Search results

Monday, October 20, 2014 @ 04:10 PM gHale

It is time to put the notion of an air gap to rest.

Even systems thought to be in an air-gapped environment are not safe. An all in one printer can end up an attack vector for a smart bad guy. Just ask cryptographer Adi Shamir, co-inventor of the RSA cryptographic system, and researchers Yuval Elovici and Moti Guri from Ben-Gurion University in Israel.

RELATED STORIES
ICS Attack Responses
Espionage Group Targets NATO, EU
Insider Threat ‘Underestimated:’ DHS
Breaking Down an Insider Attack

In theory, if a malicious program ends up installed on an air-gapped computer by an unsuspecting user via, say, a USB thumb drive, attackers should have a hard time controlling the malicious program or stealing data through it because there is no Internet connection. Getting in is the easy part, but just how do you get information out, and how can you send in an attack message?

The researchers found if a multifunction printer end up attached to such a computer, attackers could issue commands to a malicious program running on it by flashing visible or infrared light at the scanner lid when open.

Shamir presented the attack, which he called Scangate, Thursday during his keynote at the Black Hat Europe security conference in Amsterdam.

The researchers said if a source of light points repeatedly at the white coating on the inside of the scanner’s lid during a scanning operation, the resulting image will have a series of white lines on darker background. Those lines correspond to the pulses of light hitting the lid and their thickness depends on the duration of the pulses, Shamir said.

Using this observation the researchers developed Morse code to send pulses of light at different intervals and interpret the resulting lines as binary data—1s and 0s. Malware running on an air-gapped system could end up programmed to initiate a scanning operation at a certain time — for example, during the night — and then interpret the commands sent by attackers using the technique from far away.

Shamir estimated several hundred bits of data can end up sent during a single scan. That’s enough to send small commands to activate functionality built into the malware.

The researchers successfully tested the attack from 200, 900 and 1,200 meters against a computer and printer located in a building in Beersheba, Israel, where EMC, Oracle and other big companies have research centers. They used a laser to flash visible light at the window of the office housing the scanner, illuminating the room.

Using a more powerful laser could produce reliable results from up to 5 kilometers away, according to Shamir. An attacker would likely use infrared light because it’s invisible to the naked eye, but the researchers only tested with infrared light over a short distance because using a high-powered infrared laser can be harmful to people’s eyesight.

Instead of waiting for the malware to initiate a scan, attackers could also wait until a person in the office scans a document with the lid open and then run their attack. In that case, the lines would appear on the sides of the scanned document because of the scanner’s larger surface that leave an uncovered border.

The researchers also found a way for the malware to send data back to the attackers by using the light produced by the scanner itself. Since the malware can initiate and cancel scanning operations, attackers can derive information from the amount of time the scanner’s light is on and reflects off the opened lid.

This is not as efficient as receiving commands, but can work to exfiltrate a few bits of data at a time. It is possible to repeat the operation to eventually exfiltrate critical information, like encryption keys, Shamir said.

Detecting the light generated by the scanner from far away would require very sensitive equipment and if the computer is in an office on a higher floor, the attacker would have a hard time getting good visibility. This can end up solved by using a quadcopter drone to get closer and observing the scanner from a better angle, Shamir said.

The technique is similar to the side-channel attacks that can derive cryptographic keys by analyzing a computer system’s power consumption, electromagnetic leaks or even sound during a cryptographic operation.

There are other examples of air-gapped systems suffering infection. The Stuxnet virus developed by the U.S. and Israeli intelligence services, hit air-gapped computers at Iran’s nuclear facility in Natanz through USB drives.

Monday, October 20, 2014 @ 02:10 PM gHale

A failed regulator led to a incident where two Entergy employees suffered injuries when a Marshall, Arkansas, substation experienced a failure Wednesday night.

Two employees suffered injuries and ended up transported to the hospital around 8 p.m. when a piece of equipment malfunctioned during maintenance work, said Entergy spokesperson, Sally Graham.

RELATED STORIES
Worker Hurt in Plastic Plant Blast
1 Dead, 3 Hurt in WY Gas Blast
Electrical Substation Blast, 3-Alarm Fire
Gas Blast Forces Evac; 3 Hurt

Graham said the substation is completely de-energized and heavily damaged. Preliminary reports indicate a regulator failed.

Entergy is conducting an investigation.

Meanwhile, in a separate incident, an equipment failure caused a large surge of electricity at an Entergy substation in Clinton, MS.

Large sparks and smoke were visible at the site on Springridge Road at 11:30 p.m. Thursday.

Entergy says a reactor breaker failed. Crews were investigating the cause. The equipment failure did not cause anyone to lose power, and no one was hurt.

