Upload
gerald-johns
View
213
Download
0
Embed Size (px)
Citation preview
ReasonsThe intent of the break-in is still not clearand the FBI is investigating the incident.
Cal-ISO systems are also tightly inte-grated with the major power distributionnetwork that also serves the entire westernUS’s grids.
ResponseCal-ISO officials said the grid was notthreatened and that they had remedied thesituation. Although Cal-ISO officials saidthey managed to trace the attack to a sys-tem in China, security experts said thetechnology couldn't identify whether thehacking was accomplished by govern-ments, terrorists or kids.
“they managed to trace theattack to a system in
China”
One California state lawmaker askedthe Cal-ISO to deliver to him a reportdetailing how and why the recent intru-sion took place and what the ISO isdoing to prevent future attacks.
“I think it is a matter of intense concern that we have an ISO that alloweda breach of security through whatappeared to be sheer incompetence,”California Senator Tom McClintock said.
“an ISO allowed a breachthrough what appeared to
be sheer incompetence”
According to McClintock, Cal-ISOspokesman Gregg Fishman reassuredhim that the incident was a relativelyminor attack on a computer set up fortesting software and connected to theInternet. The Cal-ISO officials also
confirmed that its system had been pen-etrated but said no critical operationswere at risk.
Although the attack appeared to comefrom somewhere in China, Cal-ISO staffsaid they were not sure the hack originatedthere because it was so easy for the hackerto hide tracks online.
McClintock had warned that hackerattacks on the California grid have thepotential to paralyze the state. “The prin-cipal concern, obviously, is national secu-rity issues,” he said.
The threat to power networks alsooccurred a few years ago when hackershired by the US National Security Agencyin 1997 to test electronic infrastructuredefences staged mock attacks which wouldhave shut down parts of the nationalpower grid and Washington DC's emer-gency phone system had they been for real.
The Honeynet Project includes volun-teers from Sun Microsystems, CiscoSystems, Stanford University, Guardentand Foundstone, and countries such asAustralia, Canada, Holland and Israel.The goal is to watch the hackers andgather information on the securitybreaches, which companies and govern-ments that have been attacked by hack-ers are often unwilling to make known.
At a recent security conference LanceSpitzner, a senior security architect forSun Microsystems and one of the volun-teers running the project, said the pro-ject, which has been running on alimited basis for about a year, will beexpanded to run on a large number ofsystems around the world including aUS Navy network.
“The more we deploy, the faster we willfind the attackers,” Spitzner said.
“The more we deploy, thefaster we will find the
attackers”
The group gathers information throughthe use of a Honeynet, a computer net-work on the Internet that is made up ofvarious hardware and software systemscomplete with sensors as well as a tempt-ing name and content. An intrusion-detection system triggers a virtual alarmwhenever an attacker breaches security onone of the networked computers.
Once the information is captured, it isanalyzed to learn the tools, tactics andmotives of the blackhat community.
According to the volunteers, Honeynet,using statistical analysis, can predict whenan attack is likely to happen. “We can pre-dict up to three days when you're going tobe attacked and how you are going to beattacked,” Spitzner said.
The Honeynet Project differs from ahoneypot, which is a system designed to beattacked, usually for the purpose of decep-tion or alerting of hacker attacks.Generally, honeypots are systems thatemulate known vulnerabilities or emulateother systems.
The Honeynet can utilize multiple systems at the same time, such as Solaris, Linux and Windows NT. Based on the research of the Honeynet Project,the life expectancy of a default install-ation of Red Hat 6.2 server is less than 72hours.
Volunteers from the Honeynet Projectdo not prosecute the people that com-promise systems. However, at times theyforward data they have captured toComputer Emergency Response Team(CERT) and to other security pro-grammes.
The project volunteers recently appliedfor a grant from the National Institute ofStandards and Technology.
reports
6
Watching Hackers in theHoneynet Gerald Johns
A group of 30 computer security, information intelligence and psychologyresearchers has set up a computer network on the Web which is intended to allowhackers to break into a false network.
issue.qxd 8/16/01 11:52 AM Page 6