Experts Hack Power Grid in Less Than a Day

bednarz writes "Cracking a power company network and gaining access that could shut down the grid is simple, a security expert told an RSA audience, and he has done so in less than a day. Ira Winkler, a penetration-testing consultant, says he and a team of other experts took a day to set up attack tools they needed then launched their attack, which paired social engineering with corrupting browsers on a power company's desktops. By the end of a full day of the attack, they had taken over several machines at the unnamed power company, giving the team the ability to hack into the control network overseeing power production and distribution."

Re:I hate the term "Social Engineering"

[causality]

What's wrong with the good old fashioned "lying" or "scamming"? Fucking con-artists trying to sound legit.

It's "social engineering" if you fell for it.

penetration-testing?

[Anonymous Coward]

How do i get a job as a penetration tester? I wonder what that interview would be like?

Pfft..

[dartarrow]

Trinity did it in 3 minutes.

In Leather

By the power of Grayskull...

[Bob54321]

He better of said "I have the power!" when he finally had access to everything.

Best Job Ever

[SmlFreshwaterBuffalo]

"Trust me baby, I'm a professional. See? It says so right here on my card -- Penetration-Testing Consultant."

Re:free electricity?

[Anonymous Coward]

An unknown someone in Great Britain got free power for an unknown factory for an unspecified amount of time, because they knew another unknown someone at the unnamed power company. Sometime in the late 1940s.

No-one was ever caught.

Cops probably didn't have much to go on, really.

That's a great story. Delivery could use a little work though.

Re:penetration-testing?

[Anonymous Coward]

If an applicant goes to an interview, then he cannot merit the job.

In penetration testing, the successful applicant hires himself.

Re:I'm Shocked!

[kestasjk]

Yup the terrorists could shut down the power grid; it'd be like 9/11 but with light bulbs instead of people!

Since OTT security costs OTT money I think they should stick with sane security checks, and not worry about headline grabbing pranks like these

Re:I'm Shocked!

[Anpheus]

Wait, guys, I have a fix!

*unplugs cat-5 from firewall between power control computer and local intranet*

Wait, you were saying something about prevention and deterrence and I rudely interrupted. Please, carry on.

So the Fuck What?

[EdIII]

Nobody would ever, ever, ever take down the power grid. Do you realize the implications of such an act? Screw 9/11 .... We are talking about PORN here. Hundreds of thousands of men that get off work everyday, all at different shifts, and have their pants around their ankles within 10 minutes of being home.

You turn the power off, you take away the porn, the air conditioning for the cold beer, the TV to distract you from your bullshit. You force men to deal with that and I predict a couple hundred thousand men rabidly searching for whoever was responsible for THAT.

Bin Laden has not been found yet, the idiot that takes out the power grid will be found in 30 minutes.....

Re:penetration-testing?

[gnud]

I wonder how that works as a pickup line.
Hey Baby, have you been with an professional penetrator before?

Re:Here is a "sane" security measure

[kestasjk]

I'm sure they have a good reason for it; they're not stupid

Hilarious editorial problem

[Dekortage]

From the article: "In addition to consulting, Winkler is author of the books Spies Among Us and Zen and the Art of Information Security."

(italics in the original)

Spies Among Us and Zen? Can't wait to read that. And: "Hi, I'm Art. Art of Information Security." Or maybe that is a coffee-table book of famous paintings reimagined through security logs, Matrix-style.

Re:Here is a "sane" security measure

[somersault]

I'm sure they have a good reason for it; they're not stupid

Haaaaaaaahahahahahahahahahaaaaahahahahaa! xD good one

die hard

[keirre23hu]

I'm not impressed, the bad guy in the last Die Hard took down the grid in a couple of minutes..

Unnecessary:The Cylons have been gone 40 years now

[boombaard]

Commander Adama: "It's an integrated compter network, and I will not have it
aboard this ship!"
Secretary Rosalyn: "I heard you're one of those people... you're actually
afraid of computers."
Commander Adama: "No... there are many computers on this ship. But they're
not networked!"
Secretary Rosalyn: "A computerized network would simply make it faster and
easier for the teacher's to be able to teach..."
Commander Adama: "Let me explain something to you...
Commander Adama: "... many good men and women lost their lives aboard this
ship, because someone wanted a faster computer to make life easier. I'm
sorry that I'm inconveniencing you or the teachers, but I will not allow...
a network computerized system to be placed on this ship while I'm in
command. Is that clear?"

Re:I'm Shocked!

[6Yankee]

How can he? He was posting from that power control box, you insensitive clod!

Call us when you get into the billing system...

[jpellino]

...then you'll have our attention.

Re:I hate the term "Social Engineering"

[aproposofwhat]

That's 'scamming', not spamming, dufus!

Take it a step farther

[Gription]

Actually the USB drives don't even fall under the heading of 'Social Engineering'. Social engineering involves communicating with someone. The only way it could be social engineering is if you are interacting with your hardware on WAY to much of a personal level.