lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list]
Message-ID: <BANLkTimCOUoH2ictt2gUbD3YNGOE0eFiBw@mail.gmail.com>
Date: Sun, 17 Apr 2011 07:39:58 -0400
From: Jeffrey Walton <noloader@...il.com>
To: Benji <me@...ji.com>
Cc: full-disclosure@...ts.grok.org.uk
Subject: Re: Florida Power & Light Company (FPL) Fort
 Sumner Wind turbine Control SCADA was HACKED

> so how long do you give yourself before you're in prison?
lol....

To pay devil's advocate here: FPL placed those hosts on a public internet.
In addition, FPL also configured the hosts to advertise services. If FPL did
not want the services accessed, the company would have removed the hosts
from the public internet, shut down the services, or used leased [private]
lines. Where's the leap to a criminal offense?

Jeff

On Sun, Apr 17, 2011 at 6:29 AM, Benji <me@...ji.com> wrote:

> so how long do you give yourself before you're in prison?
>
> On Sat, Apr 16, 2011 at 4:22 PM, Bgr R <bgr_24423@...oo.com> wrote:
>
>> Here comes my revenge for illegitimate firing from Florida Power & Light
>> Company (FPL)
>>    ... ain't nothing you can do with it, since your electricity is turned
>> off !!!
>>
>> Secure you SCADA better! Leaked files are attached ...
>>
>> 1) http://img838.imageshack.us/i/49986845.png/
>> 2) http://img718.imageshack.us/i/24380855.png/
>> 3) http://img24.imageshack.us/i/58868342.png/
>> 4) http://img228.imageshack.us/i/85258364.png/
>> 5) http://img163.imageshack.us/i/90736853.png/
>> 6) http://img217.imageshack.us/i/55439027.png/
>> 7) http://img40.imageshack.us/i/87526089.png/
>> 8) http://img864.imageshack.us/i/94061747.png/
>> ------------------------------------------------------------
>>
>> 161.154.232.65
>>
>> HTTP/1.0 401 Unauthorized
>> Date: Sat, 05 Feb 2011 23:43:13 GMT
>> Server: VTS 9.0.05
>> Content-Type: text/html
>> Content-Length: 622
>> Cache-Control: no-cache
>> WWW-Authenticate: Basic realm="Ft. Sumner SCADA"
>> Cache-control: no-cache="set-cookie"
>> Cache-control: private
>> Set-Cookie: VTS=9.0005;Version=1;Path=/
>> Set-Cookie: SessionID=0;Version=1;Path=/Ft. Sumner
>> SCADA/cc8620ba-ad1a-4ae9-96ed-036c22c3576a
>> Set-Cookie:
>> SessionID=0;Version=1;Path=/Ft%2e%20Sumner%20SCADA/cc8620ba-ad1a-4ae9-96ed-036c22c..
>>
>> NetRange:       161.154.0.0 - 161.154.255.255
>> CIDR:           161.154.0.0/16
>> OriginAS:
>> NetName:        FPL2
>> NetHandle:      NET-161-154-0-0-1
>> Parent:         NET-161-0-0-0-0
>> NetType:        Direct Assignment
>> RegDate:        1992-12-17
>> Updated:        2008-10-10
>> Ref:            http://whois.arin.net/rest/net/NET-161-154-0-0-1
>>
>> OrgName:        Florida Power & Light Company
>> OrgId:          FFPL-1
>> Address:        700 Universe Blvd
>> Address:        P.O. Box 14000
>> City:           Juno Beach
>> StateProv:      FL
>> PostalCode:     33408-0420
>> Country:        US
>> RegDate:        1997-06-03
>> Updated:        2007-06-29
>> Ref:            http://whois.arin.net/rest/org/FFPL-1
>>
>> OrgAbuseHandle: INFOR40-ARIN
>> OrgAbuseName:   Information Security
>> OrgAbusePhone:  +1-305-552-3727
>> OrgAbuseEmail:  information_security@....com
>> OrgAbuseRef:    http://whois.arin.net/rest/poc/INFOR40-ARIN
>>
>> OrgTechHandle: DHE37-ARIN
>> OrgTechName:   Hertzog, Dean
>> OrgTechPhone:  +1-305-552-4080
>> OrgTechEmail:  FPLNOC@....com
>> OrgTechRef:    http://whois.arin.net/rest/poc/DHE37-ARIN
>>
>> OrgNOCHandle: DHE37-ARIN
