News: Hacking SCADA

Welcome back, my hacker novitiates!

Now, and more so in the future, wars will be fought hacker v. hacker. The number of soldiers, guns, tanks, and ships will be less important in your success in warfare than the number of well-trained hackers you have. Every nation and every military is run and controlled by digital systems and devices. If the hacker can control or disable them, any conflict will come to a quick resolution.

Imagine, if you will, a scenario where two nations embark upon a conflict/war. If one nation can first disable the other's electrical grid, water systems, sewage systems, financial systems, communication systems, and transportation systems (air traffic control, rail, etc.), the other nation will be unable to conduct the war. How long do you think the civilian population would sustain a war without sewage, electricity, and water?

The systems I mention are referred to as SCADA (supervisory control and data acquisition) systems. These are the digital systems that make an advanced economy work, and like all digital systems, they are susceptible to hacking. These systems include:

• Industrial control systems
• Nuclear power plant systems
• Electrical grid systems
• Air traffic control systems
• Rail control systems
• Sewage and water systems
• Security systems
• Webcams
• Financial systems and ATMs
• HVAC systems
• Oil and gas pipelines
• And soon... automobile control systems

The Stuxnet worm is just one example of a sophisticated SCADA hack promulgated in the name of cyber war, but there are many, many more.

Old Windows Operating Systems

One of the things that makes SCADA systems so vulnerable is that many of them are using old vulnerable Windows operating systems. In fact, many are still using Windows XP or even earlier systems like Windows 2000 and NT. You might wonder why such critical systems are still using such old operating systems? The answer is that precisely because they are so critical, that can't be upgraded. Operators often feel that they can't take down the system as it is critical for the overall operation of the plant or system. In addition, there is is the concern that an upgrade/update might not work and once again a critical system will be down. Or, that the critical software to run the facility has never been upgraded to run on modern operating systems. Whatever the reason, most of these systems are running on very old and very vulnerable operating systems, some of which, Microsoft no longer supports with security updates.

SCADA Hacks Are Growing

Although you may not have heard of any SCADA hacks, they are proliferating. The U.S. Homeland Security is placing increasing emphasis on SCADA security as they believe the U.S. is most susceptible to these types of hacks. The reason you may not have heard about them is that they are quietly being covered up. When they do happen, the proprietor meekly points out that it was a system malfunction or some other innocuous event. I personally am aware of at least two major SCADA hacks in the U.S. that were covered up and never revealed to the public. I'm sure there are many more.

Accessing SCADA Systems Through Shodan

Nearly every SCADA system has a web interface. This enables the operators to manage the system remotely. Since there is a web interface, it is likely that Shodan has it indexed. Shodan is a search engine of web interfaces. Similar to Google, but it only indexes the banners of web interfaces.

If we open Shodan and search for SCADA systems, we will see that there are literally hundreds of web interfaces for SCADA systems around the world. Each of these is a potential entry point for the hacker.

My cursory search through these web interfaces came across this web interface to a hydroelectric system in Genoa, Italy.

Some recent hacker movies such as Blackhat and Die Hard 4 have depicted a world where SCADA systems have been hacked and held hostage. Although these may seem like Hollywood fantasies, the risks are very real and the hacker with aspirations to work in the cyber warfare realm should become familiar with both the defense and offense of SCADA systems.