The state of malware on the internet or why utilities need to prioritize cyber security

24 January 2013 Geoff Zeiss

In its essence smart grid is about turning the power grid into an internet of intelligent devices.  That means that the next generation  power grid will be susceptible to all the cybersecurity issues that affect the internet.   This makes cybersecurity a priority for every utility that is implementing some form of a smart grid.

At the EDIST 2013 Conference in Toronto, the keynote speaker was Mikko Hypponen of F-Secure, who has been chasing cybersecurity problems since the 1990’s and has been responsoble for taking down a number of internet malware exploits.  He gave a very current assessment of today’s cybercrime. 

Cybercrime on the internet today is very different from a decade ago  when it involved “kids” with no real motive, who just did it because they could. 

Now there are three categories of people who indulge in cyber expolits and they all have motives.

  1. Criminals – organized crime groups (in MiKko’s experience primarily in Russia, Ukraine, Brazil, China, but all over the world) whose motive is money
  2. Hacktivists – groups with a political agenda and whose motive is protest
  3. Governments – both totalitarian and democratic governments are involved in offensive malware with a variety of motives, espionage and military are obvious ones, but governments also target malware on their own citizens

Criminals

Mikko gave an example of a criminal cyber exploit involving credit card theft but with a wrinkle.    Typically when this activity is tracked to a particular account, the ISP is notified and will shutdown the account.  But in this case the ISP was owned by a criminal.  When notified he would promise to would look into the problem, but wouldn’t take any action except charging the account owner more for hosting.  Hosting would get to be very expensive for an account holder if it got a lot of attention from the credit card companies.  The ISP owner bought a lot of real estate with the money he made – 155 properties have been identified.  He is currently awaiting trial.

Another example of a criminal exploit is banking trojans.  The best known is called “Zero-access” and has infected 9 million computers.  The way it generates revenue is by interrupting your on-line banking session and displaying what appears to be a message from your national police force ( it is a different “police force” depending on the country where you are using your computer) telling you that illegal financial acitivities have been traced to your account and your access the the account has been disabled.  This all sounds legit, until it goes on to say that if you pay a $100 fine, access will be restored.  And it provides a legitimate way for you to transfer the money.

One of the surprising changes in cyber crime is that until recently it has involved exploits targetting computers running Windows.  Millions of Windows machines are infected every year.  But the 75 % of the world’s servers that run Linux have not been affected. (Last quarter for the first time Linux passed Windows in number of new installations.)

DSC00062abBut now Linux, in the form of Android on smart phones, has a malware problem.  The number of devices affected by attacks currently number in the thousands, but this is increasing rapidly and involves mostly criminals, not hacktivists or governments.

Hacktivists

One of the best known hacking by hacktivists involves a programmer who wanted to customize his Playstation software.  Unwisely Sony sent its lawyers after him, which immediately became known and had the effect that Sony became a favourite target of the hacker community.

In an interesting contrast, a programmer who wanted to customize his IPhone, was hired by Apple.

Governments

The best known is the stuxnet worm that targeted Iran’s uranium centrifuge equipment running Siemens Step7 software.  The source of this exploit is suspected to be a Western government.  Mikko presented a fascinating story about how this exploit was traced and identified from public TV broadcasts.

ARAMCO, the largest company in the world, was attacked by an expoit that shut down 75% of its computers.  A Middle Eastern government is the prime suspect.

The “red october” exploit has just been identified by Kapersky and the source is suspected to be the government in the Far East.  This exploit involves sending what looks like innocuous official and academic articles to government officials which then infects their computer with a trojan.

But governments also use malware against their own citizens.  Mikko mentioned Syria, the previous regime in Egypt, but also the US, Germany and the UK.

In the latter cases, this typically involves trojans that are used during criminal investigation to track the communications of suspects and is similar to telephone tapping.  Mikko described a fascinating example where a person suspected of criminal activity was separated from his luggage and questioned by Customs and Immigration at an airport.  The questioning was bogus, but while he was being questioned, officials went through his luggage, found his computer and installed a trojan on it.  He was subsequently found to be innocent. The officials then had to stage the same airport exercise to get the trojan off of his computer.

This was a fascinating presentation which I suspect created in the utilities folks in the audience a significantly heightened awareness of how seriously the cybersecurity challenge to the electirc power grid must be treated.

Geoff Zeiss

Geoff Zeiss

Geoff Zeiss has more than 20 years experience in the geospatial software industry and 15 years experience developing enterprise geospatial solutions for the utilities, communications, and public works industries. His particular interests include the convergence of BIM, CAD, geospatial, and 3D. In recognition of his efforts to evangelize geospatial in vertical industries such as utilities and construction, Geoff received the Geospatial Ambassador Award at Geospatial World Forum 2014. Currently Geoff is Principal at Between the Poles, a thought leadership consulting firm. From 2001 to 2012 Geoff was Director of Utility Industry Program at Autodesk Inc, where he was responsible for thought leadership for the utility industry program. From 1999 to 2001 he was Director of Enterprise Software Development at Autodesk. He received one of ten annual global technology awards in 2004 from Oracle Corporation for technical innovation and leadership in the use of Oracle. Prior to Autodesk Geoff was Director of Product Development at VISION* Solutions. VISION* Solutions is credited with pioneering relational spatial data management, CAD/GIS integration, and long transactions (data versioning) in the utility, communications, and public works industries. Geoff is a frequent speaker at geospatial and utility events around the world including Geospatial World Forum, Where 2.0, MundoGeo Connect (Brazil), Middle East Spatial Geospatial Forum, India Geospatial Forum, Location Intelligence, Asia Geospatial Forum, and GITA events in US, Japan and Australia. Geoff received Speaker Excellence Awards at GITA 2007-2009.

View article by Geoff Zeiss

Be the first to comment

Leave a Reply

Your email address will not be published.


*