×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

Hacking Group Linked To Chinese Army Caught Attacking Dummy Water Plant

Unknown Lamer posted about 9 months ago | from the bad-movie-plot dept.

Security 214

holy_calamity writes "MIT Technology Review reports that APT1, the China-based hacking group said to steal data from U.S. companies, has been caught taking over a decoy water plant control system. The honeypot mimicked the remote access control panels and physical control system of a U.S. municipal water plant. The decoy was one of 12 set up in 8 countries around the world, which together attracted more than 70 attacks, 10 of which completely compromised the control system. China and Russia were the leading sources of the attacks. The researcher behind the study says his results provide the first clear evidence that people actively seek to exploit the many security problems of industrial systems."

cancel ×
This is a preview of your comment

No Comment Title Entered

Anonymous Coward 1 minute ago

No Comment Entered

214 comments

Actually... (5, Funny)

djupedal (584558) | about 9 months ago | (#44462619)

The plant is real and the headline is a cover up/reverse sneak - because panic. But hey, if it turns out to be a honeypot, don't expect it to work twice :)

Re:Actually... (-1)

Anonymous Coward | about 9 months ago | (#44463033)

Soon after the niggers finally invent the wheel we will see lots of these attacks coming from tribal African nations. Ok so the spearchuckers are a little slow, thats ok. It has been thousands of years after all. And they were the first humans so they had a few thousand yaers more head start. Ok, ok, granted. But eventually, finally, they might invent the wheel. Just as soon as they invent a stable nation.

Re:Actually... (-1)

Anonymous Coward | about 9 months ago | (#44463433)

Think of the lulz. If the nigeneers succeed, we'll be able to call it the Niggernet.

Re:Actually... (0)

Anonymous Coward | about 9 months ago | (#44463327)

Fake Chinese Army Hackers take over Dummy Water Plant, and then boogeyboogeyboogeyman. Like anyone would waste an opportunity to scare the public if there were a real attack. Do you have any idea how much you can make from a little panic, both politically and financially?

Re:Actually... (2, Insightful)

icebike (68054) | about 9 months ago | (#44463341)

The honeypot plants may have been more real than real plants. Chances are real plants have nothing this sophisticated.

(Some of these honeypots were designed to look like they were "located" in China, Russia, Australia, and Brazil. Did they think the attackers would be fooled by these things? Not all of those places would be running the same model of water plant.).

Then it says:

None of the attacks displayed a particularly high level of sophistication, says Wilhoit, but the attackers were clearly well versed in the all-too easily compromised workings of industrial control systems. Four of the attacks displayed a high level of knowledge about industrial systems, using techniques to meddle with a specific communication protocol used to control industrial hardware.

Well which is it? Not too sophisticated, but the busted into his lame decoys easily enough.

He was able to access data from their Wi-Fi cards to triangulate their location.

He claims to have triangulated where the attacker was based on their wifi card. REALLY? How is that done? He knows where every wifi router in the world is does he? Triangulate!!! All Wifi cards use three routers? Who knew! Each of which has its position known?

Somewhere there are some people chuckling at this guy.

Re:Actually... (5, Interesting)

sumdumass (711423) | about 9 months ago | (#44463527)

Well which is it? Not too sophisticated, but the busted into his lame decoys easily enough.

Forcing a door open is not the same as sophisticated lock picking. But nonetheless, the point about sophistication seems to be what they did once they got access. Most did menial tasks while 4 meddled with a specific communication protocol.

He claims to have triangulated where the attacker was based on their wifi card. REALLY? How is that done? He knows where every wifi router in the world is does he? Triangulate!!! All Wifi cards use three routers? Who knew! Each of which has its position known?

I'm not sure your reading comprehension is up to speed here. The web interface that was hacked embedded an exploit framework called BeEF [beefproject.com] so the researcher could gain access to the attackers system through the browser. What he likely did was query the networks detected by the wifi cards then crossed them to data from sites like WiGLE [wigle.net] or perhaps something even more specific.

This is more then enough to get a Geographical location of a person and narrow it down to not only country, but city and even neighborhoods within the city.

Oh, and the triangulation isn't on where the wifi car itself accesses a router, but with the names of the specific networks the wifi cards can see. If you see several distinctly different named networks, the odds of them being in more then one location is low so you know it has to be a location close enough to all of them to be seen at the same time. For instance, if I see the SSIDs duck_butter, shoreline, bbangsoon, and linksys, I can find that I am near the Chicago Water Commissioner's office at Pfc Milton Olive park, near the Chicago harbor. Go ahead and look it up. [wigle.net]

Somewhere there are some people chuckling at this guy.

I think that happens to all of us every once in a while. I was laughing pretty good earlier at someone too.

Than vs. then (-1)

Anonymous Coward | about 9 months ago | (#44463733)

Then is mainly an adverb, often used to situate actions in time. For example, you wake up in the morning and then have breakfast. It’s also used in if then constructions such as, “If you wake late, then you might have to skip breakfast.” It also works as a noun meaning that time (e.g., “I wanted breakfast, but then was not a good time”) and as an adjective meaning at that time (e.g., “My then boyfriend was not an early riser”).

Than is a conjunction used mainly in making comparisons—e.g., “My breakfast is better than yours”; “I make breakfast differently than you do.”

