Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hackers Manipulated Railway Computers, TSA Memo Says

Soulskill posted more than 2 years ago | from the so-nobody-was-affected dept.

Transportation 116

An anonymous reader sends this excerpt from Nextgov: "Hackers, possibly from abroad, executed an attack on a Northwest rail company's computers that disrupted railway signals for two days in December, according to a government memo recapping outreach with the transportation sector during the emergency. ... While government and critical industry sectors have made strides in sharing threat intelligence, less attention has been paid to translating those analyses into usable information for the people in the trenches, who are running the subways, highways and other transit systems, some former federal officials say. The recent TSA outreach was unique in that officials told operators how the breach interrupted the railway's normal activities, said Steve Carver, a retired Federal Aviation Administration information security manager, now an aviation industry consultant, who reviewed the memo."

cancel ×

116 comments

Sorry! There are no comments related to the filter you selected.

Why... (5, Insightful)

errandum (2014454) | more than 2 years ago | (#38800623)

Is a computer that controls anything like this connected to the exterior instead of it's own private network?

Why?!

Re:Why... (2)

Troke (1612099) | more than 2 years ago | (#38800635)

So they can work from home of course!

Re:Why... (2)

davester666 (731373) | more than 2 years ago | (#38801163)

Not from home. From a strip club...in Hawaii!

Re:Why... (1)

Anonymous Coward | more than 2 years ago | (#38800649)

So you want to roll out a private network along each mile of rail?

Re:Why... (4, Insightful)

Kenja (541830) | more than 2 years ago | (#38800663)

So you want to roll out a private network along each mile of rail?

Why not? In most cases that's where the major fiber cables run any how.

Re:Why... (3, Interesting)

F34nor (321515) | more than 2 years ago | (#38800755)

Here here! In addition they have their own swath of wireless bandwidth for their radios that could be reapportioned for this by going to digital radios.

Re:Why... (2)

Pope (17780) | more than 2 years ago | (#38804561)

There there!

Re:Why... (2)

Fastolfe (1470) | more than 2 years ago | (#38800785)

"Why not?" Cost, of course. It's far cheaper to connect remote nodes like this to public networks than it is to lay your own data connections down along every length of track. Just because other people lay down lines near some tracks does not mean it's cheap or free for the rail operators to lay down their own lines along all tracks.

Re:Why... (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38800877)

Wouldn't be easier to just setup a VPN and secure the damm thing? I would think that should suffice provided strong security measures are in place.

Because... (0)

Anonymous Coward | more than 2 years ago | (#38806449)

Wouldn't be easier to just setup a VPN and secure the damm thing?

Because them VPN thingies are just too damn hard to set up and make work. They give you a headache and slow you down from having immediate and unfettered access to everthing, like when you just place everything on teh internets and always log on as 'Administrator'.. that's much more convenient for me. /sarcasm (as if you couldn't tell).

Re:Why... (5, Informative)

Anonymous Coward | more than 2 years ago | (#38800987)

Sweet, a topic that I know something about for once!

I am an S&C technician for a railway in Canada, and can tell you, the opposite is in fact true. A fibre conduit running coast to (almost) coast is a valuable thing. A few years back (before I started with them) they plowed a conduit underneath the rail bed. I hear they used multiple locomotives to pull a massive plow burying the conduit 10' under the rail bed. Sounded pretty sweet. The fiber is now leased to Rogers (may they rot in... er... never mind). I believe we have exclusive use of 4 fibers in the bundle, but I don't know too much about that end of it.

The network of fiber is connected to strategically located radio towers. Another profitable venue is leasing space on a tower to the cell companies.

Intermediate bungalows connect to the radio towers and relay control to switch machines and signal mechs. Our truck radios also communicate to the towers, and through the fiber to either RTC (Rail Traffic Control) or to another tower and another technician anywhere along the railway.

I'm not sure about other railways, but I feel our system is pretty robust.

Mod this up, please (1, Redundant)

MountainLogic (92466) | more than 2 years ago | (#38801199)

Mod this up, please as it appears to be first example of a /.er who has first hand knowledge.

Re:Why... (0)

Anonymous Coward | more than 2 years ago | (#38801945)

Not knowing anything about your subject and English not being my native language I looked up S&C to see if it means what I thought it would mean: signals and communications. I was wrong, apparently, Wikipedia redirects [wikipedia.org] to a railway line in England. I'm still trying to figure out the Canada part.

Re:Why... (1)

Calydor (739835) | more than 2 years ago | (#38802163)

Except the first ten Google results for 'S&C railway' actually mentions Signals & Communications on a Canadian page.

Repeat after me, Wikipedia is not the source of all knowledge.

Re:Why... (1)

Jet Pilot (1060114) | more than 2 years ago | (#38806095)

You might want to re-read the post; the AC wrote that he is a S&C (Signals and Communications) *technician* for a railway in Canada. Perhaps you unconsciously confused 'S&C railway' with "B&O Railroad" from the Monopoly board game?

