SlideShare a Scribd company logo

Targeting scada systems blog sensecy-com_tag_parastoo

B
BaddddBoyyyy
1 of 10
Download to read offline
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API T AG ARCHIVES: PARAST OO Search RECENT POST S Anthem Hack: Is the Healthcare Industry the Next Big Target? Al-Qaeda’s Electronic Jihad Targeting SCADA Systems Posted on January 27, 2014 by Gilad_Zahavi Introduction 1 Home SenseCy Promotions OSINT Feed Cyber Intelligence Feed Search
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API SenseCy 2014 Annual Cyber Intelligence Report Cyber Campaign against French Websites Cyber in Chinatown – Asian Hacktivists Act against Government Corruptio n RECENT COM M ENT S Anthem Hack: Is the… on Where Does All the Data G… Anthem Hack: Is the… on Cyber Threats to the Insurance… Anthem Hack: Is the… on Cyber Threats to the Healthcar… Recent years have witnessed an increased awareness within the worldwide security community of risks related to cyber attacks against critical infrastructures. ICS/SCADA systems have been a particular cause of concern for the security community, owing to Stuxnet, Flame and other cyber threats. As automation continues to evolve and assumes a more important role worldwide, the use of ICS/SCADA systems is likely to increase accordingly. In this post I would like to present an analysis of several cyber incidents pertaining to ICS/SCADA systems and originating from threat elements in the Middle East. Iranian Hacker Group Implicates itself in Physical Attack on Electric Power Facility On January 2, 2014, the Cryptome.org website (a digital library host) published a message from the Iranian hacker group Parastoo, directed at the American authorities. The message headline connects the group to a “military-style” attack on an electric power station, the PG&E Metcalf substation, in California, U.S.A. on April 16, 2013. The connection to the Iranian group is unclear, despite the fact that Parastoo has mentioned that it has been testing national critical infrastructures using cyber vectors.
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API danpastor on Cyber in Chinatown – Asi… 2015: Get Ready for… on Malware is Coming to the Trust… ARCHIVES February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 CAT EGORIES On April 16, 2013, an undetermined number of individuals breached the PG&E Metcalf power substation in California and cut the fiber- optic cables in the area around the station. The act neutralized some local 911 services and temporarily disrupted cell phone service in the area. The perpetrators also fired shots from high- powered rifles at several transformers in the facility. Ten were damaged and several others shut down. It should be noted that there have been several attacks against different infrastructure facilities in the U.S. in the past year, such as the Arkansas power grid. Furthermore, officials conceded that the Cry ptome message—
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API Bitcoin Mining Bitcoin Theft Credit Card Cyber Crime Cyber Intelligence Cyber Terrorism Cyber War Data Dump Data Theft Data Theft DDoS Defacement Exploit Hacktivism Hacktivism Tools Internet of Things Malware Op Security Breach State-Sponsored Uncategorized M ET A Register Log in Entries RSS electric power industry is focusing on the threat of cyber attacks. About Parastoo The Iranian hacker group Parastoo first emerged on November 25, 2012, when they posted a message announcing they hacked into the International Atomic Energy Agency (IAEA) and leaked personal details of its officials. In February 2013, Parastoo claimed to have stolen nuclear information, credit card information, and the personal identities of thousands of customers, including individuals associated with the U.S. military, that work with IHS Inc., a global information and analytics provider. The Syrian Electronic Army Hacks into Israeli SCADASystems On May 6, 2013 the cryptome.org website reported a successful attack by the “Syrian Electronic Army” (SEA) on a strategic Israel infrastructure system in Haifa. In an email sent to the website, the attack was declared to be a warning to decision-makers in Israel, evoking alleged Israeli Air Force (IAF) attacks on Syrian territory at the beginning of May 2013. The claim of responsibility for the attack was accompanied by a .pdf file with screenshots substantiating the cyber attack.
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API Comments RSS WordPress.com FOLLOW BLOG VIA EM AIL Enter your email address to follow this blog and receive notifications of new posts by email. Enter your email address Follow T OP POST S & PAGES Al-Qaeda's Electronic Jihad How to Spot a Fake LinkedIn Profile in 60 Seconds? Anthem Hack: Is the Healthcare Industry the Next Big Target? SenseCy 2014 Annual Cyber Intelligence Examination of the screenshots proved that the attack was authentic, but was not aimed at a Critical National Infrastructure (CNI) like the municipal water SCADA system in Haifa. Our research did, however, reveal that the attackers had targeted the irrigation control system of Kibbutz Sa’ar, near Nahariya. Control of this system would present the hacker with numerous capabilities, among which is the destruction of the agricultural yield. We also noticed that the time shown on the screenshot indicated the end of April 2012. It is possible that the system clock was incorrectly set, but it is more likely that the system was breached a Screenshot from the PDF released by the attackers —
