Cybertastrophe and Cybergeddon

White House asks again about cyber czar position; my answer is still 'no'

2009-08-05T00:55:00Z

The White House contacted me again at the cyber emergency headquarters in South Korea where I've been working almost around the clock to stop North Korea from taking over this country via compumetric terror attacks. They asked me again if I would like to be on the short list of nominees for the new cyber czar position after my colleague Melissa Hathaway tendered her resignation.

I told the White House exactly what I said before. "I'm in South Korea right now trying to save their people from cyber terror attacks. I'm not the kind of guy who likes to lead from the rear." I asked the person to pass on my gratitude to the president for thinking so highly of me, and then we hung up.

The face of cyber terror

2009-07-25T04:02:00Z

They say that a picture is worth a thousand words. This is a newspaper photograph of civilian demonstrations against the cyber attacks here in South Korea. I continue to be horrified at the amount of destruction that North Korea is inflicting on this country. Every evening when I report for duty at South Korea's Cyber Terror Response Center, I find more SCADA attacks on our list of tragedies. I think the blood red "DDOS" sign in the photo says it all.

SCADA attack against cranes in New Delhi?

2009-07-14T00:09:00Z

I just heard about the three cranes that toppled over in New Delhi. I can't believe this is a coincidence. One maybe, but three? It sounds like a hacker remotely took over the cranes' SCADA networks and made them topple. I hope we catch the person(s) who did this cowardly act of terrorism.

Cybergeddon imminent for South Korea

2009-07-14T00:01:00Z

My team is unable to catch any rest since the North Koreans launched their nonstop blitzkrieg cyber-attacks against Seoul, South Korea and Washington, D.C. With the rumors of Kim Jong-il suffering from terminal cancer, we fear it is only a matter of time before the North Korean leader unleashes his much feared "suicide hackers" who will lob SCADA attacks at South Korea without mercy. It will be an act of suicide not just for the hackers, but, also for North and South as the Koreas plunge into years of darkness. We all need our rest to be ready for the huge wave of cyber attacks, but we cannot afford to sleep. Most of us are moving like the walking dead in our cubicle farm. I don't know how much longer we can last against the North Korean onslaught.

More details in deadly hack behind D.C. train wreck

2009-07-09T07:36:00Z

More details have emerged in North Korea's military hacking that resulted in the deadly Washington, D.C. train wreck. Kim Jong-Il's elite hacking unit has been as busy as the missile test wing, all of them trying to temp the United States to return to open war. I'm sickened by the SCADA attacks I've seen coming from the north side of the DMZ every day since I landed at the Seoul airport.

North Korea cyber war, a prelude to physical war?

2009-07-08T16:39:00Z

We just returned from an emergency meeting in Seoul at the Cyber Terror Response Center. Team leader Chang Seok-hwa briefed us that North Korea is stepping up its attacks, probably in advance of a massive physical attack that will roll across the DMZ. South Korea's military is now implementing the first part of its plan to shut down the country's major Internet pipelines in order to protect the country from North Korea's cyber military might. More news as I get it.

North Korea behind Disney World monorail hack?

2009-07-05T18:58:00Z

I just heard about the Disney World monorail crash where two trains were made to collide with each other. Circumstantial evidence is that North Korea's military was hacking into Florida electrical utilities in the wee hours when few computer security experts are guarding their SCADA systems in real time. I don't yet know for sure if North Korea was behind this crash. But it wouldn't surprise me. This may just be North Korea's way of harming the United States after they decided not to fire a nuclear missile at Hawaii.

North Korea is going ballistic, killing people

2009-07-01T00:04:00Z

I'm watching the clandestine internet traffic from North Korea and I am horrified. It's bad enough that their military is hacking into South Korea's critical infrastructures, killing roughly a dozen innocent people each day on average. Now their military hackers have gone beyond the penninsula. They just killed a dozen people in a SCADA attack against a train passing through Viareggio, Italy. Closer to home, uniformed North Koreans hacked into a transformer in Newark, N.J. and fed it a sequence of out-of-bound SCADA commands that made it explode, leaving the city crippled in darkness with no electricity. I pray the United States has enough resolve to end North Korea's aggression with deadly military might.

