Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hacker Claims He Broke Into Wind Turbine Systems

samzenpus posted more than 3 years ago | from the I've-got-the-power dept.

Security 105

itwbennett writes "Claiming revenge for an 'illegitimate firing,' someone has posted screenshots and other data, apparently showing that he was able to break into a 200 megawatt wind turbine system owned by NextEra Energy Resources, a subsidiary of Florida Power & Light. In an e-mail interview, Bgr R said he's a former employee who discovered a vulnerability in the company's Cisco security management software that he then used to hack into the SCADA systems used to control the turbines. His motive was to embarrass the company, he said."

Sorry! There are no comments related to the filter you selected.

Wind turbines? Insecure! Let's abolish them! (-1)

Anonymous Coward | more than 3 years ago | (#35853616)

Who needs wind turbines when they are so insecure? Not only they need wind to run, they are inherently insecure!!!

Re:Wind turbines? Insecure! Let's abolish them! (3, Funny)

mug funky (910186) | more than 3 years ago | (#35853702)

yes. too much can go wrong. this has the potential to be another Windscale.

i suggest we go to nuclear as soon as feasible.

Re:Wind turbines? Insecure! Let's abolish them! (0)

Anonymous Coward | more than 3 years ago | (#35854776)

You don't understand... this guy want to blow us all! What else would he hack into a wind farm otherwise

PS: My native language is not English

Re:Wind turbines? Insecure! Let's abolish them! (1)

GameboyRMH (1153867) | more than 3 years ago | (#35854956)

this guy want to blow us all!

And how is that a bad thing? I personally don't swing that way, but I can only applaud this guy's generosity.

Re:Wind turbines? Insecure! Let's abolish them! (0)

Anonymous Coward | more than 3 years ago | (#35853754)

Totally. In case of catastrophic failure, these turbines could leak billions of liters of chemical compounds into the very air we are breathing.

Re:Wind turbines? Insecure! Let's abolish them! (1)

GameboyRMH (1153867) | more than 3 years ago | (#35854998)

I heard their foundations are built with a material composed partly of dihydrogen monoxide! 8-(

Re:Wind turbines? Insecure! Let's abolish them! (1)

burni2 (1643061) | more than 3 years ago | (#35853844)

Yes because a wind turbine going havoc causes the public order to collapse, instead of a nice and silent nuclear reactor meltdown.

Re:Wind turbines? Insecure! Let's abolish them! (0)

Anonymous Coward | more than 3 years ago | (#35853862)

The biggest issue is, how are TV crews meant to film them failing? Their helicopters will generate extra wind which will send the turbines into overload, spectacularly killing off dozens of journa..... ah... forget I said anything, carry on.

You don't need a weatherman (1)

JamesonLewis3rd (1035172) | more than 3 years ago | (#35853628)

I'm sure that NextEra Energy Resources, a subsidiary of Florida Power & Light, was mortified.

Re:You don't need a weatherman (1, Funny)

The Mysterious Dr. X (1502541) | more than 3 years ago | (#35853664)

Wow. This just proves that you can never be too careful with your wind energy security... I had always thought of NextEra Energy Resources as one of the most secure energy systems in all of Florida, but this guy's success would seem to prove otherwise. I'll have to be more careful in the future. I may even have to privatize all of my wind energy needs... Anyone selling a turbine?

Re:You don't need a weatherman (1)

Anonymous Coward | more than 3 years ago | (#35853764)

Wow. This just proves that you can never be too careful with your wind energy security... I had always thought of NextEra Energy Resources as one of the most secure energy systems in all of Florida, but this guy's success would seem to prove otherwise. I'll have to be more careful in the future. I may even have to privatize all of my wind energy needs... Anyone selling a turbine?

To be fair, it doesn't really prove anything. It could be a hoax, as the article mentions, and FPL is denying any knowledge of the incident ever occurring. He also didn't really give any info about the supposed vulnerability in the Cisco architecture.
But on the other hand, they DO use a Siemans controlling system, and it would not surprise me at all if he stumbled across one of the government's "secret" backdoors.

So without any details, the juries still out as to whether this was really hacked or not. But it should certainly be a wake-up call to the industry that they need to perform regular intrusion tests and system audits.

Re:You don't need a weatherman (1)

The Mysterious Dr. X (1502541) | more than 3 years ago | (#35853816)

I can't tell if my sarcasm was too subtle or if yours is simply more so.

Re:You don't need a weatherman (1)

dr2chase (653338) | more than 3 years ago | (#35854540)

Zen sarcasm.