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API Cyber Intelligence Report Cyber Threats to a Bank - Part 1: Cybercriminals Target Financial Institutions Anonymous versus ISIS – Hacktivism against Cyber Jihad WhatsHack: WhatsApp in Cyberspace Cyber Threats to the Aviation Industry Understanding the Cyber Intelligence Ecosystem Online Jihadists Express Interest in Cyber Warfare and Cyber Security year ago and the published “Retaliatory Strike” was retained as a contingency plan for exactly such an attack by Israel. The Syrian Electronic Army posted a denial via its Twitter account, where it stated that it was not behind the attack. On other occasions, this Twitter account has been used as a platform for claims of responsibility, but with this incident, the above attack is not mentioned, neither here nor on the group’s official website or forums (apart from the denial). It should be noted that there are numerous examples of fictitious claims of responsibility intended to deflect identification of the attacker MO (Modus Operandi) of state- sponsored hacker groups. This incidence is another link in a chain of events demonstrating an impressive ability to locate and exploit SCADA systems that appear SEA denial on their Twitter account—
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API to be susceptible to the Muslim hackers’ skills. However, in our view, this event is unprecedented. For the first time in public, a critical computerized infrastructure facility on Israeli soil has been attacked, and it is extremely likely that a sovereign state is behind the attack, declaring outright war in the cyber arena and deviating from the intelligence-gathering plateau. Jihadist Cyber Terror Group to Target SCADASystems On June 11, 2011, a prominent Web Jihadist from the Shumukh al- Islam forum, Yaman Mukhaddab, launched a campaign to recruit male and female volunteers for a new Electronic Jihad group. The campaign, which takes place over the thread itself, begins with a clear definition of the group’s tasks and priorities. Mukhaddab says: Simply put, it is a cyber-terror base, for launching electronic terror attacks on major infidel powers, specifically the U.S., the U.K. and France, no others. This base is not going to attack, for instance, the sites of Shi’a, Christians, apostates, slanderers, liar sites and forums or anything else. I repeat: it will only target the U.S., the U.K. and France. Mukhaddab goes on to list the main targets for future attacks.
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API Mukhaddab goes on to list the main targets for future attacks. SCADA systems are ranked as a top priority target, in order to “destroy power, water and gas supply lines, airports, railway stations, underground train stations, as well as central command and control systems” in these three countries. The second priority includes control systems of general financial sites, such as central savings organizations, stock markets and major banks. Third on the group’s agenda are websites and databases of major corporations dominating the economies of these countries, while fourth and last are less specified “public sites affecting the daily routine of citizens, in order to maximize the terror effects on the population”. Mukhaddab details the desired skills of anyone wishing to join the group, including: thorough understanding of SCADA systems, preferably with experience in hacking them; acquaintance with writing hacking programs and scripts, and programming in C, C+ and C++ languages; expertise in networks, communication protocols and various kinds of routers and firewalls, specifically mentioning CISCO; Expertise in Linux or Unix operating systems; expertise in Windows operating system; capability of detecting security vulnerabilities; acquaintance with hacker websites, capability of entering them easily, searching for required scripts, tools, or software, and providing them to fellow members, if asked to; complete mastery of English or French scientific language, and
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API scientific background in computer engineering; mastery of the Russian language; and mastery of the Chinese language. Members who want to volunteer are asked to post a response in the thread, specifying the categories that fit their capabilities. To date, close to a hundred volunteers have already signed on to Mukhaddab’s Electronic Jihad group. We have yet to see indications that this newly formed group has started to engage in online hacking activity, but given the enthusiasm it created among forum members, this is likely to occur in the near future. Related Posts: Cybercriminals Target iOS Devices April 28, 2014 by Tanya Koyfman Cyber Threats to a Bank – Part 1: Cybercriminals Target Financial Institutions November 27, 2014 by Tanya Koyfman AnonGhost Targets Universities around the World December 4, 2014 by CyInfo
pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API Cyber Criminals “TARGET” Point of Sale Devices January 15, 2014 by assafkeren Posted in Cyber Intelligence, Cyber Terrorism, Cyber War, Security Breach, State-Sponsored | Tagged Cryptome, Cyber Terror, ICS, Parastoo, Sabotage, SCADA, SEA, Syrian Electronic Army | 1 Reply SenseCy Blog Blog at WordPress.com. The Twenty Eleven Theme. Follow Follow “SenseCy Blog” Get every new post delivered to your Inbox. Join 1,056 other followers Enter your email address Sign me up Build a website with WordPress.com

