Catch up on stories from the past week (and beyond) at the Slashdot story archive

 



Forgot your password?
typodupeerror
×
Security IT

Experts Hack Power Grid in Less Than a Day 302

bednarz writes "Cracking a power company network and gaining access that could shut down the grid is simple, a security expert told an RSA audience, and he has done so in less than a day. Ira Winkler, a penetration-testing consultant, says he and a team of other experts took a day to set up attack tools they needed then launched their attack, which paired social engineering with corrupting browsers on a power company's desktops. By the end of a full day of the attack, they had taken over several machines at the unnamed power company, giving the team the ability to hack into the control network overseeing power production and distribution."
This discussion has been archived. No new comments can be posted.

Experts Hack Power Grid in Less Than a Day

Comments Filter:
  • I'm Shocked! (Score:5, Interesting)

    by ookabooka ( 731013 ) on Thursday April 10, 2008 @12:20AM (#23021160)
    Not really though. A good team of social engineers (con men) and CS people can accomplish many many things...How can you prevent such things? Ridiculously strong security? Require the security guard at my place of employment to scan my ID each and every time I walk in the building? Is he supposed to also stop law enforcement from going in without clearance from HQ? I'm quite serious, what would be an effective way to stop these tactics? Everything I think of is either too impractical for most situations or prone to the same failures, but at different points.
    • Re:I'm Shocked! (Score:5, Insightful)

      by QuantumG ( 50515 ) * <qg@biodome.org> on Thursday April 10, 2008 @12:40AM (#23021262) Homepage Journal

      Require the security guard at my place of employment to scan my ID each and every time I walk in the building?
      If you work with national infrastructure, they god damn better.

      • Re: (Score:3, Funny)

        by kestasjk ( 933987 )
        Yup the terrorists could shut down the power grid; it'd be like 9/11 but with light bulbs instead of people!

        Since OTT security costs OTT money I think they should stick with sane security checks, and not worry about headline grabbing pranks like these
        • by johannesg ( 664142 ) on Thursday April 10, 2008 @02:16AM (#23021580)
          Disconnect the damn control network already. It will be much harder to break into when it is not physically connected to the internet.
          • by chaoticgeek ( 874438 ) on Thursday April 10, 2008 @02:43AM (#23021664) Homepage Journal
            I'm kinda confused by this too, why is the power grid on the Internet? Seems like a very illogical thing to do in my opinion. I think they would have two networks in each building, one for the power grid computers and controls and one for anything that needs access to the Internet. If something has to be transmitted to another building either they need to lay down some sort of infrastructure or use SneakerNet...
            • Re: (Score:3, Informative)

              by Anonymous Coward
              SCADA [wikipedia.org] is a classic case of an internal, insecure system being stuck on the net for convenience's sake and everyone pretty much just hoping it wouldn't get hacked. It's surprising there haven't been more compromises (that we know about at least), there are thought to be a lot of vulnerable systems out there. Only one I can recall offhand is when some disgruntled ex-employee of a water treatment plant drove up, accessed their open WiFi and dumped a load of sewage into the river.
            • Re: (Score:3, Insightful)

              by borgboy ( 218060 )
              Money. Why else? Private networks are more expensive than plugging into the ol' tubes.

              Doesn't make it right. I'm not defending, just pointing out the obvious reason.
            • by Sleepy ( 4551 ) on Thursday April 10, 2008 @09:35AM (#23024364) Homepage
              >I'm kinda confused by this too, why is the power grid on the Internet?

              Cost.

              In a lot of cases, you have the power company desktops on the Internet and they have their own lan for desktops etc.
              But then those computers CAN access the critical systems.
              Then they slap a firewall or VPN inbetween the desktops and the critical systems... wow, it's magically OFF THE INTERNETS!

              If you disconnect the two LANS, you're much more secure, but then Lazy McFatass has to WALK to a boring green screen to manage it.

              It's much cheaper and employee friendly to just let these people access the secure systems from their desktop, using a remote terminal. Very sad, but true... and very risky.

