You are not registered yet. Please click here to register!


 
 
plc storereviewsdownloads
This board is for PLC Related Q&A ONLY. Please DON'T use it for advertising, etc.
 
Try our online PLC Simulator- FREE.  Click here now to try it.

---------->>>>>Get FREE PLC Programming Tips

New Here? Please read this important info!!!


Go Back   PLCS.net - Interactive Q & A > PLCS.net - Interactive Q & A > LIVE PLC Questions And Answers

PLC training tools sale

Reply
 
Thread Tools Display Modes
Old November 21st, 2011, 08:06 AM   #1
Oceansoul
Member
United Kingdom

Oceansoul is offline
 
Join Date: Apr 2010
Location: England
Posts: 255
Hackers 'hit' US water treatment systems

http://www.bbc.co.uk/news/technology-15817335

Dont know if anyone has read/heard about this?! Intresting that more and more large scale SCADA systems are being targeted nowadays.

Anyone from the affected area?
  Reply With Quote
Old November 21st, 2011, 08:52 AM   #2
Jeebs
Member
Belgium

Jeebs is offline
 
Join Date: Feb 2007
Location: Leuven
Posts: 990
I'm quite sure in this case that it wasn't the SCADA package itself that was compromised. More likely the WinXP system it was running on.

Most of us know the dangers and therefor design the networks so the exposure to outside networks is minimal and heavily protected. If you create a system on the same network as the common desktop, you're asking for trouble.
The only reason we haven't seen many of these things yet, is cause the hackers didn't know of them. All of that changed with Stuxnet.
  Reply With Quote
Old November 21st, 2011, 11:43 PM   #3
surferb
Lifetime Supporting Member
United States

surferb is offline
 
surferb's Avatar
 
Join Date: Jun 2007
Location: Tacoma, WA
Posts: 1,743
Lots of info:

http://news.cnet.com/8301-1009_3-573...ked-last-week/
http://scadahacker.blogspot.com/2011...ttack-two.html
http://www.tofinosecurity.com/blog/s...ater-utilities
__________________
Nathan Boeger, CISSP-ISSAP, CCVP/CCNA, MCSE, VCP
"Design Simplicity Cures Engineered Complexity"
Sierra Nevada Brewery MES/ERP case study - 5 minute video, My comments
Comment on Not another industrial software Blog
Ignition by Inductive Automation, rethinking SCADA for modern manufacturing 2 minute video
  Reply With Quote
Old November 22nd, 2011, 10:39 AM   #4
Timbert
Member
United States

Timbert is offline
 
Timbert's Avatar
 
Join Date: May 2011
Location: The middle of the Pacific Ocean
Posts: 303
Thanks for pointing this out.

I always need more ammo trying to fight for better security of our system. I had less than two pages (out of 70) dedicated to security in my latest design and at a review was told I was being paranoid.

Just because I'm paranoid, doesn't mean they're not out to get me.

Besides, most of the security measures I want to implement also help protect against inadvertent changes to the system from within the facility.
__________________
An expert is a man who has made all the mistakes which can be made in a very narrow field. --Niels Bohr as quoted by Edward Teller
  Reply With Quote
Old November 22nd, 2011, 03:17 PM   #5
RussB
Lifetime Supporting Member
United States

RussB is offline
 
RussB's Avatar
 
Join Date: Oct 2003
Location: Michigan
Posts: 2,780
Quote:
"This was barely a hack. A child who knows how the HMI that comes with Simatic works could have accomplished this," he said. "I'm sorry this ain't a tale of advanced persistent threats and stuff, but frankly most compromises I've seen have been have been a result of gross stupidity, not incredible technical skill on the part of the attacker. Sorry to disappoint."
Now children, if you are putting a SCADA or HMI on the 'net DO NOT use default logon credentials, not too hard really.
__________________
LEARN something today so you can TEACH something tomorrow.
DETAIL in your question promotes DETAIL in my answer.
Dominus Vobiscum <))>(
"Where is the wisdom that we have lost in knowledge?" T.S. Elliot


  Reply With Quote
Old November 22nd, 2011, 08:11 PM   #6
iant
Lifetime Supporting Member + Moderator
Australia

iant is offline
 
iant's Avatar
 
Join Date: May 2002
Location: Melbourne
Posts: 3,637
There is a curious thought
with over 4 billion IP addresses what is the chance of finding that one.
Someone knew something somehow
__________________

Give all the answers
- People seldom learn.