Recommended

Securing your Rails application
Securing your Rails applicationSecuring your Rails application
Securing your Rails applicationclucasKrof
 
Listen to Russian consumers in social media with YouScan
Listen to Russian consumers in social media with YouScanListen to Russian consumers in social media with YouScan
Listen to Russian consumers in social media with YouScanDimitri Popov
 
IntSight Demo Chemicals
IntSight Demo ChemicalsIntSight Demo Chemicals
IntSight Demo ChemicalsFacebook
 
Mobile SCADA
Mobile SCADAMobile SCADA
Mobile SCADAMehmet Kara
 
Измеряйте эффективность маркетинга и PR в соцмедиа с YouScan - trial 30 дней
Измеряйте эффективность маркетинга и PR в соцмедиа с YouScan - trial 30 днейИзмеряйте эффективность маркетинга и PR в соцмедиа с YouScan - trial 30 дней
Измеряйте эффективность маркетинга и PR в соцмедиа с YouScan - trial 30 днейDimitri Popov
 
Chef@recordedfuture
Chef@recordedfutureChef@recordedfuture
Chef@recordedfutureulfmansson
 
Sensecy cti vs cti
Sensecy cti vs cti Sensecy cti vs cti
Sensecy cti vs cti Dori Fisher
 
Gigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control SystemGigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control SystemGrant Swanson
 

Recommended

Securing your Rails application
Securing your Rails applicationSecuring your Rails application
Securing your Rails applicationclucasKrof
 
Listen to Russian consumers in social media with YouScan
Listen to Russian consumers in social media with YouScanListen to Russian consumers in social media with YouScan
Listen to Russian consumers in social media with YouScanDimitri Popov
 
IntSight Demo Chemicals
IntSight Demo ChemicalsIntSight Demo Chemicals
IntSight Demo ChemicalsFacebook
 
Mobile SCADA
Mobile SCADAMobile SCADA
Mobile SCADAMehmet Kara
 
Измеряйте эффективность маркетинга и PR в соцмедиа с YouScan - trial 30 дней
Измеряйте эффективность маркетинга и PR в соцмедиа с YouScan - trial 30 днейИзмеряйте эффективность маркетинга и PR в соцмедиа с YouScan - trial 30 дней
Измеряйте эффективность маркетинга и PR в соцмедиа с YouScan - trial 30 днейDimitri Popov
 
Chef@recordedfuture
Chef@recordedfutureChef@recordedfuture
Chef@recordedfutureulfmansson
 
