Those of you who have been a part of the Null Byte community for even a short while know that I sincerely and firmly believe that hacking is the most important skill set of the future.
To further emphasize how important our skill set is, knowledgeable estimates put the potential impact of an attack on the U.S. power grid at over $1 trillion per year. Such an attack would cause severe damage to the U.S. and likely cripple the economy and stock markets with even greater impact than 9/11 (after 9/11, the stock markets dropped and the economy sank into recession).
In the last week, U.S. Homeland Security revealed that ISIS (the so called Islamic State) has been attempting to take down the U.S. power grid through cyber attacks.
These attempts have been clumsy and lacking in sophistication using only rudimentary tools (script kiddies?). Experts worry about what might have happened had they used more sophisticated tools and had a higher level of skills. (Obviously, they are not members of Null Byte). They might have been successful in knocking out parts of the U.S. electrical grid (all digitally-controlled) and wreaking havoc upon the U.S. economy.
SCADA
I point this out not only because of its concern for national security, but also because SCADA (supervisory control and data acquisition) hacking will become the de facto hacking of open cyber warfare. As countries progress from the now quiet, slow-burn cyber warfare of today to open hostilities, they will assuredly attempt to take down each other's SCADA systems.
Presently, nearly every industrialized country on Earth has a cyber warfare effort and cyber warfare teams. Few countries would be able to withstand and sustain a war effort if their people are without electricity, water, sewage, and transportation. All of these systems are very vulnerable to being hacked.
SCADA systems tend to use old, legacy operating systems and are not well-protected. Not only are many of these systems using Windows XP (which is no longer supported, which means no security updates), some are even using Windows NT 4.0 (circa 1995).
These systems, if they can be reached, are all very vulnerable to being owned. When they are owned by attackers with malicious intent, they can be turned, misdirected, and forced to operate in ways that would physically damage other equipment (sending too much power through a transformer, for instance). Every country has these vulnerabilities, and it is those of us who understand these frailties who will be in demand from national governments and utilities around the world.
White Hat v. Black Hat
Null Byte is white hat hacker's educational playground—white hat as in the "good guys." Good, though, is a relative term. It can mean legal and it can mean ethical. The difference between white and black hat can depend upon your perspective.
For instance, to an American, these hackers trying to take down the electrical grid are black hats, but imagine a case where your nation has been invaded and overpowered by a militarily superior neighbor. In such a case, taking down their SCADA systems will be the goal of your national government to weaken this attacker. In that case, hacking the SCADA systems would make you a white hat hacker and a hero to your people.
So, although we are white hat hackers, it doesn't mean that we should ignore learning these techniques that could be critical to our nation's survival in the event of war.
Our skill set here is the most important and valuable skill set of the 21st century, so keep coming back and sharpening your hacking skills!
Just updated your iPhone? You'll find new emoji, enhanced security, podcast transcripts, Apple Cash virtual numbers, and other useful features. There are even new additions hidden within Safari. Find out what's new and changed on your iPhone with the iOS 17.4 update.
16 Comments
Do SCADA development teams not have a responsibility to harden these systems? And is it really necissary that these systems are open to the internet, could the systems not be internal only? Would it not be easier (and more effective) to harden the entire network around these systems? While the systems will remain weak points, having a weakpoint inside a hardened network will certainally slow attackers down.
Once again though a well written article to remind our fellow nullbytians that what we are working towards here is important and in demand.
In some cases they are not connected to the Internet, such as the Iranian uranium enrichment facility that the NSA took down with Stuxnet. Usually, these facilities are connected to the Internet so that someone can administer remotely.
Ahh stuxnet, few years on and it's still being used as an example of what can be accomplished.
I understand why they the systems are connected to the internet.
What i wonder is couldn't the connection method be changed, so the scada system will only accept connections from within a certain network, therefore not exposing the actual scada system to attackers but forcing them to compromise the entire network before hand. A legitimate user can still start a remote session into the network and administer the system from within the network. Whereas an attacker has to compromise the network before he can even see the System.
My understanding of SCADA is limited, but I'm near certain I've seen the firmware login screen pop up from even a quick Shodan search?
Well if the administrator can still remote session in then the hackers would just attack that opening and then attack the SCADA directly. It does add one layer of defense but doesn't stop a skilled hacker by a long shot.
The best thing is to just have no outside internet connection and if something needs to be done the admin just comes in.
This has lots of practicality problem but its better than the alternative.
Cheers,
Washu
To upgrade a system they would have to shut it down and install a more secure operating system, I don't know how these SCADA systems work in detail but that would maybe mean turning off the electrical grid to get updated computers and such to run newer, more secure OS's.
The article I read about how stuxnet failed the nuclear centrifuges by OTW was "secure", as in it wasn't connected to the internet. But it only took somebody with a USB to ruin all of that, with a well built worm and knowledge of how these centrifuges operated of course.
Unless they have a security expert running SCADA systems themselves and not someone just maintaining them and keeping them up i don't think it will be fixed, or in a quick manor anyway. Also a program to teach there employees some security, and having strict rules as in not bringing non related work USB's inside, and work related USB's outside.
But i'm by no means an expert in this type of thing, or anything at that.
I don't expect many of these vulnerable systems will be upgraded, as I suspect many of the outdated systems wont be capable of running more current operating systems anyway. Even if it was practical to upgrade I don't think it would be practicable.
What I wonder is why steps haven't been taken to make actually attacking them more difficult, they become as difficult to attack as the network around them.
I'm no expert either my friend. =)
Oh my. News of these attacks is a bit disconcerting.
I found the white hat v. black hat portion of this article to be particularly inspiring, perspective is everything.
-Defalt
What OTW says is very true. Most of these SCADA systems run old operating systems. I just cracked into one:
Anonymous login successful
Domain=WORKGROUP OS=Windows 5.1 Server=Windows 2000 LAN Manager
"Windows 5.1" an old, vulnerable and exploitable OS.
People look at the cost of upgrading it, the time and resources it will take, and refuse to think that a cyberattack will ever happen to them.
Hospitals have been using xp forever and have had several hacks in the previous years.
Either they are aware and don't want to upgrade, or they truly have no idea of the impact this will have.
I agree with JACK SEA. People look at time and cost. Also they think that they are secured or no one will attack on their system until they actually get attacked. Their is lack of security experts in some countries, some administrators can only deal with script kiddies but not with skilled blackhats. I think they should be trained for such attacks for future.
Great article. The scary part is one person with my skill level probably could take it down.
Just wanna tell you guys that ISIS is nothing to do with Muslims they just use the name of Islam to spread terrorism but in reality they have nothing to do with that religion.
So it will be very kind of you guys try not to relate them with any religion because every religion is made to serve humanity.I am a Muslim to and i don't like that some one relate terrorism with Islam because Islam is truly a religion of peace and humanity.Sorry about the discussion on religion but i though i have the Freedom of speech
-LiGHTNinG
This is kind of of out context, apart from one mention in the article, there was no mentioned of any religion nor did anyone ever say that ISIS was tied to Muslims.
Not trying to attack you, just pointing out that this is quite random.
Cheers,
Washu
.
Thanks OTW. Great thoughts and articles as usual.
Protip, don't connect the power grid to the internet
Share Your Thoughts