Steinnon and Poulsen Call Shenanigans on WSJ Chinese Hacker Story
There was a sensationalistic but poorly sourced story in the Wall Street Journal yesterday that declared that Chinese spies have hacked and pwn3d the US electrical grid and have left behind tools that will cause some unspecified damage to it. The story quotes all kinds of “senior officials” and “cyber experts” but fails to cite a single verifiable case of an intrusion.
Richard Steinnon poo poos the article by saying on his Threat Chaos blog here:
My reaction to the WSJ article was mostly anger over seeing a trumped up story with no sources, no evidence, and frankly, no news. The writers even had to go all the way back to the Australian hacker and the water reservoir story to site an example of someone hacking critical infrastructure. Ms. Gorman, intelligence correspondent for the WSJ, claims the story was not pitched to her. She “heard some things” about the power grid being hacked and investigated. I find it hard to believe the piece made it past her editors.
Steinnon also links to Kevin Poulsen who scoffed by saying:
The story contains almost no details at all. The attacks are “pervasive,” and yet not a single utility company is named as a victim. Even better, the blackout-triggering malware hasn’t been spotted by the companies — which explains perfectly why this is the first we’ve heard of it. Only America’s intelligence community has seen the code. They could show us, but then they’d have to kill us.
The unspoken lesson here is obvious: Chinese Superhackers Are Our Superiors. No, wait. That’s not it. I know … Only the intelligence agencies are equipped to protect us from foreign cyber attacks.
It’s an unusually opportune time for this revelation, since the NSA is at this very moment jockeying to take over cyber security from DHS, which lacks the wholesale warrantless-wiretapping capabilities needed to detect Chinese hackers. What a lucky coincidence of timing that this exciting, if uncheckable, story should emerge now.
Look, Chinese hackers are indeed pervasive, but the electrical grid is protected by some of the best cyber experts in the country. They have been working with the Department of Homeland Security to map their critical infrastructure and put in layers of defense to keep them safe. Hundreds of millions of dollars have been spent on this. To declare now that none of those efforts have paid off is not only disengenuous but it also makes me want those tax dollars back.
And why go through the effort of trying to attack the grid with cyber attacks anyways? Well-placed explosive charges on those high-tension power lines are much more effective, and there are any number of domestic eco-warrior groups that could be paid to do that for the Chinese.
Thanks for the quotes of ThreatChaos.com Interesting thought there that foreign enemies could hire insider terrorist organizations to damage infrastructure. Is there any precedence for that?
-Stiennon
If 9-11 taught us anything its that physical destruction is far more debilitating than cyber attacks.
And Eco-terrorist groups need very little goading to get them to carry out arson or sabotage against critical infrastructure. In recent cases they have shown that they tend to disable power systems during their attacks.
http://en.wikipedia.org/wiki/Operation_Backfire_(FBI)
Recently one eco-terror group was plotting to bring down transmission lines. So whatever hacking a foreign power could attempt, they could be much more effective using insiders to carry out attacks with bombs.
And “Lefty” hippy doo-gooders can cause just as much mayhem if left unchecked: http://news.bbc.co.uk/1/hi/england/nottinghamshire/7997598.stm
Lock then all up I say 😉