Sensecy cti vs cti
Sensecy cti vs cti Sensecy cti vs cti
Sensecy cti vs cti Dori Fisher
 
Gigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control SystemGigamon U - Eye Of The Fire, Network Malware Control System
Gigamon U - Eye Of The Fire, Network Malware Control SystemGrant Swanson
 
FireEye Engineering
FireEye Engineering FireEye Engineering
FireEye Engineering Lauren Traurig
 
Startup Engineering Flashpoint Batch 3 Better Startups Faster
Startup Engineering Flashpoint Batch 3 Better Startups FasterStartup Engineering Flashpoint Batch 3 Better Startups Faster
Startup Engineering Flashpoint Batch 3 Better Startups Fastermerrickfurst
 
Anti israel hackers parastoo prepare for op israel anniversary - www-recorded...
Anti israel hackers parastoo prepare for op israel anniversary - www-recorded...Anti israel hackers parastoo prepare for op israel anniversary - www-recorded...
Anti israel hackers parastoo prepare for op israel anniversary - www-recorded...BaddddBoyyyy
 
Медиалогия медиаменеджер 2016
Медиалогия медиаменеджер 2016Медиалогия медиаменеджер 2016
Медиалогия медиаменеджер 2016АКМР Corpmedia.ru
 
Каталог номинантов Премии «Медиа-Менеджер России – 2016»
Каталог номинантов Премии «Медиа-Менеджер России – 2016»Каталог номинантов Премии «Медиа-Менеджер России – 2016»
Каталог номинантов Премии «Медиа-Менеджер России – 2016»АКМР Corpmedia.ru
 
FireEye
FireEyeFireEye
FireEyegigamon
 
Shocking Sharks: How Much Do You Know?
Shocking Sharks: How Much Do You Know?Shocking Sharks: How Much Do You Know?
Shocking Sharks: How Much Do You Know?amadden
 
Reputation in the Digital Age
Reputation in the Digital AgeReputation in the Digital Age
Reputation in the Digital AgeJess Flynn
 
BIW15: Python in the Cloud: Django and Flaks
BIW15: Python in the Cloud: Django and FlaksBIW15: Python in the Cloud: Django and Flaks
BIW15: Python in the Cloud: Django and FlaksAlex Viana
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceValery Yelanin
 
The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?Pierluigi Paganini
 
слайдшара
слайдшараслайдшара
слайдшараborovkovatg
 
Us9ag 000659dp
Us9ag 000659dpUs9ag 000659dp
Us9ag 000659dpBaddddBoyyyy
 
Us9ag 000533dp
Us9ag 000533dpUs9ag 000533dp
Us9ag 000533dpBaddddBoyyyy
 
Us9ag 000311dp
Us9ag 000311dpUs9ag 000311dp
Us9ag 000311dpBaddddBoyyyy
 
Us9ag 000310dp
Us9ag 000310dpUs9ag 000310dp
Us9ag 000310dpBaddddBoyyyy
 
Us9ag 000292dp
Us9ag 000292dpUs9ag 000292dp
Us9ag 000292dpBaddddBoyyyy
 
Us9ag 000290dp
Us9ag 000290dpUs9ag 000290dp
Us9ag 000290dpBaddddBoyyyy
 
Us9ag 000288dp
Us9ag 000288dpUs9ag 000288dp
Us9ag 000288dpBaddddBoyyyy
 
Us9ag 000284dp
Us9ag 000284dpUs9ag 000284dp
Us9ag 000284dpBaddddBoyyyy
 
Us9ag 000238dp
Us9ag 000238dpUs9ag 000238dp
Us9ag 000238dpBaddddBoyyyy
 
Us9ag 000175dp
Us9ag 000175dpUs9ag 000175dp
Us9ag 000175dpBaddddBoyyyy
 

More Related Content

Viewers also liked

Startup Engineering Flashpoint Batch 3 Better Startups Faster
Startup Engineering Flashpoint Batch 3 Better Startups FasterStartup Engineering Flashpoint Batch 3 Better Startups Faster
Startup Engineering Flashpoint Batch 3 Better Startups Fastermerrickfurst
 
