so while the Bad Guys are figuring out how to attack our critical infrastructure via web based attacks, the Dept of Homeland Security is off shutting down file trading websites and telling us all not to worry, they've got it all under control.

we're f*cking doomed, you all know that right?

What city? C'mon, I live in Illinois! I don't need any commie water!

Weaver95: so while the Bad Guys are figuring out how to attack our critical infrastructure via web based attacks, the Dept of Homeland Security is off shutting down file trading websites and telling us all not to worry, they've got it all under control.

we're f*cking doomed, you all know that right?

I'm trying to remember the article I read the other day saying the Pentagon was ready for any attack and would fightback with their own cyber warfare.

here's a related article

olddeegee: What city? C'mon, I live in Illinois! I don't need any commie water!

The Department of Homeland Security confirmed that a water plant in Springfield, Ill. had been damaged

AlwaysRightBoy: olddeegee: What city? C'mon, I live in Illinois! I don't need any commie water!

The Department of Homeland Security confirmed that a water plant in Springfield, Ill. had been damaged

That's OK. They're all slack-jawed yokels down there anyway.

AlwaysRightBoy: olddeegee: What city? C'mon, I live in Illinois! I don't need any commie water!

The Department of Homeland Security confirmed that a water plant in Springfield, Ill. had been damaged

If it's brown, drink it down; if it's black, throw it back.

"This is a big deal," said Weiss.

You should look due south of Russia, subs. No, no, not Mongolia, keep going... Yeah, that's the one.

I'm starting to feel like we're actually at war with the Chinese, but that no one wants to talk about it.

AlwaysRightBoy: Weaver95: so while the Bad Guys are figuring out how to attack our critical infrastructure via web based attacks, the Dept of Homeland Security is off shutting down file trading websites and telling us all not to worry, they've got it all under control.

we're f*cking doomed, you all know that right?

I'm trying to remember the article I read the other day saying the Pentagon was ready for any attack and would fightback with their own cyber warfare.

That makes the assumption that the attack is launched by a country, and not by an individual or an extraterritorial group. What you're talking about is pretty 20th century thinking. How do you retaliate? And against whom? Are you gonna carpet bomb the cybercafe in some Shanghai suburb in the hopes of getting the little rat bastard?

timujin: You should look due south of Russia, subs. No, no, not Mongolia, keep going... Yeah, that's the one.

I'm starting to feel like we're actually at war with the Chinese, but that no one wants to talk about it.

It could be anyone from Russia, China or even North Korea... or some script kiddie from Vermont.

Tr0mBoNe: timujin: You should look due south of Russia, subs. No, no, not Mongolia, keep going... Yeah, that's the one.

I'm starting to feel like we're actually at war with the Chinese, but that no one wants to talk about it.

It could be anyone from Russia, China or even North Korea... or some script kiddie from Vermont.

yeah, in this case it could have been a lot of different folks, though the attack came from "a computer located in Russia." Still, between things like Los Alamos, the RSA issue and, um.. "other things" it seems as bad as it was between Russia and the U.S. during the Cold War.

unyon: AlwaysRightBoy: Weaver95: so while the Bad Guys are figuring out how to attack our critical infrastructure via web based attacks, the Dept of Homeland Security is off shutting down file trading websites and telling us all not to worry, they've got it all under control.

we're f*cking doomed, you all know that right?

I'm trying to remember the article I read the other day saying the Pentagon was ready for any attack and would fightback with their own cyber warfare.

That makes the assumption that the attack is launched by a country, and not by an individual or an extraterritorial group. What you're talking about is pretty 20th century thinking. How do you retaliate? And against whom? Are you gonna carpet bomb the cybercafe in some Shanghai suburb in the hopes of getting the little rat bastard?

Good point. The article that I can't find was more about the Pentagon being on top of cbyer attacks.

bubo_sibiricus: And SCADA controls are connected to the Internet, why?

This is the question that people should be asking. It's not likely the controls were directly hooked up to a machine with an external facing IP. Rather, the computer terminal that had the SCADA controls on its screen was on a LAN, and the LAN was accessible through a VPN appliance which was not adequately monitored for suspicous traffic, and it allowed these guys to take their time and find a way in through brute force or password guessing. Hard shell with a soft center.

In any case, there are some computers that simply should not be connected to a common unsecure network, because some of the critical systems that run on those computers were never designed with remote access controls in mind.

Hopefully this will send the message to utility companies that they need better network security oversight.

Weaver95: so while the Bad Guys are figuring out how to attack our critical infrastructure via web based attacks, the Dept of Homeland Security is off shutting down file trading websites and telling us all not to worry, they've got it all under control.

we're f*cking doomed, you all know that right?

.....
We might all just end up livin' in a van, down by the river.

Fjornir: ...why the fark was the control network taking traffic from the internet in the first place? Who designed that shiat?

My guess is nobody designed it and that's why it existed. The old school system controls guy did his little piece - getting the serial interface to work on a terminal screen (9600/8-N-1) on a PC. The local network guy did his little piece - connecting the PC to the network in order to keep it patched and scanned for viruses, and probably to make it easier to manage; no VLANs were configured. The network security guy did his little piece - installing a VPN appliance to make it easier for staff to work at home, probably at the behest of management. Nobody took a look at the full picture, or if they did, management didn't see it as a priority. This is the story at many companies of all sizes that are responsible for all sorts of critical systems or processes.