Feds Investigating Water Utility Pump Failure As Possible Cyberattack 136
SpuriousLogic writes with this quote from CNN:
"Federal officials confirmed they are investigating whether a cyber attack may have been responsible for the failure of a water pump at a public water district in Illinois last week. But they cautioned that no conclusions had been reached, and they disputed one cyber security expert's statements that other utilities are vulnerable to a similar attack. Joe Weiss, a noted cyber security expert, disclosed the possible cyber attack on his blog Thursday. Weiss said he had obtained a state government report, dated Nov. 10 and titled 'Public Water District Cyber Intrusion,' which gave details of the alleged cyber attack culminating in the 'burn out of a water pump.' According to Weiss, the report says water district workers noted 'glitches' in the systems for about two months. On Nov. 8, a water district employee noticed problems with the industrial control systems, and a computer repair company checked logs and determined that the computer had been hacked. Weiss said the report says the cyber attacker hacked into the water utility using passwords stolen from a control system vendor and that he had stolen other user names and passwords."
Darned commies (Score:5, Funny)
Tryin to interfere with America's precious bodily fluids
mutually incomprehensible (Score:2)
intergenerational cultural references
"precious bodily fluids" is something someone in their 60s would get
"zerg rush! kekekekekekeke" is something someone in their 20s would get
for those of you who have never seen dr. strangelove (and it should be required viewing for any geek culture nerd, or just plain kubrick film buff):
http://www.youtube.com/watch?v=N1KvgtEnABY [youtube.com]
and for you older folk, you will find Starcraft to be quite an enjoyable strategy game, perhaps while listening to General Ripper discuss anti-Com
Re: (Score:2)
No Reason (Score:5, Insightful)
I can think of no reason facilities such as this should be accessible via a public network. You should have to be physically present to access these control systems.
Re:No Reason (Score:4, Informative)
Unless something goes catastrophically wrong, such as a fire in the control building, in which case the pumps (which must still operate) will need to be controlled remotely. Even during routine operation, the control system is likely connected to a monitoring network of some kind, to make sure things run smoothly.
That means either wiring up a physically-isolated network (and constantly checking it for unauthorized alterations), which is ridiculously expensive, or connecting to the public network physically, and relying on software to keep it secure. Given that this system is probably a few decades old, and probably installed by the lowest bidder, you can make some reasonably-depressing assumptions about how secure that software is.
'Been in the water/SCADA industry for 10 years... (Score:5, Insightful)
I'm all for automation, and crying out when a system is in trouble. But I haven't yet seen where humanized remote control is critical. Hackers aside, it's probably better if it's not.
Re:'Been in the water/SCADA industry for 10 years. (Score:4, Interesting)
What I'm seeing lately are water operators, IT people, and system integrators who are overzealous when it comes to connectivity and all the "neat" things that can be done remotely via technology.
Yes. Read "Access Your Embedded Controller with Ease through a Web Server" [ti.com], from Texas Instruments, which ought to know better. "The designer should also make it as easy as possible to change the settings on a piece of equipment, reconfigure its operation, or fine-tune the system. The more intuitive and explicit that activity is, the more likely the result will be what the operator desires. Losing the instruction manual can seriously impair the user's operation of many systems."
What that paper describes is a family of embedded controllers with a web server in each controller and no security. What's wrong with this picture?
Re: (Score:2)
Wow. Not a relevant word in that document about security, isolation, or protection. And it was written in March of 2010! It's not like it's from 1998 when malware meant the GOOD TIMES virus in your inbox.
That would really disturb me if I thought it would impact me in any meaningful way. Now if you'll excuse me, I have to go figure out why the water isn't working.
Re: (Score:2)
You can connect any large scale plant with networked sensors and have one very expensive person sitting at home over looking a wide area of a state.
If a code flashes, expert contractors are sent in to help the small group of very cheap staff on site.
No more teams doing maintenance unless a VIP tour enters or cable tv science show offers free PR.
Count the system down to just be
Re: (Score:3)
An update: I just discovered that it's my own city, Illinois' capital, Cartoon City. From the State Journal-Register:
New information (Score:4, Informative)
The local TV news is on, and they just said that it was Curran, a tiny town five or ten miles from Springfield. They're concerned that the system might have been hacked because the company that designed the system discovered evidence of a breach of sensitive data... passwords, maybe? They did say it was gigabytes of data.
