Steven Bellovin wrote:
On Nov 21, 2011, at 4:30 PM, Mark Radabaugh wrote:
Probably nowhere near that sophisticated. More like somebody owned the PC running Windows 98 being used as an operator interface to the control system. Then they started poking buttons on the pretty screen.
Somewhere there is a terrified 12 year old.
Please don't think I am saying infrastructure security should not be improved - it really does need help. But I really doubt this was anything truly interesting.
That's precisely the problem: it does appear to have been an easy attack. (My thoughts are at https://www.cs.columbia.edu/~smb/blog/2011-11/2011-11-18.html)
--Steve Bellovin, https://www.cs.columbia.edu/~smb
Umm hmm. And here's another one poking around: http://pastebin.com/Wx90LLum "I'm not going to expose the details of the box. No damage was done to any of the machinery; I don't really like mindless vandalism. It's stupid and silly. On the other hand, so is connecting interfaces to your SCADA machinery to the Internet. I wouldn't even call this a hack, either, just to say. This required almost no skill and could be reproduced by a two year old with a basic knowledge of Simatic." --Michael