New Yorkers react to yesterday's report that Iranian hackers in 2013 gained access to control systems at a small dam in the downstate town of Rye. The New Yorkers aren't happy. The Department of Homeland Security has declined to comment on this incident, but did note its continuing work with private and public sector partners to secure infrastructure.
An AP report has also fingered Iranian cyber operators with multiple intrusions into the US electrical grid. These appear to have amounted to reconnaissance and data theft as opposed to attempts to manipulate control systems.
Administrators should patch the backdoor in Juniper ScreenOS firewalls immediately, if they haven't already done so. Unpatched systems are being actively scouted in the wild, and attacks have begun hitting honeypots. No one yet knows (or at least no one's saying) how the backdoor got there in the first place. Observers see potential for serious exploitation.
As debates over surveillance policy continue in several countries, analysts regard the Juniper backdoor as a cautionary tale for advocates of crypto backdoors as an aid to law enforcement and counter-terrorism. US presidential candidate Clinton called Saturday for "a Manhattan-like project" by government and industry that would enable law enforcement and intelligence services to access secure messages without compromising privacy or civil liberties. Few observers think such a project feasible, but some current and aspiring policy makers repose great confidence in the tech community's powers of innovation.
Manhattan-like project or not, Ed Snowden thinks secure app Telegram isn't really that secure.