Re: (Score:2)
More likely 9 characters of password giving access to a bare-bones install of WinXP that occupies a gig or so (it's been a while since I looked at an XP system).
Re: (Score:3)
This is the way it used to be. The only true security is to be isolated. When I worked on secret stuff, anything that went into the facility stayed in the facility and, there was absolutely no connection to the outside world -- None.
Also, these wireless network electric/water/gas meters are easily hackable. Why not just but a big wide open door into their data center?
It's hard to take these utility companies seriously when they talk up security. If they want it secure -- secure it.
Re: (Score:3)
Re: (Score:2)
Vodka?
Cyber security expert... (Score:1)
...thinks innocuous event is a cyber security attack. News at 11.
SCADA vulns (Score:5, Interesting)
SCADA systems were sold en masse under the presumption that they were "secure" because they were not connected to public networks. It will be interesting to see which entities did, or did not, follow their policies. Stuxnet was a USB infection but it was still able to route over the internet to phone home. I'm going to bet that a lot of SCADA networks are implemented to allow egress packets. It will be interesting to see how many SCADA systems are actually "isolated".
Re: (Score:3, Interesting)
I worked for a Utility in the early 2000's..I was on the post-9/11 security team that had to investigate and close loopholes for that utility. Many sites had interconnected the SCADA systems with the corporate network for GIS information. We were hard pressed to find adequate solutions that would meet the requirements that the federal government set at that time; as the engineering staff didn't want to give up the real-time GIS information they got from the SCADA systems.
Re:SCADA vulns (Score:5, Interesting)
The ironic thing, there is a secure way to get GIS info out, although it isn't the fastest method. I did this on a lab network that needed to be air-gapped from everything else:
1: Build two machines, each has a NIC, and both have a serial card ($60 from NewEgg for a PCIe to Serial.)
2: Build a custom cable with the RX wires cut, so data only goes one way. I did this so an intruder has no chance of being able to send anything to the box on the secure network, much less create a SLIP or PPP connection.
3: Configure one box on the secure network. It scrapes input from the embedded boxes, formats it (so stuff from one device is marked as such so it can be told apart from a different one and to help keep both machines in sync), then pushes it over the serial device.
4: The other box is configured to passively take what comes over the serial port, un-format it (so stuff from one device goes to one web server, stuff from another device gets E-mailed to an admin, alerts get set if something is wrong, etc.)
The result of this is being able to get reports from the embedded boxes on a real-time basis, but without any way of a remote intruder ever getting on the network. Since the physical serial cable cannot send any data to the machine on the embedded network, it would take a physical attack in order to compromise the boxes.
I'm sure there are faster ways to get data across a cable one-way, but this was ideal, as the data obtained was not much, and the latency of the multiple steps to shoot it to a box, stuff it across a serial pipe, then on the other side, send it where it needs to go was just fine.
Re: (Score:2)
Any reason you just don't do the same with a second Ethernet port?
Cross-connect the two boxes via direct connection. Feel free to disconnect the one set of transmit wires, ala a network tap. Use different IP scheme and don't route. Use blind-drop FTP, or SCP (or nntp if you want to be a super-geek).
Gigabit crossover cables beat old serial connections by several orders of magnitude.
Re: (Score:2)
Caveat: I've never tried this, but it got me thinking...
Ethernet hardware doesn't have error correcting, except to retransmit if there are collisions. Error checking would work since CRCs would still be sent. The problem is there would be no mechanism for retransmission. But the serial solution has that same problem. You can send CRCs with your packets, but you can't request a retransmission. But for Ethernet, that is up to the higher layers like TCP. A bigger problem is that the Ethernet speed autone
Re: (Score:1)
The usual way of dealing with errors in this sort of situation is to send the data multiple times. That means each message needs a sequence number. (And don't forget to include the sequence number in the checksum; so you drop the whole message if the checksum fails.)
The first step in reducing the error rate, though, is reducing the speed. RS-232 (and -422 and -423) are well-understood and quite robust--in part because they don't use really high speeds, and their data clock is much slower than their sampl
Re: (Score:2)
Or you could just use Ethernet with autoneg disabled. That is certainly possibly with optical Ethernet, and maybe even electrical at 100 Base-TX (not 1G or 10G though).
Re: (Score:2)
> Since the physical serial cable cannot send any data to the machine on the embedded network, it would take a physical attack in order to compromise the boxes.
