Targeting scada systems blog sensecy-com_tag_parastoo
1. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
T AG ARCHIVES: PARAST OO Search
RECENT POST S
Anthem Hack: Is the
Healthcare Industry
the Next Big Target?
Al-Qaeda’s Electronic
Jihad
Targeting SCADA Systems
Posted on January 27, 2014 by Gilad_Zahavi
Introduction
1
Home SenseCy Promotions OSINT Feed
Cyber Intelligence Feed
Search
2. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
SenseCy 2014 Annual
Cyber
Intelligence Report
Cyber Campaign
against
French Websites
Cyber in Chinatown –
Asian Hacktivists Act
against
Government Corruptio
n
RECENT COM M ENT S
Anthem Hack:
Is the… on
Where Does
All the
Data G…
Anthem Hack:
Is the… on
Cyber Threats
to the
Insurance…
Anthem Hack:
Is the… on
Cyber Threats
to the
Healthcar…
Recent years have witnessed an increased awareness within the
worldwide security community of risks related to cyber attacks
against critical infrastructures. ICS/SCADA systems have been a
particular cause of concern for the security community, owing to
Stuxnet, Flame and other cyber threats. As automation continues to
evolve and assumes a more important role worldwide, the use of
ICS/SCADA systems is likely to increase accordingly.
In this post I would like to present an analysis of several cyber
incidents pertaining to ICS/SCADA systems and originating from
threat elements in the Middle East.
Iranian Hacker Group Implicates itself in Physical Attack on
Electric Power Facility
On January 2, 2014, the Cryptome.org website (a digital library host)
published a message from the Iranian hacker group Parastoo,
directed at the American authorities. The message headline
connects the group to a “military-style” attack on an electric power
station, the PG&E Metcalf substation, in California, U.S.A. on April
16, 2013. The connection to the Iranian group is unclear, despite the
fact that Parastoo has mentioned that it has been testing national
critical infrastructures using cyber vectors.
3. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
danpastor on
Cyber in
Chinatown –
Asi…
2015: Get
Ready for… on
Malware is
Coming to the
Trust…
ARCHIVES
February 2015
January 2015
December 2014
November 2014
October 2014
September 2014
August 2014
July 2014
June 2014
May 2014
April 2014
March 2014
February 2014
January 2014
CAT EGORIES
On April 16, 2013, an undetermined number of individuals breached
the PG&E Metcalf power substation in California and cut the fiber-
optic cables in the area around the station. The act neutralized
some local 911 services and temporarily disrupted cell phone
service in the area. The perpetrators also fired shots from high-
powered rifles at several transformers in the facility. Ten were
damaged and several others shut down.
It should be noted that there have been several attacks against
different infrastructure facilities in the U.S. in the past year, such as
the Arkansas power grid. Furthermore, officials conceded that the
Cry ptome message—
4. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Bitcoin Mining
Bitcoin Theft
Credit Card
Cyber Crime
Cyber Intelligence
Cyber Terrorism
Cyber War
Data Dump
Data Theft
Data Theft
DDoS
Defacement
Exploit
Hacktivism
Hacktivism Tools
Internet of Things
Malware
Op
Security Breach
State-Sponsored
Uncategorized
M ET A
Register
Log in
Entries RSS
electric power industry is focusing on the threat of cyber attacks.
About Parastoo
The Iranian hacker group Parastoo first emerged on November 25,
2012, when they posted a message announcing they hacked into
the International Atomic Energy Agency (IAEA) and leaked personal
details of its officials. In February 2013, Parastoo claimed to have
stolen nuclear information, credit card information, and the personal
identities of thousands of customers, including individuals
associated with the U.S. military, that work with IHS Inc., a global
information and analytics provider.
The Syrian Electronic Army Hacks into Israeli SCADASystems
On May 6, 2013 the cryptome.org website reported a successful
attack by the “Syrian Electronic Army” (SEA) on a strategic Israel
infrastructure system in Haifa. In an email sent to the website, the
attack was declared to be a warning to decision-makers in Israel,
evoking alleged Israeli Air Force (IAF) attacks on Syrian territory at
the beginning of May 2013. The claim of responsibility for the attack
was accompanied by a .pdf file with screenshots substantiating the
cyber attack.
5. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Comments RSS
WordPress.com
FOLLOW BLOG VIA
EM AIL
Enter your email address
to follow this blog and
receive notifications of
new posts by email.
Enter your email address
Follow
T OP POST S & PAGES
Al-Qaeda's Electronic
Jihad
How to Spot a Fake
LinkedIn Profile in 60
Seconds?
Anthem Hack: Is the
Healthcare Industry
the Next Big Target?
SenseCy 2014 Annual
Cyber Intelligence
Examination of the screenshots proved that the attack was
authentic, but was not aimed at a Critical National Infrastructure
(CNI) like the municipal water SCADA system in Haifa. Our
research did, however, reveal that the attackers had targeted the
irrigation control system of Kibbutz Sa’ar, near Nahariya. Control of
this system would present the hacker with numerous capabilities,
among which is the destruction of the agricultural yield.
