DHS assessed Anonymous threat to industrial control systems

THE US DEPARTMENT OF HOMELAND SECURITY (DHS) has analyzed the likelihood of Anonymous attacking industrial control systems (ICS) after the hacktivist group showed such intentions earlier this year.

Earlier today, the Public Intelligence project published a bulletin entitled "Assessment of Anonymous Threat to Control Systems" that was drafted by the National Cybersecurity and Communications Integration Center (NCCIC) back in September. The document is not classified, but it is intended for official use only.

The report describes an interest within Anonymous to target industrial control systems like those used in power plants, gas and oil refineries, factories and pretty much any manufacturing plants.

The NCCIC lists the Anonymous attack against Monsanto and the group's protest against the Alberta Tar Sands project as an indication of its intention to attack energy companies.

However, the most conclusive proof presented by the DHS to support this claim are the 19 July Twitter posts of an Anonymous member who linked to a directory tree for Siemens SIMATIC SCADA software and administration code that could be used to exploit elevated privileges on a compromised industrial control system.

"The capability of the individual to recognize and post code that would gain the attention of those knowledgeable in control systems, as well as their claims to have access to multiple control systems, indicates the individual has an increased interest in control systems, but does not demonstrate capabilities," the NCCIC said in its report.

"There are no indications of knowledge or skill in control systems operations, design, or components. [...] No posting by the individual indicated direct malicious activity," it concluded.

However, despite determining that the hacktivist group has a limited ability to target industrial control systems at this time, the Department of Homeland Security doesn't exclude the possibility of such attacks in the future. That's because the more knowledgeable hackers within Anonymous have the ability to quickly learn about ICS vulnerabilities and how to exploit them.

"Free educational opportunities (conferences, classes), presentations at hacker conferences, and other high profile events/media coverage have raised awareness to ICS vulnerabilities, and likely shortened the time needed to develop sufficient tactics, techniques, and procedures (TTPs) to disrupt ICS," the NCCIC said

The free availability of penetration testing tools like Metasploit and network traffic analysis programs such as Wireshark and Netmon make it easier than ever to figure out ICS protocols, capture credentials and launch attacks with minimal knowledge.

The DHS believes that this threat could even extend beyond Anonymous to other members of the hacktivist community who sympathise with environmental causes and might target energy companies. "Asset owners and operators of critical infrastructure control systems are encouraged to engage in addressing the security needs of their control system assets," the NCCIC advised. µ