Project Grey Goose Phase II Report is Published

Last Updated on Thursday, 19 March 2009 06:59 Written by admin Thursday, 19 March 2009 06:59

It’s with mixed emotions that I release this report. It wasn’t easy to do. An all-volunteer effort is not an easy thing to manage because each person does what they can, when they can, until other priorities take over. I’ve been blessed with a great team of volunteers, over half of whom have chosen to keep their involvement confidential. Thanks to all of the hard work, ideas, and support that you’ve contributed to this effort. I appreciate each one of you.

This report aims to answer the following questions by examining three different cyber events impacting almost a dozen nations:

• How effective is Social Network Analysis in Computer Network Exploitation?
• How critical is the ability to access black (classified) data in a cyber intelligence effort?
• Is there evidence that points to Russian government involvement in the Georgia cyber attacks of July and August 2008?

The public version of the Grey Goose Phase II report can be found at my GreyLogic site.

The Government version can be requested via e-mail from your government e-mail account. It’ll also be available on A-Space and Intellipedia.

I’d like to particularly thank the CEO and employees of Palantir Technologies for donating their platform and the time of two of their support engineers to host the data and help connect the dots. You guys are a credit to your company and to the profession of Intelligence.

Project Grey Goose Phase II Report: 9 days and counting

Last Updated on Thursday, 12 March 2009 09:34 Written by admin Thursday, 12 March 2009 09:34

Mark your calendars for March 21, 2009 – the release date for public and government versions of our Phase II report “The Evolving State of Cyber Warfare”.

We focus on 3 topics:

1. Whackerz-Pakistan attack on India’s Eastern Railway Web site
2. The Gaza Cyber War during Israel’s Operation Cast Lead
3. Attribution and Bulletproof Networks: The StopGeorgia.ru Forum

The GOV version must be requested via your .gov, .ic, or .mil email address with your position/organization. Contact info is at the bottom of this blog.

The public version will be available for download at a site to be announced on March 21.

India’s Railways Vulnerable to Hacker Attack

Last Updated on Thursday, 25 December 2008 11:49 Written by admin Thursday, 25 December 2008 06:56

Transportation is a critical sector in every nation’s infrastructure. As a result, security audits are typically done to determine weaknesses or expose vulnerabilities. India’s no exception. Of course, for an audit to do any good, steps have to be taken to harden those vulnerabilities. The Eastern Railway of India appears to be a bit behind the curve after having their Web site defaced by religious extremist hacker Mianwalian of the Whackerz Pakistan Cr3w.

According to today’s The Financial Express:

Kolkata: In the first instance of cyber attack on Indian government websites, the attack on Eastern Railways site on Wednesday popped open vulnerability of government websites in the country.

While Eastern Railway took almost two and half hours to restore the site to normalcy, visitors to the site continued to be attacked by Trojan virus. ER officials could only primarily trace the roots to Toronto in Canada after repeated top-brass meetings all through the day.

As spotted by FE in the morning, the official site of the Eastern Railway-www.eastern railway.gov.in—was hacked on Wednesday. When opened, the scroll on the site— which normally consists of official announcements—had unusual notes. The first note read: “Cyber war has been declared on Indian cyberspace by Whackerz- Pakistan (24 Dec-2008).” This was followed by two other notes: “Indians hit hard by Zaid Hamid” and “We are f**ked up Indians. You are hacked.”

When clicked, the scroll opened into a new window which claimed that ‘Mianwalian of Whackerz” has hacked the site in response to the air violation of Pakistan. It also claimed that it will continue to hack more Indian military and government sites. The threat note also claimed that servers of Indian financial institutions will also be hacked with the help of the group’s members working in computer departments of “foreign companies”. Data belonging to “Indian nationals (only Hindus)” will be destroyed eventually, it added.

When a reporter from Financial Express contacted Eastern Railway officials, they not only didn’t know what happened, but did nothing about it for at least an hour afterward. This lackadaisical attitude toward cyber security comes through when you read the Auditor General’s report on IT Governance for Eastern Railway. Here are the highlights:

Eastern Railway: Audit of IT Governance with reference to implementation of PRIME and AFRES:

The IT Governance environment in Eastern Railway was found lacking in timely and proper implementation of major IT initiatives. The software applications were customised without obtaining users’ requirements. This led to modifications of the system with added cost. The system could not be implemented within the stipulated period due to poor functioning of the task force responsible for implementation of the project, non-procurement of specified hardware and modifications of software. Poor implementation of the system resulted in cost and time overrun, which were likely to increase further.

Although this is a small, relatively minor event, it needs to be a wake-up call for the government of India regarding cyber security of its critical infrastructure.

UPDATE: Per an article in today’s ExpressIndia, Indian authorities are investigating the attack to identify those responsible:

“We cannot disclose the details of our investigations due to security reasons. We are looking into the incident and action will be taken against those found guilty,” said Samir Goswami, Chief Public Relation Officer, Eastern Railway.