USAF prepares to enter INFOCON 2

2009-06-25T03:25:00Z

Just got an email from an old friend of mine who's still in uniform. He's a lt col now and he tells me that the Air Force is about to move into INFOCON 2 due to the threats by North Korea to "wipe out" the United States with computer viruses and nuclear missiles. Frankly, I'm not sure which is worse. The missiles might not hit their mark, but a devastating computer virus could destroy trillions of dollars of productivity all over the globe. My wife and daughter are really concerned that I'm here in South Korea where I might be killed. But I have to protect South Korea's critical network infrastructures. It's too important to leave our allies swinging in the wind. I wish everyone back at home a safe and non-infected July 4 holiday. Grill a brat for me!

SCADA attackers make trains collide, 6 killed

2009-06-23T03:12:00Z

Today's SCADA attack on the Washington, D.C., railway system ended with the loss of six lives and wounded dozens of other passengers when train tracks were remotely reconfigured to put two trains on the same tracks travelling at each other at very high speed. I haven't heard any news yet on which nation attacked us. Could be North Korea, could be Iran.

Burma cyber attack

2009-06-21T20:06:00Z

I'm still in South Korea, trying to help these honorable people try to stop a massive wave of cyber attacks that have been crossing the demilitarized zone for more than a week now. It's obvious that North Korea is preparing for a full-scale invasion of South Korea once they finish the carpet bombing they've done in cyberspace. I'm not really sure we can save the South Koreans.

Adding to my misery right now, is the fact Burma is under a severe cyber attack. We've got an incredible vantage point to watch the digital fireworks from our cyber bunker just south of this nation's capital. I doubt Burma will survive the cyber attack.

More news to follow.

SCADA security experts alarmed over Slim Jim plant explosion

2009-06-11T05:16:00Z

The "SCADASEC" control systems security mailing list went on red alert when SCADA expert Bob Radvanovsky posted the story about a deadly explosion at the Slim Jim meat plant in Garner, North Carolina. Only a remote SCADA attack would concern the members of this particular mailing list. I hope we bring to justice the hackers or military people who are behind these senseless civilian killings.

Obama quote; "Cyber attacks have plunged entire cities into darkness"

2009-05-30T14:55:00Z

Some of my friends and colleagues wrote to me yesterday to ask about President Obama's cybersecurity speech. They were curious to know exactly where, "cyber attacks have plunged entire cities into darkness," as the president revealed. "Which cities were plunged into darkness?"

I don't have any notes with me but I can remember the briefings. The most important city blackout cyberattack in my book was Chi-lung, Taiwain. The Chinese military was behind that one, like they always are, just to prove to Taiwain that they can rape the island anytime they want. That was the seminole event that made Taiwan sit up straight and admit to themselves, "we need to protect our cyber infrastructure from the PRC."

There was the Israeli cyber attack on Syria in 2007. They shut down Syria's air traffic control system and all the lights in the nearby cities as part of Operation Orchard. The Register covered it pretty well I think. It was the first time a military aircraft in flight hacked into another country's SCADA critical infrastructure. (Sorry, USAF. You were second due to our politics.)

A hacker cell tied to some terror group, I forget their name, remotely attacked Kasane, Botswana from a computer network just across the border in Zambia. They killed all power to the city for days as I recall, and they fried a bunch of electrical generating equipment by sending operating parameters to the equipment that exceeded its limits.

There may have been two larger and 3-4 smaller cities deep in the African interior, but, I don't think those were confirmed. I just think the evidence was all that compelling. We're talking about cities that can't even maintain a standard for drinking water. Which leads me to question why they could maintain a standard for electricity.

I'm off to the airport. Hope to hear good news about the cybersecurity initiative when I get back from South Korea!

