Options
Foreign hackers targeted U.S. water plant
veritas_libertas
Member Posts: 5,746 ■■■■■■■■■■
in Off-Topic
Foreign hackers caused a pump at an Illinois water plant to fail last week, according to a preliminary state report. Experts said the cyber-attack, if confirmed, would be the first known to have damaged one of the systems that supply Americans with water, electricity and other essentials of modern life.
Foreign hackers targeted U.S. water plant in apparent malicious cyber attack, expert says - Checkpoint Washington - The Washington Post
Foreign cyber attack hits US infrastructure: expert
Comments
-
Optionsalxx Member Posts: 755drop the just the US part.
scada is a big unsecured target around the world as are medical devices (f...ing scary)
There was a big one here in Australia back in 2000, when someone caused a sewage plant/system to pump untreated sewage into waterways
Utility hack led to security overhaul - Computerworld
scroll down on this page and have a good read
Hackers, Piracy and Other Threats to SCADA and the World's Critical Infrastructures
http://www.ag.gov.au/agd/WWW/rwpattach.nsf/VAP/(930C12A9101F61D43493D44C70E84EAA)~SCADA+Security.pdf/$file/SCADA+Security.pdf
H(ackers)2O: Attack on City Water Station Destroys Pump | Threat Level | Wired.com
"It is believed the SCADA software vendor was hacked and customer usernames and passwords stolen."
http://community.controlglobal.com/content/water-system-hack-–-system-broken
http://www.networkworld.com/news/2011/111811-hackers-norway-253308.html?hpg1=bn
siemens plcs again
http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html#slide2
http://www.networkworld.com/news/2011/080411-a-power-plant-hack-that.html
anyone drive a subaro outback?
http://www.networkworld.com/slideshows/2011/081011-blackhat-defcon-hacks.html#slide6
security on insulin pumps
http://blogs.computerworld.com/18744/black_hat_lethal_hack_and_wireless_attack_on_insulin_pumps_to_kill_people
http://blackhat.com/html/bh-us-11/bh-us-11-briefings.html#RadcliffeGoals CCNA by dec 2013, CCNP by end of 2014 -
Optionsonesaint Member Posts: 801
I can't see the logic in keeping (or having) such vital systems online accessible. Even if it's for updates or remote access. It just doesn't outweigh the risk.
Here's another about Prison systems. Luckily, it was just a study.
The inuslin pump hack is a bit more tricky than let on. A particular function has to be turned on (the remote feature) and some other information is needed (Serial number I think). Then, to boot, the hacker really has to have the intent of causing harm or hospitalizing their victim. Killing in that case is a bit far fetched.Work in progress: picking up Postgres, elastisearch, redis, Cloudera, & AWS.
Next up: eventually the RHCE and to start blogging again.
Control Protocol; my blog of exam notes and IT randomness -
Optionsalxx Member Posts: 755looks like another one used the same scada software with possibly default passwords
http://www.theregister.co.uk/2011/11/18/second_water_utility_hack/
Problem with lots of scada stuff it was never designed to be online, just on a local network for monitoring.
problem is when companies connect that network to the rest of their office network which has internet access.
scada stuff should be air gapped .Goals CCNA by dec 2013, CCNP by end of 2014 -
OptionsChivalry1 Member Posts: 569A lot of these incidents can be prevented. However I don't think the business community understands the need to securing a network infrastructure. Going forward I think the only answer is for the federal government to institute some type of Information Security Prevention Team for infrastructure related industries. Have these teams regularly audit these infrastructure industries systems and implement fines for vulnerabilities found."The recipe for perpetual ignorance is: be satisfied with your opinions and
content with your knowledge. " Elbert Hubbard (1856 - 1915) -
OptionsEveryone Member Posts: 1,661Yeah this one was really close to home, about 4 hours south of me, close to where I drill with the ANG once a month.
This doesn't surprise me. A few years ago I went to a DHS event to observe a tabletop exercise with all the local utility companies, PD, FD, hospital, and a bunch of other community leaders. They laid out scenarios for cyber attacks on water, electricity, gas, and phone systems. No one had any idea as to how to handle it.
I think now some utilities are starting to at least try and do something about it. A guy I work with at the ANG now works for Exelon at the nuclear power plant that is about 13 miles from my house. He does information/network/systems security at the plant, trying to make sure this sort of thing doesn't happen there.
Water treatment is usually run by local municipalities. This was a small town in central Illinois, they aren't going to have the resources to secure infrastructure like the big Electric, Gas, and Telephone companies do. -
OptionsChivalry1 Member Posts: 569This may not be a popular statement, but:
If we ever piss off India as a country, technically we are in trouble. I will let that statement marinate for a while!!"The recipe for perpetual ignorance is: be satisfied with your opinions and
content with your knowledge. " Elbert Hubbard (1856 - 1915) -
OptionsIEWANNABE Member Posts: 74 ■■□□□□□□□□This may not be a popular statement, but:
If we ever piss off India as a country, technically we are in trouble. I will let that statement marinate for a while!!
LOL!! You got that right!