Archive

Archive for November, 2011

SCADA Security Evaporates in Texas

November 22, 2011 Leave a comment

A hacker, going with the name “pr0f” has been all over the news for showing that he was able to access a SCADA system used in Texas. only to vent his anger on how the DHS underplayed a recent attack that destroyed a pump at a water facility in Illinois.

Comment: Looking into the images, in addition to South Huston Texas,they also feature screen shots labelled as (City of South Huston Nevada and Virginia)

In one of his interviews, “pr0f” said that he was able to access the systems via “two” different methods. First through a VNC connection that was accessible from the internet !!!, which helped him take the screen shots below, in addition to the ability to access the web administration portal which is still accessible till this morning !!.

Screen shots:

Texas SCADA Hack

Texas SCADA Hack

When asked to comment on the Illinois incident, he said

“I dislike, immensely, how the DHS tend to downplay how absolutely (expletive) the state of national infrastructure is. I’ve also seen various people doubt the possibility an attack like this could be done,”

apparently Using a Romanian email (pr0f_srs@ue.co.ro) to post the screenshots on pastebin , the hacker told Threatpost that he discovered the vulnerable system using a scanner that looks for the online fingerprints of SCADA systems. He said South Houston had an instance of the Siemens Simatic human machine interface (HMI) software that was accessible from the Internet and that was protected with an easy-to-hack, three character password.!!!” No Comment”.

Actually there are a couple of comments:

– He might have used a publicly discussed vulnerability in Siemens allowing attackers to intercept and figure-out passwords, or change the configuration of the PLCs. So my guess is that using a harder password would not have helped much.
— the Siemens Advisory that went out last July (http://support.automation.siemens.com/WW/llisapi.dll?func=cslib.csinfo&lang=en&objid=51401544&caller=view) tells you to limit physical and logical access to the vulnerable system while they work on a patch ( which is yet still to come).

– WHY….is the system accessible from the internet? is the real question.
— I just can’t get why would someone put his critical business asset even if its an ice cream machine online and accessible from the internet…apparently not hardened ” system fingerprint was searchable” and with lots of Siemens vulnerabilities/goodies up for grabs.

“pr0f” is probably going to face some serious legal troubles for admitting his act, but his adventure makes me wonder…if this is the status of security and awareness in “some” of the critical infrastructures in the united states of america and I’m sure in other “developed” countries.

What would be the status of SCADA security in the “Developing” world ? I am making a study on the CIIP status in the developing world and found that in just one domain/sector which is oil production as of November 2010, the OPEC members “ 12 countries all considered developing countries” collectively hold 79% of the world’s crude oil reserves and 44% of the world’s crude oil production with 100% reliance on SCADA/DCS systems many of which has reported vulnerabilities or even exploits, none of those countries has a national CIIP strategy or follow/adopt an acknowledged SCADA security guideline or best practice or even consider Critical Information Infrastructure Protection a topic worthy of discussion.

Advertisements