Anti israel hackers parastoo prepare for op israel anniversary - www-recorded...
Anti israel hackers parastoo prepare for op israel anniversary - www-recorded...Anti israel hackers parastoo prepare for op israel anniversary - www-recorded...
Anti israel hackers parastoo prepare for op israel anniversary - www-recorded...BaddddBoyyyy
 
Медиалогия медиаменеджер 2016
Медиалогия медиаменеджер 2016Медиалогия медиаменеджер 2016
Медиалогия медиаменеджер 2016АКМР Corpmedia.ru
 
Каталог номинантов Премии «Медиа-Менеджер России – 2016»
Каталог номинантов Премии «Медиа-Менеджер России – 2016»Каталог номинантов Премии «Медиа-Менеджер России – 2016»
Каталог номинантов Премии «Медиа-Менеджер России – 2016»АКМР Corpmedia.ru
 
Shocking Sharks: How Much Do You Know?
Shocking Sharks: How Much Do You Know?Shocking Sharks: How Much Do You Know?
Shocking Sharks: How Much Do You Know?amadden
 
Reputation in the Digital Age
Reputation in the Digital AgeReputation in the Digital Age
Reputation in the Digital AgeJess Flynn
 
BIW15: Python in the Cloud: Django and Flaks
BIW15: Python in the Cloud: Django and FlaksBIW15: Python in the Cloud: Django and Flaks
BIW15: Python in the Cloud: Django and FlaksAlex Viana
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceValery Yelanin
 
The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?Pierluigi Paganini
 
слайдшара
слайдшараслайдшара
слайдшараborovkovatg
 

Viewers also liked (12)

FireEye Engineering
FireEye Engineering FireEye Engineering
FireEye Engineering
 
Startup Engineering Flashpoint Batch 3 Better Startups Faster
Startup Engineering Flashpoint Batch 3 Better Startups FasterStartup Engineering Flashpoint Batch 3 Better Startups Faster
Startup Engineering Flashpoint Batch 3 Better Startups Faster
 
Anti israel hackers parastoo prepare for op israel anniversary - www-recorded...
Anti israel hackers parastoo prepare for op israel anniversary - www-recorded...Anti israel hackers parastoo prepare for op israel anniversary - www-recorded...
Anti israel hackers parastoo prepare for op israel anniversary - www-recorded...
 
Медиалогия медиаменеджер 2016
Медиалогия медиаменеджер 2016Медиалогия медиаменеджер 2016
Медиалогия медиаменеджер 2016
 
Каталог номинантов Премии «Медиа-Менеджер России – 2016»
Каталог номинантов Премии «Медиа-Менеджер России – 2016»Каталог номинантов Премии «Медиа-Менеджер России – 2016»
Каталог номинантов Премии «Медиа-Менеджер России – 2016»
 
FireEye
FireEyeFireEye
FireEye
 
Shocking Sharks: How Much Do You Know?
Shocking Sharks: How Much Do You Know?Shocking Sharks: How Much Do You Know?
Shocking Sharks: How Much Do You Know?
 
Reputation in the Digital Age
Reputation in the Digital AgeReputation in the Digital Age
Reputation in the Digital Age
 
BIW15: Python in the Cloud: Django and Flaks
BIW15: Python in the Cloud: Django and FlaksBIW15: Python in the Cloud: Django and Flaks
BIW15: Python in the Cloud: Django and Flaks
 
FireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment ExperienceFireEye Use Cases — FireEye Solution Deployment Experience
FireEye Use Cases — FireEye Solution Deployment Experience
 
The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?The Dark web - Why the hidden part of the web is even more dangerous?
The Dark web - Why the hidden part of the web is even more dangerous?
 
