Staged cyber attack reveals vulnerability in power grid
Top Comments
All Comments (45)
-
@MajorGoodGuy: You're missing the point - this particular machine DID have a DNS entry and was connected. And, for your information, I build interfaces for these machines for a living, and they DO have computers on the engine. It's called a "Skid Mounted HMI". @Thegodthatdied: Very good question! It shouldn't be directly connected. Some of our clients do, however, and shrug off security because"who would know to contact the genset?" A VPN is good basic precaution.
== John ==
-
@jgwinner He's just spouting bullshit, to hack this type of system would require you to first hack into a computer that is running SCADA software then once you did that you would then have to hijack the software to take control of the PLC and then cause the engine to speed up and overheats and all that bad stuff, the machine does not have a DNS and clearly is not hooked up to the Internet, its an engine, not a computer and theres no such thing as firewall codes, dumb ass. Stop BSing.
-
@bjtaudio That works right up until the first security vulnerability.
-
Normally when you design equipment, the firmware in the hardware it self should never give absolute control to a remote control interface, making it impossible for rouge commands or errors by the user to destroy the equipment.
Secondly mission critical equipment should not be connected to the Internet.
Remember the weakest link in any security system is typically the users, as they are easily tricked using social engineering, man in the middle attacks etc..
-
Why is this even connected to the internet. These kind of machines should be regulated within the factory. You people are making it real easy for skynet. I mean how stupid would a person have to be to connect a nuclear power plant to the virus infected internet. It's like a surgeon putting his hand into a pile of shit before going to the operating table.
-
generator abuse!!!!!!
-
How heavy was the generator?
-
Just like terrorism is a way for the government to be above giving anyone they choose a right to a fair trial. an "Internet cyber attack" will give the government full censership rights over the internet. Then they will dumb us down with mainstream news propaganda like TV. The zombies will think its to protect them, just like todays zombies do with Homeland Security already.
-
Interesting! These systems should be kept more secure. There servers that control these types of system operations should be ran on a private intranet. They should never have these servers running on the public internet unless its ran through a private virtual network! Power grids also use this same type of monitor/ control system. The same goes for traffic control units.
It's not that hard to hack your way into a synchronizing system of a genset (MPTM multiple parallel to mains system) I monitor some gensets from here (comap or deapsea controllers) and to connect from the internet to these controllers for the first time I didn't even have to consult the manual....
Once youre in, and you know something about synchronizing systems it's all to easy to destroy the engine/generator coupling or the entire engine, so this video doesen't surprise me.
fietspomp1 3 years ago 10
Not true, they hacked this machine with nothing more than knowing the name of the company / DNS name, and the fact that the control systems were connected to the Internet.
No firewall codes were needed.
== John ==
jgwinner 3 years ago 9