The recent news from McAfee (News - Alert) about the prolonged attack on a number of companies, including those in the energy sector and their previous report on the Night Dragon attacks, are more than a wakeup call. According to Dmitri Alperovitch, vice president of Threat Research and author of the Shady Remote Access Tool [RAT] White Paper (News - Alert), the question is not who is compromised, but who does not know they are compromised.

The nature of these prolonged attacks should not be considered as a specific effort. These attacks are prolonged and general in nature. More often they start with SQL – Injection attacks that compromise the corporate Web servers. These servers are meant to be outside of the corporate firewall and are understood to be a security risk. However, once compromised the reality is that these servers are then a command and control center that enable password detection and other Remote Access Tools to not only test the links within the corporation, but all the other ingresses and egresses.

I am using the term corporation generally, since the 72 intrusions McAfee wrote about for Shady RAT include 22 government agencies (not US specific), 13 defense contractors and 2 in the energy sector. However, lest the smart grid community feel that it dodged the bullet, I need to point that the last white paper was about Night Dragon which targeted oil and gas production data. Prior to that, the attack was focused on Google (News - Alert). It also should be pointed out that SCADA the security strategy for the SmartGrid has been targeted in Shady RAT.

Moogle: Malicious Google

As a prolonged attack, the target is not a James Bond strategic strike, but a revelation of everything the company does not want to be revealed; intellectual property, projection numbers, compensation and HR data. Think of it this way – what if instead of Google being a company with the motto, “Don’t be Evil”, it had an evil twin we shall call “Moogle”. Moogle, pronounced Mawgle, since it ogles everything it can find regardless of security. This is not a WikiLeaks effort since the goal is not public revelation. It’s the ultimate insider trading plan. The hedge fund of knowledge and it’s use can include manipulation of markets, destruction of production, and a lot more scary things that would create “Fear Factor: the Corporate Edition”.

Fighting Human Nature 

As humans we have a fight-or flight-mentality. Fight means we focus on the attacker and strike back. Flight means we recoil and hide. Neither of these strategies are the right answer in modern security.

Like Open Source (News - Alert), the modern approach to security is to be forthcoming in the community and share the experience without revealing the information that was breached. In other words, publicly focus on the experience and not the information lost.

This is why Aneesh Chopra, White House CTO, talking about “unlocking the data” and the North American Energy Standards Board [NAESB] specifications for third parties to access smart grid data, need to be seen in context. 

Sharing information on the smart grid will

• Enable cost-effective smart grid investments.
• Unlock the potential for electric sector innovation.
• Empower consumers and enabling them to make informed decisions.
• Secure the grid.

Given the fact that grid has probably already been penetrated it is better to move toward a public standard then a closed leaking system. 

After all, “Moogle” is smarter about our grid then we are.   

Want to learn more about the latest in communications and technology? Then be sure to attend ITEXPO West 2011, taking place Sept. 13-15, 2011, in Austin, Texas. ITEXPO offers an educational program to help corporate decision makers select the right IP-based voice, video, fax and unified communications solutions to improve their operations. It's also where service providers learn how to profitably roll out the services their subscribers are clamoring for – and where resellers can learn about new growth opportunities. To register, click here.