3 Chlorine Cylinders Stolen by BEC Fraud

Bleichen Chemical Company announced today that three 1-ton chlorine cylinders had been stolen from the company by fraud. “As a result of a business email compromise fraud, unknown parties set up a water treatment account with our company for chlorine supply at an abandoned water treatment plant on the East Side of Delano.” Carl Scheele, the Bleichen Delano Plant Manager told reporters this morning; “We made two deliveries over a three-week period and had a third order loaded on a truck when the FBI notified us that we had been scammed.”

Johnathan Quest, spokesperson for the Federal Bureau of Inquiry, told the news conference that the FBI had been tracking a series of BEC frauds being perpetrated by the same individual. When they intercepted emails from Bleichen about past due bills for the chlorine gas deliveries, they became concerned and contacted the company.

Scheele explained that Bleichen had received a request to set up a new delivery account for an existing food processing customer. “They claimed to be restarting the old Dolly Madison plant here in Delano and needed to get the water treatment plant functioning,” he explained: “They had the corporate account number and the right names on letterhead stationery as well as a legitimate looking email address for the account executive.”

Quest said that the FBI has lost track of the perpetrators and had not yet located their base of operations. “The Delano water facility where the deliveries were made has been cleaned up and re-abandoned.” He said, “We have multiple forensics teams going over the facility, but we have not yet found any useful evidence.”

When asked what the criminals had done with the chlorine gas, Quest replied: “We have found evidence that would seem to indicate that the material had been transferred to 5-lb pressure vessels, probably propane cylinders. We have not been able to identify a commercial purpose for small chlorine containers like this, so we do not know what financial incentives there were to perpetrate this fraud.”

Two 1-ton cylinders had been delivered for the initial order last month. A second order of one cylinder was delivered earlier this month and an empty cylinder was picked up. That means that as much as 2,000-lbs of chlorine gas may have been off-loaded into small cylinders. A technician from Bleichen that has been working with the FBI at the treatment facility told me that: “Propane cylinders are not approved for the storage of liquid chlorine, and there was no evidence of the equipment needed to do a liquid-liquid transfer at the site, so there is no way of telling how much chlorine was transferred to each cylinder. There were lots of them.”

CAUTIONARY NOTE: This is a future news story –

TSP Fleet Tankers Hacked During Navy Exercise

The US Naval Department confirmed this morning that, during a recent fleet exercise in the South Atlantic, civilian fuel tankers that are part of the new Tanker Security Fleet were hacked by elements of Fleet Cyber Command. “Naval cyber operators conducted active operations against Ulan Master and Torrey Canyon tankers that were providing fuel support during Operation Malvinas;” reported David D. Porter, Naval spokesperson. “Navy personnel were able to take remote control of engines and steerage on both vessels using known vulnerabilities in various systems onboard the vessels.”

Captain Frank F. Fletcher of the Torrey Canyon told reporters: “In 20 years of operations in ocean going tankers I have never seen a ship fail so completely to respond to commands from the Bridge. It was quite disconcerting.”

Captain Na Dae-yong of the Ulsan Master added: “I did not appreciate losing control of my vessel, but hopefully we will be able to ensure that such actions could not be undertaken by an enemy during a wartime operation.”

Owners of the two vessels had been informed prior to their participation in the exercise that cyberattacks would be employed against the two vessels during the exercise to determine their susceptibility to such attacks. “These types of attacks would be expected against fleet assets involved in wartime operations,’ Porter explained; “And we expected that the civilian operators would not be as experienced as active fleet personnel in preparing for or responding to such attacks.”

The Navy plans on sharing the results of these attacks with the owners of the two vessels as well as the other owners of vessels in the TSF. Owners will be able to use the information gleaned from these attacks to upscale the cyber defenses for all of their vessels, a major incentive for owners of other fleet capable tankers to sign up for participation in the Tanker Security Program.

Cpt Berny McCollough, spokesperson for Fleet Cyber Command, refused to comment on reports that CYBERCOM detected another party participating in the exercise. “I cannot confirm or deny public reports that a foreign nation state was receiving information from the two ships.” There have been two reports quoting unofficial comments from naval cyber personnel that communications between the ships and a Chinese server had been detected during the operation. One unnamed Navy Lieutenant has been quoted as saying: “We found communications logs showing that the vessel (referring to Torrey Canyon) had been hacked prior to the start of the exercise and had been reporting vessel position and status to a foreign operator.”

McCollough also refused to comment on reporting by the naval blog, Kings Island, that purported to show tracking information of the maneuvers of the two ships under control of the Navy’s hackers. “We will not discuss operational details about the exercise.” The Kings Island tracking data shows the two tankers conducting right and left 180 degree turns and heading back in the direction from which they came.

 

CAUTIONARY NOTE: This is a future news story – 

Pipeline SCADA System Hacked in Texas

Pipeline Safety, Security and Operations Office (PSSOO) announced today that the recent crude oil leak near Tyler, Texas was due to a sophisticated cyberattack on the pipeline control system. “The attackers manipulated valves and pumps to create a local overpressure situation,” Michael E Thane, spokesperson for the PSSOO; “This caused pressure relief systems to open and begin pouring crude oil out at the remote location near the Neches River.”

The pipeline, owned by the Friendly Morning Pipeline Company, apparently started leaking just after sundown and was not stopped until a fisherman reported seeing the crude pouring into the Neches River near his favorite fishing spot the next morning. The sour crude being pumped through the pipeline contained high levels of hydrogen sulfide, a toxic gas. A major fish kill has been reported along a 20-mile stretch of the river.

The National Critical Infrastructure Security Operations Center (CI-SOC) is working with PSSOO and the Federal Bureau of Inquiry and the Texas Environmental Commission to investigate this incident. Local law enforcement has been told that this may be an environmental terrorist attack, but none of the federal agencies involved in the investigation are willing to use the T word publicly.

George Friendly, President and Owner of the affected pipeline company talked with reporters this morning. He noted that the company was using a pipeline SCADA system that was specifically designed for secure monitoring and controlling of pipeline operations. “We worked closely with Albert Foxborough, the founder of Flintstone Tech in his development of their pipeline secure automation system.” Friendly explained.

A source, who must remain nameless because they are not allowed to talk to the press, with the CI-SOC explained that the Flintstone PSAS was a complete supervisory control and data acquisition system that was designed for secure communications between the various parts of the pipeline automation system. “This system was designed in early 2016 before people generally started talking about zero trust systems,” she explained; “And certainly before people started to talk about it in industrial control systems.”

Friendly agreed that the PSAS had a zero trust architecture, but explained that: “Albert started employing what is now called zero trust architecture back in 2015 when he started the design of his new operating system”. Security was built into the operating system as one of the core principles of its design. This meant that there was no need for add on security appliances or applications.

The CI-SOC technician said that Flintstone was recently disbanded when its parent company was sold. “The new owners apparently did not want to offend their customers who were manufacturers and vendors of more conventional control system and security systems.” Flintstone shutdown operations and customer support on very short notice. The last thing the company did was issue a mandatory software upgrade for their systems that effectively reduced the security communications controls of the system.

Friendly told reporters: “We had the most secure pipeline control system the world has seen to prevent just this sort of incident. We had to reduce the security to keep the control system functioning. Now this happens. Where are all of the federal cybersecurity folks now?”

CAUTIONARY NOTE: This is a future news story –