Re:Why... (1)

c0lo (1497653) | more than 2 years ago | (#38801219)

"Why not?" Cost, of course. It's far cheaper to connect remote nodes like this to public networks than it is to lay your own data connections down along every length of track. Just because other people lay down lines near some tracks does not mean it's cheap or free for the rail operators to lay down their own lines along all tracks.

Huh? Maybe the heat is making me dense today, I don't quite follow on why would they need to lay down data connections along every length of track, would you please elaborate?

It's not likely that, right now, every length of track is lined with data connections, yet they managed somehow to do their job.

Re:Why... (1)

xaxa (988988) | more than 2 years ago | (#38803215)

Huh? Maybe the heat is making me dense today, I don't quite follow on why would they need to lay down data connections along every length of track, would you please elaborate?

It's not likely that, right now, every length of track is lined with data connections, yet they managed somehow to do their job.

I don't know for North America, and I don't really know for anywhere else, but I think almost all track has various cables along it. The signals and points (switches) need them, for a start, and telephones at the side (in case the train driver needs to contact the signaller). The tracks have a current run through them to detect if a train is on them (the train completes the circuit).

That means there's already somewhere to put the cables -- round here (UK) there's often a concrete trough at the side, although it's probably buried sometimes too.

Re:Railway Companies are cheap (0)

Anonymous Coward | more than 2 years ago | (#38802289)

The railways never share any information, and are well known for being more or less a monopoly.. They leave engines running in the middle of the track for crying out loud, with no operator to found within 5 miles (of course these are manned), and refuse to answer for it, something that had been brought up several times with terrorists possibly hi-jacking them and riding them into a town with chemical, or biological, (or worse) weapons.They pretty much do whatever they want even with the public or government agencies hounding them. They have the money to run there own system but no one is going to force them to. They really do not care if the system they have in place is hacked. Obviously they can use preventive measures to protect the system they have now but I doubt they will do that.

Re:Why... (1)

crbowman (7970) | more than 2 years ago | (#38806017)

When you say cheaper, are you including the inevitable cost associated with the eventual security problems like this? Then you aren't not really doing a fair cost benefit analyses are you? You're just pushing your costs off onto the rest of us in the form of inevitable regulations need to protect the "critical infrastructure" Internet because of your stupid implementation. Of course it's cheaper, it's always cheaper to make someone else pay.

False dichotomy + criminal negligence (1)

Anonymous Coward | more than 2 years ago | (#38800799)

So in your mind they have two choices:

1. Use a network that's publicly available and has known hackers.
2. Run private fiber

In my mind I have more options, for example:
3. Lease private exclusive connections
4. Lease private connections on trusted networks
5. Lease private connections on multiplexed fibers.

If they opened their controls to a public network with known hackers, then that's criminal negligence. What if a train had been derailed, what if people had lost lives? The rail network has a public duty to a BASIC LEVEL OF COMPETENCE.

Re:False dichotomy + criminal negligence (2)

Quick Reply (688867) | more than 2 years ago | (#38800955)

Because private networks with entry points all over town can not be hacked, right.

Physical separation (1)

Anonymous Coward | more than 2 years ago | (#38801005)

To hack a network with a physical separation, you have to physically hack the link.

Are you saying that unless you can make something 100% secure, we shouldn't make it 99.99% secure, and should keep it at, well about 70% secure??

You understand that on a multiplexed fiber, there's nothing you can do with the little light pulses to affect the other little light pulses, where as on a TCPIP packet network with login, it's as easy for a hacker to send login commands as for the real user.

In systems like this, misdirection like yours has no place, they need to be secure and the railway has a liability. It is criminally negligent to open its network in this way.

Re:Why... (1)

F34nor (321515) | more than 2 years ago | (#38800801)

What a stupid thing to ask. Mission critical systems should not be attached to public networks period end of discussion.

Re:Why... (2)

garyebickford (222422) | more than 2 years ago | (#38800909)

good luck with that, running your own fiber all over the country. Interesting side note, but probably not relevant - the Sprint network was originally the SPC - Southern Pacific Communications company which started out as a set of microwave links along the railroad rights-of-way to support Southern Pacific Railway railroad operations, before the Internet existed. According to Wikipedia, when the long distance market was deregulated they started selling capacity to others, and one thing led to another. Also according to W, the SPRINT name was the winner of a contest for a new name appropriate to the new business when MCI bought the company: "Switched PRIvate Network Telecommunications".

It's worth noting that the Military also uses the public switched network for some things. In one sense, this may be advantageous if done right. If the secret messages are merely one amongst the literally billions of packets going through a fiber per second, they are harder to find than just tapping into the correct dedicated fiber that carries nothing but secret messages. And, since any physical manifestation (fiber) that is strung across thousands of miles of countryside, a dedicated fiber is going to be just as vulnerable (given the same level of message encryption) as the packets in the public network.

