America accuses Iran of hacking the dam, cyber-squirrels rejoice
As cyber-geddon tales go, Center Japanese nations hacking into US dams or energy grids and making stuff go haywire sounds just like the plot for a not-so-subtly racist Hollywood scare flick. However that is the story we acquired when information retailers, citing unnamed sources, lately reported the Obama administration can be calling out Iranian hackers because the culprits behind a malicious 2013 breach at a New York dam.
Retailers reported on the time of the disclosure that hackers have been “unable to get into the complete dam system, however might take management of the flood gates.”
The information drama right here hinges on stories that hackers accessed the dam’s floodgate controls. The Bowman Avenue Dam close to Rye Brook, New York, whose solely function is to mitigate flooding, does have a pc-operated sluice gate … er, it does now, anyway.
After the Division of Homeland Safety approached the town of Rye about investigating the dam in 2013, Marcus Serrano, Rye metropolis supervisor, informed native press one thing that is not making it into this week’s resurgence of tales about Iranian hackers. In native information outlet My Rye, Mr. Serrano stated:
“In or about June 2013, a sluice gate was added to the Dam, as a way to assist management the circulate of water and help with flood mitigation throughout storm occasions. The gate was designed to be opened and closed by way of pc; nevertheless, regardless of a ribbon slicing ceremony, the gate was by no means absolutely operational, and remained non-functioning via the DHS investigation. In any occasion, based mostly on info offered to us, at no time was the sluice gate ever manipulated by unauthorized customers outdoors of the town.
Subsequent to and after taking sure safety measures in keeping with the DHS report, the Metropolis did implement the sluice gate for the primary time throughout a storm occasion on or about April 30 to Might 1, 2014.”
So the rattling dam, which on this case was actually extra like an artist’s rendering of a dam, was working at lower than a minimal. The Iranian “cyberspies” who “had entry to [the dam’s] management system” had it solely in concept.
It looks like somebody’s making an attempt actually arduous to make Iranian hackers appear extra harmful than fowl poop.
Fowl poop shut down Indian Level nuclear plant https://t.co/HSkJIXzkPb – Westchester NY
— CyberSquirrel (@CyberSquirrel1) March three, 2016
If it is a contest, chook poop is sort of profitable. However that is nothing in comparison with probably the most vital and lively menace to our nation’s industrial management administration techniques: sSquirrels.
In a July 2015 remark, John C. Inglis, former deputy director, Nationwide Safety Company, stated, “I do not assume paralysis [of the electrical grid] is extra doubtless by cyberattack than by pure catastrophe. And, frankly, the No. 1 menace skilled up to now by the US electrical grid is squirrels.”
And he is proper. With our authorities’s elevated give attention to threats of cyberterrorist assaults on industrial management techniques (like energy grids), the info from the sardonic Cyber Squirrel Map proves that Iranian hackers don’t have anything on the leet haxxor skillz of these bushy-tailed little acorn-hoarding bastards.
To this impact, Cyber Squirrel 1 reminds its readers that “of all of the claimed nation-state cyber assaults which have impacted crucial infrastructure that we now have been made conscious of such because the Brazil Blackouts, German Metal Plant occasion, and the Ukrainian energy outages solely the US lead Stuxnet operation might be confirmed right now. We’re persevering with to look into the December occasions within the Ukraine.”
With regards to executing profitable infrastructure assault ops, squirrels have any and all authorities-sponsored hackers beat by a mile. Late final yr, the hacker behind Cyber Squirrel started amassing “all unclassified Cyber Squirrel Operations which were launched to the general public that we’ve got been capable of affirm.”
Squirrel knocks out energy of a whole lot in Lee County https://t.co/vhukwO2Xyb – Lee County TX
— CyberSquirrel (@CyberSquirrel1) February 22, 2016
In line with Cyber Squirrel, as of the start of March 2016, there have been 1,139 profitable “cyber squirrel” assaults — although the operating tally of ops is inclusive of all animals, together with birds, rats, raccoons, and snakes.
It stays to be seen whether or not or not the Obama administration will finger Iranian hackers for the dam that wasn’t actually hacked — and what kind of proof, if any, we’ll get. Since somebody’s enjoying the cyber-attribution blame recreation right here, perhaps it is simply that China and Russia obtained the week off.
Maybe it is a part of the monster-of-the-week cybersecurity information roadshow, conveniently delivered to us by a DHS that simply could be desperately making an attempt to appear to be it is actually doing stuff. The insanity round this dam — the best way it simply does not add up however feels a part of the overall cybersecurity temper proper now — together with the Apple encryption mania, seems like a type of hysteria within the air, one which information retailers appear to breathe in and catch.
Certainly, this dam coming again into the information so circumspect with reality is a harbinger: The subsequent Massive Dangerous to be leveraged for scaring up each laws and clicks would be the hacking of commercial management methods (and switches).
However the great thing about Cyber Squirrel at a time like that is that it is all about perspective. That in relation to home cybersecurity, authorities (and infosec) ought to be giving much less consideration to obscure threats, and extra to issues at residence — like getting our infrastructure techniques correctly patched.
Within the meantime, for regardless of the hell occurred (or not) on the Bowman Avenue Dam, my cash’s on squirrels.