Computer intrusion inflicts massive damage on German steel factory

It's getting crazier and crazier.......

A German steel factory suffered significant damage after attackers gained unauthorized access to computerized systems that help control its blast furnace, according to a report published Friday by IDG News.

The attackers took control of the factory's production network through a spear phishing campaign, IDG said, citing a report published Wednesday by the German government's Federal Office for Information Security. Once the attackers compromised the network, individual components or possibly entire systems failed. IDG reporter Loek Essers wrote:

Due to these failures, one of the plant’s blast furnaces could not be shut down in a controlled manner, which resulted in “massive damage to plant,” the BSI said, describing the technical skills of the attacker as “very advanced.”

The attack involved the compromise of a variety of different internal systems and industrial components, BSI said, noting that not only was there evidence of a strong knowledge of IT security but also extended know-how of the industrial control and production process.

The incident is notable because it's one of the few computer intrusions to cause physical damage. The Stuxnet worm that targeted Iran's uranium enrichment program has been dubbed the world's first digital weapon, destroying an estimated 1,000 centrifuges. Last week, Bloomberg News reported that a fiery blast in 2008 that hit a Turkish oil pipeline was the result of hacking, although it's not clear if the attackers relied on physical access to computerized controllers to pull it off. The suspected sabotage of a Siberian pipeline in 1982 is believed to have used a logic bomb. Critics have long argued that much of the world's factories and critical infrastructure aren't properly protected against hackers.

Find more posts tagged with

Comments

Mitechniq

I am afraid we will see a lot more of this, in a alarming rate.

Cyber Warfare is the poor mans equalizer.
Cyber Warfare is a force multiplier.
Cyber Warfare is a domain man created and is the least defended of all our domains (AIR, SPACE, LAND and SEA).

JoJoCal19

Right about now I'm pretty happy I chose to specialize in InfoSec back in the day. Job security and prospects look great. Of course more and more people are jumping on board, but as long as one keeps their skills sharp they should do very well.

tpatt100

JoJoCal19 wrote: »

Right about now I'm pretty happy I chose to specialize in InfoSec back in the day. Job security and prospects look great. Of course more and more people are jumping on board, but as long as one keeps their skills sharp they should do very well.

I'm glad I got into it by accident and didn't resist the opportunity lol

cyberguypr

Where have you been you been? You are completely wrong. A few months ago someone here said security is a bubble. NOT!

techfiend

Why is a blast furnace controller connected to the internet? Lack of common sense to me.

InfoSec isn't a bubble... yet, but there's a thick glass ceiling that will hopefully be broken through.

--chris--

techfiend wrote: »

Why is a blast furnace controller connected to the internet? Lack of common sense to me.

InfoSec isn't a bubble... yet, but there's a thick glass ceiling that will hopefully be broken through.

Scada systems are often internet facing when they are usually never designed or built to be. Even if these were not, its likely since this was started via a phishing attack that the attackers owned a few boxes internally then pivoted to the internal SCADA systems that way.

Disclaimer: I am not in info sec, I just read a lot for fun.

jamesleecoleman

Yea, it is getting crazier and crazier. I'm just waiting for the day that someone or some group to actually shutdown an important part of the infrastructure. I really hope that it doesn't happen but I think that we're on our way to getting there.

Events like this motivate me to learn more about security. I want to help protect people, which is why I want to get into InfoSec. It's not about the money for me.