The military can't know in advance where it is going to need telecom capability, so it has to be able to ship data over the public network in such a way that it is secure even if intercepted. That's a tall order, but there's no choice. Having a physically separate physical wire just doesn't give you that much extra.

What do you think rail is? (0)

Anonymous Coward | more than 2 years ago | (#38801207)

What do you think rail is? It is essentially a private roadway network. Fiber can be laid at the same time.

Re:Why... (1)

faedle (114018) | more than 2 years ago | (#38801331)

Um.. they did it once. It was called the "telegraph."

Re:Why... (3, Informative)

Alioth (221270) | more than 2 years ago | (#38803353)

I worked for British Rail just before it was privatized, they had their own private national telephone system and computer network. I suspect it still exists and is probably run these days by Network Rail. The signalling system was completely independent of this network, too.

Re:Why... (4, Insightful)

siddesu (698447) | more than 2 years ago | (#38800677)

Because when the work is contracted, the work is done in a piecemeal manner in order to show a lower budget to the committee that will be approving funds. Since the budget as a rule is never enough to allow for a proper, safe design, deployment and operation, things are done haphazardly, staff is overworked and/or under-qualified and the requirements change daily and need to be completed yesterday. As a result, you get holes, and holes get exploited.

Then some politician exploits the news to create yet another committee to investigate and countermeasure the "attacks", leaving even less money for planning and deployment, and creating more opportunities for attacks and for position for his cronies, while maintaining an image of staunch defender of National Security.

Business as usual.

Re:Why... (0)

Anonymous Coward | more than 2 years ago | (#38800777)

Then on top of that 'lets fix it'. 10 years later and the budget overruns are crazy and it is still not fixed...

Re:Why... (1)

unity100 (970058) | more than 2 years ago | (#38800935)

Business as usual.

capitalism, you mean. capitalism forces cheap solutions across public and private sectors alike. it wouldnt be any different in private sector. in fact, a lot of the scada systems around the world, running factories, are connected to internet still as of this moment. despite their vulnerabilities were shown.

Re:Why... (3, Interesting)

siddesu (698447) | more than 2 years ago | (#38801039)

The corporate politics isn't all that different inside the Socialist enterprise, the difference is that everything else is much worse.

because they are FSCKING IDIOTS! (2)

swschrad (312009) | more than 2 years ago | (#38800749)

or else the outsourced IT department overseas has senior staff with, ahhh, alternate loyalties... .

Re:Why... (5, Interesting)

currently_awake (1248758) | more than 2 years ago | (#38800761)

I don't think it was. They clearly tried to blow this thing up as a major terrorist attack, but they never claimed risk to life. I'm guessing the "attacks" were a virus on the windows boxes used for selling tickets.

Re:Why... (0)

Anonymous Coward | more than 2 years ago | (#38800951)

No.

The question is why is the TSA involved with railway IT security to begin with, maybe they have too much time on their hands?

Nevermind, I know the reason, they want to handle railway IT security in addition to physical security at airports, railroad and bus stations. So they release a report about evil hackers disrupting the railway signal system with the implied suggestion that someone (themselves for example) should be funded to provide security.

Re:Why... (1)

riverat1 (1048260) | more than 2 years ago | (#38801513)

Well, the word "Transportation" does include railroads last time I checked.

Re:Why... (1)

Hognoxious (631665) | more than 2 years ago | (#38802441)

Have you commuted into London recently?

Re:Why... (0)

Anonymous Coward | more than 2 years ago | (#38802537)

I've tried...

Re:Why... (5, Informative)

Anonymous Coward | more than 2 years ago | (#38801515)

Railway signalling usually consists of two pieces - vital logic and control logic. Vital logic is the sort of thing that prevents showing two trains signals that would make them crash, or would allow the points on a switch to throw under a train, or other safety-related functionality. It's designed to be failsafe, and the design methodology is usually very rigorous because of the huge liabilities involved. This stuff is usually (these days) carried on the rails themselves by what are known as coded track circuits - basically on/off values via carrier frequencies placed on the rails themselves. In some areas and in prior eras, this was carried by signal lines paralleling the railway, either open wire or buried. Regardless, all this stuff is designed such that if pieces fail or communication is lost, everything goes red and train traffic stops.

Control logic is the other half. It's the part of the system that communicates from a dispatcher hundreds or thousands of miles to the local control points. It communicates instructions that can be roughly translated as "allow a westbound past this control point" or "throw the switch to the siding and permit an eastbound through". This is then shot across somebody's network to the control point, where it's handed off to the vital logic. Commands from the dispatcher are really more like requests to the vital logic to perform that function when it's safe to do so. As a dispatcher, even if you'd send commands that would direct a pair of trains to proceed at each other, the vital logic will keep the appropriate signals red and never allow a collision to happen.

