This morning the CSA’s Critical Infrastructure Security
Operations Center (IC-SOC) announced that it had intercepted a cyberattack on a
chemical facility control system this weekend in Southern California. According
to General Buck Turgidson, the IC-SOC director, a worm had been uploaded to the
facility network from a contractor’s telephone. The phone was apparently
infected when the owner signed on to the WFN sex-sharing application.
“Our system identified the sex app when the phone logged
into the facility wi-fi system,” Turgidson told reporters at this morning’s
news conference; “We know that the app has been used by Chinese Meiyou
Tuihuo APT group as a means of infecting targeted industrial systems. With
this knowledge we were prepared to intercept the worm and sent it to a
sandboxed location on the system for observation.”
Dragonfire Cyber operates that particular sandbox for IC-SOC.
Dade Murphy, CTO for Dragonfire told reporters that exploited several known
vulnerabilities to make its way into the control system server. “Once on the
server it reported back to a command-and-control server, it started to upload
copies of our decoy control system files,” Murphy told reporters; “And we were
able to insert our own report-back worms into the upload. We have spent the
last twelve hours remotely inspecting the C&C server and have garnered a
great deal of information.”
Murphy confirmed that the sandboxed control system was subsequently
hit by a ransomware attack. “This was the same ransomware that we had seen in
earlier attacks. We did not pay the ransom. We had appropriate backups in place
and our sandbox was operational again within a couple of hours,” Murphy reported
with a grin.
When asked if this would not be considered hacking by the
Chinese government, similar to what he was
arrested for last June, Murphy replied: “Our company was working under
contract with and under the control of the IC-SOC. This was an authorized law
enforcement operation and the Chinese government has been provided with the
appropriate evidence of criminal activity.”
Turgidson added that it had become obvious that Murphy’s
arrest in Singapore was a purely political move on the part of the Chinese government.
“Mechanisms have been put into place to deal with such tit-for-tat semi-legal
actions in the future;” the General said.
When asked if there were going to be any consequences to the
owner of the phone involved in the attack, Turgidson said: “That will be up to
his employer as it was a company owned phone. We do not have any evidence to
indicate that the individual knowingly involved in the attack.”
Turgidson was also asked about the legality of the ‘search’
of the individual’s phone that initiated the IC-SOC activity. “Signs were
posted at all entrances to the facility that all electronic devices were
subject to search while on the property,” he replied; “Bringing the phone onto
the facility grounds constituted providing permission to search the phone by
any means at our disposal.”
No comments:
Post a Comment