Brazil, Sun Tzu, and Commanding Coincidence

Last Updated on Monday, 23 November 2009 06:42 Written by Jeffreycarr Monday, 23 November 2009 06:42

“Heaven is not merely the sky or weather. It also represents larger patterns in the universe. Going with it, going against it – this is how the general aligns critical actions with these larger patterns, thereby commanding coincidence.”

- Commentary on a quote from Chapter 1 in “The Art of War: The Denma Translation” (Shambhalla, 2003)

Coincidences are something that I pay a lot of attention to, not just in matters related to cyber conflicts and intelligence analysis but in life. My personal view is coincidences should never be shrugged off, and a little digging is almost always a good thing. A lot of people have disagreed with me on this over the years so imagine my surprise when I read the above quote in a book and card set that my wife just gave to me as a birthday gift. One of the greatest generals who ever lived, and one who is still held in high esteem by China’s leadership, believes that coincidences can be “commanded” by the general who takes the broader view. Anyone who has read Project Grey Goose reports or our IntelFusion FLASH Traffic briefs know that I love broadening the context of an event!

Speaking of context and coincidence, let’s review the latest news on Brazil’s massive power outage of November 10, 2009. First, the timeline of events:

08 NOV 09: 60 Minutes airs its report placing the blame of a 2007 Brazilian power outage on hackers

09 NOV 09: Officials from Brazil’s government and from its Independent System Operator group along with the specific utility Furnas Centrais Elétricas denied it, placing the blame on sooty insulators.

10 NOV 09: A massive Brazilian power failure results in lights out for about 90 million people in Rio and Sao Paulo and the entire nation of Paraguay. The government and ONS blames it on lightning and fallen trees, not hackers.

That’s the first coincidence, which I blogged about 2 weeks ago. Here’s the new stuff:

12 NOV 09: Brazilian hacker Maycon Maia Vitali discloses a verbose exception on the ONS (Operador Nacional do Sistema) web page which would give a hacker access to ONS web servers and backend data servers. Shortly after posting this, his site went down with a notice that his account had been suspended.

13 NOV 09: A Brazilian journalist writes an article mentioning Vitali’s post and digs further, discovering that the government’s “lightning” story was an impossible event:

According to the Group of Atmospheric Electricity INPE (Instituto Nacional de Pesquisas), technicians found no electrical charge had hit power lines Itaipu, contradicting the version of the Government.Experts agree and say that weather conditions do not justify the blackout.

No word yet on what the actual cause for this outage was, but the above events, when taken as a group, demand a more serious study of what is going on inside the cloistered world of energy providers, not only in Brazil but worldwide.

Hackers cause large scale power outages in Brazil (2005, 2007)

Last Updated on Saturday, 7 November 2009 08:46 Written by Jeffreycarr Saturday, 7 November 2009 08:46

Thanks to CBS news and the 60 Minutes team, the truth finally emerges about what’s been happening not just in Brazil but in the U.S. and other countries. The Power grid and other SCADA systems are not only vulnerable to attack; they’ve BEEN attacked. I don’t know how far 60 Minutes is exploring this problem outside of the Brazil incidents, but I hope this triggers a renewed emphasis on the state of our nation’s cyber security.

The Project Grey Goose investigation on Power Grid attacks and vulnerabilities is ongoing.