To help distinguish between the two words, remember that than has no one-word synonyms. It is a one-of-a-kind word. To illustrate, try thinking of a single word to replace than in “My breakfast is better than yours.” There isn’t one. Then, in contrast, has many synonyms and often bears replacement with an equivalent word or phrase. For instance, “I woke up and then had breakfast” can become “I woke up and subsequently had breakfast.” The exception is in if then constructions, where the then is usually required. But for these situations, just remember that then, not than, is the correct spelling of the word often paired with if.

Not working well outside US (0)

Anonymous Coward | about 9 months ago | (#44463971)

I used the service (and others similar for example for geolocation) all over the world. Once you are in the US the accuracy drop by hundred of miles litteraly. Unless you ask the real provider, your location is pretty much fucked up. My Wifi card is for example located ion FfM, and I am located by IP in Berlin, and located by Wifi card in Bonn. That's hundred of Km. The problem is at some point many provider outside the US are NATing. So service like wiggle and so forth , while getting right what your wifi card is connected to or its neighbors, almost always place it at the wrong geographic location. Pretty much due to NATing only my ISP knows where I am. Otherwise for everybody else, the BEST they can come up with is : "germany".

first post (-1, Troll)

DoubleJ1024 (1287512) | about 9 months ago | (#44462623)

first post bitches!!!!!

Re:first post (0, Flamebait)

Anonymous Coward | about 9 months ago | (#44463519)

You failed in life so hard people are laughing at you. You should have marked the anon box because now we all you know your name and think you are a fool. Have a nice day failure.

InSANE -- why...?!!! (5, Insightful)

Anonymous Coward | about 9 months ago | (#44462639)

Why are critical systems on the 'net?
They functioned perfectly 30 years ago without the internet...

CAPTCHA = 'yourself'

Re:InSANE -- why...?!!! (0)

Anonymous Coward | about 9 months ago | (#44462653)

Why are critical systems on the 'net?

I can't answer your rhetorical question, but...this is how it begins... Doesn't seem good.

Next escalation might be to disable access and/or power in the area where "APT1" are located?

Re:InSANE -- why...?!!! (2)

Jeng (926980) | about 9 months ago | (#44462663)

Remote access for people who don't want to be physically at the plant.

IE: Management

Re:InSANE -- why...?!!! (0)

Anonymous Coward | about 9 months ago | (#44462675)

IE...?

That makes it doubly worse tha they're using Internet Explorer!!!!

Re:InSANE -- why...?!!! (3, Insightful)

AHuxley (892839) | about 9 months ago | (#44462757)

Re: "Why are critical systems on the 'net?"
So one lower cost, union free, engineer can be contracted to look over many subsystems from a great distance.
vs having local technical staff who need paying and pensions. Local staff over time may get to know their legal rights and fight for their wages - state and federal.
You also had heavy commercial lobby efforts to update State control systems to 'save' cash long term.
Products using industrial "solutions" created for secure site networks where spread over vast state or regional networks via the 'internet' or 'wireless'.
ie States trying to get rid of on site long term union staff and great sales reps moving around cities and states with networks to sell.

Re:InSANE -- why...?!!! (4, Insightful)

plopez (54068) | about 9 months ago | (#44462887)

you forgot "Based in Bangalor" in regards to the low cost engineer

Re:InSANE -- why...?!!! (0)

Anonymous Coward | about 9 months ago | (#44462997)

Perfect example why privatization of infrastructure is a stupid idea.

Ron Swanson, you are WRONG!

Re:InSANE -- why...?!!! (-1)

Anonymous Coward | about 9 months ago | (#44463141)

No he's right. Busting unions is a greater benefit than exposing a security risk to Chinese crackers.

One is allowing a mind-virus to establish a foothold after glorious leader Reagan exposed them for the frauds they are and the other is a minor technical issue wich will be patched next Tuesday.

It's interesting, isn't it, that there exists people who actually think like this.

Re:InSANE -- why...?!!! (0, Insightful)

Anonymous Coward | about 9 months ago | (#44463273)

but all this cybersecurity nonsense the government wants to impose is part of the cost of putting everything online. and if it's going to cost us our freedoms and if it's going to cost all this taxpayer money then it's not really saving us any money.

"So one lower cost, union free, engineer can be contracted to look over many subsystems from a great distance.
vs having local technical staff who need paying and pensions. "

and do you really think having someone remotely monitor the system is going to reduce or eliminate the need for local staff? Is that how it ever works in reality? Or is that some fantasy land you made up. You still need local staff.

Re:InSANE -- why...?!!! (2, Insightful)

RocketRabbit (830691) | about 9 months ago | (#44463385)

You're such a fuckin' commie with your labor union speak.

This has nothing to do with unions, and everything to do with modernization of systems, and the Siemens company.

That still don't explain why it needs to be on net (0)

Anonymous Coward | about 9 months ago | (#44463937)

You do not need something which is connected on normal net line. You close all ports whatsoever, put a hardware router and firewall before and do all transaction on SSH. Cost difference ? Minor. Hassle difference and higher security.

Re:InSANE -- why...?!!! (4, Interesting)

Anonymous Coward | about 9 months ago | (#44462779)

Plants nowadays always have some kind of remote SCADA. The network between sites may be isolated, but somewhere along the line there is often an internet-connected computer that will also have a connection to the isolated network for client-side monitoring and control software.

All that it takes it to hack one of these. They pretty much always exist, even if they shouldn't. Someone will connect a cable so they can browse Facebook while monitoring sites.