Friday, October 17, 2014 @ 03:10 PM gHale

Sunoco Logistics Partners LP shut a segment of its Mid-Valley Pipeline between Longview, Texas, and Mayersville, Mississippi, after it spilled as much as 4,000 barrels of crude Monday.

The Mid-Valley line carried about 228,000 barrels of crude a day through Louisiana in July, the most recent month for which data is available, according to the state’s Department of Natural Resources.

RELATED STORIES
Pipeline Spill Brings Exxon $1.4M Fine
NM Pipeline Blast Kills One
Proactive Safety: Utility to Harden Lines
Pipeline OK’d for ND Oil Patch

After shutting the Longview-Mayersville segment following yesterday’s spill, Sunoco closed the entire Mid-Valley line for 48 hours of planned maintenance because of a refinery turnaround, Lawson said.

This is the second time this year Sunoco has had to shut a section of the Mid-Valley because of a spill. The 20-inch pipe leaked 240 barrels of crude near Colerain Township, Ohio, in March.

A massive cleanup is now underway in Mooringsport, LA, the site of the spill. Residents ended up told late Monday night an oil pipeline had ruptured.

A Louisiana state police said workers were able to contain the spill immediately, but an estimated 4,000 barrels of oil released. Sunoco said the size of the spill is not yet available.

It is already one of the largest pipeline spills of the year according to federal records, but the cause of the leak still remains a mystery.

Crews have brought in equipment to help mediate the spill. The pipeline remains shut off and while workers clean up the area.

Tuesday, October 14, 2014 @ 02:10 PM gHale

Wolf Creek Nuclear Operating Corp. received an extra eight hours to fix a backup generator that damaged in a fire early last week, averting a shutdown of the nuclear power plant near Burlington, KS, federal officials said.

“We’re totally good,” plant spokesman Terry Young said Thursday night, just after the damaged generator gained certification as repaired. “We’re running full-steam ahead.”

RELATED STORIES
NRC Missed CA Nuke ‘Shortcomings’
San Onofre Nuke Decommissioning Plans
San Onofre: What Went Wrong?
Nuke Supplier Settles in Cheating Case

The actual repairs to the damaged generator wrapped up Wednesday afternoon, but the unit had to undergo testing and then run for 24 hours without incident before it could gain certification as being back in service. The plant continued in full-power operating mode while workers conducted the repairs and no radiation released in the incident, officials said.

The deadline extension from the Nuclear Regulatory Commission (NRC) was good news for customers of the three utility companies that own the plant. Shutdowns cost hundreds of thousands of dollars a day as the power companies have to burn more fuel at their coal and gas plants or buy power from other systems, or both. Those costs eventually show up in consumers’ bills.

Without the eight-hour grace period, Wolf Creek operators would have missed a deadline to repair the damaged generator or shut the plant down, Young said. Federal regulations require repairs to wrap up within 72 hours, which would have passed at 1:30 p.m. Thursday.

The damaged diesel generator is one of two backup units designed to provide power to run the plant if it loses its regular supply of on- and off-site power.

It suffered damage Monday afternoon when a part of the generator called an “excitation power transformer” burst into flames. That part provides energy to the internal wiring of the generator unit so it can produce electricity.

Westar Energy and Kansas City Power & Light each own 47 percent of the plant and are entitled to that much of its power output. Kansas Electric Power Cooperative owns the remaining 6 percent and gets that much of the power.

It’s the second time in two weeks that Wolf Creek has gotten a time extension on repairs to avert a shutdown. Last week, the NRC granted the operating company a delay on fixing a malfunctioning sensor unit underneath the reactor core that provides warning if there’s a coolant leak.

The plant has to shut down to fix that problem because the radiation level under the reactor is too high for people to work there when it’s running, even if they’re in protective suits.

NRC officials agreed with Wolf Creek the plant could continue to run because a leak would also be picked up on other sensors that monitor temperature, humidity and radiation in the reactor building.

The bad sensor unit will end up replaced when the plant goes into a scheduled refueling shutdown at the end of February.

Wednesday, October 8, 2014 @ 02:10 PM gHale

A fire at an offshore natural gas platform in Alaska’s Cook Inlet forced four workers to evacuate and destroyed the crew’s living quarters, but no one suffered injuries and the environmental risk was minimal, officials said.

The blaze broke out Thursday at 7:30 a.m. By evening, the unified command set up for the incident said the fire was in full containment.

Hilcorp Alaska LLC owns the platform and 11 others among the 16 platforms in the inlet.