              Remember, it was poor desktop security and a WINDOWS VIRUS that knocked out the US Northeast power grid some 5 or 6 years ago.
          • Re: (Score:3, Funny)

            by kestasjk ( 933987 )
            I'm sure they have a good reason for it; they're not stupid
          • Commander Adama: "It's an integrated compter network, and I will not have it
            aboard this ship!"
            Secretary Rosalyn: "I heard you're one of those people... you're actually
            afraid of computers."
            Commander Adama: "No... there are many computers on this ship. But they're
            not networked!"
            Secretary Rosalyn: "A computerized network would simply make it faster and
            easier for the teacher's to be able to teach..."
            Commander Adama: "Let me explain something to you...
            Commander Adama: "... many good men and women lost their lives aboard this
            ship, because someone wanted a faster computer to make life easier. I'm
            sorry that I'm inconveniencing you or the teachers, but I will not allow...
            a network computerized system to be placed on this ship while I'm in
            command. Is that clear?"

          • This is the way it is in most power stations. In the two that I worked for, one was out in the sticks and didn't have DSL. The chief engineer had a shotgun in his office for copper theives and other troubles.

            The other one I worked for had a wal-mart non-wireless router for the internet. All the control equipment was hooked up to redundant dedicated switches. The control computers were not connected to the internet router in any way.

      • Re:I'm Shocked! (Score:5, Informative)

        by dbIII ( 701233 ) on Thursday April 10, 2008 @03:05AM (#23021748)
        I have to admit I have gained that sort of access just with a pair of overalls. It was one of those stupid catch22 situations where you had to do a one day safety course to be authorised to get through the gate and you had to get through the gate and walk through the middle of the turbine hall to get to where the course was held so you could get your ID. A similar thing happened at another power station but that time I actually had the company logo on the overalls - but yes I did just walk in and go right up to the control room that time. Oil refineries are a different story - the ones I visited had administrative buildings outside the gate so you didn't have to get full site access just to meet someone in the place.
      • Re:I'm Shocked! (Score:4, Informative)

        by AB3A ( 192265 ) on Thursday April 10, 2008 @06:43AM (#23022682) Homepage Journal
        I don't know why you got modded insightful.

        Here's the first clue:

        Public utilities are public! They're not armed fortresses. They were originally created to be open institutions where people could see what is going on. They're supposed to share data and cooperate with each other.

        Here's the second clue:

        There are many who need the information about the utility's performance to do their day to day jobs. The volumes of information and the volumes of regulatory agencies, and other groups they need to inform increase every day. Securing these connections isn't for the faint of heart. I say this as a member of ISA-99, the international standards body for SCADA security.

        That said, most companies have secured the distribution systems. However, these are highly customized systems. You can't bolt security on them after the fact. Replacing them is nothing like replacing or upgrading an information system. There is this little problem known as system validation. It is extremely expensive. Furthermore, the standards for securing these systems are still very much in development (I'm on one of those standards committees too).

        SCADA systems are in the Ford Model T days. You want to bolt a seat-belt and airbags to it. These things may help, but if you really want things to be secure, we need to rethink the entire infrastructure. And that will not be cheap...

        • "Public" utilities (Score:3, Informative)

          by jabber ( 13196 )
          Nuclear plants are part of the "public" utilities that feed the power grid.

          You cannot just stroll into a nuclear plant to see how things work.

          After your smug and false assertion that you can, everything else you have to say, no matter how "insightful" is may seem to some, is suspect.
    • Re:I'm Shocked! (Score:5, Insightful)

      by teh moges ( 875080 ) on Thursday April 10, 2008 @01:01AM (#23021332) Homepage
      Maybe don't go to the extremes of requiring everything to need high security (such as entering the building or doing everyday work), but things such as shutting down the power grid should require extra security. Access to the important controls should have extra security. With security, one size does not fit all.
      • Re: (Score:2, Insightful)

        by Anonymous Coward
        shutting down the power grid should require extra security

        DANGER WILL ROBINSON!

        CRITICAL FAILURE IS IMMINENT, YOU MUST SHUT DOWN THE REACTOR IMMEDIATELY

        Please enter password:

        Password is incorrect!
        Password is incorrect!
        Password is incorrect!