Turning down a short-list nomination as Obama's cyber czar

2009-05-29T21:00:00Z

I was packing my bags this morning, getting ready for tomorrow's trip to South Korea. My daughter answered the phone. "It's some guy, he says he's from the White House." I was told that I had been placed on the short list for Obama's new cyber czar position, behind Melissa Hathaway and some person whose name I didn't catch.

The man from the White House wanted to ask me if there was anything in my life that would make it "difficult" for me at a Senate confirmation. I stopped him in his tracks. "Take me off your short list," I said. He was dumbfounded.

"I'm like that soldier who refuses a promotion because he doesn't want to lead from the rear," I told him. I explained that I was on my way to protect South Korea's cyber infrastructure if North Korea should attack with missiles or even nuclear weapons. "I don't have the time or the inclination to deal with presidential politics, so take me off your list."

He thanked me for my time and we hung up.

My wife & daughter are scared to death for me, becuase they think I might get vaporized in a nuclear blast. All of it to protect a bunch of computer networks. But this is somthing I have to do. The cyber threat is too important. I'd rather lead from the front than sit at a desk in the White House.

SANS urges a hard disk reformat if you got hit with this weekend's Twitter worms

2009-04-12T23:51:00Z

My phone has been filling up with tweets from friends who got infected by this weekend's Twitter worms. Richard Clarke, the former president's cyberspace security advisor, is still trying to figure out how to stop the worm from sending out tweets in his name on his Blackberry PDA. He called me for help, and I in turn placed a call to Alan Paller, my good friend who is the director of research at the venerable SANS Institute.

Alan gave me some disturbing news. "If a vulnerable system has simply been left unpatched while [these new Twitter worms have] been circulating, the only real solution is to reformat the system's hard drive and reinstall all the software." That's the official advice from SANS. I returned Dick's call and told him the bad news. "The Clarke family isn't going to be very happy with this," he told me.

Dick asked me if he should reformat his wife's computer, as it didn't seem to be infected with the Twitter worms. "Is her system vulnerable?" I asked. He said, "yes." I asked, "has it been left unpatched so far?" He said, "yes." I said, "SANS is clear on this point. You need to reformat her hard disk. Alan said it is 'the only real solution.'"

Dick agreed that it would be best to follow SANS' advice. Last I heard, he said he was going to go looking for the CD-ROM that came with his Blackberry PDA. As for me, I'm still trying to hunt down some of my friends who are still sending out tweets...

Oops! Air Force Lt behind Navy vessel collision

2009-03-22T17:38:00Z

As you may know, two U.S. naval vessels collided at sea last week. The cyberspace community is buzzing with excitement after learning that a lieutenant in the Air Force caused the accident.

According to the initial report, 1Lt Darvell "Hoot" Gibson was hacking U.S. military assets in a live-fire cyber exercise when he gained full remote control of the USS New Orleans. But the problem was, that, Lt Gibson didn't have the correct type of joystick to maneuver the ship. It continued moving forward until it rammed the submarine USS Hartford. Both vessels were attempting to make port in the Persian Gulf at the time so their firewalls may not have been fully raised up to stop a terrorist cyber-attack.

Lt Gibson has been assigned desk duties until the navy's accident investigation board files its final report. He was clearly operating beyond his authorized kill zone. I'm told he will be ordered to write a personal apology letter to each of the 15 sailors he injured in the collision.

It's very embarrassing for the Air Force, but I think even more so for the navy. If a lieutenant can break into their navigation systems, then, what stops a terrorist from breaking into their AEGIS weapon system?

Al Qaeda hackers remotely destroy two Christian radio stations

2009-03-03T04:27:00Z

We've just experienced another taste of what Al Qaeda is capable of in cyberspace. News reports claim a team of radical Muslim hackers, working in conjunction with Osama bin Laden's top cyberspace tactical cell, have logged in from a Taliban-infested region of Afghanistan and destroyed two U.S. Christian AM radio stations, WVAB and sister station WBVA in Virginia. The FCC has told DHS to go away and let them do all the forensic investigating, because they FCC actually thinks they can investigate this! What a crock.

