Thursday, June 04, 2009
Ex-Employee Fingered in Texas Power Company Hack
Threat Level Privacy, Crime and Security Online Ex-Employee Fingered in Texas Power Company Hack
By Kevin Poulsen May 29, 2009 | 4:36 pm | Categories: Hacks and Cracks
The FBI is investigating a computer intrusion at a large Texas power company that crippled the firm’s energy forecast system for a day in March, costing it over $26,000.
Early Thursday morning FBI agents raided the home of a former employee of Dallas-based Energy Future Holdings — the corporate parent of three large Texas electric companies, including Luminent, which has over 18,300 megawatts of generation in Texas, and operates the Comanche Peak nuclear power plant.
The ex-employee, Dong Chul Shin, was fired from the company March 3 for performance reasons, and escorted off the premises, according to court records. But the company failed to immediately shut off his VPN access. That afternoon, someone using Shin’s account began logging onto the corporate network, e-mailing out proprietary data to a personal Yahoo account linked to Shin, and modifying and deleting files, according to a search warrant affidavit by Dallas FBI agent Robert Smith.
The Comanche Peak nuclear power plant in Texas.
Company logs showed that the VPN connection originated at Shin’s home IP address, Smith writes.
While logged into the VPN, the intruder sent an e-mail to the engineering group operating the Comanche Peak nuclear reactor. The message asked questions about the safety of the reactor, in particular wondering what would happen if the load were to be “increased to 99.7 percent of capacity.” While at EFH, Smith notes, “Shin was responsible for programming the models which controlled the management of EFH power generation facilities, including Comanche Peak.”
No charges have apparently been filed, but the FBI is treating the case as a suspected violation of federal computer crime laws, including a rarely-used statute prohibiting breaking into a computer and creating “a threat to public health or safety.”
But the damage noted in the affidavit appears to be purely financial. One of the files that was tampered with, “Hourly Capacity Supplied — 2009 upload.xls,” is described as an “input file to determine the power generation required by the RFH system components.” The net result of the tampering was that “the EFH management system was rendered inoperable, resulting in EFH being unable to accurately forecast the parameters necessary to operate the business on March 4, 2009.”
That kind of sabotage would harm the company’s efforts to sell its electricity in Texas’ power market for that day, but it wouldn’t threaten plant safety, or cause an outage, says control system cyber security expert Joe Weiss. “The people in Texas aren’t going to see their lights flicker as a result of this,” says Weiss. “This is an economic issue.”
When he was terminated, Shin allegedly promised to return his company-issue laptop the next day. But he failed to deliver until a corporate security agent showed up at his front porch on March 5 to retrieve the computer.
The company reported the sabotage to the FBI on March 6, estimating over $26,000 in losses. EFH did not return a phone call Friday. Threat Level couldn’t locate a phone number for Shin, and he did not respond to an e-mail query — possibly because the FBI seized all his computer gear, including over two dozen PCs and laptops, various thumb drives, DVDs, CDs, an iPod and a Wii.
Cyber security professionals and government agencies have long warned that intruders could tamper with the computerized control systems that operate portions of the North American electric grid, though so far no confirmed cases of such sabotage have surfaced. In March, though, a Los Angeles federal grand jury indicted a disgruntled tech employee on allegations of temporarily disabling a computer system detecting pipeline leaks for three oil derricks off the Southern California coast. In 2003, the Slammer worm penetrated the operations network at Ohio’s Davis-Besse nuclear power plant, disabling a safety monitoring system for nearly five hours.
By Kevin Poulsen May 29, 2009 | 4:36 pm | Categories: Hacks and Cracks
The FBI is investigating a computer intrusion at a large Texas power company that crippled the firm’s energy forecast system for a day in March, costing it over $26,000.
Early Thursday morning FBI agents raided the home of a former employee of Dallas-based Energy Future Holdings — the corporate parent of three large Texas electric companies, including Luminent, which has over 18,300 megawatts of generation in Texas, and operates the Comanche Peak nuclear power plant.
The ex-employee, Dong Chul Shin, was fired from the company March 3 for performance reasons, and escorted off the premises, according to court records. But the company failed to immediately shut off his VPN access. That afternoon, someone using Shin’s account began logging onto the corporate network, e-mailing out proprietary data to a personal Yahoo account linked to Shin, and modifying and deleting files, according to a search warrant affidavit by Dallas FBI agent Robert Smith.
The Comanche Peak nuclear power plant in Texas.