RELATED STORIES
Belden: Oil, Gas Security
Know Vulnerabilities, Threats to Manage Risk
Dragonfly: Pharma Industry Targeted
Risk Assessment Software Released

The platform would end up monitored through the night, the unified command including Hilcorp, the Coast Guard and the state Department of Environmental Conservation said in a statement.

A Hilcorp helicopter crew evacuated the four workers from the platform 8 miles offshore, company spokeswoman Lori Nelson said.

There was no spill at the scene about 45 miles southwest of Anchorage. The affected site, called the Baker platform, has only one active production well, and they were able to shut it off remotely, Nelson said.

Coast Guard Petty Officer Joshua Yates said 11,000 gallons of diesel fuel were onboard, along with 8,000 gallons of drill mud and 1,000 gallons of hydraulic oil.

A subsurface pipeline that carries the gas to the town of Nikiski also closed down.

The fire broke out during a morning safety meeting, Nelson said, and was not production-related.

All four workers who evacuated were doing well, but they were undergoing evaluation, Nelson said.

“Once the response is complete and the platform is deemed safe for folks to be on board, we’ll be cooperating in a full investigation with both federal and state authorities,” she said.

The cause of the blaze was still under investigation, according to responders, who included Coast Guard and Alaska Department of Environmental Conservation personnel.

Mike McNeil, a Coast Guard civilian command duty officer in Anchorage, said the agency overheard radio communications by vessels reporting smoke in an area at 8:30 a.m. Hilcorp reported the fire after that.

The Coast Guard said five vessels were involved in fighting the fire and the agency dispatched a cutter, helicopter and another aircraft.

Cook Inlet stretches 180 miles from Anchorage to the Gulf of Alaska.

The Baker platform is among 10 in the inlet that Hilcorp purchased in January 2012. Of those, nine are active in production, with many old wells reactivated, according to Nelson. The Baker platform is among those reactivated, with minimum production from just one well, she said.

Cathy Foerster, one of three members of the Alaska Oil and Gas Conservation Commission, said the company has been considering whether to activate more wells in the inlet.

“Now they’ll have to weigh into that consideration whatever costs are associated with fixing whatever the fire impact is,” Foerster said.

Wednesday, October 8, 2014 @ 10:10 AM gHale

Operations at a well pad in Doddridge County, WV, must cease after an accident late last month resulting in the possible contamination of drinking water.

While drilling on the Primm Pad near West Union, Antero Resources notified the Department of Environmental Protection’s (DEP) Office of Oil and Gas of a detected gas influx on September 23.

RELATED STORIES
Gas Well Fire Forces Evacuation
Second Machine Fire in 3 Months
Fire Hits CO Fertilizer Plant
Chemical Exposure: 3 Hurt at MT Refinery

“DEP Oil and Gas Inspectors were notified of a gas influx Tuesday afternoon,” David Belcher, Assistant Chief of the Office of Oil and Gas said. “Wednesday morning, there were further indications that there was a contact with another well existing on that pad and later that day it was confirmed.”

Initial information for the investigation by the DEP indicates the drill for the Stella 1h well collided with the functioning Callie 2h well Monday night.

Upon the collision, methane gas released from the Callie, underground, affecting the surrounding area.

“Thus far, it appears to have affected four personal water wells, two existing gas wells,” Belcher said. “One of those was abandoned. The other one was owned by an operator. There are indications of gas flows to those.”

The four water wells ended up disconnected while samples are under analysis to determine if they ended up contaminated. Antero is providing water to the residences affected, as required.

The DEP is also inspecting eight other water wells within the vicinity as a precaution, because with the gas spreading to the two other wells, the contamination has the capacity to reach further.

Belcher said the first priority for them was dealing with the leak from the Callie.

“The Callie has been secured of any further gas releases from down hole,” he said. “[Inspectors] do work in the hole to evaluate this damage as close to the surface, which is approximately 641 feet from the surface.”

While the investigation into the cause of the accident and damages continues, the DEP’s restrictions on the drilling operation remain in effect.

“There has been a cease operations by their office enacted on the Stella 1h, which there are provisions necessary on there for abatement,” Belcher said. “Also, two violations that were issued along with that cease operation.”

Antero must prove it has control of the site to the DEP before it can resume operations.

Wednesday, October 1, 2014 @ 08:10 AM gHale

Crews continued the cleanup effort Sunday from a pipeline oil leak in Marion, TX.

The leak ended up discovered Wednesday in Guadalupe County. Since then, over two dozen men have been working in the rural area to remove much of the dirt soaked with refined oil.

