Last week, the website Public Intelligence posted an internal bulletin from the Department of Homeland Security warning that Anonymous had expressed its intent to attack industrial control systems.
“The loosely organized hacking collective known as Anonymous has recently expressed an interest in targeting industrial control systems (ICS)…. While Anonymous recently expressed intent to target ICS, they have not demonstrated a capability to inflict damage to these systems, instead choosing to harass and embarrass their targets using rudimentary attack methods, readily available to the research community. Anonymous does have the ability to impact aspects of critical infrastructure that run on common, internet accessible systems (such as web-based applications and windows systems) by employing tactics such as denial of service”, the bulletin said.
The bulletin indicated that oil and gas companies might be at particular risk because of what it calls a “green energy” agenda on the part of Anonymous, highlighting the campaign the group has supported against the trans-continental Keystone XL oil pipeline and the Alberta Tar Sands project in Canada.
Storey, who is EMEA technical director for Sourcefire, told Infosecurity that the information security surrounding most industrial control systems is so weak that Anonymous could use its existing repertoire of attack vectors to penetrate and disrupt those systems.
“If you delve down into the architectures of these process control networks, they’re poor in terms of security. They may not even be firewalled”, Storey said.
“Where is the risk in attacking SCADA [supervisory control and data acquisition] systems? Most people think that this is all industrial control talking in weird protocols. They would be amazed to find that most of that stuff is Windows based”, Storey observed.
“There are four core trends that are converging. First, there is a rise in process control connectivity. This is the first train on the track headed for a collision course. The second is that nearly everyone of these process control network components that used to be connected in a proprietary manner are all connecting to IP….The third trend is the emergence of hacktivism, that is Anonymous, who are I think of as angry young men armed with keyboards….The fourth one is the APT-style nation-state attacks that were the kinds of thing Stuxnet generated”, Storey said.
“The legacy of Stuxnet is that you have a new generation of people who suddenly have woken up to the idea that every business has a third [industrial control] network and this is the soft underbelly of the business”, he concluded.