Company logs showed that the VPN connection originated at Shin’s home IP address, Smith writes.
While logged into the VPN, the intruder sent an e-mail to the engineering group operating the Comanche Peak nuclear reactor. The message asked questions about the safety of the reactor, in particular wondering what would happen if the load were to be “increased to 99.7 percent of capacity.” While at EFH, Smith notes, “Shin was responsible for programming the models which controlled the management of EFH power generation facilities, including Comanche Peak.”
No charges have apparently been filed, but the FBI is treating the case as a suspected violation of federal computer crime laws, including a rarely-used statute prohibiting breaking into a computer and creating “a threat to public health or safety.”
But the damage noted in the affidavit appears to be purely financial. One of the files that was tampered with, “Hourly Capacity Supplied — 2009 upload.xls,” is described as an “input file to determine the power generation required by the RFH system components.” The net result of the tampering was that “the EFH management system was rendered inoperable, resulting in EFH being unable to accurately forecast the parameters necessary to operate the business on March 4, 2009.”
That kind of sabotage would harm the company’s efforts to sell its electricity in Texas’ power market for that day, but it wouldn’t threaten plant safety, or cause an outage, says control system cyber security expert Joe Weiss. “The people in Texas aren’t going to see their lights flicker as a result of this,” says Weiss. “This is an economic issue.”
When he was terminated, Shin allegedly promised to return his company-issue laptop the next day. But he failed to deliver until a corporate security agent showed up at his front porch on March 5 to retrieve the computer.
The company reported the sabotage to the FBI on March 6, estimating over $26,000 in losses. EFH did not return a phone call Friday. Threat Level couldn’t locate a phone number for Shin, and he did not respond to an e-mail query — possibly because the FBI seized all his computer gear, including over two dozen PCs and laptops, various thumb drives, DVDs, CDs, an iPod and a Wii.
Cyber security professionals and government agencies have long warned that intruders could tamper with the computerized control systems that operate portions of the North American electric grid, though so far no confirmed cases of such sabotage have surfaced. In March, though, a Los Angeles federal grand jury indicted a disgruntled tech employee on allegations of temporarily disabling a computer system detecting pipeline leaks for three oil derricks off the Southern California coast. In 2003, the Slammer worm penetrated the operations network at Ohio’s Davis-Besse nuclear power plant, disabling a safety monitoring system for nearly five hours.
Aetna warns 65,000 about Web site data breach
Aetna warns 65,000 about Web site data breach
By Jeremy Kirk
May 28, 2009 10:34 AM ET
Comments(5)Recommended(10)DiggTwitterShare/EmailComments
Active Comments
Anonymous says: Since their job application is using technology from Taleo, I hope they aren't the outside vendor. Taleo powers a lot... Read the rest | Reply
Anonymous says: Aetna is only one of many customers using Taleo on-demand, presumably from the same data-center. What about all the others??... Read the rest | Reply
All Comments (5) | Post New
IDG News Service - Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach.
The job application Web site also held names, phone numbers, e-mail and mailing addresses for up to 450,000 applicants, Aetna spokeswoman Cynthia Michener said. SSNs for those people were not stored on the site, which was maintained by an external vendor.
The company found out about the breach earlier this month when people began receiving spam messages that appeared to come from Aetna and complained to the company, Michener said. The spam purported to be a response to a job inquiry and requested more personal information.
The spam campaign showed the intruders successfully harvested e-mail addresses from the Web site, although Michener said it's not clear if SSNs were also obtained.
Nonetheless, Aetna sent letters last week notifying the 65,000 people whose SSNs were on the site of the breach. The company is offering them one year of free credit monitoring, as SSNs are often used by identity thieves.
"We wanted to err on the side of caution," Michener said.
Aetna hired an IT forensics company to investigate how the Web site had been compromised. "At this point despite a thorough review, they've not been able to pinpoint the precise breach," Michener said.
Aetna posted alerts on the job site, its main Web site and its internal intranet about the spam campaign, Michener said.
By Jeremy Kirk
May 28, 2009 10:34 AM ET
Comments(5)Recommended(10)DiggTwitterShare/EmailComments
Active Comments
Anonymous says: Since their job application is using technology from Taleo, I hope they aren't the outside vendor. Taleo powers a lot... Read the rest | Reply
Anonymous says: Aetna is only one of many customers using Taleo on-demand, presumably from the same data-center. What about all the others??... Read the rest | Reply
All Comments (5) | Post New
IDG News Service - Insurance company Aetna has contacted 65,000 current and former employees whose Social Security numbers (SSNs) may have been compromised in a Web site data breach.