        You have been locked out for 10 minutes.
    • Re: (Score:3, Insightful)

      by Yvanhoe ( 564877 )
      Accessing to the crucial computers should require a training where computer security and social engineering are explained. Every user access should have different passwords easily revocable as soon as a flaw is detected. Of course, crucial computers should be on a different network than internet-connected systems.
      • "...and social engineering are explained"

        Knowing how Sigfreid does a card trick does not mean you won't be dumbfounded when Roy pulls a monkey out of his arse. I'm not saying education is worthless but even the process of educating staff on various common 'tricks', is in itself, a target for social engineering.

        "Authorization? How about the United States FUCKING government? Lose the grid, or you lose your job." - Special Agent Johnson - Die Hard movie.
    • Re:I'm Shocked! (Score:4, Insightful)

      by Jessta ( 666101 ) on Thursday April 10, 2008 @03:10AM (#23021762) Homepage

      Seperation of privileges is the best method. Social engineering tends to work because people who have privileges lack certain information and/or lack authority in the role of the privileges they have.

      If you have full authority in your role and personally know everyone who is involved in your role then you can't be easily tricked by people outside your role in to doing things.

      This requires education and a proper company structure, which requires good smart people in management.

    • by Idaho ( 12907 )

      Not really though. A good team of social engineers (con men) and CS people can accomplish many many things...How can you prevent such things? Ridiculously strong security?

      It looks to me like having ridiculously *weak* security every step of the way is what made it so easy for these social engineers to be effective. Countering this by saying "well yeah, but what are we supposed to do, they can break it anyway!!" is not a valid argument, IMO.

      Of course it will always be possible if someone is really determined

    • Re:I'm Shocked! (Score:4, Informative)

      by Sandbags ( 964742 ) on Thursday April 10, 2008 @09:14AM (#23024058) Journal
      I can't discuss which power company it is, due to contractual issues, but I can tell you that the power company around here would not be susceptable to such an attack.

      The computer systems that control the grid are extremely secure. So secure in fact, they do not HAVE a network connection outside of their own server to server interaction.

      The mainframes, UNIX systems, and other systems that operate the switcing grid are isolated in a section of the building that even their own network engineers can not enter without being padded down to ensure they carry no computer media of any kind.

      When media does need to be brought in, say to patch the OS on a machine for a bug, or to update the backup server software, the media for that must pass through a several step security scan, including scans by not less than 3 AV applications, repeated on not less than 3 different PCs. All install media for machines in that area are kept in that area, seperate from all other company media.

      You wouldn't believe the process we had to go through to bring a new backup system in there...

      These systems are so isolated it is virtually impossible to infect them.

      On the other hand, the PCs connected to the billing systems, yes, they could be infected. These systems however are backed up in many ways, and even if they had to roll back the database a few days, all they'd have to do is correlate the accounting records with meter readings, and they'll know exactly how much everyone owes or paid. They might have to type a few customer change orders back into the system, but all that is in hard copy anyway... It would be an inconvenience, but not that big of one. Of course, the billing system is only accessible via terminal session from PCs on a specific VLAN that are not used for any other purposes (no web browser, document creation, etc), so infecting it is not exactly easy, and I doubt is could be done with a bot without intimate network design knowledge, a few passwords, and a lot of attempts. It would have to be a targeted hack.

      This particular power company is a locally owned co-op, small time company. If they can implement security like this, I'm sure others do as well.

      I imaging the power grid itself, not so much the systems controlling them, could somehow be hacked, or fooled with conflicting signals that could cause issues, but I seriously doubt anyone let these people try...
  • by Armon ( 932023 ) on Thursday April 10, 2008 @12:24AM (#23021182)
    Why wouldn't the power company use a private network? Why is there EVER a need to have access to those systems over the internet?
    Realistically, no part of a nations critical infrastructure should be networked (other than the internet itself). That seems pretty obvious.
    • Re: (Score:2, Informative)

      They did- and the penetration testers got access to internal-networked workstations and hacked from there.
      • Re: (Score:3, Insightful)

        by Anonymous Coward
        Connectness is transitive. It wasn't a private network if it can be accessed from the outside.
      • by Anonymous Coward on Thursday April 10, 2008 @12:52AM (#23021312)
        I don't understand "they did". Internet and SCADA where available on the same desktops:

        "Individual desktops have Internet access and access to business servers as well as the SCADA network, making the control systems subject to Internet threats."