>> OrgNOCName:   Hertzog, Dean
>> OrgNOCPhone:  +1-305-552-4080
>> OrgNOCEmail:  FPLNOC@....com
>> OrgNOCRef:    http://whois.arin.net/rest/poc/DHE37-ARIN
>>
>>
>> -------------------------------------------------------------------------------
>> Configuration file from the central Cisco Router and Security Device
>> Manager: 161.154.232.2 (FPL - FFPL-1)
>>
>> Building configuration...
>>
>> Current configuration : 8467 bytes
>> !
>> ! Last configuration change at 18:01:57 UTC Mon Oct 25 2010 by ro5810
>> ! NVRAM config last updated at 18:01:59 UTC Mon Oct 25 2010 by ro5810
>> !
>> version 12.2
>> no service pad
>> service timestamps debug datetime localtime
>> service timestamps log datetime localtime
>> service password-encryption
>> service udp-small-servers
>> service tcp-small-servers
>> !
>> hostname cpr622i00bct
>> !
>> logging buffered 65000 debugging
>> logging rate-limit all 10 except critical
>> enable secret 5 $1$7uN5$Ok9fYku/HC/KNqWQkHoWP.
>> !
>> aaa new-model
>> aaa authentication login default group tacacs+ enable
>> aaa authentication enable default group tacacs+ enable
>> aaa authorization exec default group tacacs+ none
>> aaa accounting exec default start-stop group tacacs+
>> aaa accounting commands 15 default start-stop group tacacs+
>> !
>> aaa session-id common
>> ip subnet-zero
>> no ip source-route
>> ip routing
>> !
>> no ip domain-lookup
>> ip host cs00noc 172.16.0.132
>> ip host cs01noc 172.16.0.133
>> ip host cs00noc-pub 209.215.34.12
>> ip host cs01noc-pub 209.215.34.11
>> ip name-server 205.152.132.23
>> ip name-server 205.152.144.23
>> vtp domain Core
>> vtp mode transparent
>> !
>> mls qos
>> no mpls traffic-eng auto-bw timers frequency 0
>> !
>> !
>> no file verify auto
>> spanning-tree mode pvst
>> spanning-tree extend system-id
>> !
>> !
>> !
>> vlan internal allocation policy ascending
>> !
>> vlan 1578
>>  name FPL
>> !
>> policy-map SHAPER1
>>   class class-default
>>    shape average 250000000
>> !
>> !
>> !
>> interface FastEthernet1/0/1
>> !
>> interface FastEthernet1/0/2
>> !
>> interface FastEthernet1/0/3
>> !
>> interface FastEthernet1/0/4
>> !
>> interface FastEthernet1/0/5
>> !
>> interface FastEthernet1/0/6
>> !
>> interface FastEthernet1/0/7
>> !
>> interface FastEthernet1/0/8
>> !
>> interface FastEthernet1/0/9
>> !
>> interface FastEthernet1/0/10
>> !
>> interface FastEthernet1/0/11
>> !
>> interface FastEthernet1/0/12
>> !
>> interface FastEthernet1/0/13
>> !
>> interface FastEthernet1/0/14
>> !
>> interface FastEthernet1/0/15
>> !
>> interface FastEthernet1/0/16
>> !
>> interface FastEthernet1/0/17
>> !
>> interface FastEthernet1/0/18
>> !
>> interface FastEthernet1/0/19
>> !
>> interface FastEthernet1/0/20
>> !
>> interface FastEthernet1/0/21
>> !
>> interface FastEthernet1/0/22
>> !
>> interface FastEthernet1/0/23
>> !
>> interface FastEthernet1/0/24
>> !
>> interface GigabitEthernet1/0/1
>> !
>> interface GigabitEthernet1/0/2
>> !
>> interface GigabitEthernet1/1/1
>>  switchport trunk allowed vlan 1578
>>  switchport mode trunk
>>  switchport nonegotiate
>>  ip access-group 112 in
>>  service-policy output SHAPER1
>>  load-interval 30
>>  speed nonegotiate
>> !
>> interface GigabitEthernet1/1/2
>>  no switchport
>>  ip address 161.154.232.2 255.255.255.0
>>  ip access-group 115 in
>>  load-interval 30
>>  keepalive 10
>>  speed nonegotiate
>>  mls qos trust dscp
>>  no cdp enable
>>  no clns route-cache
>>  hold-queue 100 in
>>  hold-queue 100 out
>> !
>> interface Vlan1
>>  no ip address
>>  shutdown
>> !
>> interface Vlan1578
>>  ip address 65.14.117.30 255.255.255.252
>>  load-interval 30
>>  no clns route-cache
>> !
>> ip classless
>> ip route 0.0.0.0 0.0.0.0 65.14.117.29
>> ip route 155.109.5.0 255.255.255.0 161.154.232.1
>> ip route 155.109.19.0 255.255.255.0 161.154.232.1
>> ip route 155.109.29.0 255.255.255.0 161.154.232.1
>> ip route 155.109.29.204 255.255.255.255 65.14.117.29
>> ip route 155.109.29.214 255.255.255.255 65.14.117.29
>> ip route 155.109.66.0 255.255.255.0 161.154.232.1
>> ip route 155.109.88.0 255.255.255.0 161.154.232.1
>> ip route 155.109.95.0 255.255.255.0 161.154.232.1
>> ip route 161.154.0.0 255.255.0.0 161.154.232.1
>> ip route 170.55.0.0 255.255.0.0 161.154.232.1
>> ip route 204.238.236.0 255.255.255.0 161.154.232.1
>> no ip http server
>> ip http secure-server
>> !
>> !
>> !
>> access-list 98 permit 205.152.144.226
>> access-list 98 permit 205.152.132.250
>> access-list 98 permit 205.152.132.226
>> access-list 98 permit 205.152.144.250
>> access-list 98 permit 205.152.144.165
>> access-list 98 permit 205.152.37.19
>> access-list 98 permit 205.152.37.20
>> access-list 98 permit 205.152.144.163
>> access-list 98 permit 205.152.37.26
>> access-list 98 permit 205.152.37.27
>> access-list 98 permit 205.152.132.163
>> access-list 98 permit 205.152.132.165
>> access-list 98 permit 205.152.37.250
>> access-list 98 permit 205.152.37.226
>> access-list 98 permit 205.152.132.27
>> access-list 98 permit 205.152.132.26
>> access-list 98 permit 205.152.144.20
>> access-list 98 permit 205.152.37.163
>> access-list 98 permit 205.152.37.165
>> access-list 98 permit 205.152.144.19
>> access-list 98 permit 205.152.144.27
>> access-list 98 permit 205.152.144.26
>> access-list 98 permit 139.76.53.0 0.0.0.255
>> access-list 98 permit 139.76.68.0 0.0.3.255
>> access-list 98 permit 139.76.88.0 0.0.1.255
>> access-list 98 permit 139.76.228.0 0.0.3.255
>> access-list 98 permit 139.76.240.0 0.0.1.255
>> access-list 98 permit 172.16.0.0 0.0.1.255
>> access-list 98 permit 205.152.6.0 0.0.0.255
>> access-list 98 permit 205.152.66.0 0.0.0.255
>> access-list 98 permit 205.152.204.0 0.0.0.255
>> access-list 99 permit 68.153.6.0 0.0.1.255
>> access-list 99 permit 172.16.0.0 0.0.1.255
>> access-list 99 permit 139.76.53.0 0.0.0.255
>> access-list 99 permit 139.76.68.0 0.0.3.255
>> access-list 99 permit 139.76.88.0 0.0.1.255
>> access-list 99 permit 139.76.228.0 0.0.3.255
>> access-list 99 permit 139.76.240.0 0.0.1.255
>> access-list 99 permit 205.152.6.0 0.0.0.255
>> access-list 111 permit ip 65.14.117.28 0.0.0.3 any
>> access-list 111 permit ip 74.175.105.64 0.0.0.31 any
>> access-list 111 permit ip 205.152.17.0 0.0.0.255 any
>> access-list 111 permit ip 155.109.0.0 0.0.255.255 any
>> access-list 111 permit ip 161.154.0.0 0.0.255.255 any
>> access-list 111 permit ip 205.152.161.0 0.0.0.255 any
>> access-list 111 permit ip 204.238.236.0 0.0.0.255 any
>> access-list 111 permit ip 170.55.0.0 0.0.255.255 any
>> access-list 112 deny   ip 204.0.0.0 0.0.255.255 any
>> access-list 112 deny   ip 204.1.0.0 0.0.255.255 any
>> access-list 112 deny   ip 204.3.0.0 0.0.255.255 any
>> access-list 112 deny   ip 69.22.0.0 0.0.192.255 any
>> access-list 112 permit ip any any
>> access-list 115 deny   53 any any
>> access-list 115 deny   55 any any
>> access-list 115 deny   77 any any