Why are critical systems on the 'net? (4, Insightful)

ridgecritter (934252) | about 9 months ago | (#44462793)

In part, perhaps because 30 years ago the advantages of/needs for large scale efficiency and coordination weren't so great as today? Isolated systems may have higher operations costs and may not efficiently integrate into big systems, but they tend to have few or no remote attack vulnerabilities. Bottom line: economics favor connected systems, and anything on the net can be pwned.

Re:Why are critical systems on the 'net? (1)

werewolf1031 (869837) | about 9 months ago | (#44462965)

It's understandable that those systems need to be connected to each other, but in that case they should have their own, completely isolated network to do so, preferably one that is utterly incapable of connecting to the Internet at large. The current setup is just begging for disaster, which is a 'when', not an 'if'.

Exposing these systems on the Internet is just lunacy.

Re:Why are critical systems on the 'net? (4, Funny)

Ol Olsoc (1175323) | about 9 months ago | (#44462987)

It's understandable that those systems need to be connected to each other, but in that case they should have their own, completely isolated network to do so, preferably one that is utterly incapable of connecting to the Internet at large.

But DUDE!, If we did this, we'd like, have to connect all those power grids with, like - wires! Where we gonna get that?

Re:Why are critical systems on the 'net? (1, Insightful)

rtb61 (674572) | about 9 months ago | (#44463709)

More sensibly under law, all remote control system for essential infrastructure should be banned unless they can be guaranteed (as in you 'WILL' go to prison) secure. Can't secure it to that level, then don't do it because you do not have the right to privatise the minimal gain profits whilst socialising the huge cost of failure (including lives lost).

Quite simply this provides only two things. First, honey pots are really good at attracting a focusing attention and should be inserted on all high security systems, to draw attacks and allow investigatory follow up. Second, it is really bad idea to put high risk of life infrastructure under across the internet remote control, if you do, you should pay the full criminal penalty for when your security is broken.

Re:Why are critical systems on the 'net? (4, Insightful)

plover (150551) | about 9 months ago | (#44463903)

So you would have the city leasing expensive lines between plants? I've not met too many people who complained their taxes and water rates were too low, and that they wanted the same service with more security and were willing to pay extra for it. I do, however, see a constant parade of talking heads on TV who bitch incessantly about how high taxes are, how they'll cut taxes when they get in office, or that government budgets should be cut by 10%. Well, their budgets were cut and so the cities cut their corners, and saved whatever money they could, and now their water system is in the hands of hackers. They got exactly what the taxpayers told them they were willing to pay for. We have the exact systems we deserve.

Could they and should they beef up their security? Of course. But does each water system owner even know if they have a problem? These guys are civil engineers in sleepy little towns, not security wonks. They probably didn't install the ICS themselves, they probably contracted all that out, and among the site survey forms they filled out was "choose your system password (minimum 6 characters)" and trusted the vendor to provide the rest of the security (back in 1993 when they installed it.) They might not even know they can change it, or how to change it. or that they need to do something different. Even if they did, the first rule of ICS configuration is "DON'T TOUCH IT!" So don't expect them to get all excited about the chance to make a change.

They would likely learn a lot more about these problems at their state's annual public works conference, if their city can afford to send them this year, and if their state can afford to hold one.

Re:Why are critical systems on the 'net? (3, Insightful)

jon3k (691256) | about 9 months ago | (#44463275)

Which is why MPLS exists and we build private WANs. The REAL answer here is because Pointy-Haired-Boss wants to be able to login from home,

Re:Why are critical systems on the 'net? (3, Insightful)

AK Marc (707885) | about 9 months ago | (#44463595)

MPLS exists to economically sell VLANs over shared networks. You put your security in the hands of a 3rd party. Just hope they built a good network.

The PHB is often not a manager, but a clueless engineer who spends $10,000,000 to build a SCADA network air-gapped from the IT's LAN, then sets up a computer on the LAN and SCADA with remote login enabled, and AAA managed by local user accounts on an XP system. Then, when a problem happens, goes to the COO and complains that IT is not letting him do his job.

Don't laugh, I've seen it multiple times. Every time with oil drillers, one of which owned the Deepwater Horizon, the others in Alaska.

Re:Why are critical systems on the 'net? (1)

evilviper (135110) | about 9 months ago | (#44463959)

Which is why MPLS exists and we build private WANs.

Sorry, but your MPLS WAN is far LESS SECURE than a proper IPSec tunnel over the internet, while being vastly more expensive.

Re:InSANE -- why...?!!! (2)

plopez (54068) | about 9 months ago | (#44462905)

You don't get it dude. It's the Internet, a whole new paradigm. It' different this time. Now your workers can work from home 24/7 BYOD through a cloud enabled clustered virtual remote systems management tool.

Re:InSANE -- why...?!!! (4, Funny)

chill (34294) | about 9 months ago | (#44463037)

I swear that last sentence was copied verbatim out of a PowerPoint slide our CIO sent around...

Re:InSANE -- why...?!!! (2)

Jeremy Erwin (2054) | about 9 months ago | (#44463115)

"Vent radioactive gas?" [types] Y E S.
"Sound alertness horn?" Y E S. [it sounds in the distance]
"Decalcify calcium ducts?" Well, give me a Y, give me a...Hey!

Re:InSANE -- why...?!!! (4, Informative)

interval1066 (668936) | about 9 months ago | (#44462959)

There are a lot of upsides to putting controls systems on the net. Not applauding it, just sayin'. I wrote a blog article about it; here 'tis [wordpress.com] .

Re:InSANE -- why...?!!! (4, Insightful)

postbigbang (761081) | about 9 months ago | (#44463043)

Yeah! Fun! Saves money!

Here are the downsides: you're attacked at every IPv4 address about 100x a day by the bots, and much more densely if you look interesting. Without an air gap, you expose all your stuff to a bunch of hackers ranging from script-kiddies to those with power tools. None of them wants your PLC to run after they tweak a few knobs.

Multiple authentication and encryption methods (see the https attacks 'announced' at Black Hat) are becoming child's play. All of the incredible engineering that these things have gone through haven't had the funds needed/expended towards making them brutally difficult to crack. It's always an afterthought after the sales guy leaves.

It's also my biggest problem with the IEEE-- lots of wonderful protocols. Security is an afterthought, rather than being built from the onset into each platform. Look at the ludicrousness of WEP and WPA1. Tell me these guys were thinking. Sure, glorious and fast, and with security as paper-thin as can be.

Re:InSANE -- why...?!!! (-1)

Anonymous Coward | about 9 months ago | (#44463089)

It's also my biggest problem with the IEEE-- lots of wonderful protocols. Security is an afterthought, rather than being built from the onset into each platform. Look at the ludicrousness of WEP and WPA1.

Uh no, these are ENGINEERS. They wouldn't call something "wired equivalent privacy" if it weren't equivalent. They know what they're talking about. You? You're simply not qualified to judge them. Sheesh.

Re:InSANE -- why...?!!! (2)

AK Marc (707885) | about 9 months ago | (#44463657)

I've worked with engineers. The only other group worse is doctors. Lawyers are bad, but not as bad. Engineers think "that's not that hard" and do things like bring in a home router to work as a wireless access point because they can't be bothered to follow the IT rules for safe wireless. Turns out, they plug the "LAN" port on the router in, handing out DHCP and with the LAN address on the router 192.168.1.1 (the same as the corporate default gateway - picked long before I started working there), we also used 192.100.1.1 and 192.200.1.1 for subnets. I pointed out the stupidity of that (they aren't private addresses), and was laid off in the next round of layoffs, the guy who picked the ranges was previously promoted to manager and had a saw in the layoffs). Back to the engineers. I tracked down the MAC conflicting with the gateway, and was yelled at for keeping him from doing his job. My boss and his boss later had a talk with him, and he was more apologetic.

Re:InSANE -- why...?!!! (0)

Anonymous Coward | about 9 months ago | (#44463939)

Even 10 years ago affordable managed Layer 2 switches from HP had DHCP spoofing protection.

Re:InSANE -- why...?!!! (2)

lightknight (213164) | about 9 months ago | (#44463095)

Random guess?

TCP/IP is less expensive than developing your own network protocol. Using public data lines (the Internet) is less expensive than using your own private, leased lines. Using no encryption is less expensive than mediocre encryption, and a hell of a lot less expensive than serious encryption (you are either paying for developer time, or a library, or both).

Re:InSANE -- why...?!!! (1)

VortexCortex (1117377) | about 9 months ago | (#44463151)

Why are critical systems on the 'net? They functioned perfectly 30 years ago without the internet...

CAPTCHA = 'yourself'

Because these systems were not actually functioning perfectly 30 years ago. They are systems that are a bit newer than that, hence they didn't exist 30 years ago, thus they have the capability to be connected to the 'net. Networks reduced the cost of maintenance...

Look, just because the reasons aren't good reasons, doesn't mean they aren't reasons. I'm not disagreeing with you. You're the one asking "why?" In truth, I can't really tell you "why?" That's a religious question, and I'm a basement dweller who doesn't even believe in "sun" or "water". I can only tell you what, and how. Who knows why anyone puts dummy water plant systems on the 'net. To catch hackers? Maybe. If I had to guess it would be to further the conspiracy that "baths" exist. I'm unconvinced, these systems weren't actually connected to a "water" plant. HA, Nice try! Debunked the water myth right in the title, the only part that anyone cares about. My initial research does point to a final answer as to "why", but studies indicate I'll need to construct a massive supercomputer and let it think deeply until you've forgotten the question and mistranslated this very event sufficiently, probably erroneously labeling me a virgin, as translators are wont to do. It will need to be optical based, so I'll need a giant prism and lots of fiber optic cable, but such a taboo undertaking can only occur underground; Hence only Nasty Stinking Assholes like me can be trusted to do it. Don't worry, all of this will sound much more prophetic in 7.5 million years, everything does. Even acid trips seem like revelations given just a few thousand. Hmm, for good measure...

Future anthropologists: Beware the sharknado! Global weirding is a bitch!

Re:InSANE -- why...?!!! (2)

evilviper (135110) | about 9 months ago | (#44463291)

Why are critical systems on the 'net?
They functioned perfectly 30 years ago without the internet...

RIGHT! Having a dial-in modem on the PTSN was OH-SO-MUCH MORE SECURE!

Has absolutely NOBODY here ever seen the movie "War Games"?

Re: InSANE -- why...?!!! (0)

Anonymous Coward | about 9 months ago | (#44463313)

Troll comment but think about it

- lazy management ( think about all the people who have root access to machines that they don't need)
- lazy server administration ( easier to share one set of creditials than it is to setup hundreds of accounts on thousands of machines)
- remote administration, or access to machinery that is otherwise dangerous to be near ( eg nuclear, radioactivity, biohazard, crush hazard, etc)

  The real question is why these connections are not live monitored, I am not talking about having some dude sit there and stare at a screen all day, but rather, whenever a login succeeds or fails, someone who is physically in the building knows about it and can verify that the login is indeed being done when needed.

