, Al Qaeda activities merited a "yes" score on the DIA threat matrix. "The overall assessment of the Al Qaeda cyberthreat is critical," Ashley concludes. "We know terrorists are pursuing this capability. Major cyberterror attacks against America will occur. It is a matter of when, not if."

A chilling assessment to be sure. And Ashley went even further when he identified the trapdoor through which Al Qaeda would attack the power grid.

The SCADA Connection
The nation's power system has thousands of not-so-secret trapdoors called supervisory control and data acquisition (SCADA) devices. "SCADA systems allow utility companies to monitor and direct equipment at unmanned facilities from a central location," Ashley explains.

http://www.historycommons.org/context.jsp?item=a2002cyberattacks#a2002cyberattacks

2002: Al-Qaeda Could Be Planning Cyber-Attacks; Recovered Computer, Detainee Interrogations Reveal Group’s Intentions
Edit event 

An analysis of the contents of a laptop computer belonging to al-Qaeda obtained by US forces in Afghanistan in January 2002 shows that the organization may be plotting attacks on the US infrastructure by seizing control of the computer systems used to run power plants, dams, or subways. The laptop was used to visit a site that offers a “Sabotage Handbook” for would-be hackers. Other visited sites are devoted to SCADA software (Systems Control And Data Acquisition), which have largely replaced manual controls to operate plants and machinery. The Washington Post reports that Al-Qaeda detainees interrogated at Guantanamo have revealed plans to use such tools although details are not available. The information obtained is strikingly reminiscent of a recent case of electronic intrusion (see Summer 2001). [Washington Post, 6/27/2002; PBS Frontline, 3/18/2003; Washington Post, 3/11/2005]
__________________________________

http://www.washingtonpost.com/wp-dyn/content/article/2006/06/12/AR2006061200711.html

Cyber-Attacks by Al Qaeda Feared
Terrorists at Threshold of Using Internet as Tool of Bloodshed, Experts Say

By Barton Gellman
Washington Post Staff Writer
Thursday, June 27, 2002

Late last fall, Detective Chris Hsiung of the Mountain View, Calif., police department began investigating a suspicious pattern of surveillance against Silicon Valley computers. From the Middle East and South Asia, unknown browsers were exploring the digital systems used to manage Bay Area utilities and government offices. Hsiung, a specialist in high-technology crime, alerted the FBI's San Francisco computer intrusion squad.

Working with experts at the Lawrence Livermore National Laboratory, the FBI traced trails of a broader reconnaissance. A forensic summary of the investigation, prepared in the Defense Department, said the bureau found "multiple casings of sites" nationwide. Routed through telecommunications switches in Saudi Arabia, Indonesia and Pakistan, the visitors studied emergency telephone systems, electrical generation and transmission, water storage and distribution, nuclear power plants and gas facilities.

Some of the probes suggested planning for a conventional attack, U.S. officials said. But others homed in on a class of digital devices that allow remote control of services such as fire dispatch and of equipment such as pipelines. More information about those devices -- and how to program them -- turned up on al Qaeda computers seized this year, according to law enforcement and national security officials.

Unsettling signs of al Qaeda's aims and skills in cyberspace have led some government experts to conclude that terrorists are at the threshold of using the Internet as a direct instrument of bloodshed. The new threat bears little resemblance to familiar financial disruptions by hackers responsible for viruses and worms. It comes instead at the meeting points of computers and the physical structures they control.

U.S. analysts believe that by disabling or taking command of the floodgates in a dam, for example, or of substations handling 300,000 volts of electric power, an intruder could use virtual tools to destroy real-world lives and property. They surmise, with limited evidence, that al Qaeda aims to employ those techniques in synchrony with "kinetic weapons" such as explosives.

"The event I fear most is a physical attack in conjunction with a successful cyber-attack on the responders' 911 system or on the power grid," Ronald Dick, director of the FBI's National Infrastructure Protection Center, told a closed gathering of corporate security executives hosted by Infraguard in Niagara Falls on June 12.

In an interview, Dick said those additions to a conventional al Qaeda attack might mean that "the first responders couldn't get there . . . and water didn't flow, hospitals didn't have power. Is that an unreasonable scenario? Not in this world. And that keeps me awake at night."

Regarded until recently as remote, the risks of cyber-terrorism now command urgent White House attention. Discovery of one acute vulnerability -- in a data transmission standard known as ASN.1, short for Abstract Syntax Notification -- rushed government experts to the Oval Office on Feb. 7 to brief President Bush. The security flaw, according to a subsequent written assessment by the FBI, could have been exploited to bring down telephone networks and halt "all control information exchanged between ground and aircraft flight control systems."

Officials said Osama bin Laden's operatives have nothing like the proficiency in information war of the most sophisticated nations. But al Qaeda is now judged to be considerably more capable than analysts believed a year ago. And its intentions are unrelentingly aimed at inflicting catastrophic harm.

One al Qaeda laptop found in Afghanistan, sources said, had made multiple visits to a French site run by the Societe[acute] Anonyme, or Anonymous Society. The site offers a two-volume online "Sabotage Handbook" with sections on tools of the trade, planning a hit, switch gear and instrumentation, anti-surveillance methods and advanced techniques. In Islamic chat rooms, other computers linked to al Qaeda had access to "cracking" tools used to search out networked computers, scan for security flaws and exploit them to gain entry -- or full command.

Most significantly, perhaps, U.S. investigators have found evidence in the logs that mark a browser's path through the Internet that al Qaeda operators spent time on sites that offer software and programming instructions for the digital switches that run power, water, transport and communications grids. In some interrogations, the most recent of which was reported to policymakers last week, al Qaeda prisoners have described intentions, in general terms, to use those tools.

Specialized digital devices are used by the millions as the brains of American "critical infrastructure" -- a term defined by federal directive to mean industrial sectors that are "essential to the minimum operations of the economy and government."

The devices are called distributed control systems, or DCS, and supervisory control and data acquisition, or SCADA, systems. The simplest ones collect measurements, throw railway switches, close circuit-breakers or adjust valves in the pipes that carry water, oil and gas. More complicated versions sift incoming data, govern multiple devices and cover a broader area.

What is new and dangerous is that most of these devices are now being connected to the Internet -- some of them, according to classified "Red Team" intrusion exercises, in ways that their owners do not suspect.

Because the digital controls were not designed with public access in mind, they typically lack even rudimentary security, having fewer safeguards than the purchase of flowers online. Much of the technical information required to penetrate these systems is widely discussed in the public forums of the affected industries, and specialists said the security flaws are well known to potential attackers.

Until recently, said Director John Tritak of the Commerce Department's Critical Infrastructure Assurance Office, many government and corporate officials regarded hackers mainly as a menace to their e-mail.

"There's this view that the problems of cyberspace originate, reside and remain in cyberspace," Tritak said. "Bad ones and zeros hurt good ones and zeros, and it sort of stays there. . . . The point we're making is that increasingly we are relying on 21st century technology and information networks to run physical assets." Digital controls are so pervasive, he said, that terrorists might use them to cause damage on a scale that otherwise would "not be available except through a very systematic and comprehensive physical attack."

The 13 agencies and offices of the U.S. intelligence community have not reached consensus on the scale or imminence of this threat, according to participants in and close observers of the discussion. The Defense Department, which concentrates on information war with nations, is most skeptical of al Qaeda's interest and prowess in cyberspace.

"DCS and SCADA systems might be accessible to bits and bytes," Assistant Secretary of Defense John P. Stenbit said in an interview. But al Qaeda prefers simple, reliable plans and would not allow the success of a large-scale attack "to be dependent on some sophisticated, tricky cyber thing to work."

"We're thinking more in physical terms -- biological agents, isotopes in explosions, other analogies to the fully loaded airplane," he said. "That's more what I'm worried about. When I think of cyber, I think of it as ancillary to one of those."

White House and FBI analysts, as well as officials in the Energy and Commerce departments with more direct responsibility for the civilian infrastructure, describe the threat in more robust terms.

"We were underestimating the amount of attention [al Qaeda was] paying to the Internet," said Roger Cressey, a longtime counterterrorism official who became chief of staff of the President's Critical Infrastructure Protection Board in October. "Now we know they see it as a potential attack vehicle. Al Qaeda spent more time mapping our vulnerabilities in cyberspace than we previously thought. An attack is a question of when, not if."

Ron Ross, who heads a new "information assurance" partnership between the National Security Agency and the National Institute of Standards and Technology, reminded the Infraguard delegates in Niagara Falls that, after the Sept. 11 attacks, air traffic controllers brought down every commercial plane in the air. "If there had been a cyber-attack at the same time that prevented them from doing that," he said, "the magnitude of the event could have been much greater."

"It's not science fiction," Ross said in an interview. "A cyber-attack can be launched with fairly limited resources."

U.S. intelligence agencies have upgraded their warnings about al Qaeda's use of cyberspace. Just over a year ago, a National Intelligence Estimate on the threat to U.S. information systems gave prominence to China, Russia and other nations. It judged al Qaeda operatives as "less developed in their network capabilities" than many individual hackers and "likely to pose only a limited cyber-threat," according to an authoritative description of its contents.

In February, the CIA issued a revised Directorate of Intelligence Memorandum. According to officials who read it, the new memo said al Qaeda had "far more interest" in cyber-terrorism than previously believed and contemplated the use of hackers for hire to speed the acquisition of capabilities.

"I don't think they are capable of bringing a major segment of this country to its knees using cyber-attack alone," said an official representing the current consensus, but "they would be able to conduct an integrated attack using a combination of physical and cyber resources and get an amplification of consequences."

Counterterrorism analysts have known for years that al Qaeda prepares for attacks with elaborate "targeting packages" of photographs and notes. But, in January, U.S. forces in Kabul, Afghanistan, found something new.

A computer seized at an al Qaeda office contained models of a dam, made with structural architecture and engineering software, that enabled the planners to simulate its catastrophic failure. Bush administration officials, who discussed the find, declined to say whether they had identified a specific dam as a target.

The FBI reported that the computer had been running Microstran, an advanced tool for analyzing steel and concrete structures; Autocad 2000, which manipulates technical drawings in two or three dimensions; and software "used to identify and classify soils," which would assist in predicting the course of a wall of water surging downstream.

To destroy a dam physically would require "tons of explosives," Assistant Attorney General Michael Chertoff said a year ago. To breach it from cyberspace is not out of the question. In 1998, a 12-year-old hacker, exploring on a lark, broke into the computer system that runs Arizona's Roosevelt Dam. He did not know or care, but federal authorities said he had complete command of the SCADA system controlling the dam's massive floodgates.

Roosevelt Dam holds back as much as 1.5 million acre-feet of water, or 489 trillion gallons. That volume could theoretically cover the city of Phoenix, down river, to a height of five feet. In practice, that could not happen. Before the water reached the Arizona capital, the rampant Salt River would spend most of itself in a flood plain encompassing the cities of Mesa and Tempe -- with a combined population of nearly a million.

In Queensland, Australia, on April 23, 2000, police stopped a car on the road to Deception Bay and found a stolen computer and radio transmitter inside. Using commercially available technology, Vitek Boden, 48, had turned his vehicle into a pirate command center for sewage treatment along Australia's Sunshine Coast.

Boden's arrest solved a mystery that had troubled the Maroochy Shire wastewater system for two months. Somehow the system was leaking hundreds of thousands of gallons of putrid sludge into parks, rivers and the manicured grounds of a Hyatt Regency hotel. Janelle Bryant of the Australian Environmental Protection Agency said "marine life died, the creek water turned black and the stench was unbearable for residents." Until Boden's capture -- during his 46th successful intrusion -- the utility's managers did not know why.

Specialists in cyber-terrorism have studied Boden's case because it is the only one known in which someone used a digital control system deliberately to cause harm. Details of Boden's intrusion, not disclosed before, show how easily Boden broke in -- and how restrained he was with his power.

Boden had quit his job at Hunter Watertech, the supplier of Maroochy Shire's remote control and telemetry equipment. Evidence at his trial suggested that he was angling for a consulting contract to solve the problems he had caused.

To sabotage the system, he set the software on his laptop to identify itself as "pumping station 4," then suppressed all alarms. Paul Chisholm, Hunter Watertech's chief executive, said in an interview last week that Boden "was the central control system" during his intrusions, with unlimited command of 300 SCADA nodes governing sewage and drinking water alike. "He could have done anything he liked to the fresh water," Chisholm said.

Like thousands of utilities around the world, Maroochy Shire allowed technicians operating remotely to manipulate its digital controls. Boden learned how to use those controls as an insider, but the software he used conforms to international standards and the manuals are available on the Web. He faced virtually no obstacles to breaking in.

Nearly identical systems run oil and gas utilities and many manufacturing plants. But their most dangerous use is in the generation, transmission and distribution of electrical power, because electricity has no substitute and every other key infrastructure depends on it.

Massoud Amin, a mathematician directing new security efforts in the industry, described the North American power grid as "the most complex machine ever built." At an April 2 conference hosted by the Commerce Department, participants said, government and industry scientists agreed that they have no idea how the grid would respond to a cyber-attack.

What they do know is that "Red Teams" of mock intruders from the Energy Department's four national laboratories have devised what one government document listed as "eight scenarios for SCADA attack on an electrical power grid" -- and all of them work. Eighteen such exercises have been conducted to date against large regional utilities, and Richard A. Clarke, Bush's cyber-security adviser, said the intruders "have always, always succeeded."

Joseph M. Weiss of KEMA Consulting, a leading expert in control system security, reported at two recent industry conferences that intruders were "able to assemble a detailed map" of each system and "intercepted and changed" SCADA commands without detection.

"What the labs do is look at simple, easy things I can do to get in" with tools commonly available on the Internet, Weiss said in an interview. "In most of these cases, they are not using anything that a hacker couldn't have access to."

Bush has launched a top-priority research program at the Livermore, Sandia and Los Alamos labs to improve safeguards in the estimated 3 million SCADA systems in use. But many of the systems rely on instantaneous responses and cannot tolerate authentication delays. And the devices deployed now lack the memory and bandwidth to use techniques such as "integrity checks" that are standard elsewhere.

In a book-length Electricity Infrastructure Security Assessment, the industry concluded on Jan. 7 that "it may not be possible to provide sufficient security when using the Internet for power system control." Power companies, it said, will probably have to build a parallel private network for themselves.

The U.S. government may never have fought a war with so little power in the battlefield. That became clear again on Feb. 7, when Clarke and his vice-chairman at the critical infrastructure board, Howard A. Schmidt, arrived in the Oval Office.

They told the president that researchers in Finland had identified a serious security hole in the Internet's standard language for routing data through switches. A government threat team found implications -- for air traffic control and civilian and military phone links, among others -- that were more serious still.

"We've got troops on the ground in Afghanistan and we've got communication systems that we all depend on that, at that time, were vulnerable," Schmidt recalled.

Bush ordered the Pentagon and key federal agencies to patch their systems. But most of the vulnerable networks were not government-owned. Since Feb. 12, "those who have the fix in their power are in the private sector," Schmidt said. Asked about progress, he said: "I don't know that we'd ever get to 100 percent."

Frustrated at the pace of repairs, Clarke traveled to San Jose on Feb. 19 and accused industry leaders of spending more on coffee than on information security. "You will be hacked," he told them. "What's more, you deserve to be hacked."

Tritak, at the Commerce Department, appealed to patriotism. Speaking of al Qaeda, he said: "When you've got people who are saying, 'We're coming after your economy,' everyone has a responsibility to do their bit to safeguard against it."

New public-private partnerships are helping, but the government case remains a tough sell. Alan Paller, director of research at the SANS Institute in Bethesda, said not even banks and brokerages, considered the most security-conscious businesses, tell the government when their systems are attacked. Sources said the government did not learn crucial details about September's Nimda worm, which caused an estimated $ 530 million in damage, until the stricken companies began firing their security executives.

Experts said public companies worry about the loss of customer confidence and the legal liability to shareholders or security vendors when they report flaws.

The FBI is having even less success with its "key asset initiative," an attempt to identify the most dangerous points of vulnerability in 5,700 companies deemed essential to national security.

"What we really want to drill down to, eventually, is not the companies but the actual things themselves, the actual switches . . . that are vital to [a firm's] continued operations," Dick said. He acknowledged a rocky start: "For them to tell us where their crown jewels are is not reasonable until you've built up trust."

Michehl R. Gent, president of the North American Electric Reliability Council, said last month it will not happen. "We're not going to build such a list. . . . We have no confidence that the government can keep that a secret."

For fear of terrorist infiltration, Clarke's critical infrastructure board and Tom Ridge's homeland security office are now exploring whether private companies would consider telling the government the names of employees with access to sensitive sites.

"Obviously, the ability to check intelligence records from the terrorist standpoint would be the goal," Dick said.

There is no precedent for that. The FBI screens bank employees but has no statutory authority in other industries. Using classified intelligence databases, such as the Visa Viper list of suspected terrorists, would mean the results could not be shared with the employers. Bobby Gillham, manager of global security at oil giant Conoco Inc., said he doubts his industry will go along with that.

"You have Privacy Act concerns," he said in an interview. "And just to get feedback that there's nothing here, or there's something here but we can't share it with you, doesn't do us a lot of good. Most of our companies would not [remove an employee] in a frivolous way, on a wink."

Exasperated by companies seeking proof that they are targets, Clarke has stopped talking about threats at all.

"It doesn't matter whether it's al Qaeda or a nation-state or the teenage kid up the street," he said. "Who does the damage to you is far less important than the fact that damage can be done. You've got to focus on your vulnerability . . . and not wait for the FBI to tell you that al Qaeda has you in its sights."

Staff researcher Robert Thomason contributed to this report.

CORRECTION-DATE: June 29, 2002

CORRECTION:

A June 27 article on concerns about cyber-terrorism misstated the capacity of the Roosevelt Dam in Arizona. It is 489 billion gallons.

Offline Effie Trinket

  • member
  • Member
  • *
  • Posts: 2,293
http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/interviews/dick.html


Ron Dick 

He is director of Information Assurance Strategic Initiatives for Computer Sciences Corporation's Homeland Security program and the former director of the FBI's National Infrastructure Protection Center. In his interview he talks about some of the events which defined for the government the national security threat of cyberspace, and the scenario which keeps him awake at night. He also discusses key issues the U.S. must address to secure cyberspace and the importance of new government provisions allowing more information sharing between the private sector and government. This interview was conducted on March 18, 2003.


How is the U.S. working, at this point, to protect the governmental and private infrastructure from the threat that we face when it comes to a cyber attack?

It's working on multiple levels. For example, back in 1998 under then-President Clinton, there was Presidential Decision Directive 63, which is a composite of an analysis that was done of our critical infrastructure. A presidential commission recommended the creation of a number of things that would look at better protecting our critical infrastructures, and in particular the cyber environment.

One of the things that the federal government did, and continues to do, is to work very closely with the private sector, particularly with the information technology industry, to identify what vulnerabilities are out there -- how to best protect not only U.S. government systems, but private sector systems. There was a realization even then that because of the interconnectivity and the almost 100 percent dependence on computer technology and cyber technology to conduct business, to provide national security and economic well-being in the United States, the United States government had to become a leader in bringing these people, these various sectors together that are protected.
   
   

The infrastructures are 90 percent owned by private sector. How does that complicate issues when it comes to security?

It is a challenge. But it's one of the great things about living in the United States, that most of the critical infrastructures are, as you correctly pointed out, owned by the private sector. So that brings into play the building of this public/private sector partnership to identify, not only the cyber vulnerabilities, but also the physical vulnerabilities, and build a risk management model. [The risk model allows you to] identify what are the threats, which is generally known by the various law enforcement as well as intelligence agencies within the federal government, state and local governments, and the vulnerabilities that are generally known by the private sector, so that you can discern what is your risk, whether it's a physical or a cyber attack.

Once you've discerned what your risks are, then it's up to federal government to secure its system, whether they're physical or cyber, but also to make a business case for the private sector to invest in those kinds of security measures. It's a huge challenge, [in] which the entities, like Dick Clarke's role in the White House to the national cyber security, the role of the FBI and the agency that I headed for a while, the National Infrastructure Protection Center, to work together very cooperatively with the private sector to resolve those issues.

Define the threat for us.

First of all, the threat is real, in my opinion. Having been the director of the National Infrastructure Protection Center for over two and a half years and involved in the center for four years, I've seen numerous cases that support that the threat is real, and it's real on a number of levels. The number one priority for us in law enforcement and in the political community is those foreign nations, foreign states that would use cyberspace to prepare the battle space, if you will, if in the event [of] war, people would look at cyberspace. In particular, since the United States is 100 percent dependent upon information systems and computer systems to run our nation -- from an economic standpoint, as well as national security standpoint -- it's a huge, huge issue for us.