So, given the hype-riddled press release, I'm guessing one of two things happened.
1) There's a link between the dispatching computers and the field endpoints that travels over the public network, likely via VPN. Somebody found a way to interfere with that link and prevented commands from getting through (a stupid DDoS could work here, as rail signalling is extremely low bandwidth). Worst case impact - dispatchers can't issue requests for things to happen in the field. That said, I've never seen such a system that connected to an IP network. The ones I've seen are serial and go via modem, frame relay or leased line. There's also a dedicated railway signal control standard that travels over dedicated radio frequencies that's often used from a common radio base to a number of signal installations along a line.

2) Somebody found a way to compromise the dispatching computers themselves and mess with them. Unlikely, but it wouldn't be the first time somebody had compromised a corporate firewall and found the cool toys inside. That said, they'd really have to know what these machines did and how commands were sent in order to do anything beyond send random crap or again, just prevent commands from being sent. The other possibility is that they got between the dispatch machines and the outbound serial links inside the corporate network.

3) The scary but horribly unlikely one - somebody put a vital logic processor where it could be reached via the network. I've never heard of a vital logic processor with an ethernet port, but most of them just have a bunch of serial, one of which is a configuration/communication port through which the unit is programmed. Typically these are only accessible by a dude in the field plugged into the logic unit, but it's remotely possible some bonehead connected it to a network-accessible terminal server or something.

1&2 are possibly crippling to a rail network, but not unsafe. Things stop and nothing moves, but nobody gets hurt. 3 is much more frightening, but I can't see any sane engineer (particularly in the signal department at a railroad, as these guys tend to be risk averse to a fault for good reason) ever signing off on this design. I would

Most of this is just theorizing based on what I know from my association with the industry almost a decade ago, but because of that I'm posting as an A/C.

I worked on these too (2, Insightful)

Anonymous Coward | more than 2 years ago | (#38802897)

When I worked on these, we had dedicated links (X25 serial in those days).

There simply is NO EXCUSE for routing stuff like this over the public internet, VPN or not. Even a DDOS on those communications is unacceptable. If the railway techs sent that data across a public network, their employment should immediately be terminated and the railway company liable.

Re:Why... (1)

Anonymous Coward | more than 2 years ago | (#38803339)

And that all was correct until a few months ago. The new Positive Train Control requirements connect IP/Ethernet to the vital logic (mostly output only... but it's not like there's diodes on the Ethernet connection.

All the systems we're installing to meet this regulation rely on IP traffic to keep trains moving. The security is completely dependent on being an isolated network.

Unfortunately one railroad's system needs to talk to others... and this is generally done on the internet. It's over VPN, but can be Ddosed.

Make matters worse, some of the backwoods freight track are putting this on cellphone

None of the above is secret... it is all on the FRA website

Re:Why... (1)

tlhIngan (30335) | more than 2 years ago | (#38806557)

And that all was correct until a few months ago. The new Positive Train Control requirements connect IP/Ethernet to the vital logic (mostly output only... but it's not like there's diodes on the Ethernet connection.

They do make "data diodes" actually - it separates the "classified" network from the "unclassified" network, but allows some traffic to pass through. Data can flow from the unclassified network, but is blocked from the reverse.

It's basically a firewall with application-level smarts and DPI - so a classified PC can see file shares on the unclassified network, but the reverse isn't possible. Ditto stuff like FTPing files into the classified network, but preventing uploading files the other way and such.

Handy if you want to allow say, Windows Updates through and that's it.

Sure, a virus could get in if someone pulled it in, but it couldn't get out (if the traffic doesn't meet one of the existing filters, it's blocked).

Re:Why... (0)

Anonymous Coward | more than 2 years ago | (#38803869)

Probably because some n00b Windows admin wants to make sure it can get all of its security updates. It's dumb though. If you get a closed system working the LEAVE IT CLOSED. If it's isiolated you shouldn't need any security updates.

Of course! (4, Funny)

Alan Shutko (5101) | more than 2 years ago | (#38800655)

Hackers have been involved in railroads since the very beginning [mit.edu] !

Well, looks like the TSA got their wish (4, Insightful)

Scutter (18425) | more than 2 years ago | (#38800667)

Now they'll have the excuse they need to do to the rails what they've done to the airlines.

Re:Well, looks like the TSA got their wish (4, Insightful)

raydobbs (99133) | more than 2 years ago | (#38800685)

+1 to this - wishful thinking given form, they are just creaming their shorts over this. It means we can be violently sexually assaulted while trying to board trains, board airlines. Now all we need is them at every bus depot, every subway terminal, all border crossings. We'll be a police state in fear of our government overlords in no time.

Re:Well, looks like the TSA got their wish (0)

ibsteve2u (1184603) | more than 2 years ago | (#38802177)

It means we can be violently sexually assaulted while trying to board trains, board airlines.

