[146823] in North American Network Operators' Group
Re: First real-world SCADA attack in US
daemon@ATHENA.MIT.EDU (Michael Painter)
Tue Nov 22 18:11:31 2011
From: "Michael Painter" <tvhawaii@shaka.com>
To: <nanog@nanog.org>
Date: Tue, 22 Nov 2011 13:10:38 -1000
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
Steven Bellovin wrote:
> On Nov 21, 2011, at 4:30 PM, Mark Radabaugh wrote:
>>>
>>>
>> Probably nowhere near that sophisticated. More like somebody owned the PC running Windows 98 being used as an
>> operator
>> interface to the control system. Then they started poking buttons on the pretty screen.
>>
>> Somewhere there is a terrified 12 year old.
>>
>> Please don't think I am saying infrastructure security should not be improved - it really does need help. But I
>> really doubt
>> this was anything truly interesting.
>
>
> That's precisely the problem: it does appear to have been an easy attack.
> (My thoughts are at https://www.cs.columbia.edu/~smb/blog/2011-11/2011-11-18.html)
>
> --Steve Bellovin, https://www.cs.columbia.edu/~smb
Umm hmm. And here's another one poking around:
http://pastebin.com/Wx90LLum
"I'm not going to expose the details of the box. No damage was done to any of the machinery; I don't really like mindless
vandalism. It's stupid and silly.
On the other hand, so is connecting interfaces to your SCADA machinery to the Internet. I wouldn't even call this a hack,
either, just to say.
This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic."
--Michael