How would you take them off? (0)

Anonymous Coward | about 9 months ago | (#44463739)

In the old days, you might need a person at each site monitoring a console. You'd run a daily report of any incidents. If the site was small, it might be checked once a WEEK. I learned about some water systems like this in California that are on the 'net and being monitored all the time now. Small systems up in the hills where you need 4wd to get to them. Old days == once a week to make sure it's OK. Now == all the time to make sure the water is there if you need to put out a fire or make up for the drought.

Unless you put somebody on each site and/or reduce your monitoring frequency dramatically you can't take it off the 'net.

During a certain Goldilocks period in tech you might, "run a POTS line there and talk to it with an acoustic modem". The problem with that is that even what you think is a POTS line is routed over IP today.

That said, probably is more secure to connect via "POTS" line because even though it's routed it's not addressable. They'd have to root a telco switch or something and intercept your control signals, which seems a lot less likely.

Re:How would you take them off? (0)

Anonymous Coward | about 9 months ago | (#44463953)

Until someone finds vulnerability in NSA's, um, metadata collection systems, and uses those to reflect and modify 3rd party traffic, remotely. Only a matter of time.

Maybe... (0)

Anonymous Coward | about 9 months ago | (#44462665)

They should stop hooking these systems up to the fucking Internet.

Re:Maybe... (0)

Anonymous Coward | about 9 months ago | (#44463161)

They should stop hooking these systems up to the fucking Internet.

Ok. You're volunteering to pay higher taxes to employ on-site unionized IT personnell at each site instead of outsourcing management to a remote randomer in Bangladesh. Noted.

But how do you sell it to the masses?

Re:Maybe... (0)

Anonymous Coward | about 9 months ago | (#44463411)

By telling them if they don't, evil Chinese hackers will stop their water, gas and power.

Re:Maybe... (0)

Anonymous Coward | about 9 months ago | (#44463923)

By telling them if they don't, evil Chinese hackers will stop their water, gas and power.

No they won't. We're way out here in Bumfuk, Minnebraska in between a forest and a corn field, so nobody in China cares about us. We know they only want to attack New York City.

Re:Maybe... (1, Interesting)

sumdumass (711423) | about 9 months ago | (#44463847)

Lets explore this concept a bit.

Lets say that each unionized employee that would be on site cost the utility $150,000 a year and you need 3 of them at each site to achieve disconnection from the internet. That's only $450K a year per site and lets say it covers 20 sites per company or utility type (lets examine Columbus Ohio which charges a sewage fee based on water usage so the 20 sites would cover both aspects). That's about $900 million a year. A big amount or is it. This is taxes, benefits and all connected with the employment of the people.

Columbus, in their 2012 consumer confidence report (under the power and water reports section) [columbus.gov] claimed they provide 51 billion gallons of water to 1.1 million people per year. Of course this is all measured in cubic feet x 100 (100 cubic feet) when billing (noted by ccf). 1 ccf of water is equal to 748 gallons of water according to their site. So if we divide the 51 billion gallons by 748, we should get the ccf being billed. What we now have is 68,181,818 ccf or we could shorten that to about 68.1 million ccf. Now, to reach that $900 million/ year, it would take a rate increase of $13.50 per ccf which brings in $920,454,543 extra.

According to Columbus' website [cwwga.org] , the high side of the charges currently is $1.56 per ccf for water (this is without sewage fees added). The example they give for a non-industiral user shows about 16 ccf per month. This is an increase in a bill for this amount of usage of $216.00 per month or $2,592 per year over what they pay now.

Someone please check my math for errors as it's been a while. I went into this thinking it would only be a couple cents per unit increase and was surprised at how much extra it actually would be.

Re:Maybe... (1)

Anonymous Coward | about 9 months ago | (#44463965)

450K*20 != 900M, it's only 9M! Your rate increase would be $0.135/ccf, on the order of 10%. Given the sewer and other charges, that's more like a 4% increase on the bill. Not the end of the world.

The real problem (0)

Anonymous Coward | about 9 months ago | (#44462669)

So... the dummy systems that are sufficiently realistic in mimicking real systems to fool enemy hackers have been thoroughly breached a total of ten times?

That's not good.

Next Steps (5, Funny)

FarField12 (2804063) | about 9 months ago | (#44462683)

Spoof the interface to make the attackers believe they are attacking a foreign industrial plant.
In reality, they are attacking the utility plant located down street based on WiFi location.
The main purpose of the honeypot system is to obfuscate the true location of the target (the attackers own infrastructure).
Then watch hilarity ensue.
Defense systems would be great. You could get countries to nuke themselves using their own cyber ops team.

 

Re:Next Steps (1)

kesuki (321456) | about 9 months ago | (#44462797)

"Defense systems would be great. You could get countries to nuke themselves using their own cyber ops team."
most nuke plants are water cooled turning off a water plant would cause the nuke plants that depend on that cooling water to melt their cores if not safely shut down. so yeah there is nuclear concerns and even a coal or nat gas plant also requires cooling and most are not near much water, as they tend to push them out of sight of normal people. so this is pretty serious stuff.