Re:You don't need a weatherman (0)

Anonymous Coward | more than 3 years ago | (#35854076)

*woosh*

that is the sound of a wind turbine being hacked

Re:You don't need a weatherman (0)

Anonymous Coward | more than 3 years ago | (#35854420)

To be fair to the power company, what could he really have done with this "vulnerability"? Shutdown the turbines at a single farm for an hour or so? I don't think the remote control systems allow for anything but monitoring and shutdown, I don't think its possible to really damage them remotely. The fix for this would seem to be simple, pull the internet connection at the maintenance barn, restart turbines, problem solved.

Re:You don't need a weatherman (2)

plover (150551) | more than 3 years ago | (#35854978)

Supposedly he accessed the SCADA system. If so, he could alter the behavior of any or all of the mechanical controls: he could disable the logic that locks the wind turbine blades when the wind is too strong in order to prevent damage. He could shut off the lubricating pumps, and send phony sensor data back indicating the bearings are all operating within normal temperature and vibration parameters. He could remove the generator load, allowing the blades to freewheel, then instantly reconnect the full load once the blades were spinning over their max rated speed. He could alter the pitch of the blades (possibly one blade at a time) causing an out-of-balance condition. He could alter the motors that position or hold the turbine blades facing into the wind. Basically, changing any limiting parameter that prevents the system from damaging itself places the system at risk.

There is no doubt a long list of potential attacks, both subtle and overt, that a well placed hacker could execute. I am not a wind-generator expert, so any or all of the above suggestions could be completely off-base, but I took inspiration from the damage Stuxnet was coded to cause. A real wind-generator engineer would no doubt have a real list of actual damage a malprogrammed SCADA system could inflict.

Re:You don't need a weatherman (1)

SCHecklerX (229973) | more than 3 years ago | (#35855300)

Luckily, real engineers, and not computer programmers, are the ones that design the systems themselves, and the mechanical failsafes typically cannot be programmed or overridden by software. Still, the security nightmare that is SCADA needs to be fixed.

Re:You don't need a weatherman (2)

plover (150551) | more than 3 years ago | (#35855918)

Do you know for sure that's true, or is that something you desperately want to believe with all your heart that we're not stupid enough to turn over all mechanical functions to embedded systems? Because I have to say I've been amazed to learn of the diversity of different physical systems that have been turned over to software control. Sensors, motor speed controllers, pumps, switches, relays, etc., all are frequently software operated, or have some measure of software control over them.

Power companies are no strangers to automation systems. They've been early adopters in the field of automating control systems because their systems are so geographically diverse. And it's hard to blame the engineers, because those things make systems flexible, easy to monitor, and easy to manage, all from remote sites. Any time you can use a controller that will save a maintenance guy a trip in a truck and up a ladder, you're saving money and improving problem response time.

Sure, I like to imagine that there are still failsafe mechanical systems in place. That if there is too much current that some fuse will blow, or that a cog will trip an actual power relay when some motor tries to reach beyond its absolute limit of travel. But I've also come to believe that even the most innocuous devices could be subverted to cause serious problems. Maybe it's a sump pump, responsible for draining rainwater from a motor pit, or a ventilation louver that is supposed to close when the rain sensors are tripped. Maybe it's the lubrication system, or the weather vane, or the access hatch, or a hydraulic pump.

I see the cost of everything trumps engineering decisions all around us. I have so little faith that everyone is doing things "the right way" instead of "the cheap way" that I would be surprised if these systems couldn't be remotely destroyed by a malicious attacker.

He is.. (0)

Anonymous Coward | more than 3 years ago | (#35853632)

.. simply full of hot air.

Re:He is.. (0)

Anonymous Coward | more than 3 years ago | (#35853714)

YEEEAAAAHHHHHHH!!!!!

Re:He is.. (1)

cooldfish (980233) | more than 3 years ago | (#35853866)

F'cking Don Quijote
relevant xkcd http://xkcd.com/556/ [xkcd.com]

Former employee? (4, Insightful)

atari2600a (1892574) | more than 3 years ago | (#35853646)

Well that pretty fucking much limits the list of possible suspects now doesn't it?

Re:Former employee? (1)

Anonymous Coward | more than 3 years ago | (#35853720)

If I was a random hacker thats what i would say!

Re:Former employee? (1)

taiwanjohn (103839) | more than 3 years ago | (#35853756)

Hope he covered his tracks well. Not sure how useful Cisco hacking skills would be in prison.

