Tag Archives: cyber crime

Cyber-Attacking Nuclear Plants: the 3 000 cyber bugs

Leave a reply

In the first half of 2019 , no country endured more cyber-attacks on its Internet of Things—the web of internet-connected devices and infrastructure—than India did. So asserts Subex, an Indian telecommunications firm, which produces regular reports on cyber-security. Between April and June of 2019, it said, recorded cyber-attacks jumped by 22%, with 2,550 unique samples of malware discovered. Some of that malicious code is turning up in hair-raising places.

On October 28, 2019 reports indicated that malware had been found on the computer systems of Kudankulam Nuclear Power Plant in Tamil Nadu, the newest and largest such power station in India. Pukhraj Singh, a cybersecurity researcher who formerly worked for the National Technical Research Organisation (NTRO), India’s signals-intelligence agency, says he was informed of the malware by an undisclosed third party in September, and notified the government.The attackers, he said, had acquired high-level access and struck “extremely mission-critical targets”…. On October 30, 2019 the body that operates nuclear power plants acknowledged, sheepishly, that a computer had indeed been infected, but it was only an “administrative” one.

Sensitive sites such as power plants typically isolate the industrial-control systems (those that control the workings of a plant) from those connected to the wider internet. They do so using air-gaps (which involve disconnecting the system from the wider world), firewalls (which monitor data-flows for suspicious traffic) or data diodes (which allow information to flow out but not in).

But breaching a computer on the outside of these digital moats is nevertheless troubling. It could have given the attackers access to sensitive emails, personnel records and other details which would, in turn, make it easier to gain access to the more isolated operational part of the plant. America and Israel are thought to have sneaked the devastating Stuxnet virus into Iran’s air-gapped uranium-enrichment plant at Natanz around 2007 by planting a USB stick on a worker, who carried it inside and plugged it in.

The culprit behind the Kudankulam attack is unknown, but left some clues. The malware in question is from a family known as DTrack, which gives attackers an intimate look at what victims are doing—down to their keystrokes. It is typically used to monitor a target, making it easier to deliver further malware. DTrack was originally developed by a group of hackers known as the Lazarus Group, who are widely assumed to be controlled or directed by North Korea.

Excerpts from On the DTrack: A cyber-attack on an Indian nuclear plant raises worrying questions, Economist, Nov. 1, 2019

Stealing from Central Banks: hacking attacks

Leave a reply

A little-noticed lawsuit details a hacking attack similar to one that stole $81 million from Bangladesh’s central bank, saying cybercriminals stole about $9 million in 2015 from a bank in Ecuador…..…A third attack, from December 2015 at a commercial bank in Vietnam, was detailed last week by the Society for Worldwide Interbank Financial Telecommunication, or Swift. That bank detected the fraudulent requests and stopped the movement of funds, the central bank in Vietnam said.  In the January 2015 Ecuador hack, as with the Bangladesh case, hackers managed to get the bank’s codes for using Swift, the global bank messaging service, to procure funds from another bank, according to court papers.

The Ecuadorean bank, Banco del Austro, filed a lawsuit in New York federal court in 2016 accusing Wells Fargo & Co. of failing to notice “red flags’’ in a dozen January 2015 transactions and to stop them before the thieves transferred about $12 million, most of it to banks in Hong Kong.  Lawyers for the two banks didn’t immediately return phone calls asking to comment about the case and Swift’s complaints that they had failed to notify the messaging network….

There are similarities in method, including thieves accessing the bank’s system to log on to the Swift network through customer sites, and doing so after bankers’ hours, apparently to reduce the likelihood someone would ask questions about specific transactions…

According to that filing on behalf of Banco del Austro, or BDA, “For each of the unauthorized transfers, an unauthorized user, using the Internet, hacked into BDA’s computer system after hours using malware that allowed remote access, logged onto the Swift network purporting to be BDA, and redirected transactions to new beneficiaries with new amounts.” Using that method, just before midnight on Jan. 14, 2015, a payment order made to a Miami company for less than $3,000 was altered to send $1.4 million to an account in Hong Kong, according to the court filing. There were 12 suspect transfers carried out over a 10-day period in January 2015, according to the lawsuit.  BDA’s lawsuit argues Wells Fargo should have noticed several anomalies in the transfers and, at a minimum, asked questions about them.  “The unauthorized transfers were made in unusual times of the day, in unusual amounts, to unusual beneficiaries in unusual geographic locations,’’ the bank’s lawyers argued in the filing. “Despite the numerous anomalies in the unauthorized transfers, [Wells Fargo] inexplicably failed to block them and/or alert BDA of the suspicious activity.’’

Excerpts from DEVLIN BARRETT and KATY BURNE, Now It’s Three: Ecuador Bank Hacked via Swift, Wall Street Journal, May 19, 2016