The job application Web site also held names, phone numbers, e-mail and mailing addresses for up to 450,000 applicants, Aetna spokeswoman Cynthia Michener said. SSNs for those people were not stored on the site, which was maintained by an external vendor.
The company found out about the breach earlier this month when people began receiving spam messages that appeared to come from Aetna and complained to the company, Michener said. The spam purported to be a response to a job inquiry and requested more personal information.
The spam campaign showed the intruders successfully harvested e-mail addresses from the Web site, although Michener said it's not clear if SSNs were also obtained.
Nonetheless, Aetna sent letters last week notifying the 65,000 people whose SSNs were on the site of the breach. The company is offering them one year of free credit monitoring, as SSNs are often used by identity thieves.
"We wanted to err on the side of caution," Michener said.
Aetna hired an IT forensics company to investigate how the Web site had been compromised. "At this point despite a thorough review, they've not been able to pinpoint the precise breach," Michener said.
Aetna posted alerts on the job site, its main Web site and its internal intranet about the spam campaign, Michener said.
Corporate-espionage, e-mail break-in case zaps electronics industry
Corporate-espionage, e-mail break-in case zaps electronics industry
Tale of how AMX exec David Goldenberg stole competitor Crestron e-mails leads to guilty plea
By Ellen Messmer , Network World , 05/14/2009
Sponsored by:
A corporate-espionage case in which an executive from electronics manufacturer, AMX Corp, broke into the e-mail system of the marketing firm working for a competitor Crestron Electronics to steal sensitive business information has rocked that industry.
David Goldenberg, a resident of Long Island and former vice president in the New York-area office of Richardson, Texas.-based AMX Corp., pled guilty this week in a New Jersey courtroom to felony wiretapping in connection with illegally accessing the internal e-mail at Crestron’s sales and marketing firm, Sapphire Marketing, based in Woodcliff Hills, N.J.
As part of the plea deal with the Bergen Court Prosecutor’s Office, which has spared Goldenberg from a criminal trial, the prosecutor there, Brian Lynch, is recommending probation.
That’s in part because Goldenberg has been largely cooperative after being approached by the Paramus Police Department in February 2008 after Sapphire filed a complaint about suspicions that business e-mail concerning Crestron was being intercepted and Goldenberg had something to do with it.
“It’s a third-degree wiretapping charge,” says prosecutor Lynch, noting Goldenberg has no prior convictions so he’s eligible for probation, which he called “fair and just” in the case. Lynch noted his office, where most cases focus on nabbing online predators, gets few corporate espionage cases.
However, probation may not necessarily be the outcome as Goldenberg’s sentence comes down from a judge as scheduled on June 26th.
Goldenberg and his attorney declined to comment, but at Creston Electronics, Jeff Singer, communications director, called what Goldenberg did, to which he admitted in his guilty plea, “outrageous.”
From what is known, says Singer, it appears that Goldenberg managed to get the passwords and log-ins for Web-based e-mail access for four employees at Sapphire, reading Sapphire e-mail on a daily basis for about seven months. Eventually Goldenberg was simply forwarding it to his own e-mail account.
But the day came when an employee at Sapphire, whose business function puts it in close contact with Crestron corporate and consumer customers for high-end access control systems for video, lighting and climate control, did notice her e-mail was being forwarded to an outside account.
Marla Suttenberg, owner of Sapphire Marketing, could not be reached for direct comment, but in a written statement this week she indicated she immediately notified local law authorities and let them gather evidence, and improved the e-mail security.
The revelation that Goldenberg was the source of the e-mail break-in was particularly devastating because Suttenberg knew Goldenberg and his family personally. Prior to working at AMX, Goldenberg had been a client of Sapphire’s buying Crestron products. Crestron says Goldenberg applied for a job at Crestron in 2007 but wasn’t hired but was hired by AMX.
Goldenberg also knew Crestron Electronics executive vice president Randy Klein, who states “the full damage caused by our chief competitor illegally obtaining this information is immeasurable and has seriously impacted our past, present and future business.”
According to Singer, Crestron believes Goldenberg, via Sapphire e-mail, obtained information about customers and pricing, upcoming contractual negotiations with dealers, and future product plans.
Goldenberg may have also gotten access to weekly conference calls where Crestron sales and marketing strategies were discussed, due to his illegal access to Crestron e-mail.