Re:Former employee? (3, Funny)

fostware (551290) | more than 3 years ago | (#35853798)

At least he's used to port protection and possibly port blocking

Re:Former employee? (1)

karnal (22275) | more than 3 years ago | (#35854080)

He'll be taught all the joys of port address translation.

Re:Former employee? (1)

jimbolauski (882977) | more than 3 years ago | (#35854166)

I'm sure he is more worried about a SQL injection.

Re:Former employee? (1)

Anonymous Coward | more than 3 years ago | (#35854598)

He'll learn all about the proper use of SOAP too.

Re:Former employee? (0)

Anonymous Coward | more than 3 years ago | (#35854668)

Actually I think hes going to be more worried about being raped in the ass.

Re:Former employee? (0)

zerro (1820876) | more than 3 years ago | (#35855616)

thank you captain obvious!

Re:Former employee? (0)

Anonymous Coward | more than 3 years ago | (#35857006)

You're thinking of HOTBEEF, not SQL.

Re:Former employee? (2)

Tx (96709) | more than 3 years ago | (#35853820)

Yes, he'd have to worry more about securing his own backdoor, rather than exploiting anyone else's.

Re:Former employee? (1)

DoofusOfDeath (636671) | more than 3 years ago | (#35853978)

Hope he covered his tracks well.

Do you mean that literally? Because honestly, I hope people who hack into power systems get caught.

Re:Former employee? (0)

Anonymous Coward | more than 3 years ago | (#35855692)

Really? I let's...consider the implications here. Forgive me simplifying things... but ... I think you're hoping for the wrong thing

1) People who hack into power systems get caught
2) This serves as a deterrent to locals under authority
3) National governments develop similar capabilities for use exclusively in war/sabotage
4) The owner of the systems never improves anything because they face 'no risk' in the common situation

Vs.
1) people who hack into the systems don't get caught
2) More people start doing it
3) the owner of the systems tries to secure it
3a) People actually use passwords on SCADA or some type of authentication
3b) People actually patch scada systems
3c) patching and updates are actually mandated by the contract, not just physical maintenance.

I get where you're coming from...but in terms of the most optimal social consequence... I think you should be hoping he gets away with it so the people who got hacked have some actual incentives to improve things. I've seen enough SCADA to tell you a few of the great myths:

1) "there's security". This is usually a lie. There *may* be a password on the device. The device *may* connect to HQ via VPN. That's it. If the device is network enabled, it probably even has remote reset capability. At a previous job, I was writing the RFP for over-network firmware flash...
2) "Nobody's smart enough to know how to break into it". Well...that lie finally got proven this year, but it's been a myth at least 2 decades now.
3) "It can't hurt anything because it can only read data" Laugh. Most of them have remote write enabled for debugging, even if it isn't a marketed feature.
4) "It's not on the public network" or "There's an air gap". Almost certainly a lie. The device may be on its own network, but that network will route in and out of the public internet. In many cases it will utilize it directly over VPN software. Usually very very old and proprietary VPN software. I have actually seen a TCP socket referred to as a "Virtually Private Network Tunnel".... and no, there wasn't some cipherstream inside the sock. If all of those aren't a lie--the network it talks to will almost certainly have a few computers with full internet access...

I've seen one company that tried pretty hard to hold to this--having devices report in over a VPN to an isolated FTP service, which then went to a database. The database replicated out of the secure zone and then reporting applications could monitor it... but they had some way to remotely update configuration on the reporting side that was 'confidental and proprietary'. I'm sure it would have been...exciting to examine.

Re:Former employee? (0)

Anonymous Coward | more than 3 years ago | (#35856072)

Security ain't free, ya know. It costs in both money and inconvenience. You may be the exception, but most people do not appreciate having everything cost more and be less convenient just because of what some dickhead may decide to do (see flying for an example). So, better idea: find the fuckers that do this kind of shit and punish them, severely. Send a clear message that the rest of us are not going to have our lives controlled by your need to be a dickhead. Period.

Re:Former employee? (1)

Sky Cry (872584) | more than 3 years ago | (#35854304)

1) Depends on how many people you fire every day.
2) It's dangerous to believe everything your enemies tell you.

Re:Former employee? (0)

Anonymous Coward | more than 3 years ago | (#35854544)

At least he might have a good chance of tunneling his way out of prison.

So the company had the right idea after all (0)

Anonymous Coward | more than 3 years ago | (#35853648)

Who needs a backstabbing idiot on the payroll?

Re:So the company had the right idea after all (0)

Anonymous Coward | more than 3 years ago | (#35853718)

Who needs a backstabbing idiot on the payroll?

