First real-world SCADA attack in US
Michael Painter
tvhawaii at shaka.com
Tue Nov 22 23:10:38 UTC 2011
Steven Bellovin wrote:
> On Nov 21, 2011, at 4:30 PM, Mark Radabaugh wrote:
>>>
>>>
>> Probably nowhere near that sophisticated. More like somebody owned the PC running Windows 98 being used as an
>> operator
>> interface to the control system. Then they started poking buttons on the pretty screen.
>>
>> Somewhere there is a terrified 12 year old.
>>
>> Please don't think I am saying infrastructure security should not be improved - it really does need help. But I
>> really doubt
>> this was anything truly interesting.
>
>
> That's precisely the problem: it does appear to have been an easy attack.
> (My thoughts are at https://www.cs.columbia.edu/~smb/blog/2011-11/2011-11-18.html)
>
> --Steve Bellovin, https://www.cs.columbia.edu/~smb
Umm hmm. And here's another one poking around:
http://pastebin.com/Wx90LLum
"I'm not going to expose the details of the box. No damage was done to any of the machinery; I don't really like mindless
vandalism. It's stupid and silly.
On the other hand, so is connecting interfaces to your SCADA machinery to the Internet. I wouldn't even call this a hack,
either, just to say.
This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic."
--Michael
More information about the NANOG
mailing list