Warning

 

Close

Confirm Action

Are you sure you wish to do this?

Confirm Cancel
Member Login

Posted: 11/18/2011 9:29:47 PM EDT
[Last Edit: 11/18/2011 9:34:49 PM EDT by Mic68]
http://www.breitbart.com/article.php?id=CNG.bb560ae65a071dc80a1c88fdc371ec35.d51&show_article=1

A cyber strike launched from outside the United States hit a public water system in the Midwestern state of Illinois, an infrastructure control systems expert said on Friday.
"This is arguably the first case where we have had a hack of critical infrastructure from outside the United States that caused damage," Applied Control Solutions managing partner Joseph Weiss told AFP.

"That is what is so big about this," he continued. "They could have done anything because they had access to the master station."

Nothing to see here, just move along...hey American idol is on

Link Posted: 11/18/2011 9:59:44 PM EDT
Wait ´till they sabotage the Aqueduct water lifts that supply to LA.
Link Posted: 11/18/2011 10:10:25 PM EDT

Originally Posted By AR15Texan:
Wait ´till they sabotage the Aqueduct water lifts that supply to LA.

And New York.
Link Posted: 11/18/2011 10:18:27 PM EDT
Originally Posted By AR15Texan:
Wait ´till they sabotage the Aqueduct water lifts that supply to LA.


So your saying we should encourage them?

I kid. Some crazy times ahead when one man in a dark room can kill thousands with a key stroke......
Link Posted: 11/18/2011 11:43:57 PM EDT
The attack was reportedly traced to a computer in Russia and took advantage of account passwords stolen during a hack of a US company that makes Supervisory Control and Data Acquisition (SCADA) software.


Funny - I don't recall seeing any news stores about that company being fined millions of dollars, or its executives being hauled before congress to explain why they didn't take security seriously. Must of had an Obama campaign contribution bundler on the board of directors...
Link Posted: 11/18/2011 11:57:54 PM EDT
"Not Terrorism"
Link Posted: 11/19/2011 3:17:39 AM EDT
Is an internet connection vital to the proper operation of the facility or others like it?

Seems like a simple fix from my perspective. No internet = no foreign script kiddies screwing up your day.
Link Posted: 11/19/2011 4:02:06 AM EDT
Originally Posted By Skibane:
The attack was reportedly traced to a computer in Russia and took advantage of account passwords stolen during a hack of a US company that makes Supervisory Control and Data Acquisition (SCADA) software.


Funny - I don't recall seeing any news stores about that company being fined millions of dollars, or its executives being hauled before congress to explain why they didn't take security seriously. Must of had an Obama campaign contribution bundler on the board of directors...


Isn't that the truth. Had it been an electric utility you would have heard about it.

Unfortunately this is starting to get easier for hackers versus what they did with Iran.

Wonder who the manufacturer of the SCADA system was? The manufacturers need to step up to help those that bought their systems.
Link Posted: 11/19/2011 4:25:54 AM EDT

Originally Posted By biglou250:
Is an internet connection vital to the proper operation of the facility or others like it?

Seems like a simple fix from my perspective. No internet = no foreign script kiddies screwing up your day.

I don't know anything about this place, but a lot of times it is. Well, depending on your definition of the word "vital" anyway

Because the internet is in so many places, it has displaced private circuits in a lot of cases due to cost. For a $50/month DSL connection and a <$1000 tunnelling router, a company can have a "private" connection to a remote facility. 10 years ago, they'd have paid $1K/mo for a fractional T1 private leased line.
Link Posted: 11/19/2011 5:53:27 AM EDT
Well, let's talk about a "prepper's response". While I have water stored, we're on municipal water for daily use and, if they weren't even aware they were hacked until pumps started turning on and off, could that allow contaminated/untreated water to hit the taps? Would a standard commercial brand home filter like a Brita provide adequate protection from viral or bacterial contamination? Is there a way to real-time check the levels of contaminants at the tap (or the main into the house)? I can't exactly Big Berkey every drop we drink, wash dishes in and bathe with....
Link Posted: 11/19/2011 7:54:33 AM EDT
[Last Edit: 11/19/2011 7:57:09 AM EDT by ilbob]
I program these kind of things for a living. I can tell you with some certainty that most places it is not real easy to do this kind of thing. You almost have to go to some effort to make it possible.

The description of what actually happened is so vague that it is impossible to even make an intelligent speculation about it.

One of the more disturbing things that goes on these days is that a fair amount of programming is being done in China, India, and even Russia. There is no way to validate the security measures in most cases when someone half way across the world has to have access to it. And many times people have so many passwords that they can't remember them so they create text files or spreadsheets with the lists of passwords in them, and often these files are stored on networks and computers that are not secure at all.

It is also common for user names and passwords to be the same for the same person on multiple networks and locations to make it easier.

Another issue is that it is quite common for people to share user accounts and passwords because it is so inconvenient to have unique user accounts and passwords for every user, especially when you have remote users in India that you don't even know are programming your system.

Some of these security issues just do not have very good answers to them.
Link Posted: 11/19/2011 2:52:00 PM EDT
Originally Posted By HomeSlice:

Originally Posted By biglou250:
Is an internet connection vital to the proper operation of the facility or others like it?

Seems like a simple fix from my perspective. No internet = no foreign script kiddies screwing up your day.

I don't know anything about this place, but a lot of times it is. Well, depending on your definition of the word "vital" anyway

Because the internet is in so many places, it has displaced private circuits in a lot of cases due to cost. For a $50/month DSL connection and a <$1000 tunnelling router, a company can have a "private" connection to a remote facility. 10 years ago, they'd have paid $1K/mo for a fractional T1 private leased line.


A lot of companies are moving data storage and other applications to "cloud" or "systems as a service" vendors requiring the use of the internet. I would think, however, that it would be obvious that the digital controls for a water station should need to be isolated from external access. I would certainly hope that these systems aren't being monitored and controlled from someone working from home.

I'm not really up to date on IT (I don't even own a cell phone), but this seems obvious as the way it "should" be. It seems like the vulnerability of our infrastructure is appalling these days.
Link Posted: 11/19/2011 3:30:29 PM EDT
Hell, I'm getting so paranoid about the Chinese nowadays, I automatically thought it would be them making it look like it was someone else.
Link Posted: 11/19/2011 4:38:20 PM EDT
Originally Posted By biglou250:
Is an internet connection vital to the proper operation of the facility or others like it?

Seems like a simple fix from my perspective. No internet = no foreign script kiddies screwing up your day.


The Iranians subscribed to that philosophy - before Stuxnet...
Link Posted: 11/19/2011 5:12:15 PM EDT
Almost nobody is stupid enough to put SCADA boxes on the internet. What happens is the home office is on the internet for email, EDI for purchasing, web access, electronic payroll, etc Then the engineers want real time access to data to do their jobs, support the techs, etc. Then some guy in the plant figures out he can surt the web from the SCADA collector PC that feeds the engineers by install IE and typing in the proxy server. Now you have two possable compimises.

I deal with this at work where we have the internet (with proxy servers and public facing websites), an admin network, and a mission critical network. We really restrict what data can flow from one network to another. We have maybe 100-200 guys who are devoted full time to "electronic" security.

Even so, we had one compromise where an employee hooked a internet connection to a mission critical PC and it was hacked, and quickly detected. One issue is that you can't be too quick to contain something that looks suspicious on a critical network.
Top Top