>> access-list 115 deny   pim any any
>> access-list 115 permit ip any any
>> no cdp run
>> snmp-server community Ty#Qr53b RO 98
>> snmp-server community R5t3bF5c RW 98
>> tacacs-server host 172.16.0.132
>> tacacs-server host 209.215.34.12
>> tacacs-server host 172.16.0.133
>> tacacs-server host 209.215.34.11
>> tacacs-server timeout 10
>> tacacs-server directed-request
>> tacacs-server key 7 010703174F
>> !
>> radius-server source-ports 1645-1646
>> !
>> control-plane
>> !
>> banner motd ^CC
>> ######################################################################
>> #                                                                    #
>> #                    ***PRIVATE/PROPRIETARY***                       #
>> #                                                                    #
>> #       ANY UNAUTHORIZED ACCESS TO, OR MISUSE OF BELLSOUTH           #
>> #       SYSTEMS OR DATA MAY RESULT IN CIVIL AND/OR CRIMINAL          #
>> #       PROSECUTION, EMPLOYEE DISCIPLINE UP TO AND INCLUDING         #
>> #       DISCHARGE, OR THE TERMINATION OF VENDOR/SERVICE CONTRACTS.   #
>> #                                                                    #
>> #       BELLSOUTH MAY PERIODICALLY MONITOR AND/OR AUDIT SYSTEM       #
>> #       ACCESS/USAGE.                                                #
>> #                                                                    #
>> #                                                                    #
>> ######################################################################
>> #                                                                    #
>> #             <VERSION TEMPLATE DATE@...E>                           #
>> ######################################################################
>> ^C
>> privilege exec level 1 traceroute
>> privilege exec level 1 ping
>> privilege exec level 1 terminal monitor
>> privilege exec level 1 terminal
>> privilege exec level 1 show line
>> privilege exec level 1 show snmp
>> privilege exec level 1 show arp
>> privilege exec level 1 show accounting
>> privilege exec level 1 show service-module
>> privilege exec level 1 show version
>> privilege exec level 1 show reload
>> privilege exec level 1 show debugging
>> privilege exec level 1 show controllers
>> privilege exec level 1 show users
>> privilege exec level 1 show sessions
>> privilege exec level 1 show access-lists
>> privilege exec level 1 show privilege
>> privilege exec level 1 show interfaces
>> privilege exec level 1 show startup-config
>> privilege exec level 1 show
>> privilege exec level 1 clear line
>> privilege exec level 1 clear counters
>> privilege exec level 1 clear
>> !
>> line con 0
>>  exec-timeout 5 30
>>  password 7 070C285F4D06
>> line vty 0 4
>>  access-class 99 in
>>  exec-timeout 30 0
>>  password 7 03075218050061
>> line vty 5 15
>>  access-class 99 in
>>  exec-timeout 30 0
>>  password 7 03075218050061
>> !
>> end
>>
>> ----------------------------------------------------
>> Fort Sumner wind turbines:
>> http://www.flickr.com/photos/30325073@N02/4113855086/
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>
> _______________________________________________
> Full-Disclosure - We believe in it.
> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
> Hosted and sponsored by Secunia - http://secunia.com/
>

Content of type "text/html" skipped

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