    • by jroysdon ( 201893 ) on Thursday April 10, 2008 @12:40AM (#23021260)
      The problem is the layers. The Desktop PCs (you know, the ones you use to check email and surf the web) have access to the internet (probably just outbound), and access to the SCADA networks. While you cannot initiate an inbound connection to those Desktop PCs, all you have to do is get someone to click on a link and get infected with something that sits on their PC and maintains an outbound connection (think GoToMyPC [gotomypc.com]). From there, the exploit team has access to their PCs and everything their PCs have access to.

      In an ideal world, they'd have two PCs on each desktop. One on the internet, one on the SCADA network. The two should never be connected. That's how the military is suppoesd to do it between different levels of their networks (the two different levels are never to be connected).

      But that costs you twice as much, and isn't convenient. But you'd never have a security breach.

      Oh, and they buy and sell power over the internet between different power companies, so right there is a reason you'd need some SCADA system connected with internet access (but you could have those systems very, very locked down as to what and how they can access between things).
      • by QuantumG ( 50515 ) *

        But you'd never have a security breach.
        Unless someone wants to transfer a file between the two machines, so they use a USB storage device [quantumg.net] to do it.

        • Re: (Score:3, Interesting)

          by jroysdon ( 201893 )
          Even still, you wouldn't have any way for someone to remotely control those systems. A virus/worm might get spread from the internet PCs to SCADA PCs at the worst, but there is no way to control them (short of sending another message via virus and long time delay via "sneakernet" USB storage device).

          But safer than that would be a way to have a DMZ storage system (not internet DMZ, but DMZ between internal Internet-access PCs and SCADA system PCs) that each different type of PC can drop data off in, but t
      • by utunga ( 113450 ) on Thursday April 10, 2008 @02:06AM (#23021552) Homepage
        I worked at a place that supposedly had two totally separate networks - one connected to the internet, one corporate wide, for news/data/intranet stuff.

        So, sure, everybody has two desktops.. one for internal one for everything else. It was great in theory - really stupid in practice. Just doesn't work.

        Reality is - there is an expectation that data from outside is available inside. In the power company case it might be everything from the latest gas pricing information to weather reports to who knows what else - and so in 'getting things done' this will inevitably require connections between the outside and the inside.

        So, as a result of this 'blanket policy' contrasting with the 'real world' people would circumvent the rule - but do it in stupid, sneaky ways -- for example in one data center there was, literally, an infrared tunnel between two computers -- "see, they are not 'physically connected' !!" .. And try to keep it secret from the network ops guys, of course.

        It would've made a lot more sense to supply a safe, heavily controlled/monitored firewall that connects outside to inside and let the network security people manage it. Otherwise your choices are (1.) actually enforece the rule and totally cripple the effectiveness of the internal system (with the result that nothing of any importance gets put there) or (2.) really lame hacks pretending to be secure and working around the blanket rule, when in actual fact they are invisible bridges that the network ops guys don't know about.

        I saw the alternative 2. in real world practice. Lets consider option 1. - if they really did manage to make the SCADA network totally seperate **and enforce that**. In that case you'd probably just end up with the forecasting/power-station-scheduling app running on the 'outside' network - and just the final 'implement it' step on the internal SCADA. Since the scheduling app is the one where the real decisions are made - hacking into that would let you send signals and information that would look relatively harmless but would still, in effect shut down the power grid. You are still sending information - in this case mediated by human brains, but not in a way that the human brain can easily understand because its low level commands (turn this up, turn that down) - that could very effectively mess up the voltage balance or frequency timing or whatever, and causing rolling blackouts and thus achieving the same aim of shutting down the power grid. There is information flowing from outside to inside - whether it is via human or machine.

        Security through dis-connectivity is a dangerous myth in most cases. In some cases, say military situations where you are willing to absorb the huge cost to re-implementing a complete replacement for just about every dang thing you might need on the inside (e.g. weather data, or radar data, say) then it may make sense. In just about every realistic corporate case - even power companies - its likely to only cause people to take their eye off the ball of implementing real security and proper firewalls etc.
        • The SCADA network is not designed for browsing the internet. It should not be connected.

