Share this story
Close X
Switch to Desktop Site

China cyberspies suspected in new caper: what has experts worried

Next Previous

Page 2 of 3

About these ads

But some cybersecurity professionals are waving a red flag over the Telvent hack. Dale Peterson, CEO of Digital Bond, a leading industrial control systems (ICS) security company in Sunrise Fla, says the Telvent attack looks much like one fragment of a far larger campaign targeting ICS vendors, whose products run the nation's critical industrial processes: pipelines, refineries, chemical plants, factories, and the electric grid.

Typically, stolen software code might help a perpetrator to leapfrog its competition in the global marketplace. But in the Telvent case the theft could facilitate creation of highly reliable and dangerous cyberweapons, he and other control system experts agree.

The apparent target of the Telvent attack was the firm's OASyS SCADA software program, which is used to operate an array of equipment from gas pipelines to the power grid.

Telvent has a huge footprint in the oil and gas industry – and an important role in the emerging “smartgrid” that more efficiently coordinates energy distribution. Its software allows old and new software to speak to each other – and control critical systems. But if captured, the source code from such a product could be used to far more easily develop potent cyberweapons akin to Stuxnet, a hyper-sophisticated software weapon that experts say destroyed 1,000 Iranian nuclear centrifuges.

"The attackers used their presence on the Telvent network to download the customer project files for a future attack – think future Stuxnet," Mr. Peterson writes in his blog. "If an attacker were going to attack a process in a sophisticated manner they would need time and talent to study the project files and essentially reverse engineer the process."

As to the question of who did the dirty deed, China's "Comment Group" is the leading suspect, according to an analysis by Joe Stewart of Dell Secureworks, an expert in tracking cyberespionage attacks. Data from the Telvent hack appears identical in certain key respects to digital signatures left by a Chinese cyberespionage gang many call the Comment Group, but which Mr. Stewart calls the Shanghai Group.

Next Previous

Page:   1   |   2   |   3

Follow Stories Like This
Get the Monitor stories you care about delivered to your inbox.