[Fair use for education and research purpose only]
Title: Hackers Cracked Gazprom Security
World�s Largest Natural Gas Company
Lost Control of Gas Flows �For Some Time'
MSNBC STAFF AND WIRE REPORTS
MOSCOW, April 26 � Gazprom, Russia�s huge gas monopoly, was one of a growing number of targets hit last year by computer hackers, who controlled the company�s gas flows for a short time, a law enforcement official said Wednesday.
ACTING with a Gazprom insider, hackers were able to get past the company�s security and break into the system controlling gas flows in pipelines, Interior Ministry Col. Konstantin Machabeli said, according to the Interfax news agency.
--------
The central switchboard of gas flows was �for some time� under the control of external users, Machabeli said in the report.
He did not say if the hackers caused any damage. Officials at Gazprom, Russia�s single largest source of tax revenue, could not be reached for comment.
Gazprom is the world�s largest natural gas producer and the largest gas supplier to Western Europe. The company, Russia�s biggest, is 38 percent state-owned. It supplies about 95 percent of Russia�s natural gas and is estimated to control about a quarter of global natural gas resources, delivering its products to 25 countries. It has about 278,000 employees and earned about $9 billion in export earnings last year, though it has a largely dilapidated infrustructure in dire need of repair.
Machabeli said the hackers used a �Trojan horse� program, which stashes lines of harmful computer code in a benign-looking program, Interfax said. The report did not identify the hackers or say if anyone had been apprehended.
Including the Gazprom case, police registered 852 cases of computer crime in Russia in 1999, up twelve-fold from the year before, the report said.
-----------------------
What is making these attacks possible?
Hackers have become more sophisticated and have developed programs that automate such attacks. The programs direct tens or hundreds of computers around the world to send traffic to a specific site simultaneously. That allows hackers to overwhelm some of the most prominent sites already designed to handle large amounts of traffic. Security experts became aware of the tools last fall.
Patrick Taylor, vice president of risk assessment for the Internet Security Systems in Atlanta, said the tools allowed people with lower degrees of skills to execute sophisticated attacks.
How do hackers use so many computers in their attacks?
They can secretly plant their attack programs in other people's or company's computer systems by exploiting those systems' security weaknesses. The programs remain dormant until the appointed time of attack. When hackers route the program through someone else's computer, it makes them harder to trace.
What can sites do to prevent such attacks?
Little, according to Mark Zajicek, a team leader at the CERT Coordination Center at Carnegie Mellon University. He said the focus instead must be on increasing security of other computers so that they cannot be commanded to launch such attacks. Once a site is targeted, one recourse is to trace the traffic back to the third-party computers and alert their administrators. The process can take hours.
Why can't sites block the bad traffic?
Even the process of determining whether traffic is legitimate uses precious computing time. A site's Internet service provider might be able to stop some bad traffic, but it comes from various locations and often carries fake return addresses, making it difficult to sort to good from the bad.
Why are these attacks occurring?
Attorney General Janet Reno said Wednesday that while a motive had yet to be determined, "they appear to be intended to interfere with and disrupt legitimate electronic commerce." There is no evidence that hackers gained access to the sites' internal data. But Randy Sandone of Argus Systems Group Inc. in Savoy, Ill., warned that denial-of-service attacks might one day be used as a decoy. While security personnel are busy trying to block traffic, a hacker might try to gain access to sensitive data.
Is this the work of one person?
Investigators have yet to determine whether a single person is behind all the attacks. Analysts say that after Yahoo! was hit Monday, other sites might have been targeted by copycat hackers.
http://www.msnbc.com/news/400233.asp
====================
-- (Dee360Degree@aol.com), April 27, 2000