Very clever. Eliminates network component completely. Is there no way to cause a remote buffer exploit at the downstream end?
Re: (Score:2)
The downstream end can be completely rooted, but it won't affect the upstream in any way, other than perhaps putting up fake alerts to try duping people on site to do something, or trashing/modifying the data as it comes down the serial connection. There is no connection other than signal ground that is common and can push data from downstream to upstream.
If the upstream end is compromised; game over.
Re: (Score:1)
To further clarify the mlts' response, you hook up ONLY transmit lines on the transmitter's side. You leave out all of the handshake lines going the other way, so no RTS/CTS handshake; definitely no XON/XOFF.
If the transmitter is too fast for the receiver, the receiver will buffer-overrun and corrupt the data it sees; the UART hardware SHOULD set a status flag when it overruns. But there MUST NOT be any way for the receiver to tell the transmitter to slow down.
It is acceptable to have lines from the trans
Re: (Score:2)
would someone please mode this up, it's a clean, affordable solution that makes perfect sense without causing any real nightmares.
Re: (Score:1)
Even if this is possible (and it is on some of the hardware I've used over the years), the change must be made on *both* ends or no data can be passed through. It makes no difference if the downstream box switches its transmit and receive lines. You still have no way of making the upstream box do the same unless you have physical access to it, in which case there's no point doing the serial link anyway. So as long as the upstream box has not been tampered with physically, there is no way to send anything *t
Re: (Score:2)
This is not possible on a standard UART like an 8255 or 16550 and even if it was, an external RS-232/422 transceiver will either be unidirectional or wired that way.
Even if it was possible, getting the other side to listen would require some other form of access.
AWESOME (Score:5, Interesting)
Re: (Score:2)
What I can imagine is a military official talking to the commander of a cyberwarfare unit in China, and saying, "So you say you could in theory launch cybe
Re: (Score:1)
Or... perhaps it's a cautious kid who knows that such high profile targets would be stupid to attack and wants to learn on something the mass population isn't as concerned about.
Re: (Score:2)
Re: (Score:1)
We should have done that long long ago. Now we are behind the curve and have been infiltrated at every level with outsourced goods and services - that just screams screwed royal... meanwhile dumbass government will spent 10 more years debating it :/
Comment removed (Score:3)
Re: (Score:2, Offtopic)
They are ignored because the folks who post regarding them have inoperable or intermittent Caps Lock keys.
This particular keyboard malfunction mimics the way the way paranoid nutjobs once typed when conspiracy theorists only had mimeographed newsletters with which to practice "samizdat".
e.e. cummings was cool,
http://en.wikipedia.org/wiki/E._E._Cummings [wikipedia.org]
but he's fucking DEAD and anyone imitating that stylistic affectation (especially at length) needs to be.
The only cure for "crazy" is to do a Hemingway (Ernes
Re: (Score:2)
The FBI (or rather, a group of people from it) is investigating a small problem, because it looks like the kind of small problem that can become a big problem later. Perhaps it's now a local water pump in Illinois, but next time it will be a coolant pump at a power plant. Logs from this incident may provide more information about an attack that the "real deal", if this is a practice intrusion.
Given that the investigators knowledgeable about water control systems aren't likely to be the investigators knowled
Re: (Score:2)
The FBI (or rather, a group of people from it) is investigating a small problem, because it looks like the kind of small problem that can become a big problem later. Perhaps it's now a local water pump in Illinois, but next time it will be a coolant pump at a power plant. Logs from this incident may provide more information about an attack that the "real deal", if this is a practice intrusion.
Given that the investigators knowledgeable about water control systems aren't likely to be the investigators knowledgeable about risk-management accounting, human trafficking, civil rights politics, or the latest tactics for successfully negotiating with irrational group-thinking mobs, I think it's perfectly reasonable that they spend their time doing what they know. The federal officials aren't universally-adaptable masters of all things investigative. Each person has a particular set of skills, so it makes sense that they be split up doing many different things.
No. I want these FBI agents working on a cure for cancer, and I want them on it yesterday!
Re: (Score:2)
Possibly, or... (Score:2)
Maybe one of the local citizens was just upset about low water pressure and decided to take matters into their own cyber-hands?
It would be interesting if the system hacked was similar to the ones used for the hacked Iranian centerfuges, as both attacks involve spinning a motor too fast.