Mossad?

This seems like a terrible plan... (1)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#35853690)

Given that getting hacked is practically an Industry Standard Best Practice(tm) by now, I'm pretty sure that some random subsidiary of a utility company that most of its customers think of as "the power bill" will be largely immune to embarrassment, even in financial terms. If you then narrow the list of suspects down, the odds are higher than you would like of getting some slammer time in exchange for basically nothing.

Unless pen-testing them is your job, I would say that you should either stay the hell out of turbine SCADA systems, or go in with a clever plan to have them shake themselves apart. Anything in between, though, is just a risky waste of time.

Re:This seems like a terrible plan... (1)

WrongSizeGlass (838941) | more than 3 years ago | (#35853738)

... or go in with a clever plan to have them shake themselves apart.

So something like Stuxnet for wind turbines?

Re:This seems like a terrible plan... (1)

fuzzyfuzzyfungus (1223518) | more than 3 years ago | (#35853768)

That was the example that I had in mind.

Hacker breaks wind (5, Funny)

Anonymous Coward | more than 3 years ago | (#35853708)

News at 11.

Re:Hacker breaks wind (0)

Anonymous Coward | more than 3 years ago | (#35854380)

Mmm, Cheetos and Steak'Umm, with a wisp of Jergens.

hacker? i call him jerk (0)

Anonymous Coward | more than 3 years ago | (#35853724)

pardon me, an ex-employee using a vulnerability that was obviously known internally....

Where is the hacker in that guy?

A hacker does that from outside starting with minor knowledge and working into the system....

Re:hacker? i call him jerk (1)

Smallpond (221300) | more than 3 years ago | (#35853772)

Especially when "hacked in" might be "used the default password"

Sounds dodgy to me... (5, Insightful)

BrokenHalo (565198) | more than 3 years ago | (#35853752)

In an e-mail interview, Bgr R said he's a former employee who discovered a vulnerability in the company's Cisco security management software that he then used to hack into the SCADA systems

That just tripped my bullshitometer. Most Cisco systems (in my experience) are pretty robust, but an employee would have been in a good position to create an open door for himself to use later. So the "vulnerability" (if I'm right) would simply be his employer's misplaced trust in him.

Re:Sounds dodgy to me... (0)

Anonymous Coward | more than 3 years ago | (#35853766)

More likely a configuration issue by the company that he knew about rather than a hole this joker found in Cisco's system.

Re:Sounds dodgy to me... (0)

Anonymous Coward | more than 3 years ago | (#35855898)

Definitely...That is why I always audit my networks myself periodically to make sure there are no shenanigans like that!

Re:Sounds dodgy to me... (3, Insightful)

amanicdroid (1822516) | more than 3 years ago | (#35853812)

Oo oo I love Cisco Jeopardy! I'll go with:

What is he had remote access to the KVM that the Cisco's console port was connected to?

Re:Sounds dodgy to me... (1)

olden (772043) | more than 3 years ago | (#35853924)

...or he just knew that the password to remotely administer the thing was 'cisco'.
But if it was indeed so easy, he's certainly not the only one to have figured that out by now. :/

Re:Sounds dodgy to me... (2)

Charliemopps (1157495) | more than 3 years ago | (#35854084)

They are more robust than the people maintaining them. Most systems I've worked on have been years behind in updates and how do they maintain their logins? Does the entire site use the same login like I saw at one place? Did his boss keep his login and pass on a sticky note on his desk?

Re:Sounds dodgy to me... (2)

Anne_Nonymous (313852) | more than 3 years ago | (#35854460)

I was at a friend's workplace on Sunday and needed web access. Fortunately a co-worker had written her password on the bezel of her monitor with a Sharpie.

Re:Sounds dodgy to me... (1)

drinkypoo (153816) | more than 3 years ago | (#35854364)

There have been tons of remote holes in Cisco routers over the years, there are plenty of advisories just lying around for the googling. If they're running outdated IOS for some reason, it makes it all the more likely.

Re:Sounds dodgy to me... (2)

aardwolf64 (160070) | more than 3 years ago | (#35854750)

I worked for a Fortune 500 company (who shall remain nameless) that distributed the Cisco VPN client with the group password already set. I took the config file and Googled the hash, and came up with the password. Turns out that's the same password they used for the Domain Admin. I'd be surprised if it didn't go to other important things as well...

Re:Sounds dodgy to me... (1)

splatter (39844) | more than 3 years ago | (#35855302)

Damn I never thought of googling a hash to get a plain text, that is clever. I bow to your google-Fu...

Re:Sounds dodgy to me... (1)

KnownIssues (1612961) | more than 3 years ago | (#35854962)

It could have been a vulnerability in the configuration of the company's Cisco security management software.

Re:Sounds dodgy to me... (0)

Anonymous Coward | more than 3 years ago | (#35856008)

"Most Cisco systems (in my experience) are pretty robust." -- That tripped /my/ bullshitometer.

"His motive was to embarrass the company" (2)

Huntr (951770) | more than 3 years ago | (#35853784)

Um, not gonna work. Like most power companies, FP & L has no shame.

Why Use The Internet To Communicate (1)

rally2xs (1093023) | more than 3 years ago | (#35853792)

Saaaayyy... something this important, why are these jokers doing communications through the internet? It should be bloody difficult to even intercept control signals for these wind turbines, nuke power plants, etc. IOW, they should be using dedicated wires and microwave point-to-point communications with encryption, not broadcasting it all over the entire planet for everybody to be able to try to "hack" it.

Re:Why Use The Internet To Communicate (1)

skids (119237) | more than 3 years ago | (#35855102)

Well, this hack is probably a hoax, but to answer your question, a lot of the small power industry is full of people who do not let security get in the way of the bottom line, or expedience. This is less true of the well established, institutional systems... but new upstart companies and newly acquired subsidiaries sometimes shoot from the hip while they are building things. I remember reading of a hydro refurb where they were using SMS for controls on a dam. I guess part of it is that we now have people getting up into project management who have grown up as end-users and the worst computer security consequence they have ever internalized was losing their MP3 collection to a Windoze reinstall.

These are "daring entrepeneurs" here. They expect the tech to work, know at least some of what it can do, but don't have an idea of the side-effects of their actions.

Alternate Headline (1)

Anonymous Coward | more than 3 years ago | (#35853842)

Hacker Claims He Broke Wind Into Turbine Systems

Just waiting for the follow-up... (4, Funny)

BagOCrap (980854) | more than 3 years ago | (#35853856)

When the shit hits the fan.

So ? (-1)

Anonymous Coward | more than 3 years ago | (#35853858)

Read that as "Hacker Claims He Broke Wind Into Turbine Systems"

megalomaniacs monday, new continent found (-1)

Anonymous Coward | more than 3 years ago | (#35853868)

the new uncharted land shall be named hillary, in honor of that it's big. hillary notes that her new continent, although still under water, so far today, connects directly with the other continents. she welcomes many of us to possibly qualify to be chosen as interlopers across her vast areas of contention. even more prayers answered. if somebody must win everything, shouldn't it be one of us?

uprisings in southern hillary, oxygen shortages (0)

Anonymous Coward | more than 3 years ago | (#35854070)

being in real estate isn't all profits & parties. southern hillary? a revolution already? who loves her more? same thing. no one can please everyone. choices must be made. there should be more or less oxygen, once all those smelly fishes are gone, in 2025. so that takes care of that. leadership is not always easy either. they didn't see the submarines?

OPC involved? (1)

ferrisoxide.com (1935296) | more than 3 years ago | (#35853882)

I'm never surprised when I hear about industrial systems getting hacked for two reasons: (1) the venerable OPC protocol and (2) the mad insistence of IT departments that everything - including process control systems - has to come under their control.

There's nothing wrong with OPC per se, but it relies on DCOM (which isn't secure). Even if they've moved to the better OPC UA or some other architecture there's still the craziness of making industrial systems accessible over the corporate network.

WTF (0)

Anonymous Coward | more than 3 years ago | (#35853910)

It's quite unsettling looking at what looks to be service requests and information from your friendly local NUCLEAR FUCKING POWER PLANT.

Good job Florida Power & Light. Glad to be living on the seacoast in NH.

Re:WTF (1)

pnewhook (788591) | more than 3 years ago | (#35854748)

Glad to be living on the seacoast in NH.

Well since you are so paranoid, I'd like to point out that Ontario Canada generates over 200 times the nuclear generation capacity of Florida, and it's right next door to NH !

Re:WTF (1)

tnk1 (899206) | more than 3 years ago | (#35856414)

Not to mention when the megatsunami from the Canary Islands arrives at some point in the future, you can expect that your house will be upgraded to houseboat in one easy step.