Worries me, that so many think that being frisked is sex. I mean, what if they're right? Since I only get frisked by male TSA agents, does that mean that I'm gay?

Re:Well, looks like the TSA got their wish (1)

El Torico (732160) | more than 2 years ago | (#38803301)

Worries me, that so many think that being frisked is sex. I mean, what if they're right? Since I only get frisked by male TSA agents, does that mean that I'm gay?

Only if you liked it.

Re:Well, looks like the TSA got their wish (0)

Anonymous Coward | more than 2 years ago | (#38805163)

I was transiting through LAX the other day and I swear I heard a TSA agent singing "I frisked a nerd and I liked it, the feel of his greasy neckbeard, I frisked a nerd just to spite him, I hope my boss give me kudos".

Re:Well, looks like the TSA got their wish (0)

Anonymous Coward | more than 2 years ago | (#38804549)

You seem to have confused sex and sexual assault. Sexual assault can be as simple as someone talking to you about your or their sex related body parts. But most often involves cases where they touch your sex related body parts or forcibly have you touch their sex related body parts, without your full consent.

Turns out most people don't go to the TSA for a good time (sexually speaking). Thus it could be construed as sexual assault. By the United States government.

Re:Well, looks like the TSA got their wish (0)

Anonymous Coward | more than 2 years ago | (#38804513)

They already have the ability to do airport-type security for trains and subways and intercity bus services. They already do security checks for cruise ships.

The thing they want to do is search cars on roads.

No matter if it's legal to have a gun on you, they may object.

Re:Well, looks like the TSA got their wish (3, Insightful)

ajpuciat (2553090) | more than 2 years ago | (#38800703)

Just what we need. I am guessing this isn't going to be limited to the rails either. Any mode of transportation utilizing computers will be "under attack," and we're going to stand around and get molested by the TSA. Awesome!

Re:Well, looks like the TSA got their wish (0)

Anonymous Coward | more than 2 years ago | (#38801141)

Actually, it seems like they can have an argument to go to your house, check your computer or eavesdropping your network to make sure you're not trying to hack anything (and downloading copyright protected content while at it).

You never know... (3, Funny)

MrEricSir (398214) | more than 2 years ago | (#38800709)

...when someone might hijack a train and crash it into a skyscraper.

Re:You never know... (5, Interesting)

ajpuciat (2553090) | more than 2 years ago | (#38800759)

"Amagasaki, Japan 26 April 2005 A seven-car train with 580 passengers derailed and slammed into an apartment building of nine floors. 73 people were killed and nearly 450 injured"

Trains, in my buildings?

It's more likely than you think.

Re:You never know... (1)

Anonymous Coward | more than 2 years ago | (#38800831)

Yes, well, but did it have snakes on it?

Sort of... (1)

Anonymous Coward | more than 2 years ago | (#38800873)

My hovercraft is full of EELS.

Re:You never know... (0)

Anonymous Coward | more than 2 years ago | (#38800905)

"Investigators have focused on speeding by the twenty-three-year-old driver, Ryjir Takami (who was among the dead), as being the most likely cause of the accident. It is claimed that he overshot the previous station on the line before the wreck, causing a ninety second delay. Investigators speculate that the driver may have been attempting to make up this lost time by increasing the train's speed beyond customary limits. Many reports from surviving passengers indicate that the train was travelling faster than normal. In mid-2004, the same driver had been reprimanded for overshooting a station by one hundred meters."

Re:You never know... (2)

macshit (157376) | more than 2 years ago | (#38801661)

"Amagasaki, Japan 26 April 2005 A seven-car train with 580 passengers derailed and slammed into an apartment building of nine floors. 73 people were killed and nearly 450 injured"

Note that the line in question was one of the few passenger lines in Japan without ATC/ATS ("automatic train-control/train-stop") installed, and it's pretty likely that had it been installed (it was "on the list" to be upgraded at the time...), the accident would have been prevented, as the system automatically applies brakes in an overspeed condition.

[One interesting question is whether the driver can disable it or not...]

Re:You never know... (1)

Tastecicles (1153671) | more than 2 years ago | (#38802453)

depends. In a potential collision situation, no he wouldn't/shouldn't be able to, since it needs to be able to apply the emergency brakes (handy if the driver just had a heart attack and can't reach the controls!). In a "safe" overspeed situation it would sound a very loud alarm which the driver would have to deal with and correct the situation, otherwise after a set delay the brakes would engage.

(for values of "safe" consider the following: switchpoint status, track curvature, speed limits, overspeed margin, leading and following trains - when trains stop in the middle of nowhere they're waiting for the train in front to pull ahead or off the line. Said train could be three miles in front).

Re:Well, looks like the TSA got their wish (2)

wbr1 (2538558) | more than 2 years ago | (#38800887)

What logic is there in body scans and pat downs to protect against hackers?

