US Gov Warns Anonymous Could Target Critical Infrastructure

The US government has warned that Anonymous could be planning to launch attacks on industrial control systems (ICS) that are vital to the safe operation of key facilities including water, chemical and energy plants. An unclassified bulletin from the US Department of Homeland Security's (DHS) National Cybersecurity and Communications Integration Center points to several examples apparently highlighting "a recent interest Anonymous has developed in exploiting ICS". These include a Tweet by an Anonymous member in July that showed the "results of browsing the directory tree for Siemens SIMATIC software", a type of industrial automation software. While the DHS said that Anonymous appears to currently have "limited ability" when it comes to the knowledge and skills necessary to attack ICS systems, it warned that these capabilities could be developed "to gain access and trespass on control system networks very quickly". "Free educational opportunities (conferences, classes), presentations at hacker conferences, and other high-profile events have raised awareness of ICS vulnerabilities, and likely shortened the time needed to develop sufficient tactics, techniques and procedures to disrupt ICS," it added. In addition, exploits for control systems are found in common pen testing software, while some control systems can be accessed directly from the internet, increasing the risk of attack, said the bulletin. "These systems could be easily located and accessed with minimal skills in order to trespass, carry out nefarious activities, or conduct reconnaissance activities to be used in future operations," the DHS said. "Asset owners and operators of critical infrastructure control systems are encouraged to engage in addressing the security needs of their control system assets." Industrial control system flaws have hit the headlines again this week with the discovery of the virus Duqu - similar to the Stuxnet virus that hit Iran's nuclear facilities last year.

print this article

Return to security news headlines
View Security News Archive

Share with: