lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <3F3C101E.32195.1BFCBF8@localhost>
From: cta at hcsin.net (Bernie, CTA)
Subject: east coast powergrid / SCADA [OT?]

On 14 Aug 2003 at 17:15, Andre Ludwig wrote:

> It is my general feeling that the power failure could be SCADA
> related.  If it was an attack or an accident i do not know, nor
> do i think the appropriate information will ever be released to
> the public.  Allot of SCADA systems from my research do RUN MS
> software (from win95 all the way up to win2000), granted these
> are not full fledge systems but stripped down machines with some
> functionality disabled.  I have found out that RPC is used on
> several SCADA systems, to what extent i do not know, nor do i
> know if they are vulnerable to the recent rash of RPC based
> exploits.  If someone with more knowledge on these systems can
> please come forward i would greatly appreciate it. 
> 
> Did anyone watch the PBS cyber war series that was on months ago?
>  I remember Richard Clarke ranting about possible SCADA attacks
> on the power grid. If anyone has more info please do come forward
> as this is a rather interesting subject matter.
> 
> Andre Ludwig, CISSP

Being an old PLC automation and control hack let me say that 
there is a very good plausibility that the recent East Coast 
power outage was due to an attack by an MBlaster variant on the 
SCADA system at the power plant master terminal, or more likely 
at several of the remote terminal units "RTU".  SCADA runs under 
Win2000 / XP and the telemetry to the RTU is accessible via 
TCP/IP / HTTP and the Internet.  

>From what I recall SCADA based monitoring and control systems 
were installed at many water / sewer processing, gas and oil 
processing, and hydro-electric plants.

I also believe that yesterdays flooding of a generator sub 
facility here in Philadelphia was also due to an MBlaster 
variant attack on the SCADA system.
  
I think we can expect more so-called flukes as this worm or its 
writers transmute.

To make things worst, the Web Interface is MS ActiveX. Now lets 
see, how can one craft an ActiveX vuln vector into the blaster?

Oh, and for you wardrivers, SCADA can be access on the road… a 
new perspective on sniffing around sewer plants.











-
****************************************************
Bernie 
Chief Technology Architect
Chief Security Officer
cta@...in.net
Euclidean Systems, Inc.
*******************************************************
// "There is no expedient to which a man will not go 
//    to avoid the pure labor of honest thinking."   
//     Honest thought, the real business capital.    
//      Observe> Think> Plan> Think> Do> Think>      
*******************************************************



Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