Re: Don't make the power grid smart: IT COULD GET HACKED!

http://blackhat.com/html/bh-usa-09/b...ers.html#Davis

Smart Grid. Smart Meters. AMI. Certainly no one has escaped the buzz surrounding this potentially ground-breaking technology. However, equally generating buzz is the heightened threat of attack these technologies provide. Mike Davis and a team of IOActive researchers were able to identify multiple programming errors on a series of Smart Meter platforms ranging from the inappropriate use of banned functions to protocol implementation issues. The team was able to “weaponize” these attack vectors, and create an in-flash rootkit, which allowed them to assume full system control of all exposed Smart Meter capabilities, including remote power on, power off, usage reporting, and communication configurations.

In this presentation, Davis will discuss the broad, yet almost ubiquitous exploits and basic design flaws in today’s Smart Meter and Advanced Metering Infrastructure (AMI) technology. Typical attacker techniques such as buffer overflows, persistent and non-persistent root kits, and even self-propagating malicious software will be illustrated. Davis will even demonstrate a proof-of-concept worm attack and the general reverse engineering techniques used to achieve code execution. To show all is not hopeless, he will also cover the incident response impacts of possible worm attack scenario. Finally, building upon the analysis of the worm-able attack surface as well his hardware and software penetration testing research, Davis will suggest inherent design fixes that AMI vendors can implement to greatly mitigate these broad exploits.

Re: Don't make the power grid smart: IT COULD GET HACKED!

Anyone surprised by this, please stand on your head.

http://www.theregister.co.uk/2009/06...ecurity_risks/

Re: Don't make the power grid smart: IT COULD GET HACKED!

You're cheating because you and I have talked about this. :)

Re: Don't make the power grid smart: IT COULD GET HACKED!

Wait at 47 seconds, did he hack the lights using Task Manager? He set us up the dual-core!


I'm hitting the remote unmanned pump station with the 6 foot fence and cheap padlock and chain that's a little too long so I can just open the gate enough to slip in. You know the site the one where there's no intrusion alarm on the door and there's a hide-a-key on the side by the bushes. It has direct access to the OPC server. If I can see the OPC server then I'm in without any specialized programs.

Re: Don't make the power grid smart: IT COULD GET HACKED!

After doing some thinking about this and trying to explain the communication links of my SCADA system to the wife, I decided to actually map out all the different communication paths of my comparatively small system.

http://img20.imageshack.us/img20/5205/scadalinks.gif

Now extrapolate this to what the powergrid would be like: Multple makes and models of PLC's, all kinds of different communications types from dedicated Leasedlines, T1, HDSL and probably VPN thrown into the mix. It would be a big complicated system that wouldn't just be a matter of plugging in a laptop that's so often portrayed in TV and discussed in the news, and you suddenly have a display of the entire system.

Granted, some SCADA systems have moved into the really wrong direction by using things like WebHMI. My place actually purchased WebHMI and it was configured for a short time, but after I couldn't verify one way or another that it was safe, I turned it off.

I'm sure that you guys looking at this, the wheels are already turning as to where the best place to conduct an attack would be based upon the links, right?

Re: Hackers targeting SCADA networks

Yep!
Merged.

facon12, consider looking for recent threads on the same topic with a forum search. This thread that your thread was merged with was only 5 days old.

Thanks!

Re: Hackers targeting SCADA networks

There's been a couple of different threads related to this topic.

When I saw that video, I assumed it was a fake. But it's a well known fact that malicious people are looking closely at SCADA systems. But to date, most attacks against them have been from people on the inside of the targeted network with intimate knowledge of the network.

Once my friends and I get our webserver back online, I'll have an updated PDF of, at this point, over 600 pages of articles related to SCADA hacking and known attacks.

BTW, If you watch the video closely, you can see it's an obvious fake:

> At 16 Seconds, you get a clean shot of the motherboard that is not only leaning against a metal rim of the PLC cabinet which would short it out, but it also has no RAM installed. Kind of tough to run a computer with no RAM.

> For some unknown reason, the second guy is screwing some circuit board to the inside of a standard computer power supply with some strange antenna protruding from the middle.

> That same power supply doesn't have a 120V feed plugged into it, but somehow has a light lit. There appears to be a small battery pack plugged into it.

> They then plug the ATX connector from that into that panel opposite the 'PLC' cabinet. I can't see any reason to do such a thing, since there wasn't a 120V feed from the other side of it.