'Sorry ma'am, please take of your shoes so we can check for a flash drive with root kits on it."

Re:Well, looks like the TSA got their wish (1)

Megane (129182) | more than 2 years ago | (#38800891)

Absolutely. We need more pat-downs and strip-searches of old ladies and grade schoolers to put a stop to this.

Re:Well, looks like the TSA got their wish (2)

c0lo (1497653) | more than 2 years ago | (#38801243)

Now they'll have the excuse they need to do to the rails what they've done to the airlines.

Eh... should I understand the public is that stupid to accept that scanners and patting-down will prevent crackers remoting into unprotected systems?

Re:Well, looks like the TSA got their wish (0)

Anonymous Coward | more than 2 years ago | (#38802419)

Yep. This likely never happened or is at best heavily embellished. All so that the TSA can justify their presence, expansion, and individual violation into other aspects of our daily life. Give it a couple years and they'll be expanding into elevators, escalators, trams, and those little cross-way covered bridge things that let you go between buildings (like at OHSU).

Re:Well, looks like the TSA got their wish (0)

Anonymous Coward | more than 2 years ago | (#38803417)

Leaving aside security theatre, how does a security guard stop a runaway train? Don't trains already have a dead-man lever and remote-controlled brakes?

I call bullsh*t (0, Insightful)

Anonymous Coward | more than 2 years ago | (#38800701)

The only thing they would have access to is the equivalent of log files. We are talking big iron access. The system was designed to keep the system out of reach from anywhere outside the system itself. Developers not on the big iron don't have the access, nor would many have credentials to get anywhere useful. If there is any validity then it means someone with an H1B visa stole credentials and is using someone else's terminal to do anything. Not impossible, just improbable and easy to track down.

Re:I call bullsh*t (0)

Anonymous Coward | more than 2 years ago | (#38802875)

somewhat subtle troll is somewhat subtle.

Shenanigans! (4, Insightful)

Kenja (541830) | more than 2 years ago | (#38800707)

To me this sounds like some contractor introduced a bug to the system and is attributing the issues it caused to "hackers". If the system is really open to attacks of this nature, then it is fundamentally flawed.

Re:Shenanigans! (1)

Anonymous Coward | more than 2 years ago | (#38800769)

Ooh, very observant. Maybe the word "hacking" has replaced the overused "computer bug" as the scapegoat for human error.

Re:Shenanigans! (5, Informative)

Samantha Wright (1324923) | more than 2 years ago | (#38800773)

What are you talking about? The hackers are "possibly from abroad"! This is serious! Why would the article author use such a blatantly sensationalist subclause if it weren't serious?! Especially when the last time this was claimed [popsci.com] turned out to be exactly what you're describing [chicagoist.com] !

Re:Shenanigans! (1)

Rasperin (1034758) | more than 2 years ago | (#38806733)

IF and only IF it was actually hacked, it's probably because the rail control system is connected to a personal PC which has a connection to the internet. I'm assuming being the person who controls those rails is a very very boring job and probably downloaded something they shouldn't have. The so called "hacker" logged on, notice it controlled the trains and decided to have some fun.

I can wager that's how the events worked out if your case (far more likely) isn't right.

Icebergs Anyone? (1)

rueger (210566) | more than 2 years ago | (#38800821)

Just as the very brightest criminals are the ones that are never caught, I tend to assume that there are many people poking around in just about any system of consequence. Anonymous, Wikileaks, and similar operations are just the tip of the iceberg.

I expect that we're heading for something that resembles John Brunner's Shockwave Rider, [wikipedia.org] where one day a clever hacker will make all governmental data banks miraculously be wide open. The kind of thing that will make Wikileaks seem like a trifle.

As for hacking a transportation system? I kind of assume that various governments are already doing to each other.

Dizzy from the Spin (4, Insightful)

JoeRandomHacker (983775) | more than 2 years ago | (#38800825)

I'm sure that it is coincidence that this sort of story gets publicity now. Nothing to do with countering the bad press the TSA has gotten today. And I'm sure there is no way this sort of thing could be prevented in the future without an all-seeing, all-knowing, all-powerful TSA keeping watch on everyone who decides not to stay in one place all the time. Nothing to see here. Move along. Except for you, and you over there. We'll need you to step over here for a moment...

So tired (1)

koan (80826) | more than 2 years ago | (#38800879)

Of important or critical items made accessible through the Inet, what idiot bean counter thought that was a good idea?
This never would have been possible prior to putting control infrastructure on the Inet and then thinking the incompetent law makers and management would be able to secure it, in addition it's one more incident showing how ineffective the TSA really is, machine gun toting thugs roughing up citizens at the social security office or bus station while train systems get hacked.

The TSA is useless.
The law makers are stupid old men.
The corporations run everything.

