Cloud Server Farm Taken Offline by Drone Attack

Eniac Cloud confirmed that yesterday’s interruption in their cloud service was due to a remotely piloted aircraft being flown into the substation supplying power to their Delano Datacenter. “All systems switched over to alternative routings within minutes and our customers were only momentarily discomforted,” Richard Brathwait, spokesperson for the company told reporters. “We expect to resume full service in the Delano Center within a couple of weeks.” Two transformers at the company leased substation will have to be replaced.

Johnathan Quest, Federal Bureau of Inquiry spokesperson, confirmed that the FBI was working with the Federal Airline Administration in investigating the incident. “We have identified the owner of the aircraft, Barkhorn Aviation, but they lost control of the aircraft when it was almost 75 miles away from the Delano facility.” Quest told reporters.

Oscar Holmes, spokesperson for the FAA, confirmed that the agency had seized the controller used by Barkhorn Aviation, an agricultural sprayer company, but that it was apparent that the controller did not have the range necessary to conduct the attack in Delano.

A spokesperson for Barkhorn told reporters that they lost control of their BF 109 drone about 8:00 am yesterday. “The operator saw the aircraft take a left turn from its last spraying run on a cotton field outside of Dothan, AL,” Erich Hartmann told reporters; “It was last seen flying over the trees to the east of the field that we were spraying.”

A technician at Eniac who is not authorized to speak to the press told me that there was some small amount of data lost in the attack that had not yet been backed up, but the system worked as it was designed. “We have contingencies for power outages, and the plan worked well,” she said.

Brathwait said that the prolonged outage at the Delano Center would slow some of the data flow through their cloud network, but that customers would not be able to notice the difference. “Temporary loss of a single facility in our cloud network is not a problem,” he explained.

CAUTIONARY NOTE: This is a future news story –

Mini-Crime Wave Cover for Jewelry Stores Heist

A sophisticated gang of crooks cleaned out three jewelry stores in downtown Delano, GA yesterday morning while the police were responding to nonexistent emergencies around the city’s outskirts Chief S. James Butts told reporters this morning. “Not only did the thieves disable the store silent alarm systems,” Butts said; “They also were responsible for three automated alarms, two bomb threats at schools and four auto accidents with reports of injuries that tied up all of our patrol units well away from the downtown area.

Butts also reported that the Delano Police Department had requested assistance from the Federal Bureau of Inquiry in the conduct of the investigation. “Too many of cyberattacks were involved in this series of events for our Department to investigate,” Butts explained, “We only have one cyber-investigator on the force and she is already working on two other cases.” According to the Georgia Bureau of Inquiry, the State cyber-investigators are still tied up on the continuing attacks on vehicle charging stations in the Atlanta area and are not available to help the Delano investigation.

Johnathan Quest, spokesperson for the FBI, confirmed this morning that the FBI was working with the Delano Police Department on the investigation. “We have some indications that the criminals used an internet connection to hack the building security system,” Quest explained; “This means that they could be charged with computer fraud, which is, of course, a federal crime.”

Employees at all three of the jewelry stores reported that they had just finished putting jewelry on display when the thieves entered through the front door of each store. The doors had not yet been opened for the day, but the crooks apparently remotely manipulated the electronic locks on the doors. One of the store managers that asked not to be identified because of insurance concerns said that opening those doors before they were unlocked through the store security system should have immediately triggered an alarm to the Delano Police Department.

The three store owners refused to discuss the value of merchandise stollen from their stores because of ongoing negotiations with insurance companies. 

CAUTIONARY NOTE: This is a future news story –

Farbenhack Tool Being Sold on Dark Web

The ECS-CERT announced today that, in conjunction with investigators from the Federal Bureau of Inquiry, it had discovered a new hacking tool being sold on the Dark Web called Farbenhack. The tool provides a suite of applications that can be used to conduct ransomware attacks on manufacturing organizations. “We have seen various combinations of the applications being used in real world attacks on small companies in the United States,” Immanuel C Securitage, spokesperson for ECS-CERT, told reporters this morning.

Johnathan Quest, spokesperson for the FBI told reporters that the earlier attacks were apparently proof-of-concept demonstrations for the new Farbenhack Tool. “The web site where the tool is being sold shows screen shots of the applications being used in those attacks,” Quest said. “The tools provide tools for conducting targeted phishing attacks on control system engineering professions, with options for using drive by attacks on an engineering web site, or the download of compromised files from look-alike web sites. The phishing tools are very sophisticated, targeted at folks who should be knowledgeable about web-surfing vulnerabilities.”

An engineer working with ECS-CERT who is not authorized to talk to the press, told me that the post-compromise tools are even more refined. “While many, maybe most, control system devices are easily compromisable when one has access to the control network,” she told me; “These tools allow simultaneous reprograming of a large set of devices on a network to shutdown processes once the ransom notice is published, both on the engineering workstation and any HMI on the network.”

Interestingly, Quest notes that the Farbenhack Tool comes complete with command-and-control networks on Russian servers. “This CC network, along with some programming conventions, raises suspicions that the tool was developed by Russian hackers. It is not clear if they are officially sanctioned by the Russian government, but disruption of manufacturing capabilities in the United States and Europe would certainly be in the interest of the Putin government.” People who buy the tool, do have the option to change to their own CC networks.

Securitage points out that a premium version of the tool provides for an enhanced option to encourage victims to pay the ransom. The tool provides applications that will brick devices, making them inoperable and requiring replacement. “The vulnerabilities that lead to bricking are well known, but require authenticated access to the devices from the engineering workstation,” Immanuel said; “So many organizations find it an acceptable risk to not patch the devices.”

Neither ECS-CERT nor the FBI have any information on how many of these tools have been sold. ECS-CERT has published on their secure web portal a list of the compromised and look-alike web sites being used by the tool. “We do expect, however, that the crafters of the tool have the capability to update the tool with new web sites,” Quest explained, “We are being forced to play whack-a-mole with these sites.”

 

CAUTIONARY NOTE: This is a future news story –