Hackers targeting SCADA networks

http://www.wired.com/threatlevel/200...er-apocalypse/

According to the McAfee representative in this article, even though the video of a building's light system being hacked was a hoax it is proof that hackers have their eye on these types of systems as a potential target. It seemed logical that hackers would target this sort of system but a bit of a leap in logic to make the assumption from someone making a video like that. Just wondering what other's thoughts were.

Re: Don't make the power grid smart: IT COULD GET HACKED!

Amish Ninjas

Re: Don't make the power grid smart: IT COULD GET HACKED!

It's the work of militant Amish Terrorists. The ALO Amish Liberation Organization. Why do you think they wear black.

xor

I could always come up there and spray paint ALO on the sides of buildings.

Re: Don't make the power grid smart: IT COULD GET HACKED!

I'm still working on getting better security implemented at our site. It's an uphill battle because I'm going against managers that are of the idea that since nothing bad has happened so far, then we don't have anything to worry about.

Even when something bad does happen it's just shrugged off as an isolated incident. We've had an increasing amount of incidents occur against several of our properties including a smashed window at our main office. The window was said to have been vandalism, but I saw it as an attempt to enter the building since it was in the most concealed corner of the building. I'd think if it was vandals they would have broken the nice big window out front, not a 2x2' window near the back door behind a bush.

Re: Don't make the power grid smart: IT COULD GET HACKED!

Well everybody knows that no one would think of physically attacking the plant. You onl y have to worry about virtual access. And they have firewalls to protect them.

Sadly this is how most places are. I've seen better security in sewage treatment plants (not yours, haven't been there yet.) then in power generating facilities. Hell, I've seen better security on the cisterns at the local state park. We drove up the wrong unmarked road and we're looking around 5 minutes before we were met by the park police and shown that the entrance to the park was on the other side.

Believe me, I've seen it all from redicuously locked down systems requiring key card access, to run a single machine, to absolutely no restriction to run the entire plant!

Smart Grid will be hacked the day it gets installed. I don't care how good the heuristics system is. Personally, I've looked at what they say it can do and it scares me.

Re: Don't make the power grid smart: IT COULD GET HACKED!

I just got back from a tour of a local Co-Gen facility that's taking methane generated by the host facility and using it to power 1.5MW generators which is then supplied to the main power grid. I was on the tour because our facility is looking into installing a Co-Gen in the next couple of years.

Sadly, both their IT and Physical security is atrocious. The Co-Gen was surrounded by a 8' chainlink fence with no wire on the top. It is out in the middle of nowhere with no cameras and no guards. It would be rather simple to enter the compound where the generators are sitting and no one would know you're there.

The control cabinet for the Methane input wasn't locked, when we got there, but even if it was locked, it would have been simply bypassed as it was a cheap cabinet type lock. The locks on all the doors were cheap as well, nothing had a deadbolt or a padlock hasp on it, except for a storage container.

Inside the Switchgear building was their data connection. From what I could see it was possibly a private line ADSL link to their main facility about 30 miles away. The reason why I think it was a private line and not a regular ADSL line was because of the Circuit ID written on the box. Inside the switchgear room was an OIT that controls the entire facility. This had no authentication on it and was just ready for anyone to press buttons.

In the operators office was another OIT that also could run the facility, when we came in it was in "locked" mode, meaning no changes could be made. While he was showing us the system, he simply clicked a button and it unlocked. No user/pass challenge.

Hanging on the wall was a Linksys 54G AP. I quickly did a discrete scan of wireless networks from my Blackberry just to see what it was. The SSID was being broadcast and it was using WPA-Personal. The SSID also indicated what the facility was. Sitting on his desk was a pair of laptops which he said one was configured to plug directly into the generators for troubleshooting issues and adjusting the onboard computers. The other one, I assumed, was the one he takes home with him so he could connect remotely.

I didn't see a modem or any other remote connection method on the site so I'm assuming he would connect via a VPN to their main site and then jump the ADSL line down to there. On both OIT's was an ancient version of VNC.

This facility obviously isn't big enough to unbalance the grid and cause a major blackout. But having the AP sitting there is kind of scary as if it were hacked chances are someone would have access to the rest of the grid in that area.

Re: Don't make the power grid smart: IT COULD GET HACKED!

That would be a great way to get all the "Macs can't be hacked" people to wake up . . .

Re: Don't make the power grid smart: IT COULD GET HACKED!

The blackout-pregnancy link is pretty much a myth...
Most people are too concerned about other things to get their groove on.

More interesting is the hysteria surrounding it. I wasn't in the US when the duct-tape and plastic sheet hysteria was going on, but manipulating that for personal gain might make an interesting "theoretical" talk.