Electric Grid Security Fears After Leaked Memo's Surface

""A leaked internal memorandum from the company running the electrical transformers near San Jose, California, that were attacked by snipers in April 2013 admits it is “years away” from promised upgrades, raising serious concerns about the security of other critical electrical transformers nationwide, according to a new report in Joseph Farah’s G2 Bulletin.

Publicly, Pacific Gas and Electric Corporation has been attempting to build confidence in its commitment to increase security following the attack on the Metcalf Transmission Substation by gunman using AK-47s, which caused $15 million worth of damage to 17 transformers.

The promise of upgrading security at the facility came after the Federal Energy Regulatory Commission ordered utilities nationwide to enact standards to protect vulnerable bulk-power systems.

As WND reported, under the FERC order, the facilities must take at least three steps to provide physical security. Owners and operators are required to perform a risk assessment of their systems to identify facilities which, if damaged or inoperable, could have a broad, critical impact. Security plans must then be developed to address potential threats and vulnerabilities.

Soon after the 2013 incident, WND reported the Department of Homeland Security, nevertheless, decided to cut back on training to help electric utilities harden their facilities.

DHS is charged with protecting the country’s critical infrastructures, including the national electric grid system, which would be dramatically affected by either a natural or high-altitude nuclear explosion unleashing an electromagnetic pulse.

Get the rest of this report, and others, at Joseph Farah’s G2 Bulletin.

The internal PG&E memo, dated Aug. 30, 2014, leaked to a local television station revealed that despite publicly claiming it has spent millions of dollars on security upgrades at the Metcalf facility, the company was still years away from physically securing its electrical substations.

The memo said on Aug. 27, 2014, there was another early morning intrusion by unknown assailants who entered the general construction yard and then the substation at Metcalf.

Despite triggering alarms and the presence of two onsite security officers, the intruders were able to steal “several substantial pieces of equipment.”

The memo from Stephanie Douglas, senior director of corporate security, to the company’s president, Chris Johns, revealed that security upgrades have remained “unchanged.” It said those are “years away.”""

Click Here for More:

http://www.wnd.com/2015/05/leaked-memo-raises-electric-grid-security-fears/

Kaspersky Proofs Continue Pointing to NSA as Creators of 'Equation Group' Master Hacks

""Kaspersky has carried out an involved study of the Equation Group and made it look like it is probably the work of the US government.

Before it was an NSA 'style' threat, now it looks much more likely to be an NSA sourced threat, thanks to some commonality with other online security menaces.

The Kaspersky report refers to the use of Backsnarf, which is an unusual and uncommon word, that we have seen before.

The term, and others like it, appear in Snowden leaked documents that have been sourced from the NSA.

There are other clues that it is a US entity that is involved. For example time stamps associated with attacks suggest that it is nine to five, monday to friday staffers who operate in US timezones who are responsible.

It would seem unreasonable to suppose that an average malicious anchor who is not on a government salary would be inclined to work at the weekend. So this is another clue. The code is said to be of good quality, but we can't say that that provides any clue about its creator.

We have asked Kaspersky if it wants to actually finger the NSA as the Equation Group and it did not. It said that it did not want to pin it on the agency, but did concede that there does appear to be a strong link between Stuxnet and Equation.

"We are not able to confirm the conclusions that journalists came up with. Kaspersky Lab experts worked on the technical analysis of the group's malware, and we don't have hard proof to attribute the Equation Group or speak of its origin," it said in a statement.

"With threat actor groups as skilled as the Equation team, mistakes are rare, and making attribution is extremely difficult. However we do see a close connection between the Equation, Stuxnet and Flame groups."

In February Kaspersky researchers claimed to have uncovered one of the biggest, if not the biggest, threat actor that it has seen in two decades.

The security firm dubbed this outfit the Equation Group, and its toolbox 'the Death Star of the Malware Galaxy', and explained that the tools of its trade have hallmarks and themes similar to those of Stuxnet.

Words were not minced. Kaspersky described the group as a "powerful threat actor" that is "unique almost in every aspect of their activities".

The group is sophisticated and well-resourced, and uses complex tools to hide itself in "an outstandingly professional way".

In one incident the group infected targets by switching out legitimate CD Roms with spiked ones at a conference. This makes it sound like a very organised, and perhaps connected outfit.

The tools, a range of trojans, have been named EquationLaser, EquationDrug, DoubleFantasy, TripleFantasy, Fanny and GrayFish. Of these, Fanny, is described as the standout.

Two of these trojans, or modules, can be found deeply inserted in as many as a dozen different makes of hard drive that are sold and shipped to international waters.

The malware is so deeply inserted into the firmware that it can survive wipes, and "resurrect" itself indefinitely. Additional 'implants' add to the mix and can grab and store encrypted passwords, for example.

Costin Raiu, director of the global research and analysis team at Kaspersky Lab, said: "Another dangerous thing is that, once the hard drive gets infected with this malicious payload, it is impossible to scan its firmware.

"To put it simply: for most hard drives there are functions to write into the hardware firmware area, but there are no functions to read it back. It means that we are practically blind, and cannot detect hard drives that have been infected by this malware."

The Fanny trojan is used to fill in the spaces in systems, and launch attacks in unconnected and hard to reach places. Kaspersky said that the 'air-gap filler' is USB-based, and can let attackers move between otherwise unconnected networks.

Thousands of victims lie at the feet of the group, according to Kaspersky, and they include state targets, governments, security developers, telecoms, aerospace and energy industries, along with the military, Islamic activists and the media.

Kaspersky didn't name a likely source  then, but found a lot of links to Stuxnet, which is often linked to the NSA.

"There are solid links indicating that the Equation group has interacted with other powerful groups, such as the Stuxnet and Flame operators, generally from a position of superiority," adds Kaspersky.

A Reuters report makes the NSA link, and we asked the agency if it wanted to make comment in response. It did. 

"We are aware of the recently released report. We are not going to comment publicly on any allegations that the report raises, or discuss any details," an NSA spokesperson told The INQUIRER. 

"The US. Government calls on our intelligence agencies to protect the United States, its citizens, and its allies from a wide array of serious threats - including terrorist plots from al-Qaeda, ISIL, and others; the proliferation of weapons of mass destruction; foreign aggression against ourselves and our allies; and international criminal organisations."

We asked some of the hard drive firms that Kaspersky said have been infiltrated by the Equation Group for their take on the news, and at least one told us that it has not heard specific allegations about any backdoor action.""

Kaspersky traces the Equation Group and its activities back to 2001:

http://www.theinquirer.net/inquirer/news/2395638/kaspersky-fingers-nsa-style-equation-group-for-hard-drive-backdoor-epidemic