Re: Next Steps (1)

rickb928 (945187) | about 9 months ago | (#44462861)

There may be a nuclear plant that relies on a public water system for cooling water, but I bet not. Most are located near reliable water sources such as rivers, oceans, you know...

Re: Next Steps (0)

Anonymous Coward | about 9 months ago | (#44463189)

Like this one! https://www.google.com/maps/preview#!q=fukushima+reactor&data=!1m4!1m3!1d528330!2d141.025798!3d37.315169!4m10!1m9!4m8!1m3!1d262450!2d140.4004537!3d37.8004935!3m2!1i1745!2i999!4f13.1

Unfortunately, it was not located near a large body of electricity as well

Re:Next Steps (1)

plover (150551) | about 9 months ago | (#44463931)

H@xx0n> Hey, look, I've hacked into the City of Endersgame! Watch me pwn their electric generator!

H@xx0n has left the channel.

Bull (5, Insightful)

WGFCrafty (1062506) | about 9 months ago | (#44462699)

"The researcher behind the study says his results provide the first clear evidence that people actively seek to exploit the many security problems of industrial systems."

Uhhhhhh Stuxnet was an exploit of Siemen's industrial control systems which regulated the RPMs of centrifuges....

Re:Bull (0)

Anonymous Coward | about 9 months ago | (#44462787)

Uhhhhhh Stuxnet was an exploit of Siemen's industrial control systems which regulated the RPMs of centrifuges....

I guess Americans and Israelis aren't people. Kidding! Please don't rendition me!

Re:Bull (4, Insightful)

CriminalNerd (882826) | about 9 months ago | (#44462855)

His point was that industry systems in the US (and outside of Iran) are also prone to attack, and that it's not just some security paranoia that the site manager could just brush off so he can get to the admin controls via Remote Desktop.

Lets see ... (1)

PPH (736903) | about 9 months ago | (#44462729)

... how many people file insurance claims for water damage to their homes when the fictitious pumps were commanded to full power.

Re:Lets see ... (2)

slick7 (1703596) | about 9 months ago | (#44463183)

... how many people file insurance claims for water damage to their homes when the fictitious pumps were commanded to full power.

How many people have been damaged by the acts of out of control politicians who answer to anyone that has the price to pay? When do the voters get their chance to be heard?

He attacked the attackers (1)

Anonymous Coward | about 9 months ago | (#44462735)

Wilhoit used a tool called the Browser Exploitation Framework, or BeEF, to gain access to his attackers' systems and get precise data on their location. He was able to access data from their Wi-Fi cards to triangulate their location.

While I personally think that's awesome, how is that legal?

Re:He attacked the attackers (0)

Anonymous Coward | about 9 months ago | (#44462929)

While I personally think that's awesome, how is that legal?

First, it's cyber-selfdefense. Second, they were in a foreign country so no local laws apply and the foreign country isn't going to request extradition of someone who fooled their best hackers. In fact, their l33t boys are probably breaking rocks at a fine government establishment by now.

hacked by chinese (-1)

Anonymous Coward | about 9 months ago | (#44462743)

or hacked by an IP in China ? like they would crack it from their own machine, go look at your spam bin and see hundreds of US scammers mailing from compromised china PCs, why wouldnt a cracker do the same ?

truth is they have NO idea other than an IP located in China/Russia, if a 12yo knows about 7 proxies you really think a professional cracker wouldnt do the same ?

Re:hacked by chinese (5, Informative)

Endovior (2450520) | about 9 months ago | (#44462991)

RTFA. Yes, IP addresses are easily spoofed, and provide essentially no information on the target. That is, in fact, why more information than that was gathered, using the nature of the honeypot in question to gather additional data from the attacking machines. I suspect that it would be possible to configure your system and network in such a way as to spoof the nature of your own local network configuration so that a counterattack of this nature would reveal misleading information about your locality... but the nature of the attacks, and the response to them, make this exceedingly unlikely. tldr; yeah, it was people in China and Russia, and there's proof. Still doesn't mean that their governments were involved, of course.

Re:hacked by chinese (0)

Anonymous Coward | about 9 months ago | (#44463091)

RTFA. Yes, IP addresses are easily spoofed, and provide essentially no information on the target. That is, in fact, why more information than that was gathered, using the nature of the honeypot in question to gather additional data from the attacking machines. I suspect that it would be possible to configure your system and network in such a way as to spoof the nature of your own local network configuration so that a counterattack of this nature would reveal misleading information about your locality... but the nature of the attacks, and the response to them, make this exceedingly unlikely. tldr; yeah, it was people in China and Russia, and there's proof. Still doesn't mean that their governments were involved, of course.

Could you say "nature" a few more times, please?

Re:hacked by chinese (0)

Anonymous Coward | about 9 months ago | (#44463339)

Like there was proof that Iraq had weapons of mass destruction? Forget it, there is no proof, and given the current anti NSA climate, it is much more likely that this is a false flag operation to remind people of their fears.

Re:hacked by chinese (1)

AK Marc (707885) | about 9 months ago | (#44463685)

If I root a computer in China, and then attack a computer in the US, how can the person in the US identify the location of the attacker (me), without rooting the computer in China? They just really really want it to be in China, so it is?

Nooo! Not my dummy water supply! (-1)

Maintenance Goof (1487053) | about 9 months ago | (#44462835)

I needs my coors!

Re:Nooo! Not my dummy water supply! (-1)

Anonymous Coward | about 9 months ago | (#44463075)

It sounds like you take cocks up your ass. I bet you like being a little dirty faggot bottom. Don't you?

