What do these have in common?

- 900.000 German Telekom customers,
- Valartis Bank Liechtenstein,
- Austrian Foreign Affairs Office and Army,
- EU Commission and
- San Francisco Transport system?
All had hacker attacks this weekend:

Ransomware (only 65,000€ in Frisco) ,
DoS (army and foreign affairs office of Austria, EU Commission),
tweaked DNS router settings (Telekom customers),
stolen financial data and a 10% ransom to prevent leaks to Fiscal prosecutors (bank)

Finger pointing either to Russia or Turkey.

Although I do think, the Frisco hacker attack was more of a warning gesture... 70,000 USD is not much ransom. (maybe a gay hacker in love with the city :) )
Same goes for the German Telekom outage. Telekom (and other internet providers) knew about this exact vulnerability in the modem routers they shipped to their customers. They knew it since 2014 and did not do anything about it. Until last night. By now, all routers of the Speedport model have their exploit closed off.

It's port 7547 and concerning the remote support protocol TR-069.
German Office for IT Security has issued a warning for global home router attacks.

Quick explanation: The port and protocol enable the internet provider (and the hacker) to download and execute a file on the router. In case of the hacker, potentially re-directing DNS queries to malicious servers.

Firmware branded routers shipped to customers often have this open vulnerability, I bet that goes for AUS and NZ, too.
If you feel concerned because your phone line goes over your router as well - or you just need stable internet access -

you could contact your provider and give them this official report to read and let them check your router.
https://isc.sans.edu/diary/Port+7547+SOAP+Remote+Code+Executio n+Attack+Against+DSL+Modems/21759

The threat of a nuclear plant anywhere in the world being taken hostage becomes more real, now.
Municipal water works, dams, traffic routing systems in cities - all those dark scenarios hollywood film makers or sci-fi authors already implanted into our imagination suddenly get really real.

The hacker of the Frisco transport system was contacted by a blogger and stated that they had even found Windows2000 PCs on the network...
it wasn't clear, though, if they had to amend the encryption program code to work on these ancient computers :P

Don't take it too lightly - especially if your phone is IP-based or if your internet access is earning your salary.

I just ran the port check test for my router port 7457 (and a complete test for computer and router) on this webpage:
https://www.heise.de/security/dienste/portscan/test/go.shtml?scanart=1

It's a German IT magazine publisher and generally trustworthy.

Maybe you'll find a trustworthy English page to scan your system.

How is it a defence force can be hacked and why would you leave a door open leaving national security unguarded? Crazy. Hacking has been around for a while and i can think of one aussie who was pretty good at it. So why leave out there for these guys to interupt and not evolve. People running the cyber security obviously think it'll never happen or that their security programs are hot stuff. Its not hard to think of just using a closed loop for sensitive data where only people employed by these entities whether defence, power, water etc. have access. Intranet possibly the right term? Dunno.

Thanks for the update Silv. Pretty handy to know how easy it is for some to ruin our day.

I wonder how much of it goes on the other way and we dont hear about it?

oddly enough, this list of instances did not appear in any newspaper I follow.

After reading about the German Telecom (I live in Germany), I came across an obscure blogpost that Frisco had been attacked, as well. (checks out: main news agencies have reported, too)

And then I googled hacker -francisco -telecom, reduced the hits to "past week" and sorted by date.
That's when the Liechtenstein Bank hack and the Austrian DoS attack came up.

I'm not that special with my hunches and google abilities and I am paranoid enough to think that not listing the events in a general newspaper article was a deliberate omission.

I also think, all around the globe IT departments now work overtime to make triple sure they have done all they could.
The Frisco attack makes it obvious enough that even not-for-real-profit-organizations and infrastructure providers are at risk.

As to "a defence force can be hacked " - that is not what happened. It was a several hours long DoS, denial of service attack on webservers of both Austrian government branches.
DoS, that's what you call it when an idiot floods automated requests at, for example, a webserver. Eventually, the server's operating system gets choked and the server goes down.

But a website, i.e. webserver, is not crucial in these 2 particular targets. It's not naive to be convinced that the truly crucial entry points of their networks are far better protected than a citizen's information site.
So don't worry, at least not about this :)
Austria's finger pointed towards Turkey, by the way.

Stuxnet targeted Iran's non-internet connected uranium enrichment centrifuges, so even that's not safe. There are many ways to cross the air-gap.

I remember an experiment where a security analytic firm dropped a few dozen USB sticks around a government facility. Something like 80% of them were picked up and plugged in. Air gap crossed. Again, once you cross the air gap, a myriad ways to compromise the system further. I have heard that the NSA is able to hack a phone and use that to talk in high frequency signals using it's speaker to the compromised system. But who knows.

The IT department at my work did that exact same experiment.
They left 5 around. One of them prompted someone to report a 'found' USB stick in an effort to find the owner, but the rest were put straight into the network, with a mock virus notifying IT of who did it.
As a result, we all had to undergo follow up security training.

http://oilprice.com/Latest-Energy-News/World-News/Saudi-Arabia-Blames-Iran-For-Serious-Cyber-Attacks.html

Cyber wars the new economic war? No sinking ships anymore or smoking guns. Somebody gets attacked but how to prove it?

Good read Simmo .... very nasty, would bring a Nation to a stand still in no time considering Power Grids / Financial Institutions / Water Supplies ( Dams ) etc....

Col...