Hacker demonstrates vulnerability of public utility networks

M

MSTeacher

Member
Jun 19, 2010
2,076
73
48
Pretty sketchy. This just happened a couple days ago too, a hack took out a water pump: Illinois Water Utility Pump Destroyed After Hack | News & Opinion | PCMag.com

There's been a lot of flap about the potential for this kind of thing to happen. He makes it sound like it's not too hard.

Second water utility reportedly hit by hack attack ? The Register

loldhs pr0f - Pastebin.com

So, early this morning I was linked to an article about SCADA pumps from someone in IRC.
This article was located here:

Water utility hackers destroy pump, expert says ? The Register

My eyes were drawn, nary, pulled, to a particular quote.
'In an email sent several hours after this article was first published, DHS spokesman Peter Boogaard wrote: "DHS and the FBI are gathering facts surrounding the report of a water pump failure in Springfield Illinois. At this time there is no credible corroborated data that indicates a risk to critical infrastructure entities or a threat to public safety."'

This was stupid. You know. Insanely stupid. I dislike, immensely, how the DHS tend to downplay how absolutely FUCKED the state of national infrastructure is.
I've also seen various people doubt the possibility an attack like this could be done.

So, y'know.
The city of South Houston has a really insecure system. Wanna see? I know ya do.
http://i41.tinypic.com/ip0aa0.png
http://i42.tinypic.com/eun021.png
http://i42.tinypic.com/1znptuu.png
http://i41.tinypic.com/2m6o0au.png
http://i40.tinypic.com/k386ep.png

These are also archived here:
HMI.zip

I'm not going to expose the details of the box. No damage was done to any of the machinery; I don't really like mindless vandalism. It's stupid and silly.
On the other hand, so is connecting interfaces to your SCADA machinery to the Internet. I wouldn't even call this a hack, either, just to say. This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic.

Greetz to a select group of big heckers. You know who you are.

pr0f_srs@ue.co.ro.
My public key is located here pastebin.com/fAa4uZDx and somewhere on pastebay. Useitfgts.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)

iQEcBAEBAgAGBQJOxlzeAAoJEFI8uH13Tfpa5P8H/Rdp8MqVbqgaLZuW2lWOjRjo
A7lp47L7C2beyWEXr3CS7Do99BWjJg5Ybh1dd/ahXbIM0bzSxwJwZzJqDPFsu7Ma
N4JgzgD3pOh9BUEDar5C6X4iKeHek0y7gPSy2fublOgrO3UICiy1PEElXOLXzh9X
XyLYwykaE/9yeKuYBH/MyAjAP/sDChp7bxZP6oP/4J3CVii9NXxLtnDWW5Rer9Hr
mzLcDiLirXieAw6CGwAa1l9sGqASO2GH3iXLRMBw87suKprUy+moO++AnW7seB0H
UiU+72leI9KARru3KCxeuReAW5Xo1UgHESeGgXpgSCzsbC3mvBNk7Z3yZTtjV5s=
=wjgE
-----END PGP SIGNATURE-----
Click to expand...
 


A lot of the public utilities come up with 'plans' to prevent scenarios like this, but it is just like what happened with the oil well a couple years ago- they had 'plans' also, but when the pipe blew up, no one really knew how to handle it.

Unfortunately, very few organizations will put in the time and money needed to secure themselves properly until something bad happens and they are forced to.
 
What the fuck all these "Critical Infrastructure Protection" researchers are doing?
 
You must log in or register to reply here.
Top Bottom