More Fake Infrastructure Called For (0)

retroworks (652802) | about 9 months ago | (#44462875)

We need redundant fake infrastructure to prepare for just this type of attack. A "New Deal" scale of fake spending, creating thousands of fake jobs, to build fake dams, bridges, highways and subways.

Re:More Fake Infrastructure Called For (0)

Anonymous Coward | about 9 months ago | (#44463175)

Sounds like a very insubstantial line of defense to me.

Re:More Fake Infrastructure Called For (0)

Anonymous Coward | about 9 months ago | (#44463347)

How much government spending does one fake attack buy? Because you know that of course the spending will be real, but it will pay for a bigger NSA.

Re:More Fake Infrastructure Called For (1)

plopez (54068) | about 9 months ago | (#44463723)

Sounds like most pork barrel defense programs I've ever heard of.

Why are critial systems hooked into the net? (2)

NobleSavage (582615) | about 9 months ago | (#44462895)

This just one more example of why critical systems should never be connected to the internet. The should always be an air gap.

Re:Why are critial systems hooked into the net? (2)

Skapare (16644) | about 9 months ago | (#44463181)

These systems get their tech support and vendor updates via ... the internet (and most likely not encrypted). Oh, I agree. The air gap needs to be mandated.

Re:Why are critial systems hooked into the net? (4, Interesting)

evilviper (135110) | about 9 months ago | (#44463287)

Why are critial systems hooked into the net?

Because exchanging information with other systems is necessary.

Because people off-site want or need to monitor the status.

Because routinely plug a USB flash drive into a net-connected computer, and then into the air-gapped network (to update software or exchange other info/data) isn't actually much more secure.

Because there are varying degrees of "critical".

Because if it's really a "critical" system, you don't want to wait for tech support to arrive on-site to get problems fixed.

Because "the internet" itself happens to be a "critical" system.

Because the old days of connecting systems to the PSTN (eg. dial-in modems) wasn't actually any more secure than connecting them to the internet.

Because having an air-gapped network provides a false sense of security, that can fall apart in a big way.

This just one more example of why critical systems should never be connected to the internet.

Platitudes are oh-so-easy to spout off, no matter how ignorant you are of the issue, but don't offer any insight or solutions to the root cause of the problems.

Re:Why are critial systems hooked into the net? (0)

Anonymous Coward | about 9 months ago | (#44463459)

This just one more example of why critical systems should never be connected to the internet. The should always be an air gap.

There is no such thing as a fool proof plan. For instance: WIFI can breach an "air gap". :sigh:

Well color me shocked (-1)

Anonymous Coward | about 9 months ago | (#44462913)

Two of the three largest "super power" countries tend to hack the other largest "super power's" network.

This just in:

China sets up honeypot. Finds most hacks come from United States and Russia.

In other news, Russia sets up honey pot. Finds that most hacks come from China and United States.

Re:Well color me shocked (5, Funny)

Culture20 (968837) | about 9 months ago | (#44463027)

Pooh sets up a honeypot; finds most attacks come from himself and bees. Oh bother.

Laugh (2)

koan (80826) | about 9 months ago | (#44462919)

"The researcher behind the study says his results provide the first clear evidence that people actively seek to exploit the many security problems of industrial systems."

The first eh? I guess he hasn't heard of the tools included in such common distros as Back Track, why do you suppose SCADA exploitation apps are in there?

Exempt? (1)

Pharoah_69 (2866937) | about 9 months ago | (#44462955)

Just a suggestion but 'exempt' has consequences. If these jobs there were 'non-exempt', then might not have happened. It seems government is looking for reasons for a physical war to be waged.

Now how to prevent it? (4, Interesting)

MavEtJu (241979) | about 9 months ago | (#44463165)

As somebody who left the network / sysadmin business before the attacks started from the inside (send enough malware to everybody inside a company and you will get lucky at a certain moment), how would you protect it best?

Airgap it (or properly firewall it), and people will complain about the costs of duplicate infrastructure, remote support from vendors will be a pain etc.

Monitor the network and spot anomalies, it's a hard task but could be the way to go. Except that you need skilled people there (not saying that there aren't, my experiences in a TAC shows that there aren't many).

Letting the attackers waste time in a honey-pot while your own network is isolated? At least you learn from it and you give them a false sense of victory.

What is wisdom, any thoughts?

Re:Now how to prevent it? (0)

Anonymous Coward | about 9 months ago | (#44463491)

Business Band wireless data. Connect the system to a network, sure, but keep that network separate. The air gap doesn't have to exist at the end point. Put the air gap where you need it, where the people and administrators are. It's called an "intranet". So, use that private dedicated network for the control systems. Other systems that go out on the net are not connected to it. However, there can be people with newfangled technology that lets them glide from one terminal to the next. Amazing, I know! It's called a rolling char. Chairs with Wheels! What will they think of next?!

Water plant? (0)

MobSwatter (2884921) | about 9 months ago | (#44463195)

Meh... Our ubergeek NSA crypto monkeys start a cyber war with China, and they retaliate against a water plant? Anyone sure it wasn't a local Tommy 10 yr old script kiddy with a tor exit point in China?

Re:Water plant? (0)

Anonymous Coward | about 9 months ago | (#44463831)

Yeah, I can not imagine why the enemy would want to stop our water supplies and destroy our crops.