We also noticed that the time shown on the screenshot indicated
the end of April 2012. It is possible that the system clock was
incorrectly set, but it is more likely that the system was breached a
Screenshot from the PDF released by the
attackers
—
6. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Cyber Intelligence
Report
Cyber Threats to a
Bank - Part 1:
Cybercriminals Target
Financial Institutions
Anonymous versus
ISIS – Hacktivism
against Cyber Jihad
WhatsHack:
WhatsApp in
Cyberspace
Cyber Threats to the
Aviation Industry
Understanding the
Cyber Intelligence
Ecosystem
Online Jihadists
Express Interest in
Cyber Warfare and
Cyber Security
year ago and the published “Retaliatory Strike” was retained as a
contingency plan for exactly such an attack by Israel.
The Syrian Electronic Army posted a denial via its Twitter account,
where it stated that it was not behind the attack. On other
occasions, this Twitter account has been used as a platform for
claims of responsibility, but with this incident, the above attack is not
mentioned, neither here nor on the group’s official website or forums
(apart from the denial). It should be noted that there are numerous
examples of fictitious claims of responsibility intended to deflect
identification of the attacker MO (Modus Operandi) of state-
sponsored hacker groups.
This incidence is another link in a chain of events demonstrating an
impressive ability to locate and exploit SCADA systems that appear
SEA denial on their Twitter account—
7. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
to be susceptible to the Muslim hackers’ skills. However, in our
view, this event is unprecedented. For the first time in public, a
critical computerized infrastructure facility on Israeli soil has been
attacked, and it is extremely likely that a sovereign state is behind
the attack, declaring outright war in the cyber arena and deviating
from the intelligence-gathering plateau.
Jihadist Cyber Terror Group to Target SCADASystems
On June 11, 2011, a prominent Web Jihadist from the Shumukh al-
Islam forum, Yaman Mukhaddab, launched a campaign to recruit
male and female volunteers for a new Electronic Jihad group. The
campaign, which takes place over the thread itself, begins with a
clear definition of the group’s tasks and priorities. Mukhaddab says:
Simply put, it is a cyber-terror base, for launching
electronic terror attacks on major infidel powers,
specifically the U.S., the U.K. and France, no others.
This base is not going to attack, for instance, the
sites of Shi’a, Christians, apostates, slanderers, liar
sites and forums or anything else. I repeat: it will
only target the U.S., the U.K. and France.
Mukhaddab goes on to list the main targets for future attacks.
8. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Mukhaddab goes on to list the main targets for future attacks.
SCADA systems are ranked as a top priority target, in order to
“destroy power, water and gas supply lines, airports, railway
stations, underground train stations, as well as central command
and control systems” in these three countries. The second priority
includes control systems of general financial sites, such as central
savings organizations, stock markets and major banks. Third on the
group’s agenda are websites and databases of major corporations
dominating the economies of these countries, while fourth and last
are less specified “public sites affecting the daily routine of citizens,
in order to maximize the terror effects on the population”.
Mukhaddab details the desired skills of anyone wishing to join the
group, including: thorough understanding of SCADA systems,
preferably with experience in hacking them; acquaintance with
writing hacking programs and scripts, and programming in C, C+
and C++ languages; expertise in networks, communication
protocols and various kinds of routers and firewalls, specifically
mentioning CISCO; Expertise in Linux or Unix operating systems;
expertise in Windows operating system; capability of detecting
security vulnerabilities; acquaintance with hacker websites,
capability of entering them easily, searching for required scripts,
tools, or software, and providing them to fellow members, if asked
to; complete mastery of English or French scientific language, and
9. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
scientific background in computer engineering; mastery of the
Russian language; and mastery of the Chinese language. Members
who want to volunteer are asked to post a response in the thread,
specifying the categories that fit their capabilities.
To date, close to a hundred volunteers have already signed on to
Mukhaddab’s Electronic Jihad group. We have yet to see
indications that this newly formed group has started to engage in
online hacking activity, but given the enthusiasm it created among
forum members, this is likely to occur in the near future.
Related Posts:
Cybercriminals Target iOS Devices April 28, 2014 by Tanya
Koyfman
Cyber Threats to a Bank – Part 1: Cybercriminals Target
Financial Institutions November 27, 2014 by Tanya Koyfman
AnonGhost Targets Universities around the World December 4,
2014 by CyInfo
10. pdfcrowd.comopen in browser PRO version Are you a developer? Try out the HTML to PDF API
Cyber Criminals “TARGET” Point of Sale Devices January 15, 2014
by assafkeren
Posted in Cyber Intelligence, Cyber Terrorism, Cyber War, Security Breach,
State-Sponsored | Tagged Cryptome, Cyber Terror, ICS, Parastoo, Sabotage,
SCADA, SEA, Syrian Electronic Army | 1 Reply
SenseCy Blog Blog at WordPress.com. The Twenty Eleven Theme.
Follow
Follow “SenseCy
Blog”
Get every new post delivered
to your Inbox.
Join 1,056 other followers
Enter your email address
Sign me up
Build a website with WordPress.com