Re:WTF (1)

dimethylxanthine (946092) | more than 3 years ago | (#35857068)

I'd like to point out that Ontario Canada generates over 200 times the nuclear generation capacity of Florida

[citation needed]

Oh no! (1)

chill (34294) | more than 3 years ago | (#35853922)

What if he were a terrorist? Al-queda could sabotage the wind turbines, creating a MASSIVE wind spill! Think of the economic impact...the devastated lives...the broken families! Did we learn nothing from BP in the Gulf?

Oh the humanity!

We need Michael Bay to create a movie to fully articulate the possibilities of such a disaster. Wind everywhere...

Re:Oh no! (0)

GameboyRMH (1153867) | more than 3 years ago | (#35855188)

Actually on a serious note, if he had control over the direction of the nacelle and/or the blade pitch, he might be able to break the turbine. These things are actively controlled, they have wind sensors on them that measure the wind speed and direction, and then electric motors are used to point the nacelle into the wind and adjust the blade pitch (and possibly also some settings on a gearbox inside the nacelle). I imagine that if he could accelerate the blades to a high speed and then quickly turn it sideways to the wind, he might be able to break the turbine. It would only be a danger to people nearby who could be hit by the flying shrapnel (probably nobody) but it would be a huge loss to the company. Just don't let the old guys at the Pentagon who have seen Die Hard 4 too many times know or they'll recommend sticking to coal for national security reasons ;)

Really if they can't airgap these systems, they should at least put everything behind a VPN or SSH (easy to lock down super-tight, especially if used with port-knocking or even cryptknock, and generally hard to exploit), and close the account of any employees who are fired. Simple.

Stupid goal (5, Funny)

DoofusOfDeath (636671) | more than 3 years ago | (#35853934)

He'll risk prison just to break wind in public?

He will be remembered, (0)

Anonymous Coward | more than 3 years ago | (#35854008)

This guy is truly the XXIst Century Don Quixotte!

I stand in awe.

http://www.fullmalls.com (-1, Offtopic)

xiaojiekuuii (2044642) | more than 3 years ago | (#35854072)

Click on our website: ( http://www.fullmalls.com/ [fullmalls.com] ) Website wholesale various fashion shoes, such as Nike, Jordan, prada, also includes the jeans, shirt, bags, hats and decoration. Personality manufacturing execution systems (Mes) clothing, Grab an eye bag coat + tide bag Air jordan(1-24)shoes $30 Handbags(Coach l v f e n d i d&g) $35 Tshirts (Polo ,ed hardy,lacoste) $15Jean(True Religion,ed hardy,coogi) $30Sunglasses(Oakey,coach,gucci,A r m a i n i) $15 New era cap $12 Bikini (Ed hardy,polo) $20accept paypal and free shipping ( http://www.fullmalls.com/ [fullmalls.com] )

Dear world.... (1)

Lumpy (12016) | more than 3 years ago | (#35854088)

MOST SCADA systems are horribly protected. idiot managers and phb's want remote access to systems that should be on protected and isolated networks. Please sack the managers that demand remote internet access to SCADA systems that do not have a legitimate reason other than to satisfy the demand of that manager.

I know of several Water filtration plants that are horribly open to attack because the supervisor of them is too damn lazy to drive in to do his work. And YES you can easily make a secure connection between the SCADA system and a unprotected network for extraction of data, A one way 100bt or 1000bt connection is trivial to do by anyone that is competent in networking, removal of the RX wires makes it impossible for any hacker on this planet to get into the system. And yes you CAN broadcast data and receive it on the server to give a live view for the managers as well as for data logging to their favorite MS Access script.

Instead we get the entire scada system on the municipality's network with full internet access and have employees checking email and surfing the web on the freaking SCADA interface PC's.

Re:Dear world.... (0)

Anonymous Coward | more than 3 years ago | (#35854518)

Thank You, Its the most simple, quick, easy & secure option available. DONT PUT YOUR FREEKING INDUSTRIAL CONTROL SYSTEMS ON THE INTERNET!! If you want remote monitoring put in a OUT ONLY line, physically cut the IN lines. I wonder why it is such a difficult concept for utilities to understand? And unfortunately I think its about to get a whole lot worse with the "Smart Grid".

Re:Dear world.... (1)

pnewhook (788591) | more than 3 years ago | (#35854684)

Yes. And if you dont want anyone breaking into your house, only put in an OUT door and cut the IN door. lol - you do realize internet lines are not only one way, right?

Re:Dear world.... (0)

Anonymous Coward | more than 3 years ago | (#35855210)

Please read the parent post, you CAN physically cut most network cabling to a one way connection (as some of the pairs are hardware rigged for input and some for output). It probably requires some program modifications to get it the software to forget about the standard handshakes that take place in modern networking, and a secondary computer set up to receive the one way data connected to the internet that does have a full two way internet connection. But it shouldn't be much of a hassle to set up (UDP?). In that configuration a person wanting to effect the industrial systems would have to physically break into the site to gain access, remote access to those systems would be IMPOSSIBLE. Physical access would defeat most heavily secured systems anyway.

Re:Dear world.... (1)

pnewhook (788591) | more than 3 years ago | (#35855558)

If you were going to go through the bother of rewriting the code so it didn't check for the handshakes just so you can cut the receive wires, then why not just write the software so it doesn't accept incoming packets? Please get a basic understanding of how things work before you go off and comment on them.

Re:Dear world.... (1)

Lumpy (12016) | more than 3 years ago | (#35855346)

You obviously don't understand how ethernet works at all.
Please come back when you have a basic education about the topic at hand.

Re:Dear world.... (1)

pnewhook (788591) | more than 3 years ago | (#35855532)

I do. If you think you can cut the receive lines and leave only the transmit, and still have a functioning ethernet system then you are a complete moron. You are the one that needs basic education about the ethernet protocol.

Re:Dear world.... (1)

Lumpy (12016) | more than 3 years ago | (#35855882)

I suggest you learn networking as well as Ethernet, oh and take your lithium your Bipolar is showing.

Here is some reading material that might be too advanced for you, but I like to share...

http://www.sun.com/bigadmin/content/submitted/passive_ethernet_tap.jsp [sun.com] -- how to receive only network traffic.
http://www.public.asu.edu/~sksrini2/Projects/TFTP/AP36.pdf [asu.edu] -- basics on how to broadcast data on transmit only, might be too advanced for you.
http://www.stearns.org/doc/one-way-ethernet-cable.html [stearns.org] -- more info for your basic education.

and that was with 3 seconds of Google searching... another thing you seem to be incapable of understating, there are a lot of websites out there that can help you learn how to use a search engine and google.

Also look up what UDP broadcast is, you seem to be significantly deficient in your education as a whole. Networking is hard, you should leave it to those of us that know what we are doing and actually have an education in it.

Yes, but (1)

Fr05t (69968) | more than 3 years ago | (#35854132)

pics or it didn.... oh.

Not so illigitimate. (1)

Restil (31903) | more than 3 years ago | (#35854148)

Justification for his firing is sounding better and better all the time.

-Restil

Re:Not so illigitimate. (0)

Anonymous Coward | more than 3 years ago | (#35854298)

I bet he felt invisible and ignored.

I bet he'll want to be invisible and ignored in prison.

FAKE (4, Insightful)

StickyWidget (741415) | more than 3 years ago | (#35854210)

And there was no radiation leakage ... (0)

Anonymous Coward | more than 3 years ago | (#35854218)

Fission, baby, fission!

Well that blows ... (0)

tgd (2822) | more than 3 years ago | (#35854220)

*waits for applause and laughter*

*sulks away*

Link to pics? (1)

vlm (69642) | more than 3 years ago | (#35854230)

Anyone got a link to the actual pics that the article merely talks about? Would be hilarious if he's trying to pass off vendor instruction / tech manual screen shots as his "proof".

The guy could have caused a heck of a lot more disruption if he knew he was going to be canned and collected his screenshots first... You can imagine the extremely expensive chaos if he later publishes screenshots of a system that in fact cannot be remotely broken into. Millions of dollars spent trying to figure out how he got in, when he never did. The comedy might come later when they discover its actually wide open after all. Would that be considered ironic in the real sense, or only in the angsty music sense?

Another question is what does a typical SCADA do at a windmill? Can anything really bad happen? I'm guessing the inputs will be RPM, transmission oil temp, windspeed.... maybe temperature to detect icing conditions (err does it ever freeze in FL?) ... maybe some vague vibration sensor thingy to detect damage... The outputs at a windmill SCADA are maybe AoA of the blades if they're dumb enough to control that remotely instead of internal to the control system, and probably a braking system to shut er down remotely. What I'm getting at, is theres not too much possibility of damage here, compared to a refinery SCADA or ... pretty much any other SCADA installation I have heard of (in strong contrast to the ones I've actually worked with, that are pretty harmless). I guess worst case scenario is you could Possibly theoretically thru horrible system design allow someone to remotely reprogram the automatic blade feathering speed and next time a hurricane blows thru the blades could fly off, although that'll be blamed as an act of god rather than hack. Why you'd allow someone to remotely reprogram something like that is mystifying, sounds like engineering malpractice at the design phase to me.

