Archive for September, 2009

IT consultant confesses to SCADA tampering-Using Multiple user accounts

September 30, 2009 Leave a comment

Another disgruntled employee incident, the report says that from the company offices this consultant could have had access to remotely operate giant oil platforms !!
A former IT consultant for a California oil and gas company has admitted he intentionally tampered with its computer systems after he was turned down for a permanent position there.

Mario Azar of Upland, California pleaded guilty to one felony count of intentionally damaging a computer system used in interstate and foreign commerce, according to documents filed in federal court in Los Angeles. He was an IT consultant for Long Beach, California-based Pacific Energy Resources until around May 8, 2008, when he received his final paycheck.

Beginning on that date, Azar “knowingly caused the transmission of programs,” codes, and commands that impaired the computer systems of the company, prosecutors said. Parts of those systems were used to remotely operate giant oil platforms from the company’s offices. The systems were also used to detect gas leaks.

Such SCADA, or supervisory control and data acquisition, systems are frequently used to control sensitive equipment at dams, gasoline refineries and other large industrial sites. Security watchers have warned that they are vulnerable to disgruntled insiders or malicious hackers who figure out ways to exploit computer weaknesses.

Azar had set up parts of the Pacific Energy Resources computer system and had established multiple user accounts on it, according to court documents. They didn’t make clear whether company administrators had deleted the accounts after the consultant left the company.

Source: The register-UK

Comparing Industrial Ethernets

September 28, 2009 Leave a comment

In a recent Intech Magazine article they discussed how the large variety of different protocols and vendors has caused end users to ask many questions, including:

*Which industrial network performs better for my application?
*Which vendor’s products will satisfy my given requirements?
*How will a particular device perform compared to another?
*How does one performance metric compare to another?
*How well will a particular product work in my control system?

The answer might be the IENetP ( Industrial Ethernet Network Performance toolkit ) the open source tool developed by NIST (Get it from HERE )currently in its first release can currently Analyze the network traffic capture, and report the results.

Version 2.x of the software will focus on adding additional mathematical analysis methods and performance metrics. While NIST is planning to improve the mathematical analysis methods, the test tool will hide the complexity of the calculations by presenting the user with easy-to-understand-and-compare data. The next major performance metric to investigate is latency, which will allow the test tool to analyze a larger number of industrial networks and communication protocols. Version 3.x of the software will focus on other industrial Ethernet protocols than EtherNet/IP. Some examples of other protocols are Modbus/TCP, ProfiNet, Foundation fieldbus HSE, ISA-100.11a, IEEE 802.11/WiFi, and ZigBee.

The Full Intech Magazine article

You can download the NIST Open Source Tool from HERE

Vodafone Turkey Woes and Telco Regulations

September 13, 2009 1 comment

Floods that hit turkey on Wednesday, September 9th sweept Vodafone’s Ikitelli’s district data centers causing a complete network failure that affected millions. Below is a video taken from security cameras of Vodafone’s Data Center in Ikitelli’. (1.54 Minutes into the Video )

Just few minutes after data center incident millions of Vodafone subscribers (according to Vodafone about 3.8 million people) started having communication problems (complete signal loss) for at least 48 hours. customers still report 3G/EDGE problems till this moment.

The DR Plan didn’t kick off for 24 hours and Vodafone had to fly-in the UK Disaster Recovery team, clearly there has been a problem with the DR plan ( perhaps not taking the flooding scenario into consideration , perhaps the scale of the problem was just to big to handle with current resources ). But the question remains:

– Now that Communication (A Critical Infrastructure by definition) affects the life of millions, should nations regulate and/or audit the resilience of the service, unfortunately most Telecommunications regulatory authorities doesn’t review the the DR/BC plans or the annual BC/DR audit reports of private companies although this comes under QoS. With most of the countries now enjoying 3 or 4 Mobile operators I always thought that there should be someway to re-assign and re-distribute affected users to the other operational networks for a fee (Paid by Insurance companies , or the malfunctioning Telco ). I’m not a GSM expert but I assume the concept is similar to Roaming.

What the DHS collects about US Visitors ?

September 9, 2009 Leave a comment

A recent post in the blog philosecurity discussed a copy of the U.S. Customs and Border Patrol’s Automated Targeting System (ATS) revealing some of the information held by the DHS on all US visitors, The ATS records was obtained through a FOIA/Privacy Act request.

The ATS document reveals that the DHS is storing the following Personal information on any US visitor:

-Credit card number and expiration
-IP address used to make web travel reservations
-Hotel information and itinerary
-Full Name, birth date and passport number
-Full airline itinerary, including flight numbers and seat numbers
-Cruise ship itinerary
-Phone numbers, incl. business, home & cell
-Every frequent flyer and hotel number associated with the subject, even ones not used for the specific reservation
-Travel Agent name and contact
-All the hotels that the Travel Agent recommended.

I want to add that the ATS report also include personal preferences like:

-Smoking/Non Smoking Hotel Room preferences
-Preferred Airplane seats ( Rear/Front/Window)

Interestingly enough the DHS’s ATS report does not contain information about International flights using Private Jets

All this information is used to assign a “Risk Factor” marking the likelihood of any involvement with a terrorist cell or criminal activity.

The full ATS report can be found here

Smart Grid Companies are asking for a Dedicated Wireless Spectrum

September 1, 2009 Leave a comment

In a recent FCC workshop several utility companies lead by AEP (American Electric Power) brought up “Again” the idea of having the government allocate a certain wireless spectrum (calls for following the Canadian footsteps of allocating the 30 MHz ranges ) specifically for utilities to use for smart grid purposes. This would mean either restricting that spectrum to a few select groups, or making it completely off limits for other types of companies and organizations working on things other than smart grid technology.

The workshop agenda posted some other important questions like:

-What are the pros and cons of the various types of networks?
-How much bandwidth is needed to support Smart Grid communications? Do current networks meet these needs?

More on the topic

    Comments: Going through several presentations from the workshop I want to highlight the following:

– Its clear that telco giants like AT&T are leading a band advocating for using the public wireless network for the Smartgrid describing the wireless public network as “secure” and “reliable” , with one of the presentations saying that “Adding all possible meters in the United States = %0.0002 increase in AT&T network traffic”. ( which might be true and more cost efficient than other alternatives but it sure sounds like putting all the eggs in one basket.)

AEP’s Position on Dedicated wireless:
– Needed to support the growing voice and data needs for existing SCADA, voice dispatch, AVL, and mobile data applications for the field workforce “So news like Energy Utility laptop stolen will now have a whole different and scary meaning

-Needed to support the new and expanding “Smart Grid” data needs of AMI, and DA

-Dedicated spectrum is much less likely to receive interference and has a remedy procedure if interference is experienced

-Dedicated, licensed spectrum would likely allow for higher transmitter power, reducing the amount of infrastructure required to serve a given area, when compared to unlicensed solutions

-Harmonized with the Canadian grant of 30 MHz at 1.8 GHz

-Common spectrum allocation with Canada supports economies of scale for equipment and service providers lowering overall cost of ownership to utilities and ultimately lower rates to rate payers

-Quicker time to have equipment available since manufacturers will be making equipment for Canadian utilities “ummmm

-The allocation of 30 MHz will support many utility critical infrastructure systems. (AMI, DA, SCADA, Voice Dispatch, Mobile
Data, and AVL)