- Venezuela’s Maduro calls on student ‘price vigilantes’ to hit the streets, report businesses
- Atheists smug as Hindus join Satanists to demand display at Oklahoma Statehouse
- Bow before Valkyrie, NASA’s ‘superhero robot’ entry in DARPA challenge
- 10-year-old Pennsylvania boy suspended for pretend bow-and-arrow shooting
- Tea partiers turn on Capitol Hill budget deal
- Budget deal to get quick vote in the House
- Comma on!: Twitter erupts over Obama-Castro ‘marriage’
- Sebelius calls for review of Obamacare rollout woes
- American dream dying, but many see free market as solution: Poll
- Air Force base in South Carolina boots Nativity scene
Mediocre hackers can cause major damage
Researchers find vital infrastructure, factories at risk
The computer systems that control vital industrial machinery in nuclear power plants, water treatment facilities and many other factories are vulnerable to deadly sabotage by hackers with even moderate skills, security researchers say.
Dillon Beresford, who works for security firm NSS Labs, showed at a security conference in Las Vegas how he had successfully hacked into special computer systems that are made by Siemens and other companies and are used in thousands of industrial plants.
The Siemens equipment that Mr. Beresford hacked, called Industrial Control Systems or ICS, is the same product targeted by Stuxnet, the sophisticated computer worm discovered last year to have crippled Iran’s nuclear program.
Stuxnet reprogrammed the computer-controlled centrifuges used to enrich uranium so that they spun out of control and destroyed themselves.
Joe Weiss, a veteran consultant on ICS security for several industries, said the key issue was that Mr. Beresford was able to hack the equipment even with no experience with ICS systems, a small budget and limited time.
Mr. Beresford, who devised the hacking technique over 2½ months in his bedroom, found a “back door” coded into the SiemensICS system and several other security weaknesses. These vulnerabilities could allow a hacker with access to the computer network at the plant to shut down or even damage the machinery that the system controls, Mr. Phatak said.
“These systems were never designed with security in mind,” said a senior Homeland Security cybersecurity official, speaking on the condition of anonymity because of department ground rules.
“Traditionally, these networks were not connected” to the public Internet, the official said.
However, in recent years, demands for greater productivity prompted more and more companies to connect their industrial networks to other company networks linked to the Internet.
Mr. Weiss said that in more than a dozen vulnerability assessments he had completed for clients, he found in every case “at least one remote access point connecting an ICS system to the ‘outside world’ [his clients] didn’t know existed.”
He noted that one of the company’s computer-security specialists, Thomas Brandstetter, joined Mr. Beresford onstage for his presentation earlier this month at the Black Hat Security Conference in Las Vegas.
Last month, the Homeland Security Department issued a bulletin to critical infrastructure owners warning that the loose-knit Internet hacker collective called Anonymous had threatened attacks on U.S. and Canadian oil and gas companies.
The bulletin stated that the skill level associated with Anonymous attacks to date - like those involving the penetration of Web and email servers of state and local law enforcement - was low. The bulletin said it was on a par with the skill level of “script kiddies” - young, untrained hackers.
Yet hackers with more rudimentary skills can quickly exploit security flaws like those identified by Mr. Beresford. “Once the vulnerabilities make their way into open source, that lowers the [skill] bar down to a ‘script kiddie’ level,” said the Homeland Security official.
“If you just want to stop the facility, that’s one thing,” he said. “If you want to destroy the machinery [as Stuxnet did], that’s harder.”
© Copyright 2013 The Washington Times, LLC. Click here for reprint permission.
About the Author
By Donald Lambro
Growth spikes are little more than trend-free anomalies
- Teen thugs in DC run wild -- even while wearing GPS ankle bracelets
- Leon Panetta named as source of 'Zero Dark Thirty' scriptwriters information
- New budget accord saves $23 billion -- after $65 billion spending spree
- Obama takes 'selfie' at Mandela's funeral service
- CARSON: Why did the founders give us the Second Amendment?
- VEGAS RULES: Harry Reid pushed feds to change ruling for casino's big-money foreigners
- Tea partiers turn on Capitol Hill budget deal
- Gov't Motors: Obama fudges math on auto bailout, $10.5 billion loss for taxpayers
- More than a quarter million sign up for Obamacare in November
- Chinese man fed up with his girlfriend's shopping jumps to his death
Independent voices from the The Washington Times Communities
An objective, analysis-based perspective of D.C. sports as seen through the eyes of lifelong D.C. sports enthusiast, John Heibel.
All of the world’s problems, solved on your back porch
Human interest stories to feed interest, satisfy curiosity and see outside the box.
Politics, economics, and business from a real world perspective.
White House pets gone wild!
Let it snow