The second priority is the use of cyberspace for foreign intelligence operation or espionage, so as to intrude into whether they're government contractors or U.S. government systems to try and secrete confidential or even classified information out of these systems for which they are maintained.

The third priority from a threat standpoint is criminal activity. We've seen examples of this on numerous occasions in the newspaper, where systems are intruded into, hundreds of thousands of credit card numbers are stolen. There's even a market now on the Internet for the sale and distribution of these stolen credit card numbers.

The fourth priority would be the viruses. Recently we saw with the Slammer virus, which infected I think over 75,000 machines, caused estimates of $950 million to $1.2 billion in damage. The real threat there is the impact on how it slowed the Internet down to almost a crawl, and that was the real concern if it got to the extent where we couldn't communicate. Then you obviously had the national security and economic well-being issues associated with that in the United States.

Last priority, obviously, are those that commit criminal acts, the hacking of young people, if you will, but it's still a criminal act that disrupts communications.

Can you tell us any case dealing with national security issues that, to you, was an important case or event that helps define what the threat is?

From a national security standpoint, for which the FBI has worked a number of cases, obviously they're still classified, and I can't go into any details associated with those ongoing investigations or even prior investigations of a classified nature. However, if you look at what has been written by other nation-states, such as China and Russia, where they openly talk about using cyberspace, cyber technology, so as to prepare the battle space. Two Chinese generals not long ago wrote a book about how cyberspace would be an integral part of their nation's planning, as far as conducting a war in the future and today.

Recently, there was in the newspaper here in Washington, D.C. discussion about getting presidential findings as to whether the United States government could, or how the United States government could and should use cyber weapons in the event of any kind of a war.

There are people out there who say that in a world of bioweapons threat, dirty bombs, worries about war with North Korea, this is really low down on the totem pole.

I disagree with "We don't need to deal with that." Now, do I put cyber warfare, cyber espionage, cyber terrorism -- which is a term of art lately -- on the same level as the events that happened on Sept. 11? No, I don't. However, the thing that we have not seen yet, and the thing that keeps me awake at night, is the physical attack on a U.S. infrastructure, combined with a cyber attack which disrupts the ability of first responders to access 911 systems, that disrupts our power grids such that, again, first responders can't respond to an incident. Those are the things that keep me awake, and those are very real possibilities

The significance of the sophisticated probing that we've all seen and that is talked about a lot, very sophisticated probing into control systems, electrical power companies, gas companies, water companies -- what's the significance of these probes?

One of the things that makes cyberspace so unique, particularly from a preparing battlespace standpoint, espionage or even criminal activity, is that you don't know who's doing these particular acts until you actually trace back to find the person that's behind that keyboard.

Until you were able to discern who is behind that keyboard, you didn't really know what the motive was for that kind of probing. Could it be a foreign power that was looking for opportunities to prepare the battlespace? Was it a nation-state that was looking to conduct espionage? Was it a criminal organization that was looking to use those various systems that they found vulnerable to conduct other criminal activities?

Is there a problem, at least with the technology as it is today, that it's almost impossible to trace back to the actual person who is involved with this attack?

Is it a challenge? It absolutely is. And because of the technology and the ability to remain anonymous on the Internet, it is a huge challenge for law enforcement and the military, as well as other nations. However, it is not impossible. There are a number of examples where the FBI and other law enforcement agencies, we have been able to discern who is doing this. ...

How do you folks at the FBI view the fact that our system is being probed in this manner? Some people have said we're already at war.

I think it is absolutely one of the things that we have to address, both from a public/private partnership standpoint. Technology, as we all know, is increasing at an exponential rate. As technology increases, there are vulnerabilities that are built into it.

The thing that has to happen is that we have to make information security a part of our daily lives, just like we've made having seatbelts and airbags in our automobiles -- demanded by the public and consumers of those products. We have to get to the point with our computer systems and software that's provided with those computer systems that security is first in mind, or one of the things that's first in mind, when it begins to be developed.

It's not just a U.S. issue. As I said, the United States is almost 100 percent dependent upon computer systems. But the rest of the world is also dependent on those computer systems, and the reality is we're only as secure as our weakest link. That's kind of a cliche, but it is absolutely true. Unless we can get international cooperation because of the interconnectivity [of] all the systems across the world, we're never going to really solve this problem.

The ability to probe systems, as we saw with the Slammer worm not long ago, and used automated tools to do it -- it proliferated across the world at probably 250 times faster than the Code Red virus proliferated. These are huge, huge vulnerabilities and risk, not only to the private sector, but government agencies.

The Mountain View case. Your opinion?

When I was the director of the National Infrastructure Protection Center, there was an incident that occurred in Mountain View, California. In that incident, there was probing going on regarding certain cities' public utilities out there. The importance of that investigation and the importance of that kind of probing is that it was right after, fairly shortly after Sept. 11.

We issued from the National Infrastructure Protection Center a warning that people needed to look at what they had on their Web sites. The reason that they needed to look at what they had on their Web sites is that we were conveying information to terrorist organizations as to how they could attack -- not only from a cyber standpoint, but from a physical infrastructure standpoint.

So one of the things that we wanted to highlight in our warnings was [to] look at what's out there -- while the public has a right to know certain things, they don't necessarily have a right to know where your vulnerabilities are or how you can be attacked -- that you needed to look at those things on your Web sites, [and] to only put out there what is necessary for the public to do business with [local governments and the] federal government.

That kind of probing is the kinds of things that nation-states and terrorist organizations are looking for in an open society like the United States.

Was the fact significant that they were looking at electrical and water systems?

Sure. Under Presidential Decision Directive 63, one of the infrastructures or critical infrastructures that were identified was electrical power systems and water supply systems. Obviously, if you can disrupt the flow of electricity or water to the general public in an area or nationally, that's going to have a dramatic impact on their ability to do business in that area, as well as the national security.

What was the conclusion of the Mountain View case?

The conclusion of the Mountain View case is that it's still pending, at least when I left the NIPC, or the National Infrastructure Protection Center. We never were necessarily able to tie it back into any terrorist organizations. However, again, until you are able to find out who is behind the keyboard and what the motive is for that kind of program, you're never really clear as to what the intent was.

People say it was the first time that we got it, I suppose, that this was a vulnerable area, and so therefore the story is important, because it was a red flag that taught us something. So define, from your point of view, the importance of this case. Was it the first? Was it something that sort of raised the flag?

The Mountain View case and the concern by the federal government and the National Infrastructure Protection Center about what information was on certain Web sites is not a particularly new issue. We had a number of discussions prior to Sept. 11, for example, regarding the Environmental Protection Agency putting out certain information about chemical plants and so forth. We were discussing with them, from a Department of Justice and FBI standpoint, how much information do you really need to put out there now.

After the events of Sept. 11, that kind of information took on a whole new significance. The Mountain View case was one of the first examples after Sept. 11 where we, as a community -- meaning the federal government, state and local government and the private sector -- realized, "Wait a minute. Perhaps we have too much information out there, so that we're playing into the hands of the terrorist organizations. We need to take a look at that."

We also needed to look at what other probing is going on and what are they looking for. ...

With a war in Iraq, your cohorts or people that are still in government, what would they be looking for? Are there warning signs? What might we be sort of very wary of at this point?

Within the Department of Defense, which is one of the systems that is talked about quite often, about attempted intrusions into it -- but if you look at the number of intrusions or attempted intrusions and their actual success rate, it's relatively low. ... One of the things that they are most concerned with is monitoring their network to see when and if they come under attack, so that they can then respond appropriately. ...

Now, the biggest thing that we have done in the last four years is to build a very responsive public/private partnership, because frankly, if there is an attack or cyber attack, we are more likely to learn about it from the private sector than we are from U.S. government agencies. ...

There are a number of things that we have done together, and I think quite successfully. One is the creation of information sharing and analysis centers for electrical power, oil and gas, water supply systems. When I left the NIPC, the National Infrastructure Protection Center, I think they had about 14, 15 information sharing agreements with these various information sharing and analysis centers.

A great example is the recent Slammer virus that occurred. The Information Technology Information Sharing and Analysis Center was one of the first ones that picked up on the Slammer virus, shared the information with the federal government through the Department of Homeland Security, for which advisories and alerts were put out. That's a great example from this public/private partnership.

Code Red was a precursor to that one, where we identified what the vulnerability was in a particular vendor software. We worked cooperatively with that vendor as well as the router manufacturers for it. We went out publicly to gather and tell the public what the vulnerability was and what the solutions were for it.

So that's the kind of things that are going to occur. If there's a cyber attack during any war, the first notifications are going to come from the private sector.

Are we prepared at this point to stop a real attack, a malicious attack, that had more of a payload that just sort of irritating control of systems or shutting down a few systems here and there?

Are we prepared to the extent that we need to be as a nation or as a world? No. There are tremendous amounts of vulnerabilities that are still out there. The company I work for now, Computer Sciences Corporation, has a team of people that do what we call red teaming, where we actually go out and have a look at what are the vulnerabilities in the systems, attack those vulnerabilities and see if we can intrude. Even though these companies that have hired us know that we're coming, we have always been successful. ...

Is the private sector secure enough? No. Can we respond in a fashion that minimizes the impact of that? Yes, I believe we can. We've had a number of incidents, in Code Red and Slammer and a number of these, where the Internet was slowed and the response times were dramatically reduced, but we've never had it shut down. Was that a concern for Dick Clarke and myself and other people in the department? It absolutely was. But the technology is such and robust enough that, so far, the Internet has been able to sustain this kind of attack. Does that mean it will always happen? I don't know. Hasn't happened yet. But it's one of the things we're very concerned about.

Why hasn't it happened?

Some of the technology is very hard to use and utilize. If you look from a nation-state standpoint, if you're conducting warfare, obviously you're going to use those kind of tools. However, we have not been in a war or been in a war with an adversary that has those kinds of capabilities, in the United States or anyone else. So is it particularly surprising that we haven't seen it used in a war? Probably not. ...

Is law enforcement, the FBI, the CIA involvement in this ready for this threat?

I think we're as ready as we can be for this kind of threat. The FBI, the Secret Service, the investigative agencies for the Department of Defense have spent a lot of time and energy to train and bring investigators up to speed as to what the current technologies are, and how to be able to use that technology and to discern who is behind the keyboard.

We've also been able to develop a really good partnership with the private sector insofar as sharing information with law enforcement and the intelligence community as to what the vulnerabilities are, and who they believe may lead us to who is behind that keyboard.

One of the things that has happened with the recent Homeland Security Act is the ability for the private sector now to share information with the government, so that they won't be used for any detrimental purposes for that private sector company. That's a huge step. It was a big issue when I was the director of the NIPC for sharing of information. The key to this is two things: one, the private sector and the government agencies taking information security seriously, and two, being able to share those vulnerabilities and threats amongst each other to better protect ourselves.

Al Qaeda's expertise in using the Net for communication -- which seemed to be pretty sophisticated, when one breaks apart what they report that they were doing -- does that translate into an expertise to use cyber as a weapon?

It certainly translates into a knowledge of the capability. I mean, there had to be some research done on the part of various terrorist organizations that use a command and control communications purposes as to how they use it. I don't know that I'd call this sophisticated techniques, but obviously techniques that were more than just what the home user would normally know. In doing that kind of research or having that kind of knowledge, you also would be able to discern that you can use it for malicious purposes.

Why haven't terrorist organizations used it in that fashion? I don't know. I mean, that's the $64 million question. The response, though, is that we have to be as prepared as we can be for any kind of eventuality, which is what President Bush has talked about after the events of Sept. 11 and in the waging of a war against terrorism. We have known for some time that terrorist organizations have been looking at those things and trying to acquire the skills to utilize those kinds of tools or weapons.

My opinion is that it doesn't have the impact that they're looking for. Most terrorist organizations want to have visuals, if you will, for the media, of loss of life and destruction of various buildings and so forth. If you have an attack in cyberspace, you're not going to have those kind of visuals that terrorist organizations are looking for.

That's why what keeps me awake at night -- that if they use visuals in conjunction with a cyber attack, it can dramatically compound the impact of that.

We've been told by hackers and SCADA experts and scientists that sophisticated hackers could bring down the electrical grid and that they'd all get different scenarios. Some people say, "Give me six guys, a couple million dollars and a couple months, and we can bring down the entire system and we can keep it down." We had an engineer say that it's not only that you can keep it down for a minute; you can actually keep it down for months. Is this a reality?

We've worked very closely with the North American Electric Reliability Council, which is the information sharing and analysis center for the electrical power industry. Is it possible from a cyber standpoint to attack electrical power systems and their Supervisory Control and Data Acquisition systems? Yes, it's possible. Is it possible to bring them down for substantial periods of time? I don't think anybody knows the answer to that.

We've worked really closely with them. The power grids are very redundant across the United States, to include Canada, such that the ability to do that nationally or even regionally is really hard to do, based upon the work that we've done in the industry. Does it mean that it's impossible? No. Does it mean that if you give it enough money, millions of dollars, and the right kind of people, it can't be accomplished? No. But is it something that is easy? No.

Moonlight Maze. Define the FBI's involvement in Moonlight Maze. How involved is the FBI?

I can't comment on that.

What did this event teach us?

Dr. Hamre, who was formerly with the Department of Defense, commented several years ago regarding a series of events that was known as Moonlight Maze. What he characterized is that there were a series of intrusions into various DOD systems, wherein the intruders were looking for certain classified information or information that, if you took it in its whole, would be very sensitive and absolutely classified.