Singer said there were times that AMX—which has said Goldenberg acted alone—seemed to know pricing and discount information that undercut Crestron in bidding situations.
In one episode, “our main competition knew what prices we were offering before the dealer did,” Singer asserts. Whether Crestron will press a civil-court case against Goldenberg or AMX remains to be seen, but is a possibility.
However, Crestron, which may have suffered millions of dollars in losses due to Goldenberg’s e-mail break-in of Sapphire marketing, also wants to move on past the distressing event. “We don’t want to be distracted,” Singer says, noting the firm has a new line of products out that makes it feel positive about the future.
All contents copyright 1995-2009 Network World, Inc. http://www.networkworld.com
Tale of how AMX exec David Goldenberg stole competitor Crestron e-mails leads to guilty plea
By Ellen Messmer , Network World , 05/14/2009
Sponsored by:
A corporate-espionage case in which an executive from electronics manufacturer, AMX Corp, broke into the e-mail system of the marketing firm working for a competitor Crestron Electronics to steal sensitive business information has rocked that industry.
David Goldenberg, a resident of Long Island and former vice president in the New York-area office of Richardson, Texas.-based AMX Corp., pled guilty this week in a New Jersey courtroom to felony wiretapping in connection with illegally accessing the internal e-mail at Crestron’s sales and marketing firm, Sapphire Marketing, based in Woodcliff Hills, N.J.
As part of the plea deal with the Bergen Court Prosecutor’s Office, which has spared Goldenberg from a criminal trial, the prosecutor there, Brian Lynch, is recommending probation.
That’s in part because Goldenberg has been largely cooperative after being approached by the Paramus Police Department in February 2008 after Sapphire filed a complaint about suspicions that business e-mail concerning Crestron was being intercepted and Goldenberg had something to do with it.
“It’s a third-degree wiretapping charge,” says prosecutor Lynch, noting Goldenberg has no prior convictions so he’s eligible for probation, which he called “fair and just” in the case. Lynch noted his office, where most cases focus on nabbing online predators, gets few corporate espionage cases.
However, probation may not necessarily be the outcome as Goldenberg’s sentence comes down from a judge as scheduled on June 26th.
Goldenberg and his attorney declined to comment, but at Creston Electronics, Jeff Singer, communications director, called what Goldenberg did, to which he admitted in his guilty plea, “outrageous.”
From what is known, says Singer, it appears that Goldenberg managed to get the passwords and log-ins for Web-based e-mail access for four employees at Sapphire, reading Sapphire e-mail on a daily basis for about seven months. Eventually Goldenberg was simply forwarding it to his own e-mail account.
But the day came when an employee at Sapphire, whose business function puts it in close contact with Crestron corporate and consumer customers for high-end access control systems for video, lighting and climate control, did notice her e-mail was being forwarded to an outside account.
Marla Suttenberg, owner of Sapphire Marketing, could not be reached for direct comment, but in a written statement this week she indicated she immediately notified local law authorities and let them gather evidence, and improved the e-mail security.
The revelation that Goldenberg was the source of the e-mail break-in was particularly devastating because Suttenberg knew Goldenberg and his family personally. Prior to working at AMX, Goldenberg had been a client of Sapphire’s buying Crestron products. Crestron says Goldenberg applied for a job at Crestron in 2007 but wasn’t hired but was hired by AMX.
Goldenberg also knew Crestron Electronics executive vice president Randy Klein, who states “the full damage caused by our chief competitor illegally obtaining this information is immeasurable and has seriously impacted our past, present and future business.”
According to Singer, Crestron believes Goldenberg, via Sapphire e-mail, obtained information about customers and pricing, upcoming contractual negotiations with dealers, and future product plans.
Goldenberg may have also gotten access to weekly conference calls where Crestron sales and marketing strategies were discussed, due to his illegal access to Crestron e-mail.
Singer said there were times that AMX—which has said Goldenberg acted alone—seemed to know pricing and discount information that undercut Crestron in bidding situations.
In one episode, “our main competition knew what prices we were offering before the dealer did,” Singer asserts. Whether Crestron will press a civil-court case against Goldenberg or AMX remains to be seen, but is a possibility.
However, Crestron, which may have suffered millions of dollars in losses due to Goldenberg’s e-mail break-in of Sapphire marketing, also wants to move on past the distressing event. “We don’t want to be distracted,” Singer says, noting the firm has a new line of products out that makes it feel positive about the future.
All contents copyright 1995-2009 Network World, Inc. http://www.networkworld.com
