scada
Latest
Man on vacation confused for a Russian spy, almost restarts cold war
Threats of Russian espionage can come from the unlikeliest of sources, as Jim Mimlitz, owner of Navionics Research, a small integrator firm, knows only too well. Curran Gardner Public Water District, just outside of Springfield, Illinois, employed Mimlitz's firm to set up its Supervisory Control and Data Acquisition system (SCADA), and the spy games began when Mimlitz went on vacation in Russia. While there, he logged into the SCADA system to check some data, then logged off and went back to enjoying Red Square and the finest vodka mother Russia has to offer. However, five months later a Curran Gardner water pump fails, and an IT contractor eyeballing the logs spots the Russian-based IP address. Fearing stolen credentials, he passes the info up the chain of command to the Environmental Protection Agency (as it governs the water district) without bothering to contact Mimlitz, whose name was in the logs next to the IP address. The EPA then passed along the paranoia to a joint state and federal terrorism intelligence center, which issued a report stating that SCADA had been hacked. Oh boy. A media frenzy followed bringing all the brouhaha to Mimlitz's attention. After speaking with the FBI, the massive oversight was identified, papers were shuffled, and everyone went about their day. So, next time you delete all your company's e-mail, or restart the wrong server, remember: at least you didn't almost start World War III. Tap the source link for the full story. [Image courtesy Northackton]
Feds deny hacking caused Illinois water pump failure
Did a hacker or group of hackers, possibly in Russia, manage to physically destroy a water pump in Springfield, Illinois? That was the word last week, when reports spread that hackers had managed to take control of the water plant's Supervisory Control and Data Acquisition System (or SCADA), which gave them the ability to repeatedly turn the pump on and off and eventually burn it out. Now, however, both the FBI and the Department of Homeland Security say that their investigations have found no evidence of hacking or malicious activity, and that earlier reports were based on "raw, unconfirmed data." As you might expect, that explanation isn't quite being accepted by everyone, including Joe Weiss, the security researcher who first reported the incident. You can find his comments on Wired's Threat Level blog linked below.
Water pump reportedly destroyed by SCADA hackers
The FBI and DHS are investigating damage to a public water system in Springfield, Illinois, which may have been the target of a foreign cyber attack. There's no threat to public safety and criminal interference has not been officially confirmed, but a security researcher called Joe Weiss has reported evidence that hackers based in Russia are to blame. He claims they accessed the water plant's SCADA online control system and used it to repeatedly switch a pump on and off, eventually causing it to burn out. Coincidentally, a water treatment facility was publicly hacked at the Black Hat conference back in August, precisely to highlight this type of vulnerability. If there are any SCADA administrators out there who haven't already replaced their '1234' and 'admin' passwords, then they might consider this a reminder.
Google search opens SCADA systems to doomsday scenarios
Google, the service so great it became a verb, can now add security risk to its roster of unintended results. The search site played inadvertent host to remotely accessed Supervisory Control and Data Acquisition (SCADA) systems in a Black Hat conference demo led by FusionX's Tom Parker. The security company CTO walked attendees through the steps required to gain control of worldwide utility infrastructure -- power plants, for one -- but stopped short of actually engaging the vulnerable networks. Using a string of code, unique to a Programmable Logic Controller (the computers behind amusement park rides and assembly lines) Parker was able to pull up a water treatment facility's RTU pump, and even found its disaster-welcoming "1234" password -- all through a Google search. Shaking your head in disbelief? We agree, but Parker reassured the crowd these types of outside attacks require a substantial amount of effort and coordination, and "would be extremely challenging to pull off." Panic attack worn off yet? Good, now redirect those fears to the imminent day of robot-helmed reckoning.
Defense Department developing portable hacking device for soldiers
It's not exactly news that the Department of Defense is looking at ways to make hacking a more practical weapon, but it looks to really be stepping up its game with its latest project, which promises to make complicated attacks as simple as a few button presses. That would apparently be possible thanks to a slightly mysterious device that'd be small enough to carry around in a backpack, but powerful enough to do everything from breaking into a wireless network to hacking into SCADA (or Supervisory Control and Data Acquisition) systems (used at power plants, nuclear facilities, and the like). While complete details are obviously a bit light, the system would apparently be able to, for instance, map out the nodes in a wireless network, cause them to disconnect, and watch them come back online to identify weak spots. It would then present the "hacker" with various attack attributes that could simply be adjusted using sliders on a touchscreen. No word if the soldiers will also be rewarded with Achievements.[Via Softpedia]