That investigation and that series of events is a great example of how espionage can be conducted through the use of cyber technology against the United States. The dependency of doing research and collecting the kind of information that you need from a military standpoint are most of the time on a computer system; such that the FBI did work very closely with the other departments of the Department of Defense, or agencies of the Department of Defense, to try and resolve it.

Operation Eligible Receiver. The NSA said that they were able, along with taking over or completely messing up communications or command and control, they also were able to take down the electrical grid. Can one believe organizations like NSA when they say they could have taken down the electrical grid? Is that real?

The vulnerabilities are so numerous out there in various systems that if you had the right talent, the right amount of money, the right access to various systems, then I can't exclude anything from the realm of possibility. I mean, [it's] one of the biggest concerns for the private sector, as well as the public sector is the insider.

The insider knows the system as well as you do, because he works for you. The insider knows where those vulnerabilities are and how to attack them. The insider can place certain back doors or tools on your systems, such that if they want to come back into it later on, that they can.

A great example of that I saw recently happened in Australia. A disgruntled employee for the sewage company in Australia left a back door in there when he left the company, came back in, and was able to spew sewage onto the streets of Sydney, I believe it was. That's an example of where we, as an industry with these supervisory SCADA systems, need to be concerned about who has access to them -- not only from the standpoint from the outsider, which has been a lot written about it, but who has access to it from the insider standpoint, who can later on come back in.

When you hire someone, background checks need to be done on who these people are. There has been a recent terrorist that was come into custody who had an engineering background, technical background, was looking at water systems, such that with that kind of knowledge from an insider standpoint, could place in the cyber realm tools by which to cause some [damage].

The Code Red hit. Where were you at that point?

When Code Red occurred, I was director of the National Infrastructure Protection Center. I was here in Washington, D.C. We began to get reports of that worm or virus from the private sector initially, saying that they were seeing huge spikes on the Internet, to the point that the concern was the Internet was beginning to rattle. There was great concern that it might fail.

To this day, we don't know who wrote that particular virus. However, what we did know is how to prepare for it. It is a great example where this was a known vulnerability for which the vendor had publicly provided a patch, for which many systems administrators and others in the industry had not applied the patch. Whoever the individual was that was taking advantage of this knew it, and would begin scanning the Internet to find out who was vulnerable.

With this system of patching, in the end, is it that it just doesn't do it? Do we have a fix here that is not being used because it's just too hard?

Is there a fix? Yes. Is it today too hard? In my opinion, it is. That's why we have so many vulnerabilities out there, even though there are known patches to various systems. It becomes, from a systems administrator standpoint, "How many of these have I got to apply? How much cost am I going to incur to do that?" It becomes a risk assessment, insofar as doing business is concerned.

What has to happen is that security has to become a part of our everyday life, wherein consumers demand that security is already built into the products that are delivered to them. I think Microsoft is changing its stance that it had a few years ago. They're putting a huge effort into building security into their systems, such that it makes it easier for the consumer to set the various switches, and prepare, or to apply the patches.

Is it hard right now? Yes, it is hard for systems administrators to manage that. Do we need to make it easier? Yes, we do. ...

The Nimda attack. How did you hear about it, what was it about? What is the significance?

Nimda was actually more significant, but Nimda frankly didn't get media attention, mainly because Nimda occurred right after Sept. 11. It was another example of the public/private sector cooperation. I was the director of the National Infrastructure Protection Center. I was up to my neck in responding to the events of Sept. 11 through the command post there at the headquarters. Then right on top of that, the Nimda virus struck.

Fortunately, we had built the kind of communication with the private sector that we were sharing information, pushing information out to the NIPC as to what the corrective actions were. Even with all of that, it proliferated across the world at a far greater rate than Code Red did. It rattled the Internet. But again, demonstrated the flexibility of the Internet -- it didn't come down, but it rattled significantly. It caused billions of dollars of damage, and we still don't know who proliferated that virus.

How should we view Slammer, Code Red, Nimda? Are these attacks precursors to--

They are warnings. Someone can attack or scan the Internet for vulnerabilities, be able to identify systems that can be intruded into, tools placed on them such that they can then continue to scan the Internet for other vulnerabilities, and then turn those tools on a particular enterprise or a particular network, such that you can even begin to rattle the Internet and bring it down. We need to significantly concerned about that, because our nation, as well as others, is so dependent on the Internet for our commerce and national security that we can't afford for it to come down.

They are warning signs. Even though no one has actually taken it to the point where they've used it for necessarily for malicious activities, other than the millions and billions of dollars to clean it up, it does not mean that it can't be turned for substantial attacks on the United States or others.

There are two sort of schools of thought here. There are the Pearl Harbor scenarios, where we're going to be hit all at once with a big attack. Then there's the side that thinks the way we would be vulnerable is death by a thousand cuts. A sophisticated attacker comes at us and hits us in various ways. One day you take the electrical system out in the Southeast. Then, the next day, you cause another trouble with the financial situation and close down NASDAQ. You slowly erode confidence, hurt systems, and slowly psychologically do us harm.

Whether it's the scenario of the cyber Pearl Harbor or it's a death by a thousand cuts, when I was the director of the National Infrastructure Protection Center, I didn't really care, because the end result was the same. It was the degrading in confidence in the United States' ability to do business. It would dramatically impact our economy. It would dramatically impact our national security.

The reality is that the solution for the protection of our national interests is the same. It's the building of a partnership with the private sector, making security a requirement for the products that are produced, whether they're in the United States [or abroad], and deploying those security measures across the board. If you have a death by a thousand cuts or a Pearl Harbor attack, but your systems are secure, they're redundant enough that you can sustain it, it really doesn't matter, because you've been able to sustain whichever one it is, because the method is the same, the end result is the same.

Create for me, if you could, sort of the potential sophistication and abilities of the following to use this against us. China?

High.

Al Qaeda?

Moderate.

Iraq?

Probably moderate.

Russia?

Probably high.

Where do you see the biggest threat coming from for this type of warfare to be waged against us?

The biggest threat, I mean, in the context of warfare would be nation-states. ...

Software. How big a problem is it that 80 percent of code is written offshore, and the fact that the trend is more and more systems are using the same software?

Most of the vulnerabilities that have been identified, attacked, are vulnerabilities in particular pieces of software. We went through a period of time of the Y2K wherein that was a very well-known vulnerability that we spent millions, if not billions of dollars to repair. One of the things I was always curious about is, a lot of the repairs done to these systems in the Y2K were done offshore.

One of the things I used to bring up to the private sector is, "Do you know who is doing those repairs, and do you know what they're putting into the systems? Is there a review process, quality control process, to ensure that what you specifically wanted done is being done, and nothing else is added to it?"

The same kind of thing needs to be done in any kind of software that's being developed, whether for Y2K or into the future. There has to be a quality control process. One of the things I think is probably not too far on the horizon, wherein federal government will want some sort of accreditation, if you will, of how particular pieces of software are developed and the security [of who] built them. ...

Do you see that as happening? Is the private sector getting it? Does the private sector understand the need to be connected to organizations like the one you're in now?

