A Cyberattack Has Caused Confirmed Physical Damage for the Second Time Ever
Source: Wired
Amid all the noise the Sony hack generated over the holidays, a far more troubling cyber attack was largely lost in the chaos. Unless you follow security news closely, you likely missed it.
Im referring to the revelation, in a German report released just before Christmas (.pdf), that hackers had struck an unnamed steel mill in Germany. They did so by manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down, resulting in massivethough unspecifieddamage.
This is only the second confirmed case in which a wholly digital attack caused physical destruction of equipment. The first case, of course, was Stuxnet, the sophisticated digital weapon the U.S. and Israel launched against control systems in Iran in late 2007 or early 2008 to sabotage centrifuges at a uranium enrichment plant. That attack was discovered in 2010, and since then experts have warned that it was only a matter of time before other destructive attacks would occur. Industrial control systems have been found to be rife with vulnerabilities, though they manage critical systems in the electric grid, in water treatment plants and chemical facilities and even in hospitals and financial networks. A destructive attack on systems like these could cause even more harm than at a steel plant.
Its not clear when the attack in Germany took place. The report, issued by Germanys Federal Office for Information Security (or BSI), indicates the attackers gained access to the steel mill through the plants business network, then successively worked their way into production networks to access systems controlling plant equipment. The attackers infiltrated the corporate network using a spear-phishing attacksending targeted email that appears to come from a trusted source in order to trick the recipient into opening a malicious attachment or visiting a malicious web site where malware is downloaded to their computer. Once the attackers got a foothold on one system, they were able to explore the companys networks, eventually compromising a multitude of systems, including industrial components on the production network.
<snip>
Read more: http://www.wired.com/2015/01/german-steel-mill-hack-destruction/
nichomachus
(12,754 posts)Those that have been hacked -- and those that don't know they've been hacked.
That's according to cybersecurity experts.
bananas
(27,509 posts)This is a disaster waiting to happen.
<snip>
As part of its overall refurbishment program, Duke completed the installation of Areva's digital safety-related Reactor Protection System and Engineered Safety Protection System for Oconee's Unit 1 in June 2011. Duke subsequently completed installation of this technology in Unit 3 in 2012 and will complete installation in Unit 2 in 2013.
A Successful Installation
As an integral part of overall plant operations, upgrading to a digital I&C system is a significant undertaking for plant modernization projects, as well as new plant construction. As the first digital I&C project to receive approval from the NRC, the project at Oconee focused on the changing regulatory environment. Introducing a proven, global technology as a conceptual design in the U.S. market and translating it in clear requirements for a regulatory arena presented challenges. Although nonsafety-related digital control and monitoring systems have been installed in nuclear plants for years, the NRC needed to develop new guidance for safety-related digital systems because existing regulations did not address the new features and capabilities.
<snip>
bemildred
(90,061 posts)blackspade
(10,056 posts)bananas
(27,509 posts)Tandalayo_Scheisskopf Donating Member (1000+ posts) Send PM | Profile | Ignore Sun Aug-17-03 09:39 AM
Original message
An email from an AlphaGeek.
<snip>
" It is no secret that the blaster.worm attacked Windows NT varients. What is less known is that the blackout took place within a few short hours of the advertised activation time of the blaster.worm. What is even less known is that the control network for the power grid was run on primarily WindowsNT variants, with a few Linuces thrown in to the mix. Very few, indeed."
<snip>
bananas
(27,509 posts)htuttle Donating Member (1000+ posts) Send PM | Profile | Ignore Wed Aug-20-03 11:11 AM
Original message
Slammer worm crashed Ohio nuke plant network (FirstEnergy, Davis-Besse)
By Kevin Poulsen, SecurityFocus Aug 19 2003 2:45PM
The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours, despite a belief by plant personnel that the network was protected by a firewall, SecurityFocus has learned.
<snip>
bemildred
(90,061 posts)jakeXT
(10,575 posts)The Stuxnet worm propagates by exploiting a hole in all versions of Windows in the code that processes shortcut files, ending in ".lnk," according to...[the] Microsoft Malware Protection Center....Merely browsing to the removable media drive using an application that displays shortcut icons, such as Windows Explorer, will run the malware without the user clicking on the icons. The worm infects USB drives or other removable storage devices that are subsequently connected to the infected machine. Those USB drives then infect other machines much like the common cold is spread by infected people sneezing into their hands and then touching door knobs that others are handling.
