DHS demos cyber attack to help sway lawmakers to pass a cyber bill

Thursday - 6/14/2012, 10:23am EDT

WFED's Jason Miller on The Federal Drive

Download mp3

With dueling comprehensive cybersecurity slated to come to the Senate floor in the next three weeks, influential upper chamber lawmakers are continuing their aggressive effort to sway their colleagues.

Sens. Joseph Lieberman (I-Conn.) and Susan Collins (R-Maine), chairman and ranking member of the Homeland Security and Governmental Affairs Committee, respectively and authors of one of the main bills, held at least their third formal presentation for members and staff, bringing in administration cyber experts for a demonstration.

The demonstration Wednesday focused on a spear phishing attack against the Homeland Security Department.

Mark Weatherford, DHS's deputy under secretary for cybersecurity, said the point of the demonstration was not to scare members and staff, but to enlighten them about how easy spear phishing attacks are to put together. Weatherford's team from the U.S. Computer Emergency Response Team (U.S. CERT) used open source tools found for free on the Internet.

"Anyone can do them. Many of them are point and click," Weatherford said. "It's to use a very simple spear phishing attack, craft an email, get someone to open and email. The email then compromises the computer, gives the attacker control of that computer to do whatever he wants on that computer, download files, violate the integrity of files and use that computer as a pivot point to go somewhere else. These are very common techniques and tactics that are used to do these kinds of things."

The DHS exercise showed how in less than five minutes, an attacker, using free tools found on the Internet, could attach malicious code to a PDF document — in this case a copy of the cyber bill — and send a fake email that seemed to go from a manager to an employee at DHS.

Once the victim opened the PDF, the hacker used the toolkit's password cracker to get the user's password as well as the network and administrative passwords. DHS showed that once the hacker did that, they could download, delete, upload and change files. The hacker could turn on the computer's microphone and record 30 seconds of audio at a time, and turn on the PC's Web camera.

DHS officials say agencies can protect themselves by updating software patches often, which look for certain known attack codes in attachments.

DHS developing Einstein 3

The agency also is developing third generation of the Einstein program.

"Einstein 3 is essentially the intrusion prevention system part of it," Weatherford said. "We are working right now on how we are going to deploy that."

He said any rumors about Einstein 3 going away are false.

A DHS official said the agency "plans to accelerate the transition of the Einsten 3 program from a system that government builds and deploys intrusion prevention systems to one in which DHS contracts with major Internet Service Providers (ISPs) to supply intrusion prevention services, augmented with sensitive government information."

Most common type of cyber attack

DHS performed two presentations of the spear phishing attack. About 40 legislative staff members and three senators — Sens. Dick Durbin (D-Ill.), Tom Carper (D-Del.), and Roger Wicker (R-Miss.) — attended the first closed demonstration. DHS then opened up the show to the media.

"Spear phishing is the most common form of cyber attack that we know now," Lieberman said. "It's not just used against personal computers, for instance, but it is the most common form of attack against some of the critical cyber infrastructure that we want to defend and we need to defend such as the electric power grid."

He added hackers used spear phishing in the recent cyber attack against the natural gas pipeline system.

Lieberman said his bill, the Cybersecurity Act of 2012, would help reduce the risk critical infrastructure owners and operators face.

"We believe that our bill will raise the defenses against spear phishing, both in the information sharing parts of it and also through the standards or performance requirements part of it," he said.

But that issue of regulation is what is holding the Senate up from debating the bill. Sen. John McCain (R-Ariz.) introduced a competing bill that would focus on a more voluntary approach to cyber protections.

Sens. Sheldon Whitehouse (D-R.I.) and Jon Kyl (R-Ariz.) announced earlier this week they are developing a compromise bill to help solve some of the sticking points between the Lieberman-Collins and the McCain bills.

Lieberman urges action on cyber bill

Lieberman said Senate Majority Leader Harry Reid (D-Nev.) promised to bring the cyber bills to the floor for debate no later than July.