SCADA/Municipal water system attacks
Michael Butash
michael at butash.net
Mon Nov 21 00:33:40 MST 2011
Hah.
"Hacker Says Texas Town Used Three Character Password To Secure Internet
Facing SCADA System"
http://threatpost.com/en_us/blogs/hacker-says-texas-town-used-three-character-password-secure-internet-facing-scada-system-11201
Good enough for government.
-mb
On 11/20/2011 03:27 PM, Sam Kreimeyer wrote:
> I think that most operators generally take whatever data SCADA spits
> out at face value. After all, how would they recognize what dangerous
> behavior looks like if they don't understand how these systems work
> anyway? Let the IT guy figure it out.
>
> I think we are witnessing the nascence of an appreciation for just how
> devastating a vulnerability to industrial control mechanisms can be.
> The security of these systems has long relied on their own obscurity
> and the hope that nobody will be particularly inclined to cause havoc
> with no *obvious* potential for profit. That's why they have that
> expensive firewall, right?
>
> On 11/20/11, Derek Trotter<expat.arizonan at gmail.com> wrote:
>> Same here. When I first heard of this, I said to myself: "Bet these
>> systems run on windows."
>>
>> On 11/20/2011 14:00, Lisa Kachold wrote:
>>>
>>>
>>> On Sat, Nov 19, 2011 at 11:25 PM, Michael Butash<michael at butash.net
>>> <mailto:michael at butash.net>> wrote:
>>>
>>> There was some idle chat here prior about Stuxnet and how it
>>> almost single-handed stopped or at least delayed Iran's Nuclear
>>> aspirations, and I'd commented on how there was a variant called
>>> Duqu that was running rampant in our SCADA systems that run
>>> municipal water.
>>>
>>> Seems our environmentals that run cities have and are being
>>> exploited more frequently with more disclosures in the past few
>>> days of incidents in Springfield Illinois and Houston Texas. Not
>>> only do I guarantee security on these systems and networks not up
>>> to par, their embedded and obscure nature means they probably
>>> aren't even regularly patched to take advantage. In the
>>> Springfield incident they actually caused damage to a critical
>>> pump, and it's only going to continue to get worse as it's now
>>> being talked about more mainstream and word spreads.
>>>
>>> http://www.theregister.co.uk/2011/11/17/water_utility_hacked/
>>>
>>> http://www.theregister.co.uk/2011/11/18/second_water_utility_hack/
>>>
>>> I know I sleep better at night knowing all this software runs on
>>> old windoze systems! Even better is how they're talking about in
>>> here how they are often now internet connected systems so they can
>>> be managed remotely to save costs (i.e. outsource it). Maybe
>>> letting the Chinese government run our city water systems isn't
>>> quite what they had in mind, but anything to save a buck in these
>>> trying times I suppose...
>>>
>>> -mb
>>>
>>>
>>> chortle! snort!
>>> --
>>> (602) 791-8002 Android
>>> (623) 239-3392 Skype
>>> (623) 688-3392 Google Voice
>>> **
>>> HomeSmartInternational.com
>>>
>>>
>>>
>>>
>>>
>>>
>>>
>>> ---------------------------------------------------
>>> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
>>> To subscribe, unsubscribe, or to change your mail settings:
>>> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>>
> ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss at lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change your mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
>
>
More information about the PLUG-discuss
mailing list