You are misinformed (Score:2)
Water pumps don't normally affect water pressure. They pump water to the top of a water tower for storage until gravity pushes it out.
That is not how they "normally" work. It is only one way that a water system can be designed to work. It can also be designed with pumps that pump directly into the system.
Most water systems of any decent size have a combination of both elevated storage and pumps. Some parts of the water system's distribution are may be pressurized by elevated storage tanks, while other parts of the distribution area are pressurized by pumps.
Obligatory.... (Score:1)
Perhaps Not All Remote Management Worth The Risk (Score:5, Insightful)
In the battle of the sword and the shield, the sword eventually wins, but it takes a hell of a lot longer when the sword and shield are separated by the moat and a thick stone wall...
Re: (Score:2)
Perhaps it's time to start we stop believing that everything in the world needs to be connected to external networks.
Perhaps it's time to stop believing that everything in the world that goes wrong is due to a 'cyberattack'.
Re: (Score:2)
Perhaps it's time to realize both statements are true and completely orthogonal to each other.
Leaping to the conclusion that pump failure in a SCADA-controlled utility is cyberwar is foolish.
Believing that anything remotely important should be connected to a publicly-accessible network is also foolish.
Both skepticism, and air-gapped networks, are very good ideas.
Re: (Score:2)
I for one welcome our new stone wall making overlords!
Re:Perhaps Not All Remote Management Worth The Ris (Score:5, Interesting)
Yes, some things should be air-gaped, nuclear gas centrifuges come to mind. However, many industrial control systems need to report information over the internet. Remote pumping stations, unmanned power distribution centers, etc. Having a lot of data is not simply a convenience. This data allows engineers to troubleshoot failures, predict future failures, and adjust systems for optimum efficiency.
What's really necessary is for some kind of device that will communicate the data to remote places, but refuse to pass any messages from the outside onto the control system. I don't know how difficult this is, but it's certainly harder than "air gap it". On the other hand, this solution actually addresses the problem.
Re:Perhaps Not All Remote Management Worth The Ris (Score:4, Informative)
What's really necessary is for some kind of device that will communicate the data to remote places, but refuse to pass any messages from the outside onto the control system. I don't know how difficult this is, but it's certainly harder than "air gap it". On the other hand, this solution actually addresses the problem.
So, what you're saying is, if a utility is too cheap to lay in dedicated network assets and buy their own blacknet (which is not hard to do if you want to), it's ok to just connect the the Internet?
That said, the thing you're looking for is called a unidirectional network [wikipedia.org]. Back in my military network operations days, the colloquial name was "data diode". Data goes one way but nothing (no data, no handshakes, no signaling at all) goes the other way. In that environment, they were used to promote data from a lower-level security environment (say, Secret-only) to a higher-level one with no risk of leak-back.
Yeah. They exist. They're considerably lower-bandwidth than your average gigabit Ethernet switch, but if you're just talking SCADA telemetry, they should suffice.
Re: (Score:2)
So, what you're saying is, if a utility is too cheap to lay in dedicated network assets and buy their own blacknet (which is not hard to do if you want to), it's ok to just connect the the Internet?
Because all utilities are in developed areas and have tons of cash to burn, right? Natural gas utilities have equipment that must be monitored and/or controlled remotely that may not even have electric service in the vicinity, much less telephone or fiber optic cable, leaving satellite and cellular modems as their only options. Do you really think building a private WIMAX network or launching a satellite is within the budget of a local utility serving 25,000 customers? There is no doubt that many utiliti
Re: (Score:2)
I know that it's not often acknowledged, but in the long run there's one ironclad rule, enforced with all the ruthlessness of natural selection: If you can't afford to do it right, you can't afford to do it at all.
You don't tackle vast projects with half-vast security. You're just spending lots of money to embarrass yourself and let down people who depend on you, if you try.
Security is not optional. All the impediments you described are merely challenges to engineer around. The only real insurmountable obst
Re: (Score:2)
Spoken like someone who has never worked in the real world. Life isn't black and white - real life decisions are made on a relative basis. Few organizations have the luxury of a DOD budget yet they still have to continue operating. You seem to equate "right" with "expensive". Whether a small co-op, statewide regulated utility, or publicly-traded mammoth, cost always has to figure into the equation. Business is about risk management, not spending unlimited dollars in search of the "perfect" solution.
Security is not optional. All the impediments you described are merely challenges to engineer around. The only real insurmountable obstacle is not giving sufficient damn to actually try to overcome the other issues rather than handwaving them away as "too hard" or "too expensive."
And
Re: (Score:2)
Re: (Score:3)
However, many industrial control systems need to report information over the internet.
Maybe over AN internet, but not over THE Internet. "Report information" is not the same as "allow incoming control or information."
This can be as simple as a Lantronix XPort (or equivalent) tied to a serial port TX line on a secure machine, allowing telnet connections to read the serial data coming out but not send anything back. Or any terminal server with the RX lines cut.
What you need to be careful of in the planning of this system is that the information coming out of the secure system isn't being f
China is taking US fresh water by the billions of (Score:1)
gallons, towing it to China in huge bladders and hacking our cities' pumps?
Makes sense.... (Score:3)
Lets face it, when they are putting out advisories actually advertising that one of the FBI's "Most Wanted" is some dude who blew up a package at a building, in the middle of the night, injuring noone, just so he could make some statement about "Animal Liberation".... you really have to wonder what the hell these people actually do for a living anyway.
I mean.... if that dude is one of the top 10 threats out there.... then I think we can all relax.
Quick, somebody find a tenuous link to terrorism so we can look relevant!
Re: (Score:2)
Well I never said it was ok, just that, if thats the biggest danger out there, then we are paying way too much for protection from it.
But.... they were just sending out notices here in MA that one of their "most wanted" was believed to be in the area and... thats exactly how he was described. Some animal rights bozo.
There.... this guy....
http://en.wikipedia.org/wiki/Daniel_Andreas_San_Diego [wikipedia.org]
Seems to fit my description pretty well.... ok he planted 2 bombs... one incident.... no casualties.... in 2003.
If that
Re: (Score:2)
In fact, it would be odd for me to say he is good or a hero given that I am one of his legitimate targets, as someone who works for a company that does animal testing. Hell, I have been in the room while they were doing necropsy procedures on mice. I am a fucking monster by his standards.... still.... not so worried.
Re: (Score:2)
See, they were making a big deal about it because they thought this guy was here...thats how I fond out.
I didn't realize how many lists they have but...it makes sense. Violent crime in general has been on the downswing since the 90s. Their most recent big op was Whitey Bulger... which was a big deal to some people around here (given that we live less than a mile from where his gang was active... and my wife is from southie)
but... he was a geriatric old man, who stopped being truely criminally active 20 year
Re: (Score:2)
Lets face it, when they are putting out advisories actually advertising that one of the FBI's "Most Wanted" is some dude who blew up a package at a building, in the middle of the night, injuring noone, just so he could make some statement about "Animal Liberation".... you really have to wonder what the hell these people actually do for a living anyway.
You don't think that someone who would go to that extent to make that kind of statement is dangerous to the rest of us?
People who plant bombs and blow things up are dangerous. Period. The fact that he managed not to kill anyone the first time he tried doesn't mean he won't the next. Even if he's not trying to blow people up, it happens. He can't know that an anaimal caretaker isn't visiting a sick animal that night, or doing some late night cleanup, for example. Maybe he screws up the timer and it goes of
Re: (Score:2)
I didn't say they weren't dangerous.
See, I accept that there will always be some amount of danger. The question is not, are there dangerous people? Of course there are. Duh!
The question is, are there so many, who are so dangerous, that we need to fund the FBI?
I actually don't think so....case in point. When you add that their major achievements lately have been finding unstable people to radicalize, turn into terrorists, and arrest.... I think we have a whole pattern of "trying to look relevant", that seems
Could be something incredibly simple (Score:5, Interesting)
Re:Could be something incredibly simple (Score:4, Funny)
This really sounds like operator error to me.
From TFA:
But in its statement, the DHS said the water system was located in Springfield, Illinois.
Springfield....
Operator error....
Something in the back [wikipedia.org] of my mind....
Re:Could be something incredibly simple (Score:4, Informative)
Sort of. To program or configure the specific SCADA system requires specific knowledge of the device, installation architecture, firmware, and version supplied by the system operating manual. Until you get to the S part of SCADA and it all goes into some sort of aggregation platform with a big old GUI on a windows 2000 or windows XP box hooked into a cable modem.
Well, to program them correctly requires that knowledge.
These manuals are often trade secrets for the manufacturer, but are 'openly' passed around by maintenance technicians and field installers, and probably controls engineers such as yourself--although I never had the pleasure to work with one.