Oh, absolutely. The private sector, particularly the major corporations that are involved in information technology, like Computer Science Corporation or IBM, pick any of them, they get it. That's why they're very much involved in working with the federal government insofar as determining what best practices are, working with the federal government and other nations as to what kind of security best practices should be out there.

They certainly do get it. I can't think of any major company here in the United States or abroad in the United States that is not involved in an information sharing and analysis center, because they understand the value of information sharing, not only for their individual companies, but for the United States as well. ...

Everybody understands the significance of this. What is in debate is how to solve it, or what's the best way, the most cost-effective way, to solve it. There's a threat, there's a vulnerability, there's a need to build security into our systems -- there's no debate over that. It's really [about] how.
___________________________________________
http://www.washingtonpost.com/ac2/wp-dyn/A25738-2005Mar10?language=printer


California, even without the work of terrorists or hackers, can teeter near blackouts on its aging grid. (Mike Blake -- Reuters)

Hackers Target U.S. Power Grid
Government Quietly Warns Utilities To Beef Up Their Computer Security

By Justin Blum
Washington Post Staff Writer
Friday, March 11, 2005; Page E01

Hundreds of times a day, hackers try to slip past cyber-security into the computer network of Constellation Energy Group Inc., a Baltimore power company with customers around the country.

"We have no discernable way of knowing who is trying to hit our system," said John R. Collins, chief risk officer for Constellation, which operates Baltimore Gas and Electric. "We just know it's being hit."

 Hackers have caused no serious damage to systems that feed the nation's power grid, but their untiring efforts have heightened concerns that electric companies have failed to adequately fortify defenses against a potential catastrophic strike. The fear: In a worst-case scenario, terrorists or others could engineer an attack that sets off a widespread blackout and damages power plants, prolonging an outage.

Patrick H. Wood III, the chairman of the Federal Energy Regulatory Commission, warned top electric company officials in a private meeting in January that they need to focus more heavily on cyber-security. Wood also has raised the issue at several public appearances. Officials will not say whether new intelligence points to a potential terrorist strike, but Wood stepped up his campaign after officials at the Energy Department's Idaho National Laboratory showed him how a skilled hacker could cause serious problems.

Wood declined to comment on specifics of what he saw. But an official at the lab, Ken Watts, said the simulation showed how someone could hack into a utility's Internet-based business management system, then into a system that controls utility operations. Once inside, lab workers simulated cutting off the supply of oil to a turbine generating electricity and destroying the equipment.

Describing his reaction to the demonstration, Wood said: "I wished I'd had a diaper on."

Many electric industry representatives have said they are concerned about cyber-security and have been taking steps to make sure their systems are protected. But Wood and others in the industry said the companies' computer security is uneven.

"A sophisticated hacker, which is probably a group of hackers . . . could probably get into each of the three U.S. North American power [networks] and could probably bring sections of it down if they knew how to do it," said Richard A. Clarke, a former counterterrorism chief in the Clinton and Bush administrations.

Clarke said government simulations show that electric companies have not done enough to prevent hacking. "Every time they test, they get in," Clarke said. "It's nice that the power companies think that they've done things, and some of them have. But as long as there's a way to get into the grid, the grid is as weak as its weakest company."

Some industry analysts play down the threat of a massive cyber-attack, saying it's more likely that terrorists would target the physical infrastructure such as power plants and transmission lines. James Andrew Lewis, director of technology policy at the Center for Strategic and International Studies in the District, said a coordinated attack on the grid would be technically difficult and would not provide as much "bang for the buck" as high-profile physical attacks. Lewis said the bigger vulnerability may be posed not by outside hackers but by insiders who are familiar with their company's computer networks.

But in recent years, terrorists have expressed interest in a range of computer targets. Al Qaeda documents from 2002 suggest cyber-attacks on various targets, including the electrical grid and financial institutions, according to a translation by the IntelCenter, an Alexandria firm that studies terrorist groups.

A government advisory panel has concluded that a foreign intelligence service or a well-supported terrorist group "could conduct a structured attack on the electric power grid electronically, with a high degree of anonymity, and without having to set foot in the target nation," according to a report last year by the Government Accountability Office, the investigative arm of Congress.

Cyber-security specialists and government officials said that cyber-attacks are a concern across many industries but that the threat to the country's power supply is among their top fears.

Hackers have gained access to U.S. utilities' electronic control systems and in a few cases have "caused an impact," said Joseph M. Weiss, a Cupertino, Calif.-based computer security specialist with Kema Inc., a consulting firm focused on the energy industry. He said computer viruses and worms also have caused problems.

Weiss, a leading expert in control system security, said officials of the affected companies have described the instances at private conferences that he hosts and in confidential conversations but have not reported the intrusions publicly or to federal authorities. He said he agreed not to publicly disclose additional details and that the companies are fearful that releasing the information would hurt them financially and encourage more hacking.

Weiss said that "many utilities have not addressed control system cyber-security as comprehensively as physical security or cyber-security of business networks."

The vulnerability of the nation's electrical grid to computer attack has grown as power companies have transferred control of their electrical generation and distribution equipment from private, internal networks to supervisory control and data acquisition, or SCADA, systems that can be accessed through the Internet or by phone lines, according to consultants and government reports. That technology has led to greater efficiency because it allows workers to operate equipment remotely.

Other systems that feed information into SCADA or that operate utility equipment are vulnerable and have been largely overlooked by utilities, security consultants said.

Some utilities have made hacking into their SCADA systems relatively easy by continuing to use factory-set passwords that can be found in standard documentation available on the Internet, computer security consultants said.

The North American Electric Reliability Council, an industry-backed organization that sets voluntary standards for power companies, is drafting wide-ranging guidelines to replace more narrow, temporary precautions already on the books for guarding against a cyber-attack. But computer security specialists question whether those standards go far enough.

Officials at several power companies said they had invested heavily in new equipment and software to protect their computers. Many would speak only in general terms, saying divulging specifics could assist hackers.

"We're very concerned about it," said Margaret E. "Lyn" McDermid, senior vice president and chief information officer for Dominion Resources Inc., a Richmond-based company that operates Dominion Virginia Power and supplies electricity and natural gas in other states. "We spend a significant amount of time and effort in making sure we are doing what we ought to do."

Executives at Constellation Energy view the constant hacking attempts -- which have been unsuccessful -- as a threat and monitor their systems closely. They said they assume many of the hackers are the same type seen in other businesses: people who view penetrating corporate systems as fun or a challenge.

"We feel we are in pretty good shape when it comes to this," Collins said. "That doesn't mean we're bulletproof."

The biggest threat to the grid, analysts said, may come from power companies using older equipment that is more susceptible to attack. Those companies many not want to invest large amounts of money in new computer equipment when the machines they are using are adequately performing all their other functions.

Security consulting firms said that they have hacked into power company networks to highlight for their clients the weaknesses in their systems.