Guide People to the posibilities
- Their Answers will come easily.
- Their Knowledge will grow.

They will then teach others

Regards
Ian Trost
  Reply With Quote
Old November 22nd, 2011, 09:29 PM   #7
RussB
Lifetime Supporting Member
United States

RussB is offline
 
RussB's Avatar
 
Join Date: Oct 2003
Location: Michigan
Posts: 2,780
Quote:
Originally Posted by iant View Post
There is a curious thought
with over 4 billion IP addresses what is the chance of finding that one.
Someone knew something somehow
That is where a "bot" comes in. A good one can fly across the 'net sending specific info back to a host. It could be looking at every IP and certain list of ports with a parameter such as something specific to a certain type of SCADA package. The bot would then report the IP and port back to its host. Not too difficult for a knowledgeable programmer on a mission of mischief. This type of sniffing can even be done from a static location with a simple script.
__________________
LEARN something today so you can TEACH something tomorrow.
DETAIL in your question promotes DETAIL in my answer.
Dominus Vobiscum <))>(
"Where is the wisdom that we have lost in knowledge?" T.S. Elliot


  Reply With Quote
Old November 22nd, 2011, 10:00 PM   #8
TheWaterboy
Lifetime Supporting Member + Moderator
United States

TheWaterboy is offline
 
TheWaterboy's Avatar
 
Join Date: May 2006
Location: State of Denial
Posts: 631
received an advisory from security firm that the break in that damaged the pump is likely a hoax. no evidence of external break in was found. claim was a russian but the FBI found no evidence to support that.

The one where the images were captured was just DUMB. an exposed SCADA segment?? they were begging for it.
  Reply With Quote
Old November 23rd, 2011, 04:20 AM   #9
Plcwill
Member
United States

Plcwill is offline
 
Join Date: Sep 2011
Location: maryland
Posts: 53
Quote:
Originally Posted by RussB View Post
That is where a "bot" comes in. A good one can fly across the 'net sending specific info back to a host. It could be looking at every IP and certain list of ports with a parameter such as something specific to a certain type of SCADA package. The bot would then report the IP and port back to its host. Not too difficult for a knowledgeable programmer on a mission of mischief. This type of sniffing can even be done from a static location with a simple script.
I agree 100% and easy for a hacker to do.

Quote:
Originally Posted by RussB View Post
Now children, if you are putting a SCADA or HMI on the 'net DO NOT use default logon credentials, not too hard really.
I don't see a reason why someone or company would put it on the net. Where I work our SCADA is not the net that normal folks would think of. Uncle Sam uses secured networks this type of thing.
__________________
William Stefan
  Reply With Quote
Old November 23rd, 2011, 04:38 AM   #10
uptown47
Lifetime Supporting Member
United Kingdom

uptown47 is offline
 
Join Date: Feb 2008
Location: Over there, next to those boxes
Posts: 1,098
I can't see this being a 'targetted' attack as there wasn't any serious mayhem caused. This is probably either a mistake by one of their employees and they are blaming it on 'hacking'. OR, as has been pointed out, they have just got a system using default passwords and someone has 'sniffed' their way to find the system and mess around with it.

I don't think it's anything more sinister than that but it does prove the old adage that a system is only as secure as its operators/programmers ....
  Reply With Quote
Old November 23rd, 2011, 07:37 AM   #11
surferb
Lifetime Supporting Member
United States

surferb is offline
 
surferb's Avatar
 
Join Date: Jun 2007
Location: Tacoma, WA
Posts: 1,743
It is becoming increasingly common to require access as a business requirement. Even "isolated/air gapped" networks can be hit (Stuxnet). The key is design/operate with security in mind as appropriate for your process. I comment a bit on this on my 2 most recent blog posts here and here if you're interested in my opinion and recommendations.

