Hackers 'hit' US water treatment systems

I'm quite sure in this case that it wasn't the SCADA package itself that was compromised. More likely the WinXP system it was running on.

Most of us know the dangers and therefor design the networks so the exposure to outside networks is minimal and heavily protected. If you create a system on the same network as the common desktop, you're asking for trouble.
The only reason we haven't seen many of these things yet, is cause the hackers didn't know of them. All of that changed with Stuxnet.
 
Thanks for pointing this out.

I always need more ammo trying to fight for better security of our system. I had less than two pages (out of 70) dedicated to security in my latest design and at a review was told I was being paranoid.

Just because I'm paranoid, doesn't mean they're not out to get me.

Besides, most of the security measures I want to implement also help protect against inadvertent changes to the system from within the facility.
 
"This was barely a hack. A child who knows how the HMI that comes with Simatic works could have accomplished this," he said. "I'm sorry this ain't a tale of advanced persistent threats and stuff, but frankly most compromises I've seen have been have been a result of gross stupidity, not incredible technical skill on the part of the attacker. Sorry to disappoint."
Now children, if you are putting a SCADA or HMI on the 'net DO NOT use default logon credentials, not too hard really.
 
There is a curious thought
with over 4 billion IP addresses what is the chance of finding that one.
Someone knew something somehow
 
There is a curious thought
with over 4 billion IP addresses what is the chance of finding that one.
Someone knew something somehow
That is where a "bot" comes in. A good one can fly across the 'net sending specific info back to a host. It could be looking at every IP and certain list of ports with a parameter such as something specific to a certain type of SCADA package. The bot would then report the IP and port back to its host. Not too difficult for a knowledgeable programmer on a mission of mischief. This type of sniffing can even be done from a static location with a simple script.
 
received an advisory from security firm that the break in that damaged the pump is likely a hoax. no evidence of external break in was found. claim was a russian but the FBI found no evidence to support that.

The one where the images were captured was just DUMB. an exposed SCADA segment?? they were begging for it.
 
That is where a "bot" comes in. A good one can fly across the 'net sending specific info back to a host. It could be looking at every IP and certain list of ports with a parameter such as something specific to a certain type of SCADA package. The bot would then report the IP and port back to its host. Not too difficult for a knowledgeable programmer on a mission of mischief. This type of sniffing can even be done from a static location with a simple script.

I agree 100% and easy for a hacker to do.

Now children, if you are putting a SCADA or HMI on the 'net DO NOT use default logon credentials, not too hard really.
I don't see a reason why someone or company would put it on the net. Where I work our SCADA is not the net that normal folks would think of. Uncle Sam uses secured networks this type of thing.
 
I can't see this being a 'targetted' attack as there wasn't any serious mayhem caused. This is probably either a mistake by one of their employees and they are blaming it on 'hacking'. OR, as has been pointed out, they have just got a system using default passwords and someone has 'sniffed' their way to find the system and mess around with it.

I don't think it's anything more sinister than that but it does prove the old adage that a system is only as secure as its operators/programmers ....
 
It is becoming increasingly common to require access as a business requirement. Even "isolated/air gapped" networks can be hit (Stuxnet). The key is design/operate with security in mind as appropriate for your process. I comment a bit on this on my 2 most recent blog posts here and here if you're interested in my opinion and recommendations.

I agree 100% and easy for a hacker to do.


I don't see a reason why someone or company would put it on the net. Where I work our SCADA is not the net that normal folks would think of. Uncle Sam uses secured networks this type of thing.
 
Does anyone have any evidence/articles about a Rockwell system being compromised/attakhed? Presumably Rockwell systems are also used on some critical installations likely to be targetted?

Nick
 
Last edited:
Not that I'm explicitly aware of, but it's something that every vendor will have to address. Some obvious vulnerabilities come to mind with Rockwell without even doing any research. Luckily these primarily apply to legacy systems.

Does anyone have any evidence/articles about a Rockwell system being compromised/attakhed? Presumably Rockwell systems are also used on some critical installations likely to be targetted?

Nick
 
That story out of Illinois smelled fishy from the beginning. I mean, who cycles a pump to failure as a form of "attack" ? Don't pumps sometimes fail anyhow ? And why is the person flogging this story to the press a security consultant ?

As an update: yes, there was a log-in to the system from Russia. By a water district employee on personal vacation, in Russia. And that pump ? Been having problems with it for months.

http://www.washingtonpost.com/world...ck-after-all/2011/11/25/gIQACgTewN_story.html
 

Similar Topics

Headline: "Hackers halt plant operations in 'watershed' cyberattack" ...
Replies
15
Views
5,581
Last Wednesday night I watched Omni on PBS. It was a special about how hackers are now (or have been) hacking into networks and taking control of...
Replies
16
Views
5,966
We are installing a PLC that is in gray area between commissioned and actively running. We have 2 log ins on the HMI, my log in and the client's...
Replies
3
Views
628
I installed braking resistors on 15 identical drives over the last few weekends. After enabling them on one line using CCW, they worked fine. On...
Replies
6
Views
3,160
"Failed to create module" Error when I hit "New Module" in Compactlogix L330ER Hi PLCs.net! I have the following error pop up on screen: Does...
Replies
2
Views
2,002
Back
Top Bottom