I'm sure there's plenty of fear mongering, like the SCADA could program the onsite R2D2 droid to use its arm to unscrew the bolts holding the blade to the hub, and BS like that, but is there actually any possibility of damage? I'm guessing no.

Finally, not to violate any NDAs, but at one of the many telecom operations I worked for, we had a very elaborate and expensive SCADA system that was almost purely read only... Thousands of channels of read only data... temperature of all kinds of communications gear, humidity to detect rain leaks, nitrogen system pressure, essentially the worlds most expensive monitored door security system, voltage of pretty much anything that generates a voltage either for power or communications monitoring, alarm connections on all gear that has alarm relay outputs... If someone broke into that SCADA hoping to "blow up the phone company" they would probably be very pissed off that the only remotely controllable output was an indicator light (to be used as a morse code order wire if all else failed, also we periodically blinked those lights so the remote site techs knew if they saw it blink once in a while, the SCADA system was up, and of course the light shared the SCADAs power system to prove it even had power). I guess it could be considered confidential secret knowledge that relay rack #7 is running about 82 degrees F at this moment, if nothing else you now know we have at least 7 racks on site... but its not exactly going to destroy the world if anyone finds out it exists or that its 82 as opposed to 81 or 83 degrees. I'm guessing a windmill is equally hands off, there's just not that many knobs and levers to be controlled in person, much less remotely.

Re:Link to pics? (1)

johnny cashed (590023) | more than 3 years ago | (#35854610)

Sure, one wind farm, you can't cause any trouble. However, if you hack a whole bevy of windfarms, you can command the grid to back feed the wind turbine, turning them into gigantic fans that can then alter the rotation of the earth itself. Not to mention the ability to blow away small towns. Truly a threat of S.P.E.C.T.R.E proportions.

ya sure.... (0)

Anonymous Coward | more than 3 years ago | (#35854258)

i think he's full of hot air.

...and commit a Felony (1)

realsilly (186931) | more than 3 years ago | (#35854350)

Is this guy really touting that he hacked this stuff, because he was let go from his job? Embarrassing a company is nothing new these days. Assuming his claims are indeed true, he's now boasted about his mis-deeds and it will only served to be used against him in a court of law.

Re:...and commit a Felony (1)

nedlohs (1335013) | more than 3 years ago | (#35854618)

And the government will do enough squinting to frame it as an terrorist attack on essential energy infrastructure.

Re:...and commit a Felony (1)

tnk1 (899206) | more than 3 years ago | (#35857078)

Idiots that carry out these actions don't do it so that they can get away with it, otherwise it would be very carefully made to look like an accidental malfunction. They want everyone to know how much smarter they are than their employer.

The problem with their tactics are that:

a) getting caught means they will get in a lot more trouble than simply losing their job, proving beyond a doubt that they are self-destructive and stupid.
b) having something break isn't going to show how stupid the company is, they'll just blame someone who misused access and PR the structural issues into oblivion.
c) even if he succeeded in seriously damaging the company, he'd probably just get a bunch of innocent (and likely more competent) people fired.

His action is a purely emotional response to getting fired, and as such, is not going to make rational sense.

Air Humor (1)

Fnord666 (889225) | more than 3 years ago | (#35854656)

"It's probably still up in the air as to whether this was a real threat or a hoax," Cusimano said.

Hopefully he put air quotes around that as well.

Actually... (0)

Anonymous Coward | more than 3 years ago | (#35858086)

Hacker claimed he broke wind into a turbine system.

What this probably is. (1)

DarthVain (724186) | more than 3 years ago | (#35858156)

I have been to a wind farm and seen the setup. I would not be surprised if this is possible at all.

Basically you have a company that runs the windmills and you have a different company that actually builds the damn things.

So while NextEra Energy Resources may run the stupid things, likely someone like Siemens actually built the things. Generally speaking while NextEra Energy Resources may maintain things, Siemens would really be the technical experts.

Thus this is why I was told companies like Siemens can actually connect to windmills in the US and Canada from Denmark or wherever they are located. They have full control so they can try and fix problems remotely. They do this over the Internet. As soon as I heard that, I was like "What? Really?" as it was a huge red flag for security. Of course these are supposed to be secure systems, but I know the one I saw didn't look all that awfully sophisticated. If there was a "flaw" in the system, someone that works there, particularly in IT would be well placed to discover it. Likely he was able to connect much like Siemens would.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?