RELATED STORIES
Pipeline Fire Brings Evacuations
Gas Blast Forces Evac; 3 Hurt
Gas Leak Stopped; Evac Ends
PA Man Guilty of not Plugging Wells

There are two pipelines that run through the area: One belongs to the Koch Company and the other to Exxon Mobil.

Both companies had investigators in the area to determine what company was responsible for the leak. Late Saturday night, Exxon claimed responsibility in a statement.

“An estimate on the total amount of the release is unknown, and an investigation is under way,” part of the statement read.

Exxon officials also said they shut down the line and they will not reopen it until they are confident it is safe to do so.

The pipeline delivers refined products from Baytown to South Houston and San Antonio.

Crews on the scene installed booms to keep the product from seeping into a nearby tributary that feeds into the Santa Clara Creek.

There is no timetable as to when workers will complete the cleanup and the pipeline can reopen.

Friday, September 26, 2014 @ 05:09 PM gHale

Donald C. Cook nuclear plant officials said a planned refueling and maintenance outage just started for its Unit 1 reactor in Bridgman, MI.

In preparation for the outage, the reactor ended up reduced to 50 percent power Saturday, and the plan called for shutting down the reactor this past Tuesday night, plant spokesman Bill Schalk said.

RELATED STORIES
Feds Eye Feedwater Pump at CT Nuke
South Florida Nuke to get More Water
NJ Nuke Fixes Safety Relief Valve
NRC Lifts Power Plant License Freeze

The outage comes at a time when the plant recently set a record for its capacity since the last outage, which ended in the spring of 2013, Schalk said. The reactor’s output remained connected to the electric grid for 15 consecutive months, and the plant achieved record electrical capacity during that time, he said.

An estimated 2,500 contracted workers will work at the plant during the outage, augmenting the plant’s regular 1,198 employees, Schalk said.

A special maintenance job will be replacement of the reactor’s two 58-ton feedwater heaters, used to heat water before it enters the steam generators, he said.

Indiana Michigan Power, a wholly owned subsidiary of American Electric Power, owns and operates the plant.

Friday, September 19, 2014 @ 05:09 PM gHale

Three subcontractors suffered injuries Wednesday night after an explosion occurred when a construction crew hit a gas line in Prospect, KY.

There was no fire associated with the blast and North Oldham Fire Protection district spokesman Rick Albers called it a pressure explosion and said flying shrapnel caused the injuries to the Louisville Gas and Electric (LG&E) subcontractors.

RELATED STORIES
Gas Leak Stopped; Evac Ends
PA Man Guilty of not Plugging Wells
No Risk Mgt Plan: RI Chem Firm Guilty
More Charges for PG&E for Pipeline Blast

After workers capped the leak, thousands of residents were able to return home after they evacuated, officials said.

Albers said emergency personnel rushed the injured workers to hospitals. One of the subcontractors appeared to have serious injuries, but none of their injuries appeared to be life threatening, officials said.

As a result of the blast, 2,400 LG&E customers will be without gas service for up to three days, said Chris Whalen, a company spokeswoman.

Whalen warned those customers not to re-light their own pilot lights and instead allow LG&E crews to go door-to-door in the coming days. Company officials were still concerned about lingering gas in the air, she said.

Tuesday, September 16, 2014 @ 04:09 PM gHale

A leak in a boiler component forced Ohau, Hawaii, residents to go into electricity conservation mode after two power generators went out of service.

While one power generator is now working, another remains out of service.

RELATED STORIES
Transformer Fire Shuts Coal Plant Unit
Gas Blast Shoots Boiler through Wall
BP Process Unit Blast at Refinery
Recycling Plant Blast Kills 2, Injures 1

Hawaiian Electric (HECO) asked customers to conserve power last Monday night because of problems at Kalaeloa and Waiau power plants.

With demand for electricity up and two major generators down, HECO went into conservation mode. By mid-evening, crews fixed one of the problems.

“There was a leak in the component in one of the boilers so we needed to make sure that was corrected before we could bring it back into service,” said HECO spokesman Darren Pai.

Pai said workers found the problem at Waiau this past weekend during scheduled maintenance. After fixing the problem, the all-clear went out to customers despite Kalaeloa not up and running. Officials said in that case there’s an issue with the connection between the power plant and the electrical grid. Crews are still trying to figure out how to fix that problem.

HECO officials said they’re trying to improve their energy storage to prevent these types of situations in the future.

“Energy storage can be a number of different technologies, batteries or some other technologies, essentially what they do is store energy to be used at a later time,” Pai said.

But these types of projects won’t be in service for another three years. HECO is also looking at time-table pricing, basically charging different rates for different times of the day.

As for the Kalaeloa power plant, it continues to operate at about half of its maximum output. HECO did not know when the problem would end up fixed.