Microsoft Worms Crash Ohio Nuke Plant, MD Trains 817
stieglmant writes "For everyone who thought the 'blackout of 2003' was bad, how about this, according to an article at SecurityFocus, and another article at The Register, 'The Slammer worm penetrated a private computer network at Ohio's Davis-Besse nuclear power plant in January and disabled a safety monitoring system for nearly five hours.'" Russell writes "Maryland MARC Train Service was shut down most of Wednesday morning due to what sounds like the MS-Blast worm or one of its variants. The local Baltimore news reports that the cause was a signal malfunction but CSX, whose communications system runs the tracks, has an article describing the shutdown as a result of 'a worm virus similar to those that have infected the systems of other major companies and agencies in recent days'. This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked. Wow, taken to the extreme, the exploitation of their systems could have caused a train collision and injury or death to hundreds of Maryland and Virginia commuters."
The network administrators... (Score:5, Insightful)
Re:The network administrators... (Score:5, Insightful)
Re:The network administrators... (Score:5, Insightful)
--- but imagine when they catch the clown who spread/made the virus...he/she might be locked up for a while...
Re:The network administrators... (Score:0, Insightful)
Software Disclaimer (Score:5, Insightful)
What I don't get (Score:5, Insightful)
It doesn't make sense. Use a Unix/Linux machine, make sure it has only the access level needed from the outside (maybe sshd running, maybe), and keep the thing patched.
Why is this rocket science? Why do people who are building nuke plants and rail lines not know any better?
Sorry for going off on a rant, but damn it, somebody needs to say it.
No firewall? Probably not. (Score:5, Insightful)
This indicates that the network that the train signaling stations are on is not protected by firewalls, at least to block ports 135 and 444 where the DCOM vulnerability is attacked.
Actually, I suspect that someone unwittingly plugged an infected laptop into the network inside of the firewall.
Maybe it was a VPN problem (Score:1, Insightful)
-aelfweld
more info (Score:5, Insightful)
The Washington Post is reporting [washingtonpost.com] that the Slammer worm crashed the computerized display panel which monitors the most crucial safety indicators (coolant systems, core temperature sensors, and external radiation sensors) at Ohio's Davis-Besse nuclear power [doe.gov] plant in January. No serious problems occured, primarily because the plant has been offline for more than 1-1/2 years.
Davis-Besse is run by FirstEnergy [firstenergycorp.com], which many people feel may bear much of the responsibility [forbes.com] for last weeks power blackout.
Someday hopefully reason will prevail... (Score:3, Insightful)
People are morons.
Re:The network administrators... (Score:5, Insightful)
Sometimes that's not enough. At my university, the departmental firewall did just fine in blocking the virus, until somebody got their Windows laptop infected at home and brought it to work, behind the firewall. Once again proving that great network security can be easily defeated by poor physical security.
Re:The network administrators... (Score:4, Insightful)
It doesn't even necessarily take an indirect connection to the internet. If a virus is on a laptop that was connected to a public (or any infected network) like at home, then connected to a completely autonomous network, it can then infect that network.
Don't overreact (Score:4, Insightful)
Thats why trains have human engineers and brakes. It's why people should use good judgement and observation. If you approach an intersection, and see that the traffic lights in all directions are green, use your head and stop, because something's wrong. Of course this is impossible, theres a mechanical failsafe that will make all lights blink red if that happened - making a 4 way stop, similar mechanical fallbacks are employed in the railroads. This is all besides the point.
Techies tend to overestimate the role of technology in day to day life. MARC was shut down more because the clerks were having a hard time selling tickets, since they cant do simple math in their heads.
Re:The network administrators... (Score:3, Insightful)
Re:What I don't get (Score:5, Insightful)
How is this any different from;
Use a Windows 2000 machine, make sure it has only the access level needed from the outside (maybe sshd or something similar running, maybe), and keep the thing patched.
If there was a Linux/Unix worm running around, couldn't the exact same situation happen?