Depending upon the organization, such manuals are often shipped to other third party contractors with a "legitimate need" as determined by an engineer or manager.
When you tell them you have a corporate filter on PDFs, they will send to a personal email address if they would send it to start with. If they won't send it directly to you, their client will find a way to get their hands on it and forward it to you.
These manuals contain relatively complex documentation--including ports, encoding types, bit masks, register sizes and addresses that may be remotely configured by a couple of pretty common protocols which tend to be "extended" by the vendor in odd ways.
Sure, every bigwig in the industry has their own special program for everything that talks some proprietary clusterfuck. But mostly, they all have legacy support and some sort of shitty standard that will do basics.
Admittedly, any piece of hardware may implement complicated control processes specific to the device at hand, but all of which (that I've seen) generally fall into about three different "protocol families" for control purposes once you're down to a sensor or switch. Maybe you can't calibrate the device over your basic serial port, but you can throw a relay with it.
All of which I once wrote software for to control via plaintext text message at the demands of a former employer. Who insisted on static vendor passwords, and no encryption or even authorized whitelists to make our controllers easier and faster to install for subcontractors. Plug and Play. Or Pray. Or Plug and hacker prey. Whatever.
Now, you can say it's operator error to use that device. But the bottom line is even in your wealthy industries that do readonly monitoring over encrypted VPN--sooner or later somebody insists on remote control in order to cut maintenance costs. The moment that happens, they're hooked up to hardware that might be 25 years old. And then they're gonna hire somebody with a cheap solution to plug into it.
Re: (Score:3)
that's the same shit they said back in 1985ish when those hackers were moving satellites around. nothing is unhackable, sometimes it just takes more time to figure out.
Since when is this hacking? (Score:3)
WTF?
It's not hacking if you know the password.
Re: (Score:2)
Re: (Score:2)
well the city worker said he didn't do it.
The moral of the story is... (Score:3)
Re: (Score:2)
You are correct that a hacked pump does not destroy the country, but if it's a proof of concept, then 30000 hacked pumps around the country get ton's of people mad/upset/scared ...
the best way to win a war is to starve the opponent into submission, getting rid of the water supply is a solid first step, getting rid of the food can turn it very violent quickly. For some reason people think lack of food = death quickly, which the real truth is lack of water = death quickly. so people will panic if there are fo
Comment removed (Score:3, Insightful)
Re: (Score:1)
Re: (Score:1)
F CYBER (Score:2)
I am soooo damn tired of word 'cyber' now. Used to be kind of a neat word, way back when it actually meant something.
Why in the hell (Score:1)
Is all this crap attached to the intertubes?
OK, now we don't even have to come into the office to change the position of the control rods and avert a meltdown, we can do it from home, or heck... Kazan, Russia if you really wanted to.
Shitty Risk Management (Score:1)
Weiss said the report says the cyber attacker hacked into the water utility using passwords stolen from a control system vendor and that he had stolen other user names and passwords."
In other words, people are not capable of understanding the situation they are in. Computers are mysterious, magical creatures, with pink tails and fluffy hair from which you can hold on when riding on the waves of the cyberspace holding a pink bunny, a packet of noodles and wearing the everlasting Viking helmet.
We should post the instruction (Score:1)
manuals for all this equipment on the the internets in conspicuous locations in the control network with special attention given to tolerances and acceptable operating parameters. So that hacker wont accidentally damage the critical infrastructure component they are the playing with.
Heck, we may want to make more foolproof by publishing user dashboards, with very strict input checking, at playwithcriticalinfrastructure.com.
It the responsible thing ...and knowing is half the battle.
No on site IT stuff? (Score:2)
This what out souring and useing vender systems get's you people who are not there and or see you as just a other client you want use to come out a look at a system out of it's window that's a added change.
Can someone explain to me (Score:1)
Why such systems are online and accessible via the Internet? Is this a cost cutting measure? Why aren't critical passwords changed every week? Why isn't database information stored in encrypted containers or hard drives? Why does this happen again and again and again?
Several stories online of laptops containing massive DB's get stolen, in fact a previous employed of mine (major chip manufacture) got one of their HR laptops stolen out of a car at Starbucks, I was sent a letter by said company giving the excu
I call bullshit. (Score:5, Informative)
I have worked with SCADA and water filtration plant pumps, big ass pumps, like 650hp pumps that run on 7200volts.
You cant set it to "burn out". you can adjust the speed of the pump from 10% to 100% the only way to kill a pump is to drop power to it without dropping power to it's valve so it will not close. wait for the pump to start spinning backwards from the water running back downhill through the pump and then slamming the power back on at 100% after the pump was free wheeling in reverse at full speed.
Then they don't burn out, they freaking explode.
This happened when we lost power plant wide and a hydraulic failure kept the valve from auto closing. (not electronic, it's a mechanical/hydraulic thing, a blockage in the pressure line)
Unless the plant was designed by a utter moron and made it so a programming error could blow up parts of the plant.
Re: (Score:2)
sorry but big pump motor controllers dont work like that. the AB scada system cant give it arbitrary numbers. it has a motor controller that takes a input range. either from RS485 or a 0-48 volt input. you cant tell it to go to 11, you cant tell it to do something wierd.
Re: (Score:2)
Take a vfd and crank up the carrier frequency and most motors begin to have problems.
You can't do that remotely. You'd have to have physical access to the pump's VFD.
Your SCADA system will send a command to a PLC which will typically send a 4-20 mA analog output to set the speed of the pump, and probably also have relay outputs to send start/stop signals. Everything else is handled by the VFD. You basically get "start", "stop", and "how fast". Like Lumpy said, you can't tell it to do anything weird.
Furthermore, the VFD should have interlocks that will shut off the pump on over-temperature /
Re: (Score:2)
What about changing the VFD's parameters directly? Why couldn't you remotely set the parameters such that the VFD's maximum torque was at a value well beyond the pump's motor's limit, set the sensor limits to max values like 9999, and then set the pump to operate at 100%? It seems to me that it would burn out in short order.
I don't know why you claim physical access to the VFD is required, as Stuxnet conclusively demonstrated that a piece of malware certainly had the capability to directly alter the behav
Re: (Score:2)
The VFD's parameters (if they're not locked out entirely) will be set through pushbutton interfaces on the VFD itself. None of the signals coming in to the VFD can modify its parameters.
default passwords? (Score:2)
"Weiss said the report says the cyber attacker hacked into the water utility using passwords stolen from a control system vendor and that he had stolen other user names and passwords."
How likely is it that a control system vendor would have the usernames and passwords of their client, used in the actual production system? Maybe they actually do, as part of some sort of remote support agreement, but if this is the case, that's already a bad security practice.
It seems more likely to me that the vendor has a list of default usernames and passwords, and THIS is what was obtained. Perhaps what Weiss *really* meant to say would be be something like: "Someone got
Grain of salt, here... (Score:2)
Joe Weiss is fairly notorious in the control system security world as the first to say, "Hey! That was a cyber incident!" For example, he said this about the BP spill, when they were still investigating it...and while it turned out to be true that some alarms were turned off because of computer issues, the real root causes had to do with faulty mechanical equipment and bad concrete, and that the cyber aspect was pretty much entirely irrelevant. Hear him speak, and it's a safe bet that you'll hear about h
You would be amazed (or not) (Score:1)
Most industrial control systems I've worked with (typically power plants) have their root passwords set to the same one from the OEM. They are rarely changed. Many of these HMIs are now networked on the company LANs to data historian servers. Sometimes there's a firewall, sometimes not. Most HMIs and historians are running a variant of Windows Server, with a few Unix flavors out there still.
DHS? Confirmation bias. (Score:1)
Error is much more likely than malice, even if the computer is infected.
In a place where the infrastructure is as wide-open and completely unprotected as it is in the US, there are much better targets that require much less investment of effort and expertise.
Screenshots (Score:2)
http://pastebin.com/Wx90LLum [pastebin.com]
Not by me.
Re: (Score:2)
Re: (Score:2)
+1 Funny, but I'm out of mod points
Re: (Score:2)
I haven't seen any rouge or unauthorized dehumidifiers running
What does their color have to do with it?
Re: (Score:1)
That investigation is still on going but I believe it came from the box that my shoes came in and is probably not an indication of a hack attempt.
Ah, but little did you realize that was just indirection to prevent you from discovering that your shoes were hacked prior to delivery. If you look closely, you may find a rotary phone discreetly embedded in your shoe with a wireless IP connection allowing a remote attacker to control movements of a larger body of water with embedded rouge cell circulation.