[146828] in North American Network Operators' Group
Re: First real-world SCADA attack in US
daemon@ATHENA.MIT.EDU (Valdis.Kletnieks@vt.edu)
Tue Nov 22 19:53:46 2011
To: Michael Painter <tvhawaii@shaka.com>
In-Reply-To: Your message of "Tue, 22 Nov 2011 13:32:23 -1000."
<9EB4F7637A0B42179D72B136488FC1DD@owner59e1f1502>
From: Valdis.Kletnieks@vt.edu
Date: Tue, 22 Nov 2011 19:51:59 -0500
Cc: nanog@nanog.org
Errors-To: nanog-bounces+nanog.discuss=bloom-picayune.mit.edu@nanog.org
--==_Exmh_1322009519_2849P
Content-Type: text/plain; charset=us-ascii
On Tue, 22 Nov 2011 13:32:23 -1000, Michael Painter said:
> > http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html
> And "In addition, DHS and FBI have concluded that there was no malicious traffic from Russia or any foreign entities, as
> previously reported."
It's interesting to read the rest of the text while doing some deconstruction:
"There is no evidence to support claims made in the initial Fusion Center
report ... that any credentials were stolen, or that the vendor was involved
in any malicious activity that led to a pump failure at the water plant."
Notice that they're carefully framing it as "no evidence that credentials were
stolen" - while carefully tap-dancing around the fact that you don't need to
steal credentials in order to totally pwn a box via an SQL injection or a PHP
security issue, or to log into a box that's still got the vendor-default
userid/passwords on them. You don't need to steal the admin password
if Google tells you the default login is "admin/admin" ;)
"No evidence that the vendor was involved" - *HAH*. When is the vendor *EVER*
involved? The RSA-related hacks of RSA's customers are conspicuous by their
uniqueness.
And I've probably missed a few weasel words in there...
--==_Exmh_1322009519_2849P
Content-Type: application/pgp-signature
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Exmh version 2.5 07/13/2001
iD8DBQFOzEOvcC3lWbTT17ARApY0AJwKaPjr8mxm4MUFJF380QxdVOxwGACfZSbr
Z/h/NsQ5N6X/t1nk7ageQHE=
=0XRz
-----END PGP SIGNATURE-----
--==_Exmh_1322009519_2849P--