I can see how this could happen (0)

Anonymous Coward | more than 2 years ago | (#38800939)

First off there are many reasons you'd connect these systems to the internet. the #1 reason is to allow people remote access into them to support them 24/7 from any location. Vendors and consultants are always asking for this. Saves a trip in for . Secondly, convience. People can sit down at a computer and get on the internet, e-mail, etc. Dosent matter that its the computer that controls .

Another part in this is the fact that these systems often fall outside the corporate IT's scope of operations. This system belongs to . Sometimes they will have systems analysists and mabye even a couple IT staff of their own to manage the system, sometimes they wont, sometimes it will be the oldest person in the department who got the responsiblity for maintaining a computer network, along with the systems because "He's been here a long time". This usually leads to turf wars and the systems owner usually tends to win. Also, many times these systems are simply added after the fact, and without proper design consultation and documentation from the IT department, and often have their own infrastructure and other systems that are not managed by the IT Department. So instead of being securly buried within the corporate network and monitored as part of, It is largely unmanaged flying outside the scope of IT, probally not even touching the corporate network, and lacking proper compliance and monitoring. This is the way it's been done for fifty years and it sure as hell is not going to change now.

And this is why you have problems like this.

Re:I can see how this could happen (2)

nirgle (554262) | more than 2 years ago | (#38800991)

Did you notice that quite a few of your sentences .

We need SOPA and PIPA (0)

Anonymous Coward | more than 2 years ago | (#38800981)

We need SOPA and PIPA so that such hackers servers can be blocked the moment intrusion is detected. But anarchist tech industry and uneducated blogger won't lets have it.

I say GREAT! (0)

Anonymous Coward | more than 2 years ago | (#38801001)

If you've ever ridden an amtrak train in this country the only thing a hacker could have done is speed it up. I bet if we just turned the signal system over to any hacker with the skills the train service in this country would improve!

Oh yes (0)

Anonymous Coward | more than 2 years ago | (#38801003)

I believe them.
Creating more TSA jobs again?

Can we stop calling them hackers? (0)

Anonymous Coward | more than 2 years ago | (#38801051)

I'm old enough that Hacker has a very different and positive connotation. These are terrorists and thugs and at the very least people on ego trips. Even in the early days groups like phone phreaks weren't trying to get away with making free phone calls they were taking issue with a corrupt system. You may complain about your phone bill now but with long distance charges we were paying a $100 to a $150 in phones bills in the 80s if you made out of state calls regularly. Imagine a $500 phone bill today! These types of attacks give hackers a bad name. Too many destructive things are lumped under hacking.

Re:Can we stop calling them hackers? (1)

nirgle (554262) | more than 2 years ago | (#38801077)

I'm with you on the nomenclature issue buddy, but let's face it: we've lost. Best to drain it of its usual affect so you can get on with your life in peace.

Re:Can we stop calling them hackers? (0)

Anonymous Coward | more than 2 years ago | (#38803579)

Yeah, and "artificial" used to mean "full of artifice" instead of "fake". And "manufacture" used to mean "to make something by hand" instead of an industrial process. English language evolves - sometimes it evolves quite quickly. That's always been the key to its success, it takes the successful parts from other languages into itself and mutates to fit the current meaning. Hacker used to mean someone who liked to roll up their sleeves and play with code, now it's changed to mean someone who breaks into systems - if you don't like it there are lots of other languages you can go speak.

Re:Can we stop calling them hackers? (0)

Anonymous Coward | more than 2 years ago | (#38803859)

Dude, that's SO gay.

Who Did What?! (0)

Anonymous Coward | more than 2 years ago | (#38801091)

"The recent TSA outreach was unique in that officials told operators how the breach interrupted the railway's normal activities, said Steve Carver, a retired Federal Aviation Administration information security manager, now an aviation industry consultant, who reviewed the memo.""

This is direct evidense of TSA being involved in acts of esponage and sabotage against the USA!

Why isn't the Sec. of DHS not being arrsted for authorizing acts of esponage and sabotage against the USA!

Wonders as these of USA beauracy do amaze.

Oh. Checking my Mickey Mouse Watch alerts me that yet another baffoon is about to emerge on the US Congress Stage.

Land 'O Lakes. Seems the idiots are crawling out to the woodwork these days.

LoL

Sounds awfully simliar to... (4, Interesting)

b5bartender (2175066) | more than 2 years ago | (#38801151)

...the well-publicized "attack" on an Illinois water system by Russian Hackers [washingtonpost.com] that, unsurprisingly, never actually happened. [sj-r.com]

I'd like to say something witty here. (1)

liquidweaver (1988660) | more than 2 years ago | (#38801155)

I usually try to. Right now, I honestly can't think anything but
  FUCK the TSA, everything they do, and everything they stand for.

Where?? (0)

Anonymous Coward | more than 2 years ago | (#38801237)

Wonder which country its about..

Which railroad? (1)

faedle (114018) | more than 2 years ago | (#38801311)

Hmm.. they don't really say which railroad, but..