          Security through dis-connectivity is a dangerous myth in most cases. In some cases, say military situations where you are willing to absorb the huge cost to re-implementing a complete replacement for just about every dang thing you might need on the inside (e.g. weather data, or radar data, say) then it may make sense. In just about every realistic corporate case - even power companies - its likely to only cause people to take their eye off the ball of implementing real security and proper firewalls etc.

          You make a good point here, but I'd argue that, for National Infrastructure Issues (including the power grid), the same security expected of the military should be required. These systems are just as critical. One of the primary diffrentiators between the modern world and the third world is the ability to provide reliable utilities. If the grid went down for any length of time on a national scale.. umm.. it would be a b

        • by DrSkwid ( 118965 )
          There's more to networking than IP, downloading data files and having them available across networks is entirely possible without giving away TCP/IP possibilities.

          ATA over Ethernet is one such route, I'm sure there are more.

        • I worked at AWE for a while. They have an internal network that's air gapped from the 'net. All email is handled via tape transfer between an inside and an outside server. Everyone runs thin clients apart from people who absolutely can't (CAD guys mainly); they run off desktops with removable drives which are locked in a safe overnight. Is actually much less of a pain in the ass than you'd think; you adjust pretty quickly to a 2 hour delay on your email.
      • Re: (Score:3, Interesting)

        by 1u3hr ( 530656 )
        The problem is the layers.

        The problem, as usual, is Windows. If you RTFA, they just set up a site and emailed the power station guys that there was a change to their pensions or health benefits, for more information.... so they clicked on the link and were pwned immediately. No specifics, but does anyone doubt this was Internet Explorer running on Windows?

        Solution: Others have pointed out the need to transfer information routinely via the Internet. How about the desktops run Ubuntu, or OSX or ANYTHING e

        • Well, the update policy is lacking at those companies. Your idea works much better if you use a different processor architecture (like ppc or arm). Most threats are geared at wintel architecture. Going away from that makes it much harder (and windows luckily won't run on it, which is an implicit benefit).
      • by Tarwn ( 458323 ) on Thursday April 10, 2008 @05:34AM (#23022358) Homepage
        In cases where buying and selling of power is happening at the plant level, it is not going to be the equipment operator that is buying and selling power. And the person selling power does not need access to SCADA systems, thats what the telephone is for and why they have operators at plants to run the equipment. if somewhere there is a plant that is small enough that one person is both buying and selling power AND running the equipment, I'm betting they barely have an internet connection, much less the money to keep up on annual maintenance for the equipment, etc.
        In the power plants I have worked in (mostly gas turbine, only one nuclear), there was not any type of internet access from PC's on the controls network. For the most part these systems only ran some form of HMI software (WW, RS, WESstation, whatever) and occasionally something like MS Word or Excel for shift pass-down notes. Sure they had a browser (on the Windows systems) but it wouldn't get them anywhere because there was only one system that had any level of access to both the business intranet and the controls systems. This system (data historian) could only receive communications from the controls side (which had interface software that knew how to contact the historian) and communicates in a proprietary protocol.

        Now, as far as the corporate office is concerned, pencil and paper are good enough to keep track of which plants are running which generators, which plants have which generators down for minors or majors, and which plants have generators idling (running with no load at very low levels, not on the grid - cheaper to idle them in most cases then to shut them down). However, in the case of at least one company I worked for, their historian had an interface that pushed data back to a corporate historian, then some reports and so on would run at corporate that drew data from the corporate historian and reported machine statuses, load level, etc up to the last few seconds. This is again using the same proprietary protocol (or heck, maybe a different one).

        I don't know what power company this article is about, only that I didn't work there and didn't do any type of integration for them. Whoever setup their infrastructure hopefully learned a lesson and will do it right next time.
        • by Inda ( 580031 )
          I work in one of those corporate offices you mention and I chuckled when you said pencil and paper. The company intranet homepage displays generation...

          I have Excel plugins for listing data from, I guess, 30,000 sensors on each of the dozen plants we operate. Data goes back years. I'm not special; anyone with a day's training can access the data.

          I have graphical programs for displaying this data. All live. All customisable.

          I cannot operate the plant from here, nor do I know of anyone else that can from thei
    • Re: (Score:2, Interesting)

      At this point its probably a money saver. They wanted the internet in the building, but didn't want to buy another set of computers when they already had internet capable computers probably (I'm guessing) as monitoring stations.

