Two US Power Plants Infected with Malware Spread via USB Drive

Critical control systems inside two US power generation facilities were found infected with computer malware, according to the US Industrial Control Systems Cyber Emergency Response Team.

Both infections were spread by USB drives that were plugged into critical systems used to control power generation equipment, according to the organization’s newsletter for October, November, and December of 2012. The authors didn’t identify the owners of the facilities and there’s no indication the infections resulted in injuries or equipment failures.

The incidents were reported earlier by Threat Post, and they are the latest to underscore the vulnerabilities posed by so-called supervisory control and data acquisition systems that aren’t properly secured. SCADA and industrial control systems use computers to flip switches, turn dials, and manipulate other controls inside dams, power-generation plants, and other critical infrastructure. Computer malware that infects those systems can pose a threat by giving remote attackers the ability to sabotage sensitive equipment. Last year, a backdoor in a widely used piece of industrial software allowed hackers to illegally access a New Jersey company’s internal heating and air-conditioning system.

According to one of the articles in the newsletter, one of the infections was discovered after an employee experienced problems with the USB drive and called in IT staff to troubleshoot.

“When the IT employee inserted the drive into a computer with up-to-date antivirus software, the antivirus software produced three positive hits,” the newsletter reported. “Initial analysis caused particular concern when one sample was linked to known sophisticated malware.”

Based on the article, it’s not clear if the control system workstations use any form of antivirus protection.

“While the implementation of an antivirus solution presents some challenges in a control system environment, it could have been effective in identifying both the common and the sophisticated malware discovered on the USB drive and the engineering workstations,” it said. The report also noted the workstations had no backup mechanism, so “an ineffective or failed cleanup would have significantly impaired their operations.”

The other infection affected 10 computers in a turbine control system. It was also spread by a USB drive and “resulted in downtime for the impacted systems and delayed the plant restart by approximately three weeks,” the article stated. It went on to encourage owners and operators of critical infrastructure to “develop and implement baseline security policies for maintaining up-to-date antivirus definitions, managing system patching, and governing the use of removable media.”

USB drives have remained the weak link in many industrial control systems, which often lack Internet connections to minimize exposure to malicious software. The Stuxnet worm and the Flame malware—both of which were reportedly developed by the US and Israel to attack and spy on critical systems in Iran—relied on USB drives to propagate attack code and to ferry intercepted communications over air-gapped networks. Microsoft has patched the vulnerabilities that made some of those attacks possible on Windows computers, but it’s not clear all users have installed them.

Source: Ars Technica


US Congress Implicated In Online Piracy

Digital forensics company ScanEye as released evidence of copyright infringement taking place at the United States Congress – the lawmaking body of the federal government.

Over the last four months, ScanEye was monitoring peer-to-peer downloads initiated by IP addresses that belong to the House of Representatives. Often referred to simply as ‘the House’, it forms part of the US Congress and brings together 435 members, which regularly meet in the south wing of the Capitol in Washington, DC.

n 2011, the same group of people was working hard to make the Stop Online Piracy Act (SOPA) and Protect IP Act (PIPA) federal laws.

Judging by the evidence provided by ScanEye, some of the people who have advocated the introduction of tough anti-piracy measures might have been infringing copyright without leaving the congressional office.

According to the Washington Whispers, which published the report, over the last four months IP addresses associated with the House of Representatives were spotted illegally downloading everything from TV shows like Dexter and CSI: New York to feature films including Lawless, Iron Sky, Dark Knight Rises and even Smurfs 3D.

ScanEye specialises in “anti-piracy enforcement”. To put it in layman’s terms, the company tracks down illegal downloads on behalf of the copyright owners. “Most people believe that downloading files using torrents is anonymous, that is untrue. The very principle of the procedure allows to track and monitor the activity of network users,” read a statement on the company’s website.

Last year, a team of researchers from the University of Birmingham had discovered it takes just three hours from the start of a download for an average BitTorrent user to be monitored by an agency like ScanEye.

In December 2011, while the members of the Congress were busy drafting SOPA, TorrentFreak reported on a similar study, which found over 800 instances of illegal downloads being initiated from the same block of IP addresses.

For more information and to take a quiz: How much do you know about online piracy? at the Source Link below.

Source: TechWeekEurope

RIM Receives Approval from Visa for Mobile Payment Solution

RIM has been one of the companies on the forefront of bringing NFC (Near Field Communication) technology to mobile devices. BlackBerry users with certain model devices including the Bold 9900 and other BlackBerry devices running OS 7 and 7.1 have NFC built-in to the phone. Upcoming BlackBerry 10 devices will have NFC capabilities as well, and this is great news for RIM and BlackBerry users looking to use their device to make mobile payments in the future through Visa. Visa has approved RIM for a mobile payment solution using NFC on BlackBerry devices.

The press release is below with details.

Press Release

WATERLOO, ONTARIO–(Marketwire – January 16, 2013) – Research In Motion (RIM) (NASDAQ: RIMM)(TSX: RIM) today announced that its Secure Element Manager (SEM) solution for NFC (Near Field Communication) mobile payments has been approved by Visa. RIM’s SEM is the backend solution for carriers that can securely manage credentials on SIM (subscriber identity module) cards installed in all types of NFC-capable mobile devices.

“The approval from Visa of RIM’s SEM solution is an important step in that it will enable carriers to support Visa issuing banks and financial institutions,” said Frank Maduri, Senior Director, NFC Services and TSM Product Management at RIM. “We now offer carriers a robust solution with around-the-clock global support that works on any NFC-capable device, and meets the stringent technology and usability guidelines for Visa.”

“RIM’s success in gaining Visa’s formal approval as secure element manager is a crucial step in expanding RIM’s role as a key security partner for mobile payment solutions around the globe,” said Andy Castonguay, Principal Analyst, at Informa Telecoms & Media. “RIM’s secure network operations center provides a unique combination of global geographic reach, and has established trusted relationships with hundreds of carriers around the world with an unparalleled reputation for security, which sets RIM apart as an SEM partner in the growing mobile payments space.”

Today’s announcement from RIM builds on the recent deployment of mobile payments in Canada by EnStream, a joint venture of Bell, Rogers and TELUS, which uses RIM’s SEM solution.