This is not the first time Al Qaeda hackers have remotely destroyed traditional broadcast media, but it is the first time they've targeted Christian-affiliate stations. The two victim stations remain off the air and probably will be for quite some time. So let this be a lesson to any religious TV & radio stations out there. If your equipment hooks into the Internet, radical religous opposition groups can find a way to destroy you...

Teenager uses SCADA attack to contaminate Des Plaines River

2009-02-09T05:29:00Z

I fly out tomorrow as part of a DHS team that will investigate a SCADA attack that contaminated the Des Plaines River in Illinois. The state police hauled in a local 15 year old hacker for questioning, and he quickly confessed to the crime. His confession will make my job easier.

Unfortunately, I hear the city police ruined some of the key evidence by fiddling around with the kid's computer before the state police forensic cyber pathologist got there. If we lose our chain of evidence, the result is that this kid might actually get off with a slap on the wrist for destroying portions of the Des Plaines River.

The child may be a local, but this SCADA attack probably could have been done by anyone. I know some people will say "the river is dead whether or not a terrorist attacked it," but the truth of the matter is that we're lucky a terrorist didn't do this. Terrorists, like teenage hackers, want to do as much damage as they possibly can.

SCADA attack behind Milwaukee water/gas line ruptures?

2009-01-18T19:09:00Z

News reports now say that Milwaukee suffered both a water main break and a gas line rupture. This kind of event disturbs me, because we caught Russia doing this to Georgia during last year's devastating cyber war. (Georgia the country, not Georgia the U.S. state.) Russian military hackers would break into Georgian water plants and abuse SCADA control networks to make the water pressure go wild in the capitol of Tbilisi. Then, while civil engineers were busy trying to repair broken water mains, Russia's military hackers would break into the SCADA networks for natural gas lines and would make them explode all around the workers.

That's exactly what just happened in Milwaukee. First the water main breaks, and then the workers get caught in a natural gas break. How can this be a coincidence?

White House will ban laptops, Blackberries, wi-fi hotspots at inauguration

2009-01-18T00:38:00Z

I just returned from Hawaii where our DHS team had investigated the SCADA electrical power grid attacks that were launched against President-elect Obama. Based on our findings, our team urged the Secret Service to ban all high-tech devices at the inauguration, especially laptops and Blackberries and iPhones. Our team collectively believes China may go so far as to launch kamikaze hacker attacks against Obama before his swearing-in ceremony. These so-called "seppuku hackers" will find it very easy to accomplish their mission with all those Internet-enabled devices in such close proximity to Obama.

This threat may sound like a SCADA attack in the movie "Eagle Eye," but Air Force network warfare experts like myself know you can weaponize the Internet if you bring a "critical mass" of Internet-enabled devices in close proximity to your target. That's what China tried to accomplish in Hawaii, but there were just too few people with high-tech toys near Obama's island retreat. China's military hackers failed to acquire a critical mass of Internet-enabled devices in close proximity to him.

Rahm Emanuel, the incoming White House Chief of Staff, agreed with most of our team's recommendations and has ordered the Air Force's cyberspace security detail to enforce a ban on all laptops, Blackberries, and wi-fi hotspots at the inauguration. However, he refused to block 3G phones, choosing instead to let the NSA monitor them for terrorist coordination activities.

Let me point out that two members on our team disagree strongly with the recommendations we made to the Secret Service. First of all, they don't believe USAF should be ordered to use its cyber weapons against the U.S. populace. Second, they worry that our enemies (e.g., China) will learn about some of the top secret network warfare weapons that will be available to the President, should he wish to launch a preemptive retaliatory network strike. But USAF and NSA have received their marching orders, and they'll do what they're told. There's no use arguing the point.

So please don't feel bad if you're walking around the National Mall on inauguration day, and your Blackberry suddenly dies, or your laptop won't boot up, or your iPhone makes a short click while you're talking to someone, or you can't acquire an IP address on your favorite wi-fi hotspot. It's not an attack on the United States. It's being done by our very own U.S. military inauguration details to protect the life of the incoming President.

See you at the inauguration!