Given that they imply "passenger service" was affected and use terms like "rush-hour", there's really only two railroads that could have been affected.

My money's on the smaller of the two: P&W. Anybody else care to lay a wager?

Train control has gone Linux/Ethernet/IP (4, Interesting)

Animats (122034) | more than 2 years ago | (#38801351)

Railroad signalling used to be all special purpose hardware. Not any more. Here's the "VitalNetâ Wayside Message Server" [ptc-asts.com] . Runs Red Hat Linux. Talks "Interoperable Train Control Messaging" protocol.

It gets worse. Here's a General DataComm unit for railroad signal control. [gdc.com] "SC-ADT ports configured for Telnet/ SSH sessions, for bypass transport (port forwarding), and to convert async PPP data to IP for transport over a cellular data network. SC-ADT managed via Telnet, SSH, SNMP, FTP, TFTP and HTTP from the Dispatch Facility. "

TFTP? FTP? Telnet? What's wrong with this picture?

There's even a hobbyist program for listening in on signal control traffic [atcsmon.com] , some of which is passed around on unencrypted radio links.

They say - bupkus (0)

Anonymous Coward | more than 2 years ago | (#38801377)

I've read a number of these "revelations" of "foreign attacks" on our infrastructure, and all of them ended up being someone making rash pronouncements that had zip to do with reality. Examples include the so-called attacks on water supplies. It seems that the problems were internal, and technical. They had zip, zero, zilch to do with outside attackers! It is time we removed these pinheads from ANY position of authority, especially over technical domains. They don't have the intelligence to fix a faucet, let alone to determine the root cause of some system issue!

And yet... (1)

matunos (1587263) | more than 2 years ago | (#38801817)

...we're all still alive.

In other news... (1)

mutherhacker (638199) | more than 2 years ago | (#38801891)

TSA contractors organize fear campaign to help boost sales.

Simple solution: (3, Funny)

Issarlk (1429361) | more than 2 years ago | (#38802485)

Make the ethernet cables run through an X-Ray machine, or pat down the IP packets. It'll be as efficient as in airports to prevent future breaches.

Railway computers hacked froom the Internet (1)

microphage (2429016) | more than 2 years ago | (#38803513)

"Investigators discovered two Internet access locations, or IP addresses, for the intruders on Dec. 1 and a third on Dec. 2, the document noted, but it does not say in which country they were located".

Who in their right minds connect a railway signals control system directly to the Internet?

Sounder Train or Westside Express Service? (3, Interesting)

McGruber (1417641) | more than 2 years ago | (#38803727)

The article tells us that this event happened to a railroad that (1) is in the Northwest, (2) runs scheduled trains during the workweek (Dec 1 was a Thursday) and (3) has frequent enough service that a 15 minute delay would be noticed.

It appears to me that the railroad described is either Washington State's Sounder Train (en.wikipedia.org/wiki/Sounder_commuter_rail) or Oregon's Westside Express Service (WES) (http://en.wikipedia.org/wiki/Westside_Express_Service).

BULLCRAP (0)

Anonymous Coward | more than 2 years ago | (#38804201)

I am a network engineer and I specialize in information security, penetration testing, white hat stuff.

If this story came from anybody other than TSA I might have believed it, but TSA is incompetent at best. They are nothing but a bunch of white trash security guards, and the few people skilled in computer networks do not have the skills to assess the Railway signal system.

This is all speculation and I challange their claim.

Business idea (2)

GameboyRMH (1153867) | more than 2 years ago | (#38805083)

I should start a service selling "industrial control system security retrofits." Between the Internet and the PLC, I'll set up a simple Linux box, with cryptknock and brute-force protection that only allows SSH logins with passphrased keyfiles. Then I'll give the operators a nice script (in .bat form and shellscripts) that puts them to the login prompt in one click and sets up a tunnel between their localhost and the PLC or whatever. Then they connect to the control client to localhost and work as usual. Because the places that do this shit usually have NO IT STAFF, I'll put together a simple interface for managing the keyfiles (some GUI on the box itself would be safest - really stripped down of course, ncurses-based ideally).

For each installation I will charge $3k, maybe with a support option if they want me to manage their keyfiles remotely, very affordable to them but I am actually taxing them out the ass for stupidity >:)

Re:Business idea (0)

Anonymous Coward | more than 2 years ago | (#38806157)

do it.

Re:Business idea (0)

Anonymous Coward | more than 2 years ago | (#38806735)

LOL. I'm sure IBM, Nitro, Industrial Defender, McAffee, RedTiger, DigitalBond et al are quaking in their boots at the prospect of new competition in the market. Good luck!

Hackers manipulated railway computers... (1)

Culture20 (968837) | more than 2 years ago | (#38805735)

...so we'll need to cup your junk at railway stations now. -TSA
Load More Comments
Slashdot Login

Need an Account?

Forgot your password?

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>