From London and Korea came the attacks, she focused on Living. "Hackers have attacked our water supply," said Ebikon last December. Yet, what a luck, in-house IT specialists were able to fend off the attacks. Just the Lucerne community seemed to be at the disaster scarred.
the big horror scenario of digital era is: computer professionals to penetrate vital systems, turn off the water, cut the power, shut down hospitals.
cyber attacks on the infrastructure in Switzerland everyday. "The attacks to take, and be professional," says René Gehlen, head of information security at the city of Zurich. Their systems are approximately attacked to the at wide. Often there are automated operations – attacks, so, the meeting many institutions. "Background noise" is the name of the in the industry. "Isolated attacks are also directed specifically against the city of Zurich," says Gehlen. Sensitive infrastructure such as water supply, contactors with "additional mechanisms". More Detail Gehlen doesn't want to go. Too sensitive.
An endless race
What happens when a virtual trap closes only partially, showed up in Uster, just before last Christmas. A Virus called Gandcrab is the third-largest city in the Canton of Zurich entered into the System. There, it began to encrypt all data. Where it didn't get far. "We have recognized it after the infection quickly and stopped," says town clerk Daniel stone. Damage caused the Virus anyway. Because of the control and repair the computer systems of the municipality were working during three days of slowly and could make only limited use. "We came up with a black eye," says stone. to avoid
even blue eyes, has constructed the city of Zurich recently, a digital defence headquarters, in a room full of screens, well-hedged, only a few have access. In this Security Operation Center (SOC) monitoring specialists, the city's computer systems and try to identify suspicious patterns. Here are all the managers together, if an attack is dangerous.
attack from the blind application
to Fend off an endless race, René Gehlen says. The opponents are upgraded, as a defender you should try to detect new methods of attack and to defuse. Important for the exchange between the cities. As a kind of grief phone the Melani serves the state's Reporting and analysis centre for information assurance. Here, organizations may report any problems – the Melani analyzed this and sent warnings.
But even the most advanced technology and highly trained specialists complete security. A weak point remains: the employees. So, the attack in Uster, went through a blind application, which arrived as an E-Mail. The receiver in the administration clicked on a Word Attachment. That was enough for the pest to suspend.
The city of Uster has since strengthened the digital armor. Particularly vulnerable documents, such as old Word-Files with the ending .doc, no longer receives the management from the outside. In addition, the employees ' awareness campaigns "" – both in type as well as in the city of Zurich administration. One of the messages reads: "never Use the same password multiple times on the Internet."
Saving tests at the wells masters
Marc Ruef, such as employees in an attack to respond. He and his company Scip hack professionally in organizations – digital, but also analog. You can dress up as cleaners or employees, and try to get into the Inside of banks or hospitals. There you insert the USB stick in devices and steal Laptops. Do everything you can to gain access to the network. "Penetration Testing" is the name of the. "Today, you can hack everything. Everything," says Ruef. It is only on the existing time and criminal energy. The same is true for water supplies, of which he advises a few. "It will be done too little," he says. "The security has the highest priority." While will invested in Firewalls at the same time, you miss it, the people educate. Mostly for cost reasons.
The Association of the Swiss fountain usually similar. In its annual report noted that communities, supported the master well, so those employees, who worry about water, too little. It will be saved, the cuts were often training for water specialists. Ruef, in turn, finds that there is a need in this area, an additional training course.
it is a simple protection device that is hundred percent safe: to not be offline to connect the water supply to the Internet. Especially smaller municipalities are still working today in this way: by Hand, 50 years ago.
Out of this room, the SOC is called, repels Zurich cyber attacks. Photo: city of Zurich
For example, Schwarzenegg, a village, whether tuna, 462 inhabitants, once an hour a Bus. Walter Zürcher is here to master well, since the age of twelve, as once the father. Zurich is many meters below the ground in front of his command center, which looks from the distance like a wardrobe. He opens the door and says, almost apologetically: "Ancient, all of this, but it works." The only thing Modern here is the bottom of the Water-gauge, a line displays on a Display, such as the water level drops from six o'clock in the morning, when the black-and-EGGER, rinse the inside and-egger showers and toilets. Everything else – display, Fuses, electronics – comes from the last century.
The age of the plant has its advantages. Here are the best hackers can't do anything. The worst thing that can happen is that somewhere a line runs. Then Zurich gets an Alarm on his cell phone, then he goes to search for errors. It can take hours. This Alarm If it goes off, you must Zürcher disengagement. Even in the morning to two. Happened to me. "Uncomfortable," says Zürcher.
Would be digitized in the system, he could view from his bed on the Tablet, where it is facing problems, and perhaps equal to switch the Alarm off. "We would take," said Zurich, "although I would have to get used to, probably to the new technology." And the dangers that it brings. At the last meeting of the master well, a Hacker told how easy it was, on a weakly protected infrastructure access. "It brings a bit of fear," says Zürcher. At the moment, everything remains in Schwarzenegg in the Analog, the municipal Council has postponed a renewal until the autumn.
It is always about the money
Hacker, go off on Swiss plants and administrations often pursue any strategic objectives. The aim is not to weaken the state, or paralyze, says Penetration Tester Marc Ruef. Such Sabotage you experience, particularly in crisis areas such as Ukraine or North Korea.
The hackers of the Swiss infrastructure firmer want something Hand. First you try to steal data, to encrypt information or to block services. "You want to blackmail money," says René Gehlen of the city of Zurich. The consequences of a successful attack can be steep, says Marc Ruef. The Image of suffering, often legal consequences followed, and sometimes you don't have to pay, although he recommend.
take As much money hacking in Switzerland, can't say. There is no reporting obligation. Some companies or individuals would pay quite a money, says Pascal Lamia, head of Melani. The blackmailer himself slip away, usually with impunity. An identification is often very difficult and time-consuming. "In the rarest of cases, it comes to arrests."
After all, the defense works. The horror scenario of a total failure of remained scenario. According to Lamia, it was in Switzerland so far, no successful act of sabotage. Also not in Ebikon. What happened there, exactly, remains in the dark. The municipality no longer wants to speak to. Too sensitive.
Created: 12.03.2019, 19:54 PM