Hacker help in cy­ber chinks

SP's MAI - - INTERNAL SECURITY - LT GEN­ERAL (RETD) P.C. KA­TOCH

But while the fo­cus re­mains on big-ticket is­sues, we fail to ap­pre­ci­ate how vul­ner­a­ble all our in­dus­tries are and the cu­mu­la­tive shock that our econ­omy can re­ceive if th­ese are attacked to regress our in­dus­trial growth. The gen­eral be­lief that in­dus­trial sys­tems are safe if not con­nected to in­ter­net is highly naive.

In­dus­trial es­pi­onage and cy­ber at­tacks on in­dus­trial net­works in­clud­ing crit­i­cal in­fra­struc­ture is not a new phe­nom­e­non, su­per­vi­sory con­trol and data ac­qui­si­tion sys­tem (SCADA) be­ing far more vul­ner­a­ble. Such an at­tack had caused the 1982 Siberian pipe­line ex­plo­sion with a Tro­jan in­serted into SCADA soft­ware. Since then, there have been nu­mer­ous cy­ber at­tacks world over: dis­abling mul­ti­ple emer­gency sys­tems, at­tack­ing flood­gates of dams, shut­ting power and com­mu­ni­ca­tions at air­ports, gas pipe­line fail­ure; crip­pling nu­clear mon­i­tor­ing, shut­ting down hos­pi­tal sys­tems and more.

In year 2000, an ex-em­ployee is­sued ra­dio com­mands to the sewage sys­tem in Aus­tralia re­sult­ing in 8,00,000 litres of raw sewage flow­ing in re­verse, caus­ing ma­jor spills, sub­merg­ing grounds of Hy­att Re­gency Ho­tel, killing ma­rine life, turn­ing creek wa­ter black and un­bear­able stench con­tin­u­ing for days. In more re­cent times, we have heard of Stuxnet, Du Qu and Flame; Stuxnet jointly de­vel­oped by US and Is­rael that attacked cen­trifuges of the Ira­nian nu­clear pro­gramme, Qu Du used ex­ten­sively for in­dus­trial es­pi­onage and Flame pri­mar­ily for cy­ber es­pi­onage in the Mid­dle East and slow­ing down the Ira­nian nu­clear pro­gramme.

But while the fo­cus re­mains on such big-ticket is­sues, we fail to ap­pre­ci­ate how vul­ner­a­ble all our in­dus­tries are and the cu­mu­la­tive shock that our econ­omy can re­ceive if th­ese are attacked to regress our in­dus­trial growth. The gen­eral be­lief that in­dus­trial sys­tems are safe if not con­nected to In­ter­net is highly naive.

At a re­cent event or­gan­ised the Cy­ber Se­cu­rity and Pri­vacy Foun­da­tion at Anna Univer­sity, Chen­nai, a pair of Brazil­ian net­work spe­cial­ists (one hacker and another in­dus­trial con­trol sys­tem ex­pert) held the au­di­ence in com­plete awe. The hacker (Ew­er­son Guimaraes), who runs De­labs (a se­cu­rity re­search lab­o­ra­tory), pre­sented the vul­ner­a­bil­i­ties of servers on Citrix plat­form where even sim­ple tasks like us­ing the ‘help’ op­tion or hot keys can lead to hack­ing the server it­self.

Sig­nif­i­cantly, he has found vul­ner­a­bil­i­ties in ‘all’ the op­er­at­ing sys­tems. Even sim­ple tasks like us­ing ‘help’ op­tion or hot keys can lead to hack­ing servers on Citrix plat­form. Citrix ap­pli­ca­tions are widely used by com­pa­nies to pro­vide vir­tu­alised ap­pli­ca­tions. Hack­ing in­volved us­ing help menu of ap­pli­ca­tions to gain con­trol of the server on just press­ing CTRL+F1 to bring the shut­down screen of the server.

Ew­er­son wrote to Citrix eight years ago to fix this vul­ner­a­bil­ity but this has not been rec­ti­fied. The Brazil­ian in­dus­trial con­trol sys­tem ex­pert (Jan Seidl) demon­strated how pub­lic ser­vices could be abused in or­der to dis­rupt sys­tems while avoid­ing de­tec­tion. He demon­strated how com­mu­ni­ca­tion be­tween servers could be dis­rupted, ‘fak­ing’ vi­tal data that can lead to ir­repara­ble dam­age to in­dus­tries.

The para­dox is more be­cause SCADA sys­tems are in­creas­ingly be­ing adapted by in­dus­tries, es­pe­cially for power dis­tri­bu­tion and for con­trol­ling crit­i­cal pro­cesses like in steel plants, and th­ese sys­tems are be­com­ing more and more vul­ner­a­ble. As part of his demon­stra­tion, he even dis­con­nected the phys­i­cal con­trol­ling unit PLC (pro­gram­mable logic con­troller) from the sys­tem af­ter re­plac­ing it with his own soft­ware sim­u­la­tion which took over con­trol ef­fort­lessly. Ac­cord­ing to him, at least 99 per cent of in­dus­trial plat­forms can be attacked even when iso­lated from In­ter­net. In­dus­trial mal­wares are be­ing in­creas­ingly used by gov­ern­ments and cor­po­ra­tions to tar­get spe­cific in­stal­la­tions, Stuxnet be­ing one ex­am­ple.

As per a re­port in the Wall Street Jour­nal in July this year, hacker firms like Auriemma and Fer­rante would have sold their ser­vices to Is­rael, Bri­tain, Rus­sia, In­dia and Brazil, re­port­edly some of the big­gest spenders in this re­gard. ReVuln spe­cialises in find­ing re­mote vul­ner­a­bil­i­ties in in­dus­trial con­trol and US and Is­rael both have ex­ploited a se­ries of flaws in op­er­at­ing sys­tems in­clud­ing in Win­dows. Gov­ern­ments are pay­ing thou­sands of dol­lars to learn and ex­ploit chinks in com­puter sys­tems of ad­ver­saries. Not with­out rea­son, China has an army of over 60,000 civil­ian hack­ers other than within PLA and the PLA spear­heads Chi­nese cy­ber war­fare. Our cy­ber se­cu­rity es­tab­lish­ment and NTRO need to take note. Un­doubt­edly, there is plenty of tal­ent (IT engi­neers, hack­ers and oth­ers) in the coun­try that merely needs har­ness­ing and di­rec­tion. The views ex­pressed herein are the per­sonal views of the au­thor.

Newspapers in English

Newspapers from India

© PressReader. All rights reserved.