God made the food, but the devil made the cooks - Anon
|
|
|
Hackers could hit power plants through Siemens vulnerabilites
INDUSTRIAL OPERATIONS such as power plants or oil refineries might be sabotaged by vulnerabilities in Siemens programmable logic controllers (PLCs), devices previously targeted by the Stuxnet worm in Iran.
In a report by the Associated Press, NSS Lab researchers claimed they had found multiple vulnerabilities in Siemens PLCs, which are used in industrial facilities and factories to control machinery, valves, pumps and other general purpose systems. These flaws could be used by hackers to cause serious damage to technological infrastructure.
NSS chief executive Rick Moy said, "This is a global problem. There are no fixes to this right now." He continued, "Bad guys would be able to cause real environmental and physical problems and possibly loss of life."
Siemens PLC devices were targeted by the Stuxnet worm, malware designed to reprogram them after using Windows PCs and USB sticks to propagate. Believed by some to be state-sponsored malware, Stuxnet was thought to have caused major damage to Iran's nuclear fuel refining efforts.
But while Stuxnet hit the operating system software, Moy claimed that PLCs might be reprogrammed directly if reached on the network.
NSS Labs' claims also back up a contention by F-Secure chief security researcher Mikko Hypponen that terrorists could use modified versions of Stuxnet for the their own ends, using vulnerabilities in PLCs to attack critical infrastructure such as power plants. µ
Tags: Security
Share this:
Share
These people forget that Stuxnet's sophistication lies in its ability to stay under the radar until it encountered the exact hardware configuration it wished to affect. In effect, Stuxnet was a deep cover spy ready to attack only the high valued target. In this case, the high-valued targets were Pakistani-designed centrifuges, copies of which the attacking party acquired in order to study.
So unless these purported black hat, Stuxnet-modifying hackers also have access to the intricate details of nuclear power plants, reprocessing facilities, etc. these Stuxnet variants will be nothing more than a relatively well-designed trojans--others of which already exist in the wild. Therefore, the existence of Stuxnet provides no greater danger to infrastructure targets than without it.
Many of us have long argued that it does not take the clandestine services of nation states to wreak industrial infrastructure destruction via SCADA/PLC vulnerabilities. Back in 2003, I designed a Stuxnet-style attack on the U.S. power infrastructure that became the basis for the Lior Samson thriller Web Games (Gesher Press, 2010). A dedicated group of smart hackers did the deed in Web Games and a similar cabal could do the same in the real world. Stuxnet is a public proof of concept and a template for variations, as I argued at InformIT and in Cutter IT Journal. It's time to get serious, people.
There is a really simple solution to this issue. Don't connect the systems to the internet / public network at all at any stage.
The same goes for our military bods that want to spend billions on firewalls to protect stuff when by far the simplest option is unplug the cable from the public.
If they really must have internet at these institutions they can still have it just keep them separate from the control systems and that includes using usb sticks in between
whats better than tuning off the power of someone harassing you, especially those -i think i am the best- script ciddys.
i think they will shit themselves if they receive a message with the text bye bye and 2 secs later the power is tuned off