02. r u sure u r secure

XecureIT

© P

T IM

AN T

ekno

logi

Info

rmas

i

R U Sure U R Secure?


XecureIT

© P

T IM

AN T

ekno

logi

Info

rmas

i


Oil and Gas SCADA/DCSCase: Gazprom, April 2000

Gazprom is the world's largest natural gas producer and Western Europe's largest source.

“ Russian authorities revealed this week that Gazprom, a state-run gas utility, came under the control of malicious hackers.

The intruders succeeded in defeating the company's security and breaking into systems controlling gas pipelines, Interior Ministry spokesman Colonel Konstantin Machabeli said.

The flow of natural gas was under the control of outsiders for some time, Machabeli reported. The Colonel said the intruders used some type of Trojan to gain access, but didn't name it. “

XecureIT

© P

T IM

AN T

ekno

logi

Info

rmas

i


Oil and Gas SCADA/DCSCase: Olympic Pipe Line Co., July 1999

Breakdowns in the Olympic Pipe Line Co. computer system just before and during last month's deadly accident in Bellingham have so alarmed federal regulators that they have issued a nationwide warning.

The federal Office of Pipeline Safety issued the warning... The advisory details a series of computer failures on June 10 around the time Olympic's 16-inch line leaked up to 277,000 gallons of gasoline into Bellingham creeks. Gasoline vapor later exploded in flames, and two 10-year-old boys and a teenager were killed.

After the accident, Olympic acknowledged that its computer system crashed on the afternoon of the accident. The computer problems may have kept Olympic personnel from reacting quickly to the leak, regulators said. ”

XecureIT

© P

T IM

AN T

ekno

logi

Info

rmas

i


Oil and Gas SCADA/DCSCase: Davis-Besse

“ The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours...

The Slammer worm entered the Davis-Besse plant through a circuitous route. It began by penetrating the unsecured network of an unnamed Davis-Besse contractor, then squirmed through a private connection bridging that network and Davis-Besse's corporate network.

One of multiple connections into Davis-Besse's business network completely bypassed the plant's firewall, which was programmed to block the port Slammer used to spread.

Some people in Corporate's Network Services department were not aware of the connection.

R U Sure U R Secure? XecureIT

© P

T IM

AN T

ekno

logi

Info

rmas

i

CyberwarCase: 3 Kiloton Explosion, June 1982


© P

T IM

AN T

ekno

logi

Info

rmas

i

CyberwarCase: DNS Service Provider


© P

T IM

AN T

ekno

logi

Info

rmas

i

CyberwarCase: People Powered


© P

T IM

AN T

ekno

logi

Info

rmas

i

EspionageCase: Government Involvement

XecureIT

© P

T IM

AN T

ekno

logi

Info

rmas

i


EspionageCase: Coca-Cola and Pepsi

An executive administrative assistant at Coke in Atlanta offering samples of a new product to Pepsi for $1.5 million.

He sent the initial letter to Pepsi using an official Coca-Cola envelope on May 19, 2006.

He gave 14 pages of Coca-Cola documents marked "Classified -- Confidential" and "Classified -- Highly Restricted".

"I can even provide actual products and packaging of certain products, that no eye has seen, outside of maybe five top execs," the letter states.

Coca-Cola CEO thanked Pepsi officials for alerting their competitor "to this attack."

Source: CNN

XecureIT

© P

T IM

AN T

ekno

logi

Info

rmas

i


EspionageCase: McLaren vs Ferrari, July 2007

Ferrari engineer passes two computer discs to Mike Coughlan, chief designer of McLaren.

Contain 780 pages of Ferrari technical information. Mr Coughlan's wife was copying the dossier in a

photocopying shop. A staff member from the shop tipped off Ferrari after

realizing that the documents were confidential. "We would not have found out about it were it not from a

tip-off by the photocopying agency," said FerrariSource: New Zealand Herald, July 2007

XecureIT

© P

T IM

AN T

ekno

logi

Info

rmas

i


Malicious EmployeeCase: Societe Generale

Jerome Kerviel is a trader He subverted Societe Generale's systemwide safeguards and

security controls. Led to $7.2 billion in losses for one of France's largest banks.

XecureIT

© P

T IM

AN T

ekno

logi

Info

rmas

i


Malicious ContractorCase: Fannie Mae

Unix engineer and IT contractor Rajendrasinh Makwana installed a "server bomb" on Fannie Mae's (the mortgage giant) servers.

He was embedding a malicious script in fall 2008. The script was to go off on Jan. 31, 2009 and "would have disabled

monitoring alerts and all log-ins, deleted the root passwords to the approximately 4,000 Fannie Mae servers, then erased all data and backup data on those servers by overwriting with zeros.

By chance, a Fannie Mae employee discovered the malicious script before it went off.

XecureIT

© P

T IM

AN T

ekno

logi

Info

rmas

i


Malicious AuditorCase: KPMG

In the spring of 2005, Guy Enright, an accountant at KPMG Financial Advisory Services Ltd. in Bermuda, got a call from a man identifying himself in a crisp British accent as Nick Hamilton.

Enright believed Hamilton was a British intelligence officer Hamilton wanted information about a KPMG project that had national

security implications for Britain. Soon, Enright, who was born in Britain, was depositing confidential

audit documents in plastic containers at drop-off points designated by Hamilton.


© P

T IM

AN T

ekno

logi

Info

rmas

i

Case: Verisign

02. r u sure u r secure

Business