слайдшара
слайдшараслайдшара
слайдшара
 

More from BaddddBoyyyy

More from BaddddBoyyyy (20)

Us9ag 000659dp
Us9ag 000659dpUs9ag 000659dp
Us9ag 000659dp
 
Us9ag 000533dp
Us9ag 000533dpUs9ag 000533dp
Us9ag 000533dp
 
Us9ag 000311dp
Us9ag 000311dpUs9ag 000311dp
Us9ag 000311dp
 
Us9ag 000310dp
Us9ag 000310dpUs9ag 000310dp
Us9ag 000310dp
 
Us9ag 000292dp
Us9ag 000292dpUs9ag 000292dp
Us9ag 000292dp
 
Us9ag 000290dp
Us9ag 000290dpUs9ag 000290dp
Us9ag 000290dp
 
Us9ag 000288dp
Us9ag 000288dpUs9ag 000288dp
Us9ag 000288dp
 
Us9ag 000284dp
Us9ag 000284dpUs9ag 000284dp
Us9ag 000284dp
 
Us9ag 000238dp
Us9ag 000238dpUs9ag 000238dp
Us9ag 000238dp
 
Us9ag 000175dp
Us9ag 000175dpUs9ag 000175dp
Us9ag 000175dp
 
Us9ag 000070dp
Us9ag 000070dpUs9ag 000070dp
Us9ag 000070dp
 
Us9af 003148dp
Us9af 003148dpUs9af 003148dp
Us9af 003148dp
 
Us9af 001165dp
Us9af 001165dpUs9af 001165dp
Us9af 001165dp
 
Us9af 001157dp
Us9af 001157dpUs9af 001157dp
Us9af 001157dp
 
Us9af 001154dp
Us9af 001154dpUs9af 001154dp
Us9af 001154dp
 
Us9af 001119dp
Us9af 001119dpUs9af 001119dp
Us9af 001119dp
 
Us9af 001117dp
Us9af 001117dpUs9af 001117dp
Us9af 001117dp
 
Us9af 001103dp
Us9af 001103dpUs9af 001103dp
Us9af 001103dp
 
Us9af 001100dp
Us9af 001100dpUs9af 001100dp
Us9af 001100dp
 
Us9af 001075dp
Us9af 001075dpUs9af 001075dp
Us9af 001075dp
 

Targeting scada systems blog sensecy-com_tag_parastoo

  • 1. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API T AG ARCHIVES: PARAST OO Search RECENT POST S Anthem Hack: Is the Healthcare Industry the Next Big Target? Al-Qaeda’s Electronic Jihad Targeting SCADA Systems Posted on January 27, 2014 by Gilad_Zahavi Introduction 1 Home SenseCy Promotions OSINT Feed Cyber Intelligence Feed Search
  • 2. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API SenseCy 2014 Annual Cyber Intelligence Report Cyber Campaign against French Websites Cyber in Chinatown – Asian Hacktivists Act against Government Corruptio n RECENT COM M ENT S Anthem Hack: Is the… on Where Does All the Data G… Anthem Hack: Is the… on Cyber Threats to the Insurance… Anthem Hack: Is the… on Cyber Threats to the Healthcar… Recent years have witnessed an increased awareness within the worldwide security community of risks related to cyber attacks against critical infrastructures. ICS/SCADA systems have been a particular cause of concern for the security community, owing to Stuxnet, Flame and other cyber threats. As automation continues to evolve and assumes a more important role worldwide, the use of ICS/SCADA systems is likely to increase accordingly. In this post I would like to present an analysis of several cyber incidents pertaining to ICS/SCADA systems and originating from threat elements in the Middle East. Iranian Hacker Group Implicates itself in Physical Attack on Electric Power Facility On January 2, 2014, the Cryptome.org website (a digital library host) published a message from the Iranian hacker group Parastoo, directed at the American authorities. The message headline connects the group to a “military-style” attack on an electric power station, the PG&E Metcalf substation, in California, U.S.A. on April 16, 2013. The connection to the Iranian group is unclear, despite the fact that Parastoo has mentioned that it has been testing national critical infrastructures using cyber vectors.
  • 3. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API danpastor on Cyber in Chinatown – Asi… 2015: Get Ready for… on Malware is Coming to the Trust… ARCHIVES February 2015 January 2015 December 2014 November 2014 October 2014 September 2014 August 2014 July 2014 June 2014 May 2014 April 2014 March 2014 February 2014 January 2014 CAT EGORIES On April 16, 2013, an undetermined number of individuals breached the PG&E Metcalf power substation in California and cut the fiber- optic cables in the area around the station. The act neutralized some local 911 services and temporarily disrupted cell phone service in the area. The perpetrators also fired shots from high- powered rifles at several transformers in the facility. Ten were damaged and several others shut down. It should be noted that there have been several attacks against different infrastructure facilities in the U.S. in the past year, such as the Arkansas power grid. Furthermore, officials conceded that the Cry ptome message—
  • 4. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API Bitcoin Mining Bitcoin Theft Credit Card Cyber Crime Cyber Intelligence Cyber Terrorism Cyber War Data Dump Data Theft Data Theft DDoS Defacement Exploit Hacktivism Hacktivism Tools Internet of Things Malware Op Security Breach State-Sponsored Uncategorized M ET A Register Log in Entries RSS electric power industry is focusing on the threat of cyber attacks. About Parastoo The Iranian hacker group Parastoo first emerged on November 25, 2012, when they posted a message announcing they hacked into the International Atomic Energy Agency (IAEA) and leaked personal details of its officials. In February 2013, Parastoo claimed to have stolen nuclear information, credit card information, and the personal identities of thousands of customers, including individuals associated with the U.S. military, that work with IHS Inc., a global information and analytics provider. The Syrian Electronic Army Hacks into Israeli SCADASystems On May 6, 2013 the cryptome.org website reported a successful attack by the “Syrian Electronic Army” (SEA) on a strategic Israel infrastructure system in Haifa. In an email sent to the website, the attack was declared to be a warning to decision-makers in Israel, evoking alleged Israeli Air Force (IAF) attacks on Syrian territory at the beginning of May 2013. The claim of responsibility for the attack was accompanied by a .pdf file with screenshots substantiating the cyber attack.
  • 5. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API Comments RSS WordPress.com FOLLOW BLOG VIA EM AIL Enter your email address to follow this blog and receive notifications of new posts by email. Enter your email address Follow T OP POST S & PAGES Al-Qaeda's Electronic Jihad How to Spot a Fake LinkedIn Profile in 60 Seconds? Anthem Hack: Is the Healthcare Industry the Next Big Target? SenseCy 2014 Annual Cyber Intelligence Examination of the screenshots proved that the attack was authentic, but was not aimed at a Critical National Infrastructure (CNI) like the municipal water SCADA system in Haifa. Our research did, however, reveal that the attackers had targeted the irrigation control system of Kibbutz Sa’ar, near Nahariya. Control of this system would present the hacker with numerous capabilities, among which is the destruction of the agricultural yield. We also noticed that the time shown on the screenshot indicated the end of April 2012. It is possible that the system clock was incorrectly set, but it is more likely that the system was breached a Screenshot from the PDF released by the attackers —
  • 6. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API Cyber Intelligence Report Cyber Threats to a Bank - Part 1: Cybercriminals Target Financial Institutions Anonymous versus ISIS – Hacktivism against Cyber Jihad WhatsHack: WhatsApp in Cyberspace Cyber Threats to the Aviation Industry Understanding the Cyber Intelligence Ecosystem Online Jihadists Express Interest in Cyber Warfare and Cyber Security year ago and the published “Retaliatory Strike” was retained as a contingency plan for exactly such an attack by Israel. The Syrian Electronic Army posted a denial via its Twitter account, where it stated that it was not behind the attack. On other occasions, this Twitter account has been used as a platform for claims of responsibility, but with this incident, the above attack is not mentioned, neither here nor on the group’s official website or forums (apart from the denial). It should be noted that there are numerous examples of fictitious claims of responsibility intended to deflect identification of the attacker MO (Modus Operandi) of state- sponsored hacker groups. This incidence is another link in a chain of events demonstrating an impressive ability to locate and exploit SCADA systems that appear SEA denial on their Twitter account—
