Forget The Sony Hack, This Could Be The Biggest Cyber Attack Of 2015

Patrick Tucker | Defense One | December 19, 2014

...[A]ccording to cyber-security professionals, the Sony hack may be a prelude to a cyber attack on United States infrastructure that could occur in 2015, as a result of a very different, self-inflicted document dump from the Department of Homeland Security in July.  Here’s the background: On July 3, DHS, which plays “key role” in responding to cyber-attacks on the nation, replied to a Freedom of Information Act (FOIA) request on a malware attack on Google called “Operation Aurora.”  

Unfortunately, as Threatpost writer Dennis Fisher reports, DHS officials made a grave error in their response. DHS released more than 800 pages of documents related not to Operation Aurora but rather the Aurora Project, a 2007 research effort led by Idaho National Laboratory demonstrating how easy it was to hack elements in power and water systems.  Oops.

The Aurora Project exposed a vulnerability common to many electrical generators, water pumps and other pieces of infrastructure, wherein an attacker remotely opens and closes key circuit breakers, throwing the machine’s rotating parts out of synchronization causing parts of the system to break down. In 2007, in an effort to cast light on the vulnerability that was common to many electrical components, researchers from Idaho National Lab staged an Aurora attack live on CNN...