First real-world SCADA attack in US
Dennis
dennis at justipit.com
Wed Nov 23 03:12:09 UTC 2011
Like any of the decades largest breaches this could have been avoided by following BCP's. In addition SCADA networks are easily protected via behavioral and signature based security technologies.
Steven Bellovin <smb at cs.columbia.edu> wrote:
>
>On Nov 22, 2011, at 8:08 58PM, Steven Bellovin wrote:
>
>>
>> On Nov 22, 2011, at 7:51 59PM, Valdis.Kletnieks at vt.edu wrote:
>>
>>> On Tue, 22 Nov 2011 13:32:23 -1000, Michael Painter said:
>>>
>>>>> http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html
>>>
>>>> And "In addition, DHS and FBI have concluded that there was no malicious traffic from Russia or any foreign entities, as
>>>> previously reported."
>>>
>>> It's interesting to read the rest of the text while doing some deconstruction:
>>>
>>> "There is no evidence to support claims made in the initial Fusion Center
>>> report ... that any credentials were stolen, or that the vendor was involved
>>> in any malicious activity that led to a pump failure at the water plant."
>>>
>>> Notice that they're carefully framing it as "no evidence that credentials were
>>> stolen" - while carefully tap-dancing around the fact that you don't need to
>>> steal credentials in order to totally pwn a box via an SQL injection or a PHP
>>> security issue, or to log into a box that's still got the vendor-default
>>> userid/passwords on them. You don't need to steal the admin password
>>> if Google tells you the default login is "admin/admin" ;)
>>>
>>> "No evidence that the vendor was involved" - *HAH*. When is the vendor *EVER*
>>> involved? The RSA-related hacks of RSA's customers are conspicuous by their
>>> uniqueness.
>>>
>>> And I've probably missed a few weasel words in there...
>>
>> They do state categorically that "After detailed analysis, DHS and the
>> FBI have found no evidence of a cyber intrusion into the SCADA system of
>> the Curran-Gardner Public Water District in Springfield, Illinois."
>>
>> I'm waiting to see Joe Weiss's response.
>
>
>See http://www.wired.com/threatlevel/2011/11/scada-hack-report-wrong/
>
> --Steve Bellovin, https://www.cs.columbia.edu/~smb
>
>
>
>
>
>
>
More information about the NANOG
mailing list