SCADA/Municipal water system attacks
Michael Butash
michael at butash.net
Sat Nov 19 23:25:09 MST 2011
There was some idle chat here prior about Stuxnet and how it almost
single-handed stopped or at least delayed Iran's Nuclear aspirations,
and I'd commented on how there was a variant called Duqu that was
running rampant in our SCADA systems that run municipal water.
Seems our environmentals that run cities have and are being exploited
more frequently with more disclosures in the past few days of incidents
in Springfield Illinois and Houston Texas. Not only do I guarantee
security on these systems and networks not up to par, their embedded and
obscure nature means they probably aren't even regularly patched to take
advantage. In the Springfield incident they actually caused damage to a
critical pump, and it's only going to continue to get worse as it's now
being talked about more mainstream and word spreads.
http://www.theregister.co.uk/2011/11/17/water_utility_hacked/
http://www.theregister.co.uk/2011/11/18/second_water_utility_hack/
I know I sleep better at night knowing all this software runs on old
windoze systems! Even better is how they're talking about in here how
they are often now internet connected systems so they can be managed
remotely to save costs (i.e. outsource it). Maybe letting the Chinese
government run our city water systems isn't quite what they had in mind,
but anything to save a buck in these trying times I suppose...
-mb
More information about the PLUG-discuss
mailing list