@MajorGoodGuy: You're missing the point - this particular machine DID have a DNS entry and was connected.  And, for your information, I build interfaces for these machines for a living, and they DO have computers on the engine. It's called a "Skid Mounted HMI". @Thegodthatdied: Very good question! It shouldn't be directly connected. Some of our clients do, however, and shrug off security because"who would know to contact the genset?" A VPN is good basic precaution.

== John ==

Normally when you design equipment, the firmware in the hardware it self should never give absolute control to a remote control interface, making it impossible for rouge commands or errors by the user to destroy the equipment.

Secondly mission critical equipment should not be connected to the Internet.

Remember the weakest link in any security system is typically the users, as they are easily tricked using social engineering, man in the middle attacks etc..

@bjtaudio That works right up until the first security vulnerability.

generator abuse!!!!!!

How heavy was the generator?

Just like terrorism is a way for the government to be above giving anyone they choose a right to a fair trial. an "Internet cyber attack" will give the government full censership rights over the internet. Then they will dumb us down with mainstream news propaganda like TV. The zombies will think its to protect them, just like todays zombies do with Homeland Security already.

Interesting! These systems should be kept more secure. There servers that control these types of system operations should be ran on a private intranet. They should never have these servers running on the public internet unless its ran through a private virtual network! Power grids also use this same type of monitor/ control system. The same goes for traffic control units.

@endgameoutoftime You are an idiot endgame. I am more afraid of another Jared Loughner than I am any Muslim in this country. What do you do when you don't get your way? Cry and hissy-fit?

The part that was most telling? When the rain flapper on the exhaust pipe closed. Dude! Finished with engine now!

WTF is this

@monkeyboy27476 racist

@vladmir38 yup no computers, so if shit hits the fan no emergency respons crews (911). That's the biggest worry in my mind is a lack of a fire dept if something like this happened, coupled with a chemical fire.

same aholes who put undie bomber on board,confessed in secret before congress and still got to force body scanners on us/ same fake problems hell no we don't want to lose anymore freedoms

I really hope they did this with a unit that was retired or decommissioned. It's galling to imagine the expense of the demonstration otherwise...

@chromal I think national security has more importance over the cost of a generator.

I think burning out a generator is irrelevant to national security.

@chromal if they get the generators how are you gonna produce power to the homes and everything else. everything runs on electricity now. pumps/computers/streetlights/c­omunication.

if there is a black out during winter it will be cold in your house or extreamly hot in summer. also if it goes then how are we saposed to pump sewer water out and control the streets. electrisity gone for a long time = is horrible times.

@chromal Also think about how hospitals will be run. They only have electrical generators that can last for a few days. Check out CNN's recent cybershockwave feature to find out how bad of a threat cyber-warfare is to national security.

Don't get me wrong, the electrical grid is absolutely vital. Most people aren't prepared to survive an extended outage. I live somewhere where seasonal storms can and do take out the power for days on end, as recently as a five-day outage last April while I was simultaneously snowed in.

My point was more, you can demonstrate the remote manipulation of controls of facilities like this one without actually using them to burn out an apparently good piece of equipment. That was just for PR.

@chromal you're such a moron

How many hundreds attacks/day does the U.S. do 2 N Korea? and NEVER reported. Search for arrested "Jesse Will McGraw" AKA "Ghost Exodus" of electronik tribulation Army. He was the hacker who planned the 4th of July computer attacks but the Feds want to say it was N Korea, and not some Texan terrorist republican wanting Obama to be seen as a failure to protect america. Looks like the Republicans themselves are the true terrorist. the FEDS can use this as a Pre Empt Reason 4 war with N Korea

Since North Korea has like 2 websites, I'd say the U.S. doesn't conduct hundreds of attacks on them a day.

Just another staged "calamity" to further provoke fear.

This is so simple to prevent. Also interesting that they used a diesel generator & didn't specify anything about the science involved.

Just: Be afraid, little sheep. We, the government are your friend and will protect you!

Right!

@KutWrite You need to actually understand how computers work to understand the severity of a cyber-attack. This is partially propaganda but there is truth to it.

The way the internet works and how computer systems are vulnerable to attack are examples about how cyber-warfare is a feasable, and easy, to implement against a nation which is part of a world that has only heard of the word hacking in the last 20 years.

It's not that hard to hack your way into a synchronizing system of a genset (MPTM multiple parallel to mains system) I monitor some gensets from here (comap or deapsea controllers) and to connect from the internet to these controllers for the first time I didn't even have to consult the manual....

Once youre in, and you know something about synchronizing systems it's all to easy to destroy the engine/generator coupling or the entire engine, so this video doesen't surprise me.

"I gots no internets I gots no hacks! oh shit!"-Unknown power plant

they use linux still can be hacked

so important to show this to everyone!

how can we entrust microsoft windows our security???? WTF???

Seriously is it that hard to bring a generator up out 180 out of phase? If they did this right they could have ripped it right out of the concrete because it would act like a motor instead of a gen. Plus there's no way you could do this without inside information. Firewall codes, the firewall would also have to be open to access most are locked down to specific IP. Even if you knew your way around and the codes most plants have diff contractors, equip and progs for process controls.

Locked to a specific IP you say? Oh well then....its impenetrable. I mean, if computer A says it owns IP 192.168.0.1 then its just the truth.

Computer to computer communications requires trust. Trust is bad. BAD I say.

Not true, they hacked this machine with nothing more than knowing the name of the company / DNS name, and the fact that the control systems were connected to the Internet.

No firewall codes were needed.

== John ==

@jgwinner

Why is this even connected to the internet. These kind of machines should be regulated within the factory. You people are making it real easy for skynet. I mean how stupid would a person have to be to connect a nuclear power plant to the virus infected internet. It's like a surgeon putting his hand into a pile of shit before going to the operating table.

@jgwinner He's just spouting bullshit, to hack this type of system would require you to first hack into a computer that is running SCADA software then once you did that you would then have to hijack the software to take control of the PLC and then cause the engine to speed up and overheats and all that bad stuff, the machine does not have a DNS and clearly is not hooked up to the Internet, its an engine, not a computer and theres no such thing as firewall codes, dumb ass. Stop BSing.

id like to see the process from the other side of the cord

This is tripping! This can have serious consequences for the country if nothing is done to secure our power infrastructure.

The experiment, called "Aurora," that alarmed the committee members was conducted in March 2007 by the Idaho National Laboratory for DHS.

no its, Die Hard 4.1 ;)