[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Full-Disclosure] east coast powergrid / SCADA [OT?]

To: full-disclosure@lists.netsys.com
Subject: RE: [Full-Disclosure] east coast powergrid / SCADA [OT?]
From: "Bernie, CTA" <cta@hcsin.net>
Date: Thu, 14 Aug 2003 22:41:34 -0400

On 14 Aug 2003 at 17:15, Andre Ludwig wrote:

> It is my general feeling that the power failure could be SCADA
> related.  If it was an attack or an accident i do not know, nor
> do i think the appropriate information will ever be released to
> the public.  Allot of SCADA systems from my research do RUN MS
> software (from win95 all the way up to win2000), granted these
> are not full fledge systems but stripped down machines with some
> functionality disabled.  I have found out that RPC is used on
> several SCADA systems, to what extent i do not know, nor do i
> know if they are vulnerable to the recent rash of RPC based
> exploits.  If someone with more knowledge on these systems can
> please come forward i would greatly appreciate it. 
> 
> Did anyone watch the PBS cyber war series that was on months ago?
>  I remember Richard Clarke ranting about possible SCADA attacks
> on the power grid. If anyone has more info please do come forward
> as this is a rather interesting subject matter.
> 
> Andre Ludwig, CISSP

Being an old PLC automation and control hack let me say that 
there is a very good plausibility that the recent East Coast 
power outage was due to an attack by an MBlaster variant on the 
SCADA system at the power plant master terminal, or more likely 
at several of the remote terminal units "RTU".  SCADA runs under 
Win2000 / XP and the telemetry to the RTU is accessible via 
TCP/IP / HTTP and the Internet.  

>From what I recall SCADA based monitoring and control systems 
were installed at many water / sewer processing, gas and oil 
processing, and hydro-electric plants.

I also believe that yesterdays flooding of a generator sub 
facility here in Philadelphia was also due to an MBlaster 
variant attack on the SCADA system.

I think we can expect more so-called flukes as this worm or its 
writers transmute.

To make things worst, the Web Interface is MS ActiveX. Now lets 
see, how can one craft an ActiveX vuln vector into the blaster?

Oh, and for you wardrivers, SCADA can be access on the road… a 
new perspective on sniffing around sewer plants.

-
****************************************************
Bernie 
Chief Technology Architect
Chief Security Officer
cta@hcsin.net
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go 
//    to avoid the pure labor of honest thinking."   
//     Honest thought, the real business capital.    
//      Observe> Think> Plan> Think> Do> Think>      
*******************************************************

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.netsys.com/full-disclosure-charter.html

Follow-Ups:
- Re: [Full-Disclosure] east coast powergrid / SCADA [OT?]
  - From: KF <dotslash@snosoft.com>

References:
- RE: [Full-Disclosure] east coast powergrid / SCADA [OT?]
  - From: Andre Ludwig <ALudwig@Calfingroup.com>

Prev by Date: RE: [Full-Disclosure] MS should point windowsupdate.com to 127.0.0.1
Next by Date: RE: [Full-Disclosure] MS should point windowsupdate.com to 127.0.0.1
Prev by thread: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?]
Next by thread: Re: [Full-Disclosure] east coast powergrid / SCADA [OT?]
Index(es):
- Date
- Thread