Re:Water plant? (1)

plover (150551) | about 9 months ago | (#44463977)

I've never heard of anyone using city water for large scale crop irrigation. A greenhouse or two might use city water, but not a field of corn. Farmers will dip a pipe into a creek, river, pond, or lake, and pump the water to the fields. They will drill into the aquifer. They will hire trucks to haul in water. But they will not pay the city to pump the water. And the city probably wouldn't let them even if they wanted to, because they use so much water they'd drain their towers, leaving them nothing to fight fires.

Just damaging a few pumps and valves would shut down a city. Last year Minneapolis had a 20 block area shut down for a day due to a single burst water main, leaving many downtown buildings without potable water. Businesses sent the employees home because they couldn't provide sanitary facilities. Restaurants couldn't cook. The physical damage was minor flooding of a street and a construction site, but the financial damage was large.

This is awful (-1)

Anonymous Coward | about 9 months ago | (#44463229)

We cannot allow our dummy water to fall into Chinese hands. The consequences for congress alone would be devastating.

Who cares? (0)

Anonymous Coward | about 9 months ago | (#44463283)

People still haven't learned to keep these vital systems disconnected from the internet and its not like our government is going to say "ah HA! We caught you China RED handed!" because China will just say that we did something similar to them, which may or may not be true, and in the end we get no where with people still not caring about any of this except for maybe a day on CNN in between spots for a tropical storm and a celebrity baby.

So yeah, yay. We caught someone doing something we already knew they were/would do.

US Chamber of Commerce Supports Hackers (4, Informative)

Required Snark (1702878) | about 9 months ago | (#44463305)

Nice to know that the Republicans and the US Chamber of Commerce are supporting Chinese and Russian hackers testing cyber-warfare against our critical infrastructure. Because we all know that left to their own devices corporations always put public welfare ahead of short term profit.

http://articles.latimes.com/2012/aug/03/nation/la-na-cyber-security-20120803 [latimes.com]

U.S. Chamber of Commerce leads defeat of cyber-security bill

Gen. Keith Alexander, head of the National Security Agency, and Gen. Martin Dempsey, chairman of the Joint Chiefs of Staff, were among those who pressed for a White House-backed cyber-security bill to regulate privately owned crucial infrastructure, such as electric utilities, chemical plants and water systems.

If the senators didn't act, they argued, it would make it harder to stop hackers, criminals and hostile nations from wreaking unimaginable havoc, such as knocking out sections of New York City's electrical grid for days during a summer heat wave. But theU.S. Chamber of Commerceand other business groups strenuously opposed the measure, condemning it as excessive government interference in the free market and arguing that cumbersome federal regulations could hamper companies trying to defend against cyber intrusions.

Democrats overwhelmingly supported the legislation, but for Republicans, it meant a stark choice between competing constituencies: national security officials and business leaders. Even after the bill's backers made the standards voluntary, the Chamber of Commerce, which spends more on lobbying than any other trade group, opposed it.

On Thursday, the Senate cyber-security bill failed to overcome a Republican-led filibuster. Analysts say the bill couldn't breach a wall of anti-regulatory sentiment that proved resistant to the dire warnings.

The measure fell short of the 60-vote threshold needed to end debate, 52 to 46, with 40 Republicans joined by six Democrats voting in support of the filibuster.

"Rarely have I been so disappointed in the Senate's failure to come to grips with a threat to our country," said Sen. Susan Collins, the ranking Republican on the Senate Homeland Security Committee and one of the bill's chief sponsors, who had tried in vain to sway her GOP colleagues. Just four sided with her.

But theU.S. Chamber of Commerceand other business groups strenuously opposed the measure, condemning it as excessive government interference in the free market and arguing that cumbersome federal regulations could hamper companies trying to defend against cyber intrusions.

Our future is Battle Star Galactica (0)

Anonymous Coward | about 9 months ago | (#44463371)

Hard lines and 0 networking, from the physical layer on up, to the outside world. Anything else should be considered exploitable, stealable, readable, and sabotagable from anywhere on earth.

What intelligence organisations are for... (0)

Anonymous Coward | about 9 months ago | (#44463593)

This is exactly the kind of thing western foreign intelligence agencies should be working on.
Rather than collecting data from their citizens, hacking friendly governments and corporations for profit, they should be working to actively defend against intrusions.

If they suspect an IP address of relaying hostile traffic, can't they be proactive about tracking attack vectors and warning friendly infrastructure managers about vulnerabilities?

Dumb question (0)

Anonymous Coward | about 9 months ago | (#44463839)

Why are water plants, utilities, etc placing their systems on the Internet? I can see loads of advantage to using the backbones for communication, but a vlan or even just a VPN should be used. And any system that is connected to it, should NEVER be allowed to touch the internet. Ever. In fact, the computer should be checking to see if it does and if so, then it records that it has, and will not connect to the utility vlan/VPN.
Load More Comments
Slashdot Account

Need an Account?

Forgot your password?

Don't worry, we never post anything without your permission.

Submission Text Formatting Tips

We support a small subset of HTML, namely these tags:

  • b
  • i
  • p
  • br
  • a
  • ol
  • ul
  • li
  • dl
  • dt
  • dd
  • em
  • strong
  • tt
  • blockquote
  • div
  • quote
  • ecode

"ecode" can be used for code snippets, for example:

<ecode>    while(1) { do_something(); } </ecode>
Sign up for Slashdot Newsletters
Create a Slashdot Account

Loading...