  • 7. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API to be susceptible to the Muslim hackers’ skills. However, in our view, this event is unprecedented. For the first time in public, a critical computerized infrastructure facility on Israeli soil has been attacked, and it is extremely likely that a sovereign state is behind the attack, declaring outright war in the cyber arena and deviating from the intelligence-gathering plateau. Jihadist Cyber Terror Group to Target SCADASystems On June 11, 2011, a prominent Web Jihadist from the Shumukh al- Islam forum, Yaman Mukhaddab, launched a campaign to recruit male and female volunteers for a new Electronic Jihad group. The campaign, which takes place over the thread itself, begins with a clear definition of the group’s tasks and priorities. Mukhaddab says: Simply put, it is a cyber-terror base, for launching electronic terror attacks on major infidel powers, specifically the U.S., the U.K. and France, no others. This base is not going to attack, for instance, the sites of Shi’a, Christians, apostates, slanderers, liar sites and forums or anything else. I repeat: it will only target the U.S., the U.K. and France. Mukhaddab goes on to list the main targets for future attacks.
  • 8. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API Mukhaddab goes on to list the main targets for future attacks. SCADA systems are ranked as a top priority target, in order to “destroy power, water and gas supply lines, airports, railway stations, underground train stations, as well as central command and control systems” in these three countries. The second priority includes control systems of general financial sites, such as central savings organizations, stock markets and major banks. Third on the group’s agenda are websites and databases of major corporations dominating the economies of these countries, while fourth and last are less specified “public sites affecting the daily routine of citizens, in order to maximize the terror effects on the population”. Mukhaddab details the desired skills of anyone wishing to join the group, including: thorough understanding of SCADA systems, preferably with experience in hacking them; acquaintance with writing hacking programs and scripts, and programming in C, C+ and C++ languages; expertise in networks, communication protocols and various kinds of routers and firewalls, specifically mentioning CISCO; Expertise in Linux or Unix operating systems; expertise in Windows operating system; capability of detecting security vulnerabilities; acquaintance with hacker websites, capability of entering them easily, searching for required scripts, tools, or software, and providing them to fellow members, if asked to; complete mastery of English or French scientific language, and
  • 9. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API scientific background in computer engineering; mastery of the Russian language; and mastery of the Chinese language. Members who want to volunteer are asked to post a response in the thread, specifying the categories that fit their capabilities. To date, close to a hundred volunteers have already signed on to Mukhaddab’s Electronic Jihad group. We have yet to see indications that this newly formed group has started to engage in online hacking activity, but given the enthusiasm it created among forum members, this is likely to occur in the near future. Related Posts: Cybercriminals Target iOS Devices April 28, 2014 by Tanya Koyfman Cyber Threats to a Bank – Part 1: Cybercriminals Target Financial Institutions November 27, 2014 by Tanya Koyfman AnonGhost Targets Universities around the World December 4, 2014 by CyInfo
  • 10. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API Cyber Criminals “TARGET” Point of Sale Devices January 15, 2014 by assafkeren Posted in Cyber Intelligence, Cyber Terrorism, Cyber War, Security Breach, State-Sponsored | Tagged Cryptome, Cyber Terror, ICS, Parastoo, Sabotage, SCADA, SEA, Syrian Electronic Army | 1 Reply SenseCy Blog Blog at WordPress.com. The Twenty Eleven Theme. Follow Follow “SenseCy Blog” Get every new post delivered to your Inbox. Join 1,056 other followers Enter your email address Sign me up Build a website with WordPress.com