The malware includes a rootkit, which is software designed to hide the fact that a computer has been compromised, and other software that sneaks onto computers by using a digital certificates signed two Taiwanese chip manufacturers that are based in the same industrial complex in Taiwan--RealTek and JMicron, according to Chester Wisniewski, senior security advisor at Sophos.... It is unclear how the digital signatures were acquired by the attacker, but experts believe they were stolen and that the companies were not involved.
http://www.cnet.com/news/stuxnet-delivered-to-iranian-nuclear-plant-on-thumb-drive/
First thing one does with a new secure machine is savage the USB connections.
And also connect the USB drive to a unix box and zero everything on it before you connect it to anything else.
Somewhat in the spirit in which one zaps all the drives on the new windoze box and reinstalls eveything yourself, because you need to know what is on it exactly.
RobertEarl
(13,685 posts)What would happen if some crazy hacker got to the controls of a nuke power plant?
Ford_Prefect
(7,901 posts)Don't you mean when?
...Or a major hydroelectric dam complex, or the production controls in a pharmaceutical factory, a food processing plant, or the drinking water plant for a community?
A nuke is nasty stuff but has some structural safeguards built in. Many "lesser" sites do not.
The real threat is not a crazy hacker, or terrorist. The real threat is some company or group holding those controls hostage for a price or to forward an agenda.
Oops, we already had that.
RobertEarl
(13,685 posts)Einstein was heard to mention something like the use of our technology by men with the mindset like we have would be the doom of civilization.
With all the computer controls, heck, they could even steal votes.
The thing about nukes, tho, it only takes a few seconds to start a mass calamity.
Ford_Prefect
(7,901 posts)My point was that Nukes have always been dangerous. While this kind of attack on one could certainly cause death or disaster on a massive scale, that same degree of threat exists as long as nuke plants operate (and likely long after sad to say). Nukes are inherently a disaster that could happen at almost any time. Ask the folks living near or even not so near to Fukushima Daiichi about that...Or review the operating logs from TMI or Chernobyl.
The insidious nature of tools like STUXNET is that they can be tailored for a particular function but when loose in the wild generate unpredictable side effects. Like Drones they can produce collateral damage even when applied to the task they were supposed to be designed for.
bananas
(27,509 posts)One thing Fukushima did was wake people up to the fact that reactors will melt down in a matter of hours if their cooling system isn't operating - and that can obviously happen for a number of reasons.
RobertEarl
(13,685 posts)Keep up the good work. It may actually help save some lives.
BrotherIvan
(9,126 posts)And what I watched on YouTube.
jakeXT
(10,575 posts)A damaging cyberattack against Irans nuclear program was the work of U.S. and Israeli experts and proceeded under the secret orders of President Obama, who was eager to slow that nations apparent progress toward building an atomic bomb without launching a traditional military attack, say current and former U.S. officials.
The origins of the cyberweapon, which outside analysts dubbed Stuxnet after it was inadvertently discovered in 2010, have long been debated, with most experts concluding that the United States and Israel probably collaborated on the effort. The current and former U.S. officials confirmed that long-standing suspicion Friday, after a New York Times report on the program.
http://www.washingtonpost.com/world/national-security/stuxnet-was-work-of-us-and-israeli-experts-officials-say/2012/06/01/gJQAlnEy6U_story.html
BrotherIvan
(9,126 posts)Since they have put backdoors and spy portals into everything, they have made everything that more vulnerable. What people thought was good encryption was a joke. They are building the doors for hackers.
jeff47
(26,549 posts)However, unless you're actually in the government, they can't do anything other than publish "best practices". Which are routinely ignored.
Taitertots
(7,745 posts)Hackers create the preceived need for more spying. Why would the NSA oppose them?
alfredo
(60,074 posts)The NSA was never meant to be used domestically.
The military has its own NSA flavor: INSCOM. It used to be the Army Security Agency.