      The short answer is: "Boss is cheap and employees will quit if they can't watch YouTube in one window as they watch the grid in the other."

      Of course, they could be completely incompetant and simply be using the internet this way so they can monitor things from outside the building..
  • Google can help you pick your target.

    http://www.google.com/search?q=%40ercot.com&btnG=Search&hl=en&safe=off&rlz=1B3GGGL_enUS264US264 [google.com]

    That's a search for "@ercot.com", and if you don't know, ERCOT runs the Texas power grid market. There's another one for the East grid, and another for the West. You can find them yourself.
  • Oops. (Score:5, Insightful)

    by Renraku ( 518261 ) on Thursday April 10, 2008 @12:25AM (#23021194) Homepage
    An attack on a control point of the power grid could cause millions in damage if properly executed, and possibly lives from extended loss of power. I'd like to think the power grid has built-in protections to keep a 'bad node' from ruining several others, but it just might not..seeing as how companies build for economy before they build for safety.

    Even something as simple as opening a few junctions could cause fireworks..take a look at some online videos about 'opening hot' for example..now imagine if that arc caught other pieces of equipment because the line was still energized.

    Simply put, the power industry needs to step up to the plate and harden both their network infrastructure and their meatspace infrastructure against malicious attack.
    • by Pastis ( 145655 )
      seeing as how companies build for economy before they build for safety.

      The funny thing is that building for safety would build for economy on the long run. A good example is nature. We are fairly resistant systems and we wouldn't have survived if not for it.
    • Re:Oops. (Score:4, Insightful)

      by Firethorn ( 177587 ) on Thursday April 10, 2008 @07:45AM (#23023088) Homepage Journal
      seeing as how companies build for economy before they build for safety.

      I'd argue that building for safety is right up there, perhaps before economy even.

      It's just that the power company's idea of safety != producing, delivery 100% of the time.

      Electricity itself is dangerous. So the power companies do all sorts of things like install breakers to shut off the power if a potentially dangerous situation is detected. First is protect human life*, second is the expensive equipment. A fuse is cheap, even if it costs $100 because it's designed for 18KV@1KA compared to a switching station transformer.

      Anyways, on 'possibly lives from extended loss of power.'

      Anybody dependant on electricity for life should already have backups as necessary. If you're dependant on electricity to power a charger for your artificial heart, dialysis machine, breathing assistance device**, or whatever, you should have a generator, battery backup, whatever's needed. I mean, the way power delivery goes, local events can take out power to a house/business fairly easily, and are fairly common.

      I think one guy with a medical problem requiring frequent access to electricity had the house hookup, a backup generator, and a 12V adaptar for cars.

      *If nothing else, dead people tend to be REALLY expensive.
      **Though I imagine simple pressurized O2 and an appropriately selected mechanical valve system should be able to eliminate the need for electricity for a good while.
  • by Anonymous Coward on Thursday April 10, 2008 @12:29AM (#23021218)
    How do i get a job as a penetration tester? I wonder what that interview would be like?
  • Pfft.. (Score:5, Funny)

    by dartarrow ( 930250 ) on Thursday April 10, 2008 @12:29AM (#23021220) Homepage
    Trinity did it in 3 minutes.

    In Leather
  • Call me paranoid, (Score:3, Informative)

    by pitchpipe ( 708843 ) on Thursday April 10, 2008 @12:34AM (#23021238)
    but this is why we have one of our operator's desktops totally disconnected from regular TCP/IP networks. It communicates to the rest of the system through PROFIBUS, which would be difficult to hack. If we need to run and all hell is breaking loose (virii, hackers, etc.) we just disconnect from the rest of the world and run. We will lose historical data and remote access, but if we're running the rest is just gravy.
  • by Bob54321 ( 911744 ) on Thursday April 10, 2008 @12:49AM (#23021296)
    He better of said "I have the power!" when he finally had access to everything.
  • by SmlFreshwaterBuffalo ( 608664 ) on Thursday April 10, 2008 @12:55AM (#23021316)
    "Trust me baby, I'm a professional. See? It says so right here on my card -- Penetration-Testing Consultant."
  • Ira Winkler? (Score:5, Interesting)

    by drakyri ( 727902 ) on Thursday April 10, 2008 @01:10AM (#23021354)
    There's a nice feature on Ira Winkler in attrition.org's charlatan file:

    http://attrition.org/errata/charlatan.html#winkler [attrition.org]
    • There's a nice feature on Ira Winkler in attrition.org's charlatan file:

      http://attrition.org/errata/charlatan.html#winkler [attrition.org]
      Yes, that about sums it up. I used to work with the guy about a decade ago. Or at least I reported to him on occasion. He does know a lot of stuff, but as the Attrition article states, you don't necessarily have to ask first to find that out.
  • Security Measures (Score:5, Insightful)

    by Ihmhi ( 1206036 ) <i_have_mental_health_issues@yahoo.com> on Thursday April 10, 2008 @01:25AM (#23021418)

    I should hope that critical things like "TURN THE WHOLE POWER GRID OFF" are not even on a secure server. They should be on terminals that are not even connected to the Internet, much less networked to anywhere else in the building.

    It's awfully difficult to hack something when it isn't connected to the Net. Even simple security like multiple checkpoints, a keycard, and several biometric scans (as well as regular, and often, virus and spyware scans) to get to a secure terminal would go well towards protecting the security of our power networks. Hell, post a guard nearby who isn't incompetent.

    The one thing Social Engineers/Con Men fear most is challenges - and by challenges, I mean challenges of authority. PROVE you are who you say you are. Check their records against a secure terminal or a hard copy of an employee roster. If anything is remotely fishy, no matter how "important" they say the work is, don't let them past you.

    Vigilance is the key, and far too many critical parts of our infrastructure still fail at it to this day.

    • Re:Security Measures (Score:5, Interesting)

      by HexaByte ( 817350 ) on Thursday April 10, 2008 @02:37AM (#23021646)
      It's NOT just "TURN THE WHOLE POWER GRID OFF" that you have to worry about. The power grid automated when no one worried about computer security, and they still have that old infrastructure in place.

      How would you like it if the hackers got into the grid control system and told the IP motors that control the floodgates on the big dams to open all the way, and then send them into a tizzy that burns them out, so they can't be used to shut the gates? How much damage would the downstream flooding cause?

      Or how about the test the DHS did, where they gave a generator a command to generate power out of phase with the network, causing it to physically self-destruct? It only takes a few tings like this to screw up the country big-time! And it doesn't have to be done on site, it can be comfortably done from the safety and security of your ChiCom hacker network (they've been walking all over our networks for years) or your zombie bot-net.

      I've been sounding the alarm on this for years, (although many others have been doing a far better job, don't want to take credit for others work) and finally the industry is responding. It will take billions to correct it in the US, Europe and Far East, while some poor countries don't have the financial means to do it at all.

      • How would you like it if the hackers got into the grid control system and told the IP motors that control the floodgates on the big dams to open all the way, and then send them into a tizzy that burns them out, so they can't be used to shut the gates? How much damage would the downstream flooding cause?

        Yeah, no kidding. Imagine what would happen if that occured with the Three Gorges Dam [wikipedia.org] in China... Woot, 39,300,000,000 cubic metres of water suddenly dropped on your cities! ...

    • The one thing Social Engineers/Con Men fear most is challenges - and by challenges, I mean challenges of authority.
      Unfortunately, in the current climate of fear and obedience, it is very hard to get people to challenge authority - especially if even the government takes refuge in FUD and secrets. "On whose authority are you doing this?" "Sorry, can't tell you. Terrorism, you know. You could call the CIA, but they would deny ever having heard of me."
  • by Anonymous Coward on Thursday April 10, 2008 @01:38AM (#23021446)
    They'd post armed patrols out in the mountains..even then good luck.

    Why the hell would someone go to all the effort mucking around with computers and hacking and leaving evidence everywhere when they could just go buy a gas axe from the local hardware store and knockdown a few of the big towers and cause havoc for days...and have about 0% of getting caught to top it off.

    I was 4wding up in the highcountry near my city the other weekend, driving along the maintenance tracks for the big lines that run from the hydro electricty plant to the city. A gas axe to a few of the supports and you could cut power to the city in an hour. Choose the right towers, remote and hard to get to and it could be out for days. The big lines run through the rugged and isolated mountains for about 100kms (60miles)...good luck stopping someone motivated doing that.

    And yet, no one ever has..perhaps, just perhaps there isn't bogey men trying to get us hiding around ever corner?

    These 'security experts' that seem to be cropping up left, right and centre these days crying about how unsafe and insecure everything is seem to be little more than a new incarnation of snake oil salesmen.

    Rediculous.
  • I hacked a kebab in less then 30 seconds.
  • That would be the interesting info here. I don't really know why this gets published (on Slashdot!) when there is know specifics available.
  • Machines run Windows (Score:4, Informative)

    by pembo13 ( 770295 ) on Thursday April 10, 2008 @02:22AM (#23021598) Homepage
    Not that other operating systems are perfect, but from what I understand, some power grids are mandated to run Windows on as many of their systems as possible - ie. the technician/engineers are not allowed to evaluate what OS best meets their needs.
  • Seperate networks? (Score:4, Insightful)

    by ludomancer ( 921940 ) on Thursday April 10, 2008 @02:30AM (#23021626)
    Why do we keep critical networks connected to the rest of the net? Why don't resources like these, and the governments, set up proprietary networks that are inaccessible from the global internet base to prevent these sort of things? I never really understood that.
    • Re: (Score:3, Informative)

      by necro2607 ( 771790 )
      Actually, the particular machines that control the resources are very very probably not online. However, other machines with access to their intranet/LAN are. Get yourself control of one employee's machine and you are then effectively sitting inside the office, with the same level of LAN access as the person whose machine you've gained access to, theoretically...
  • unnamed this, coulda-done that... My problem with these grey hat hacks is this:

    if you didn't actually take down the grid, how do you know with absolute certainty that you could have finished the job?

    From TFA, this is what we have:

    the server downloaded malware that enabled the team to take command of the machines. "Then we had full system control," Winkler says

    sure, buddy. Right. How did you know? What did you try to do? What was the last step where you decided NOT to press "Enter"?

    I'll wait until someone actually has the gonads to bring down the system, and then use the "I told you so" argument to prevent being totally raped by the

    • It's a good point - perhaps if they had attempted to start some shutdown sequence, there would have been password prompts, or who knows what.

      They might see the full interface that a full admin might have, but if the system was even half-decently-designed, the developers/designers would probably attempt to make it so sitting down at one of the control machines doesn't just give you the immediate ability to shut down everything...
      • If they have access to the desktops, whats to stop them from installing a keylogger or screen monitoring application or network packet capture utility to grab passwords and all matter of other data.
  • by EdIII ( 1114411 ) * on Thursday April 10, 2008 @03:11AM (#23021770)
    Nobody would ever, ever, ever take down the power grid. Do you realize the implications of such an act? Screw 9/11 .... We are talking about PORN here. Hundreds of thousands of men that get off work everyday, all at different shifts, and have their pants around their ankles within 10 minutes of being home.

    You turn the power off, you take away the porn, the air conditioning for the cold beer, the TV to distract you from your bullshit. You force men to deal with that and I predict a couple hundred thousand men rabidly searching for whoever was responsible for THAT.

    Bin Laden has not been found yet, the idiot that takes out the power grid will be found in 30 minutes.....
  • I don't doubt it at all. Many, many businesses running important systems and infrastructure are no more secure than anywhere else. And that security "everywhere else" is basically a lack thereof.

    When you think about it for a moment, these kind of key things could be successfully attacked and shut down no problem. It's never been otherwise. There are people that just love to break into systems, and it's obvious that some of those people inevitably have far more destructive intentions than simply "pen
  • by Dekortage ( 697532 ) on Thursday April 10, 2008 @06:14AM (#23022548) Homepage

    From the article: "In addition to consulting, Winkler is author of the books Spies Among Us and Zen and the Art of Information Security."

    (italics in the original)

    Spies Among Us and Zen? Can't wait to read that. And: "Hi, I'm Art. Art of Information Security." Or maybe that is a coffee-table book of famous paintings reimagined through security logs, Matrix-style.

  • by jpellino ( 202698 ) on Thursday April 10, 2008 @08:04AM (#23023290)
    ...then you'll have our attention.

Surprise your boss. Get to work on time.

Working...