Re: SCADA/Municipal water system attacks

Top Page
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Michael Butash
Date:  
To: plug-discuss
Subject: Re: SCADA/Municipal water system attacks
Hah.

"Hacker Says Texas Town Used Three Character Password To Secure Internet
Facing SCADA System"

http://threatpost.com/en_us/blogs/hacker-says-texas-town-used-three-character-password-secure-internet-facing-scada-system-11201

Good enough for government.

-mb


On 11/20/2011 03:27 PM, Sam Kreimeyer wrote:
> I think that most operators generally take whatever data SCADA spits
> out at face value. After all, how would they recognize what dangerous
> behavior looks like if they don't understand how these systems work
> anyway? Let the IT guy figure it out.
>
> I think we are witnessing the nascence of an appreciation for just how
> devastating a vulnerability to industrial control mechanisms can be.
> The security of these systems has long relied on their own obscurity
> and the hope that nobody will be particularly inclined to cause havoc
> with no *obvious* potential for profit. That's why they have that
> expensive firewall, right?
>
> On 11/20/11, Derek Trotter<> wrote:
>> Same here. When I first heard of this, I said to myself: "Bet these
>> systems run on windows."
>>
>> On 11/20/2011 14:00, Lisa Kachold wrote:
>>>
>>>
>>> On Sat, Nov 19, 2011 at 11:25 PM, Michael Butash<
>>> <mailto:michael@butash.net>> wrote:
>>>
>>>      There was some idle chat here prior about Stuxnet and how it
>>>      almost single-handed stopped or at least delayed Iran's Nuclear
>>>      aspirations, and I'd commented on how there was a variant called
>>>      Duqu that was running rampant in our SCADA systems that run
>>>      municipal water.

>>>
>>>      Seems our environmentals that run cities have and are being
>>>      exploited more frequently with more disclosures in the past few
>>>      days of incidents in Springfield Illinois and Houston Texas.  Not
>>>      only do I guarantee security on these systems and networks not up
>>>      to par, their embedded and obscure nature means they probably
>>>      aren't even regularly patched to take advantage.  In the
>>>      Springfield incident they actually caused damage to a critical
>>>      pump, and it's only going to continue to get worse as it's now
>>>      being talked about more mainstream and word spreads.

>>>
>>>      http://www.theregister.co.uk/2011/11/17/water_utility_hacked/

>>>
>>>      http://www.theregister.co.uk/2011/11/18/second_water_utility_hack/

>>>
>>>      I know I sleep better at night knowing all this software runs on
>>>      old windoze systems!  Even better is how they're talking about in
>>>      here how they are often now internet connected systems so they can
>>>      be managed remotely to save costs (i.e. outsource it).  Maybe
>>>      letting the Chinese government run our city water systems isn't
>>>      quite what they had in mind, but anything to save a buck in these
>>>      trying times I suppose...

>>>
>>>      -mb

>>>
>>>
>>> chortle! snort!
>>> --
>>> (602) 791-8002 Android
>>> (623) 239-3392 Skype
>>> (623) 688-3392 Google Voice
>>> **
>>> HomeSmartInternational.com
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list -
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
> ---------------------------------------------------
> PLUG-discuss mailing list -
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>

---------------------------------------------------
PLUG-discuss mailing list -
To subscribe, unsubscribe, or to change your mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss