Wind Power Firm Sees No Evidence of Hack 99
alphadogg writes "One day after a hacker posted screen shots and data to a hacking mailing list, saying he had broken into a New Mexico wind turbine facility, the company that runs the turbines says it has seen no evidence of a computer intrusion. The hacker, who calls himself Bigr R, made the claims Saturday, posting screenshots of the facility's management interface, screenshots of an FTP server and project management system, as well as Web server info and configuration data from a Cisco router."
None of this means it didn't happen (Score:5, Insightful)
It's possible that the IT staff who failed to secure the networks and websites also lack the expertise to detect an intruder. It's certainly not easy, and if they were able to cleanly socially engineer (or perhaps guess) passwords to get it done, there may be no way to detect it at all.
Simple Message (Score:2, Insightful)
Re:None of this means it didn't happen (Score:2, Insightful)
I am sorry to disappoint you, having worked at a company developing SCADA systems... these systems are developed a bit like this:
Assumption 1: SCADA systems... should be on a completely separate infrastructure.
Assumption 2: If the system is on a separate, secure infrastructure... we have no need for additional security measures.
Reality-check 1: 'I want to see what they h*ck is going on at the site when I'm at home!!!'
Reality-check 2: Nobody listens to the security-conscious-guy when they want to have fancy graphics./