"We are able to penetrate real, running, live systems," said Lori Dustin, vice president of marketing for Verano Inc., a Mansfield, Mass., company that sells products to companies to secure SCADA systems. In some cases, Dustin said, power companies lack basic equipment that would even alert them to hacking attempts.

O. Sami Saydjari, chief executive of the Wisconsin Rapids, Wis.-based consulting firm Cyber Defense Agency LLC, said hackers could cause the type of blackout that knocked out electricity to about 50 million people in the Northeast, Midwest and Canada in 2003, an event attributed in part to trees interfering with power lines in Ohio. He said that if hackers destroyed generating equipment in the process, the amount of time to restore electricity could be prolonged.

"I am absolutely confident that by design, someone could do at least as [much damage], if not worse" than what was experienced in 2003, said Saydjari, who was one of 54 prominent scientists and others who warned the Bush administration of the risk of computer attacks following Sept. 11, 2001. "It's just a matter of time before we have a serious event."

Offline oneonesip

  • Member
  • *
  • Posts: 2
Guess what...he was captured in 2003.

Guess where...

IRAN

derrrr deeeeeeee  derrrrrrrrrrrrrrrrrrr



Al-Qaeda No.3, Saif al-Adel, captured in Iran
http://www.theage.com.au/articles/2003/05/27/1053801392866.html
May 28 2003 By Mark Forbes Foreign Affairs Correspondent Tehran

Al-Qaeda's third-ranked leader and alleged mastermind of this month's bombings in Riyadh, Saudi Arabia, has been seized in Iran, according to senior intelligence sources. The United States has identified Saif al-Adel as the most senior al-Qaeda member linked to the attacks that killed 34 people, including one Australian.  US intelligence believes al-Adel maintained contact with an al-Qaeda operative in Saudi Arabia, Abu Bakr al-Azdi, who directed the bombings on the ground. Intelligence sources said al-Adel, who used to be Osama bin Laden's personal bodyguard, approved the bombing plans before his capture by Iranian security forces at the start of the month, nine days before the attack. A reward of $US25 million ($A38 million), offered by the US Government for his capture, hangs over the head of al-Adel, who was promoted to number three after the capture of Khalid Sheikh Mohammed in Pakistan in March. Iran appears to be hoping to exchange al-Adel with Washington, in return for the handover of senior leaders in the anti-Iranian terrorist group Mujahideen-e-Khalq (MEK). Al-Adel would probably be initially deported to Egypt, his place of birth.  Washington has demanded Iran act against al-Qaeda leaders in the country and has conveyed a message via the United Nations of its "deep, deep concern that individuals associated with al-Qaeda have planned and directed the attack in Saudi Arabia from inside Iran". US officials identified al-Adel's presence in Iran as a major concern.  The Pentagon has recently forwarded plans to the White House on destabilising Iran's clerical government. If al-Adel was put into US hands, it would be a major blow to al-Qaeda and a significant move by Iran in the war on terror. It effectively removes one of the few remaining haven countries for the terrorist group. Al-Adel is believed to be one of several al-Qaeda figures being held, although publicly Iran has denied holding any senior operatives. It is believed that Iran, in talks with Australian Foreign Minister Alexander Downer this week, proposed a deal to take significant action on al-Qaeda if the US cracked down on the militant MEK. Formerly funded by Iraq's Saddam Hussein, the MEK are based in northern Iraq but were not arti kata heavily attacked during the US-led invasion.  Iran is concerned that the US military has talked of signing a ceasefire with the MEK, which is listed by the US State Department as a terrorist organisation. However, US sources said the group was being disbanded. Mr Downer delivered a strong message to the Iranians to be tougher on al-Qaeda, on behalf of both Canberra and Washington. The Iranians are believed to have used the meeting to convey messages back to the US. Iran wants the MEK leadership deported to Tehran for trial for assassinations and bombings. The US is believed to be prepared to remove the leadership from the region, but is reluctant to give them to the Iranians. Dr Rohan Gunaratna, author of Inside al Qaeda, last week said al-Adel was effectively al-Qaeda's operational commander. Previously he was Osama bin Laden's bodyguard, Dr Gunaratna said. Following the talks with Mr Downer, the secretary of Iran's Supreme National Security Council, Hassan Rowhani, said Iran would show no leniency to al-Qaeda members. "If they commit an offence inside Iran we will try them," he said.

Saif al-Adel in Iranian hands
http://www.washingtonpost.com/wp-srv/world/specials/terror/adel.html
Washington Post, a Bilderberg Subsidiary

Adel is the key figure in a small group of al-Qaeda leaders believed to be under house arrest in Iran. The others include Sulaiman abu Ghaith, a Kuwaiti, and Saad bin Laden, a son of al-Qaeda's emir. Soccer bet tips U.S. intelligence officials said the group was detained when crossing into Iran from Afghanistan after the Sept. 11, 2001, attacks to avoid capture by U.S. forces. The Iranian government has never publicly acknowledged their presence, leading to much speculation about what restrictions they face and whether they can communicate with al-Qaeda operatives outside the country. "The question is, what does house arrest mean in the Iranian context?" said Michael Scheuer, a former CIA analyst who led the agency's unit dedicated to tracking Osama bin Laden. Scheuer and other analysts said it was likely that Adel and the others were being held by the Iranian government as a bargaining chip as well as a deterrent in its strained dealings with the U.S. government. Some U.S. officials worry that Iran could release the group or loosen their restrictions if the Bush administration presses too hard on other diplomatic disputes. "They're a guarantee against bad behavior," Scheuer said. The U.S. government has posted a $5 million reward for information leading to Adel's capture. He has been indicted for his role in the 1998 bombings of the U.S. embassies in Kenya and Tanzania, which killed more than 200 people. Al-Qaeda later claimed responsibility for the attacks. Also known as Mohammad Ibrahim al-Makkawi, Adel is believed to be about 44 years old and is a veteran of the Egyptian military. He traveled to Afghanistan in the 1980s to fight Soviet forces. He was valued for his military skills and became a key player in al-Qaeda's inner circle. But he often had bitter disagreements over strategy with bin Laden and his chief deputy, Ayman al-Zawahiri. "He clashed with them," said Thailand Movie Osama Rushdi, jasa seo an Egyptian political exile who worked alongside them in Afghanistan and Pakistan more than 15 years ago. "They didn't respect him as a military man and he didn't respect civilians." Several letters and Internet statements have been released since 2002 bearing Adel's name or aliases, leading analysts to believe that he maintains contact with al-Qaeda leaders in the region. Some U.S. intelligence officials think he may have played a direct role in organizing attacks in Saudi Arabia and elsewhere. One of the few clues rumah dijual to his whereabouts came in February, when an Egyptian relative of Adel's gave an interview to the London-based Arabic newspaper Asharq Al-Awsat, saying that Adel and other members of his family were in the custody of the Iranian Revolutionary Guards in Tehran.
The mythology noosphere narrative has been being built up for over 8 years!

Great your opinion now will very help

Offline Owais

  • Member
  • ***
  • Posts: 122
Great job catch them and teach them lesson.