Re:The network administrators... (Score:5, Insightful)
Re:What I don't get (Score:2, Insightful)
paranoia time (Score:5, Insightful)
it's possible the vulnerability arose through someone accessing internet e-mail. but wall street firms regularly blacklist internet e-mail sites. they do that b/c they're regulated to ensure that proprieties are kept and people aren't defrauded. a nuke though--we're talking more than just dollars and cents here.
it may not be fully the fault of the admins.
ed
Security in Post 9-11 (Score:3, Insightful)
That was a bad conclusion (Score:5, Insightful)
That is a silly conclusion to come to. Presumably they're also implying the same about the power grid.
I have first-hand experience with Ontario Hydro's IT nework (now Hydro One's IT network ;) and I gotta say - they have firewalls up the wazoo. And this is the problem. They rely on border security. However, on networks as large as the ones being discussed, border security doesn't cut it. There are too many entry vectors. People reading email, people browsing the web, and oh my god people with laptops - the pain the pain.
So before you go thinking "they aren't even taking precautions that would have saved them! Fire them!" understand that it's *exactly* that attitude which caused the networks to go down in the first place - the common misconception the a firewall is a magic wand that will solve all their ills.
Border security does NOT cut it when you run insecure software on the inside, boys and girls. And you can take that to the bank.
Re:Is it going to take deaths to make MS liable? (Score:5, Insightful)
They'd probably cry, 'But we already released a fix! They didn't install this patch, and this patch, and this patch, and then recompiled.'
Don't blame the software companies for the "sh*t quality" of their software, as you say--blame the system administrator who didn't install the already-available fixes or patches. That by far is your guilty party right there.
Re:The network administrators... (Score:5, Insightful)
I would have suspected that there would be multiple layers of protection in front of critical systems like that. Even more, I would expect that safety regulations require these layers of protection. Of course, that would hurt the bottom line, so we can't have that happening :(
Re:What I don't get (Score:5, Insightful)
Exactly (Score:5, Insightful)
CSXT has confronted increasingly sophisticated computer viruses, like ones that have penetrated some of the most secure sites in the country in recent days.
Sorry, but they're obviously not "some of the most secure sites in the country". If they were, they wouldn't have been penetrated like this. How can I say this? Because my company didn't get penetrated.
I'm afraid of sounding like a broken record here, because if anyone looks at my past posting history they'll see I've said exactly the same thing. However, the fact is we have mission-critical 24/7/365 servers running Windows (as well as Linux) that simply can not be vulnerable. So we secure them, and we protect them, and put in safeguards, and work together as a team if there is a particularly nasty threat out there...and we keep running. Funny, that.
Sod it; plenty of other posters will argue the point about patching, firewalling, etc., and a myriad of rabid MS-bashers will refute and insult. Let my small voice add merely this to the fray -- it doesn't have to be this way, even if you use Windows. All that is required is people who know what they're doing.
Re:Hire competent IT people... (Score:2, Insightful)
What major release has Micro$loth put out there that's made everyone's lives better and easier in the last several years? I can't think of any. These published reports just show what a house of cards the Windoze platform is.
Re:So many morons (Score:2, Insightful)
For train control, Fail Safe == Stop Working (Score:5, Insightful)
Train control has this luxury. Computer systems onboard airplanes do not... simply turning off jet engines in case of computer failure is not an appealing possibility.
Re:What I don't get (Score:4, Insightful)
If the critical system is on the same physical network as workstations other than the head-end, that could be a problem. Technician plugs his infected laptop into the networ for diagnostics or downloading data, and the network traffic kills the ability for the SCADA nodes to interact.
This is an easy mistake to make; all it takes is having multiple people need to share the same information, and a lack of money to provide dedicated physical layers for each function and proper gateways between the layers.
Re:The network administrators... (Score:4, Insightful)
Network Administrator: We should get an outsourced firewall and a managed virus system. It will cost 45000 a year, but it will be worth it. We also need to start putting on patches on the servers.
CIO: Too much money. Just buy something from Best Buy. As for the servers, we cannot pay you overtime to put patches on them. Besides, Microsoft is a big company. There shouldn't be any real problems.
Network Administrator: But sir....
CIO: Just do it. I've got an MBA. I know what I'm talking about. If there is a problem, we'll just blame you.
Security is transitive (Score:5, Insightful)
The Register article says "It began by penetrating the unsecured network of an unnamed Davis-Besse contractor, then squirmed through a T1 line bridging that network and Davis-Besse's corporate network. The T1 line, investigators later found, was one of multiple ingresses into Davis-Besse's business network that completely bypassed the plant's firewall, which was programmed to block the port Slammer used to spread".
I'd never let a client do that. From a business risk management point of view, you *might* allow a direct connection by a vendor, *if* you had a good contract requiring them to keep good security and be responsible for breaches, and *if* you had secured everything sensitive in your internal network. From a theoretical or technical point of view, you should never trust something you don't control.
Monitoring systems are just as safety-critical as control systems. After all, the feedback loop is part of a control system. Imagine an intruder changing the readings to show that reactivity was decreasing, core temperature was dropping, and coolant pressure was so high that relief valves should be opened. You'd have a Three Mile Island rerun. That system should never, NEVER have been exposed even indirectly to the Internet.
But then, Davis-Besse is the plant where someone thought the way to check for an air leak was to poke around with a lit candle near flammable insulation wrapping critical control cables (1975).
Re:The network administrators... (Score:3, Insightful)
Yeah, 'cause Linux could never be compromised in such a way [slashdot.org].
If the network admins at gnu.org and this power plant had kept up to date with patches, then neither breach would have happened. EVERY OS has its vulnerabilities, and your network security is only as good as your Network Security Administrator. To blame the OS and prescribe a different one is an ignorant and short-sighted red-herring. The real problem is the attitude and the practices of the people in charge of the network.
Re:What I don't get (Score:4, Insightful)
If there was a Linux/Unix worm running around, couldn't the exact same situation happen?
While I agree with you in principle, the problem I have with MS patches is that I have NO FSCKING CLUE what other areas of the OS are affected. At least if I see a patch for TFTP for Linux, I KNOW I don't need it.
My God Man, just running MS Terminal Services requires the MS Client, even though I run a Netware network!
Welcome to the new Federally mandated Palladium (Score:5, Insightful)
No. Unacceptable. (Score:4, Insightful)
Secondly, Microsoft CLEARLY spells out that their software is never to be used in this kind of implementation. Most software manufacturers do -- Sun, Apple, and most Linux distros IIRC.
Now, if this is a case of a critical service being overflowed from a remote location simply because it's connected to a public network, that's bad enough. To be running a consumer operating system on those critical services is simply unacceptable and probably worthy of execution. I don't care if the system was offline at the time -- this kind of thing should be definitely ringing warning bells. I hope whatever moron implemented this system gets fired.
From reading the article the services that went down had analog backups, but it's still unacceptable. Don't connect critical services to the fucking Internet.
Re:The network administrators... (Score:3, Insightful)
Why was it running Windows? Because a lot of SCADA software like what's available from GE Fanuc [gefanucautomation.com], Citect [jzw.com.au], and Tascomp [tascomp.com], (just to name a few) are designed for Windows.
The business needs of a company drive the decisions of what to purchase and implement, and many things are taken into account and weighed against each other.
Security isn't the only concern, because even it is weighed against liklihood of risks happening, and Risk Management isn't perfect. Thankfully, given these incidents, the risk factors just got increased and lit up with a VERY bright spotlight.
Network Administrators are given the responsibility to keep a variety of equipment, operating systems, and applications running and talking to each other appropriately, without necessarily being given all the authority they need to keep stuff like this from happening. Frankly, I pity them. Everyone remembers the bad incidents without realizing how much good they do, silently and behind the scenes.
Re:The network administrators... (Score:3, Insightful)
Same thing happened at my university, but where talking about a nuclear power plant and the OP did say "exposed, even indirectly, to the internet". We're definitely talking about indirect exposure here! Why are there dirty laptops on the same LAN as the safety monitoring system.
Re:It's only a matter of time... (Score:2, Insightful)
Re:Software Disclaimer (Score:4, Insightful)
Re:What I don't get (Score:4, Insightful)
Yup. But I havn't heard of them. I've heard of a couple viri/worms/trojans with windows that have taken out significant parts of the internet. My Linux/Solaris machines still get hit daily with code red, a 2 year old exploit.
If you were interviewing 2 people for a job, and one was a convicted violent self confessed felon, would you hire him over someone without a record?
Re:Exactly (Score:3, Insightful)
Re:bad guys (Score:3, Insightful)
Let me guess... It is the lazy administrator's fault. Well, when the patch is not easily installed most "windows administrators" -- like my mom who settles down in front of her machine to do the puzzle page each day -- just don't do it. When you don't know that the patch is out there, then how the fuck can you install it? Most computer users do not sit and watch bugtraq all fucking day. I don't read m$ EULAs because I don't use their products, but I am sure they indemnify themselves against their own poorly thoughtout piece of shit software.
Re:The network administrators... (Score:2, Insightful)
Re:The network administrators... (Score:3, Insightful)
-molo
Firewall has nothing to do with it! (Score:2, Insightful)
Cringely made this same mistake the first part of his weekly article http://www.pbs.org/cringely/pulpit/pulpit20030814. html [pbs.org]. It's not always the "network" guys that are responsible for system patches and client firewall. Especially not in large companies.
Re:The network administrators... (Score:3, Insightful)
I phrase my message this way because what you describe should not exist.
Re:The network administrators... (Score:5, Insightful)
Re:The network administrators... (Score:2, Insightful)
More Spin about patches (Score:4, Insightful)
With MS systems it's not just a matter of loading a patch, quite often they break something especially third party apps, fail to fix the problem they claim to fix, or open a new vulnerability.
If a model of car were found to be so defective -- bolts breaking, carbonmonixide in the passenger compartment, split drive shaft when you change gears, works with only one brand of gas, plays only approved radio stations, etc. -- no one would think to blame the user.
Re:What I don't get (Score:2, Insightful)
Re:It's only a matter of time... (Score:5, Insightful)
Yes, and then software liability will be mandated by legislation and then everyone in the software industry will be trouble. Be careful what you wish for. If MS goes down for something like this, the whole software industry is in trouble. We don't make as much as doctors in this business, so we can't afford the malpractice/liability insurance.
Again, the question should be asked why were mission-critical systems connected directly to any network, other than connections to other mission-critical boxes?
Re:The network administrators... (Score:5, Insightful)
Re:The network administrators... (Score:3, Insightful)
Well, yeah there is, although it's a little lame. If this is a "critical" system that has to be running all the time, they are probably loathe to update it until a scheduled maintenance downtime. They can't have automatic updates running on a critical system like this, as an update itself might crash the system.
Why is this argument lame? Well, they should have (maybe they do) a backup system. They should have been able to switch to backup long enough to perform the upgrade and test it.
Re:The network administrators... (Score:2, Insightful)
Because "no-one ever got fired for going with Microsoft." Hehehehe.
Re:The network administrators... (Score:4, Insightful)
They think they want 100% market penetration, but they also think they can get away without taking on the responsibility which that implies.
They're "encouraging" everyone to use MS products excusively, everywhere. When it gets to the point where everything is Microsoft and nobody knows anything else (which is what Microsoft is shooting for) how are they going to deny responsibility for stuff like this?
This might be compared to a concrete manufacturer coercing the market, becoming the sole supplier of concrete, but all along saying something like "you shouldn't use our product for pre-stressed bridge segments." Once they became the sole supplier for concrete, what the hell else are people who want to build bridges supposed to do?
Can a supplier reasonably be excused for making crappy product which kills someone because they said to use some other product, even though they themselves were the ones who drove all the other products out of the marketplace?
Re:The network administrators... (Score:5, Insightful)
When it comes to your average office network, sure, you can give the "oh they brought in an infected laptop" excuse, but this is quite a bit different.
Re:The network administrators... (Score:5, Insightful)
The "typical" administration job is exactly what you'd expect -- you're understaffed, underpaid, your budget is abysmal, and you have a gaggle of retarded secretaries calling you up asking the *same questions* constantly because they're too lazy to use the help system!
Most of your day is spent putting out fires. Fixing critical systems before all hell breaks loose, keeping your web/nfs/mail/compute servers running when they have a load average of *5*, fixing viruses, fixing shitty HP machines because your boss wouldn't listen to you and buy a cheaper machine made of quality parts.
Luxuries like patching systems, and preemptive security measures are things there aren't time for.
So my question would be ... is their IT department critically underfunded and that CAUSED the problem, or was someone just lazy?
Freight trains are to fear the most (Score:5, Insightful)
And it's not MARC's problem... they only run on CSX's tracks.
Idiots (Score:3, Insightful)
Who are the retarded idiots that let Microsoft within five miles of nuclear safety equipment? Microsoft's software is not quality controlled to any standard suitable for risking human life, and they even admit that in their EULA (no warranty, no liability).
Time for a change. (Score:5, Insightful)
One life and death critical systems they should use proprietary hardware, OS and software.
Not any version of Windows, not any version of Linux, not Intel, not AMD, but something totally alien. Something that is designed from the ground up to be DIFFERENT and CLOSED that can not communicate with the outside world and the system that the outside world run on.
I'm talking about Air Traffic Control systems, Nuke plant controls, railroad traffic systems, hospitial systems, military systems, power systems, public utilities.
I mean NEW CPU's and a NEW OS and NEW software that is so different and so tightly closed that nothing can communicate with it but other systems of the same design.
With every other little dickweed with a Wally World emachine typing "1337" into google and downloading DIY virus labs, and these same little punks having access to the same networks that all the above mission critical systems communicate on, well, it's a disaster waiting to happen.
And when some script kiddie crashes a 747 full of people from his Wally World emachine on his mommies AOL account, what then? Or the same kiddie opens the floodgates on a dam and kills 200,000 people. Or a million people. Or makes a nuke plant go Chernobyl?
When burglars keep breaking into your safe every week and robbing you blind you would assume that it's time to get a better safe..
Before the world went insane and computerized every friggin thing from toasters to pay toilets to the power grid, this sort of thing was IMPOSSIBLE. Time to fix it folks..
Flame away..
Re:Exactly (Score:1, Insightful)
Re:The network administrators... (Score:5, Insightful)
The systems shouldn't even have been allowed to mix even on a shared Ethernet. Microsoft belongs nowhere inside the perimeter of a nuclear facility. Period.
Re:Exactly (Score:4, Insightful)
Wha the fuck ever. I've heard similar excuses all freaking week. "Viruses are getting smarter" , "Those hackers have no lives", etc etc. They miss the point that it's actually the OS's fault in the first place! The virus comes in through an exploitable service which runs by default. It's not like the virus tricked the user into executing it.
It's like me leaving the door to my house open, some thief comes in , cleans out my house and then I say
This ignorance won't stop until the media stops talking bullshit, tells the whole story and includes _all_ the parties at fault including MS, who well, basically sold me the house without doors!
Network Security vs. Commodity IT (Score:1, Insightful)
The base I'm on is well firewalled (sidewinder) and the ports that the initial variants of Blaster used were blocked. e-mail is virus scanned and the desktops/servers are all patched via SMS (remember, everyone had a full week to patch before the exploit code started showing up).
Despite all these measures (including MS SMS patching), the worm still got on the network and infected a sizable number of desktops (let's just put the number in the low 5 digit area).
So, how did the worm get there if the firewall blocked it's propagation from the outside and e-mail was scanned and desktops were (supposedly) patched?
two words: user entropy.
How many people within any given org are on laptops? (you know, the people who take their work home with them and connect to the internet via an ISP that doesn't have a firewall) How many rouge modems are there? (and remember, with the advent of NAT and dialing appliacnes, one doesn't have to have administative access to a PC to establish and unauthorized path) How many GoToMyPc enabled desktops are floating around? Haven't run across GoToMyPc yet? You will... and it will traverse your firewall and web proxy quite easily. Think you have all your bases covered? Ask yourself this question: If a users plugs something requesting a DHCP address into a RJ-45 wall plug, will it get a usable address? Probably. Ok, there's 802.3x, but how many laser printers actually have this capability?
Admins try to make things work. In complex environments with dumb end-users, this means making things simple. Lots of simple systems (remember with the first S in most of the TCP/IP protocols stands for) interacting with one another leaves a lot of room for, well, "Slack".
The only real way to contol security is to have a closed system with tight control (satellites, power grids, etc.) Then you only move the security threat to insiders (who should be opt-ed in so deeply it's not psychologically possible for them to be a threat).
What's disturbing is that important systems seem to be going the commoditization route with respect ot IT infrastructure. Whatever happened to completely physically seperate networks (but, oh, you have to get your patches from somewhere and waiting for the technet CD isn't an option)?
Re:The network administrators... (Score:5, Insightful)
Re:The network administrators... (Score:5, Insightful)
new headline (Score:4, Insightful)
Re:That was a bad conclusion (Score:3, Insightful)
B) Would also be an improvement over the current situation (in my experience), but not as good as A).
Come to think of it, A) would only be good if the vast majority of people worked from home. Not just "more". If you have 20,000 people going into offices, and 10,000 at home, you'll still get nailed.
C) Why outsource? Why not, instead, hire *competent* people who are available over the course of the company's lifetime to deal with changing circumstances? Ontario Hydro has outsourced all its IT stuff to Inergi and New Horizon.
Outsourcing is an evil part of the IT industry - people pay obscene sums of money for worthless junk (worse than what they'd get in-house, in my experience).
D) Giving up is not an option
I would, instead, propose a real solution:
E) Hire competent people. Hire as many as you need. Hire competent managers. Hire as many as you need. LET THEM DO THEIR JOBS. Do not tell them that everybody needs to run Windows. Let them weigh the costs and the needs of the company, and make a decision. Live with that decision knowing that you hired good people and that this is really the best possible solution.
(I know full well I'm dreaming. I don't expect companies to be competent at hiring competent people for at least another decade. Maybe not even then, maybe it'll be much longer. But I can hope. Christ, the stories I could tell
Could Have Been Much Worse (Score:3, Insightful)
Sure it was annoying, and a DDOS isn't good, but it COULD have been really malicious and MUCH worse...
The ability to run arbitrary code on a server opens up your entire infrastructure. But the moron had machines reboot to announce they were infected.. what was he thinking?
Or was this just a distraction from a much larer and sinister plan?
Idiots (Score:5, Insightful)
1) Do not place a vulnerable system on a critical network unless absolutely necessary.
2) When configuring a computer/server, always assume that you are hooking up to a hostile, unfiltered network.
If they'd applied these two rules to their network, routers, servers, etc., this likely wouldn't have happened. These are pretty basic ideas, folks. If you have a Windows box on the same network as a computer controlling nuclear saftey checks, you better have a damn good reason and you better check for patches weekly.
Yet another misleading title... (Score:3, Insightful)
"Microsoft Worms Crash Ohio Nuke Plant"
Ummm...no, it clearly states in the body: disabled a safety monitoring system for nearly five hours.
Re:The network administrators... (Score:3, Insightful)
And similar language exists in the GPL, and in fact, in pretty much every software licence I've ever read.
It's very common practice. So what's your point?
Re:The network administrators... (Score:3, Insightful)
Much better idea would be to connect everything to firewall directly, basicly replacing switches with something that can do packet filtering.
Unfortunately, this.. well.. costs money.
Another possibility is what MS considers doing, that is, running at least some kind of private, software based firewall on every workstation and server by default, unless there's a better firewall that the server is directly connected to.
Instead of thinking "connection to Internet should go through a firewall" people to should think "connection to a network should go through a firewall".
Some kind of central management for all these workstation-firewalls would be preferrable though.
Re:Idiots (Score:3, Insightful)
Re:The network administrators... (Score:3, Insightful)
Unless, I assume, there's a problem with the braking system and nobody knows about it because the monitoring boxes are down. Isn't that precisely why the monitoring boxes exist in the first place?
Re:Idiots (Score:2, Insightful)
I can't believe this (Score:3, Insightful)
This can't be true! Please tell me it isn't.
Who the hell uses MS Windows to monitor a _nuclear__power__ plant_?
I would've never thought I'd be so happy to live in germany. At least our nuclear plants have their own, customized real time operating systems watching over what's going on.
Jebus Crickey, I'd suggest you'd get yourself a new set of plants right along with that new powergrid that's due.