Quote:
Originally Posted by Plcwill View Post
I agree 100% and easy for a hacker to do.


I don't see a reason why someone or company would put it on the net. Where I work our SCADA is not the net that normal folks would think of. Uncle Sam uses secured networks this type of thing.
__________________
Nathan Boeger, CISSP-ISSAP, CCVP/CCNA, MCSE, VCP
"Design Simplicity Cures Engineered Complexity"
Sierra Nevada Brewery MES/ERP case study - 5 minute video, My comments
Comment on Not another industrial software Blog
Ignition by Inductive Automation, rethinking SCADA for modern manufacturing 2 minute video
  Reply With Quote
Old November 23rd, 2011, 09:02 AM   #12
Manglemender
Member
United Kingdom

Manglemender is offline
 
Join Date: Jul 2007
Location: Lancashire
Posts: 1,056
Does anyone have any evidence/articles about a Rockwell system being compromised/attakhed? Presumably Rockwell systems are also used on some critical installations likely to be targetted?

Nick

Last edited by Manglemender; November 23rd, 2011 at 09:02 AM. Reason: Spelling
  Reply With Quote
Old November 23rd, 2011, 12:11 PM   #13
surferb
Lifetime Supporting Member
United States

surferb is offline
 
surferb's Avatar
 
Join Date: Jun 2007
Location: Tacoma, WA
Posts: 1,743
Not that I'm explicitly aware of, but it's something that every vendor will have to address. Some obvious vulnerabilities come to mind with Rockwell without even doing any research. Luckily these primarily apply to legacy systems.

Quote:
Originally Posted by Manglemender View Post
Does anyone have any evidence/articles about a Rockwell system being compromised/attakhed? Presumably Rockwell systems are also used on some critical installations likely to be targetted?

Nick
__________________
Nathan Boeger, CISSP-ISSAP, CCVP/CCNA, MCSE, VCP
"Design Simplicity Cures Engineered Complexity"
Sierra Nevada Brewery MES/ERP case study - 5 minute video, My comments
Comment on Not another industrial software Blog
Ignition by Inductive Automation, rethinking SCADA for modern manufacturing 2 minute video
  Reply With Quote
Old November 23rd, 2011, 02:24 PM   #14
TheWaterboy
Lifetime Supporting Member + Moderator
United States

TheWaterboy is offline
 
TheWaterboy's Avatar
 
Join Date: May 2006
Location: State of Denial
Posts: 631
The one that comes to my mind is using the backdoor to clear the processor. Thats available to anyone who can connect to it.
  Reply With Quote
Old November 25th, 2011, 11:10 PM   #15
Ken Roach
Lifetime Supporting Member + Moderator
United States

Ken Roach is offline
 
Ken Roach's Avatar
 
Join Date: Apr 2002
Location: Seattle, WA
Posts: 12,948
That story out of Illinois smelled fishy from the beginning. I mean, who cycles a pump to failure as a form of "attack" ? Don't pumps sometimes fail anyhow ? And why is the person flogging this story to the press a security consultant ?

As an update: yes, there was a log-in to the system from Russia. By a water district employee on personal vacation, in Russia. And that pump ? Been having problems with it for months.

http://www.washingtonpost.com/world/...ewN_story.html
  Reply With Quote
Reply
Jump to Live PLC Question and Answer Forum

Bookmarks


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Forum Jump

Similar Topics
Thread Thread Starter Forum Replies Last Post
OT: Residential Well Water Treatment OkiePC LIVE PLC Questions And Answers 46 November 27th, 2011 08:07 PM
Duty Standby Logic and controls for Chillers and Pumps. abdulsattarmd LIVE PLC Questions And Answers 7 September 12th, 2009 03:21 AM
Water treatment project - Advice needed sparko LIVE PLC Questions And Answers 8 May 19th, 2009 02:15 PM
Hot Water Generation Michael Bell LIVE PLC Questions And Answers 16 March 12th, 2007 07:24 PM
Analog Output follow up BoxerBrats LIVE PLC Questions And Answers 33 March 21st, 2005 11:00 PM


All times are GMT -5. The time now is 12:22 PM.


.