Security Market Segment LS
Tuesday, 19 April 2011 23:04

The critical infrastructure hack that never was


Yesterday the Internet was a-buzz with tales of a hacker shutting down a US-based wind farm.  Pity it never happened.

On Saturday 16th April, claiming to be a disgruntled ex-employee, someone calling themselves Bigr R announced on the Full Disclosure mailing list "Here comes my revenge for illegitimate firing from Florida Power & Light Company (FPL) ... ain't nothing you can do with it, since your electricity is turned off !!!"

Attached to the submission was a sequence of 8 images - supposed screen shots from the hacked system and what appeared to be a Cicso router configuration file seemingly from the hacked company - Florida Power and Light - the owners and operators of the wind farm in question.

The news sites were all over the story.

Even at the time of writing these stories, the doubts were creeping in. 

Computerworld themselves reported that the consumers of the facility's output, New Mexico Utility company PNM "is not aware of any incidents affecting the company's Fort Sumner facility."  Surely with the media paranoia regarding critical infrastructure (Stuxnet, anyone?) news of a hacker-caused outage would have spread like wildfire.

A casual view of the provided images suggests that the site runs WinCC - a very common Supervisory Control and Data Acquisition (SCADA) software system.  Oddly (and unconnectedly) this is the same system targeted by Stuxnet.

However, there are also some immediate difficulties with the screens.

This writer has reasonable experience with the control systems for a wind farm and these screens look nothing like such a system. iTWire chose to not run the story.

Contrary to lay expectations, wind farm operators have little interest in fancy images of turbine blades whirling around and photos of turbines standing on their tall towers.  Instead, they are likely to focus of what are normally referred to as "single line diagrams" (something like slide 13 here) which are electrical diagrams used to assess, manage and control the electrical flow within the plant. 

There is little in the offered information to see that such screens are present; in fact the fourth image seems more like a listing of a private FTP site containing the images than having anything to do with a control system.

There are other clues.  On the first image, we see the word "Energie" and on the second & third, most of the language also seems to be in German (the native language of Siemens, developers of the WinCC environment).  The remainder of the images appear to be work schedules associated with the commissioning of some kind of electrical installation.

By Monday, everyone was back-peddling.  Computerworld had a change of heart, as did Networkworld

Well-known SCADA security expert Eric Byres also concluded this to be a hoax based on an analysis of the screen shots and also via access to a private SCADA security reporting network.

This whole incident exposes one of the primary problems of security reporting (and probably why Bigr R chose to announce the 'hack' on a Saturday) - that it is difficult to recognise real intrusions from hoaxes and everyone seems to want to see the worst in any situation.


Subscribe to ITWIRE UPDATE Newsletter here

Now’s the Time for 400G Migration

The optical fibre community is anxiously awaiting the benefits that 400G capacity per wavelength will bring to existing and future fibre optic networks.

Nearly every business wants to leverage the latest in digital offerings to remain competitive in their respective markets and to provide support for fast and ever-increasing demands for data capacity. 400G is the answer.

Initial challenges are associated with supporting such project and upgrades to fulfil the promise of higher-capacity transport.

The foundation of optical networking infrastructure includes coherent optical transceivers and digital signal processing (DSP), mux/demux, ROADM, and optical amplifiers, all of which must be able to support 400G capacity.

With today’s proprietary power-hungry and high cost transceivers and DSP, how is migration to 400G networks going to be a viable option?

PacketLight's next-generation standardised solutions may be the answer. Click below to read the full article.


WEBINAR PROMOTION ON ITWIRE: It's all about webinars

These days our customers Advertising & Marketing campaigns are mainly focussed on webinars.

If you wish to promote a Webinar we recommend at least a 2 week campaign prior to your event.

The iTWire campaign will include extensive adverts on our News Site and prominent Newsletter promotion and Promotional News & Editorial.

This coupled with the new capabilities 5G brings opens up huge opportunities for both network operators and enterprise organisations.

We have a Webinar Business Booster Pack and other supportive programs.

We look forward to discussing your campaign goals with you.


David Heath

David Heath has had a long and varied career in the IT industry having worked as a Pre-sales Network Engineer (remember Novell NetWare?), General Manager of IT&T for the TV Shopping Network, as a Technical manager in the Biometrics industry, and as a Technical Trainer and Instructional Designer in the industrial control sector. In all aspects, security has been a driving focus. Throughout his career, David has sought to inform and educate people and has done that through his writings and in more formal educational environments.

Share News tips for the iTWire Journalists? Your tip will be anonymous




Guest Opinion

Guest Interviews

Guest Reviews

Guest Research

Guest Research & Case Studies

Channel News