Hacking into and shutting down industrial systems on which the U.S. relies is staggeringly easy, according to recent presentations from the Black Hat hacker conference.
Picture this: A few pump station operators along New York City's water tunnels fire up their computers to check the status of various water pressure readings.
But their networks have been hacked, and the readings they see on their computers are not the real readings. The adjustments they make cause the water pressure to skyrocket, blowing several mains, and cutting water to various part of the city, if not the entire city. Sure these systems have redundancies, but those redundancies are vulnerable too.
Attacks require "significantly fewer resources and skill" than previously thought.Simultaneously, in other parts of the Northeast U.S., hacked high voltage transformers spin out of control and explode. The blackout could cut as wide as the Tri-State area, and last for months, compounding any attempts to fix the water lines.
No water. No electricity. Pure mayhem.
Tim Simonite of MIT Tech Review recently talked to hackers at Black Hat about a vulnerability in a protocol called “Dbus” which leaves more than 90,000 industrial controls vulnerable.
Another vulnerability, this one in sensors “used to monitor oil, water, nuclear, and natural gas infrastructure” can be hacked into with “a relatively cheap 40-mile-range radio transmitter.” Those sensors could be “spoofed” to show false readings, hackers tell Simonite.
The Obama administration says it takes the threat seriously and has taken several steps — including an executive order — to try and improve network security. As Simonite points out, however, even though the information sharing program alerts companies to vulnerabilities, that doesn't mean the companies follow through with patches.
BlackHat attendees showed proof that the companies weren't doing all they could to protect their customers.
From Tech Review:
All the attacks to be mentioned today require significantly fewer resources and skill than what was required to employ the best-known attack on an industrial system, the U.S.-Israeli-backed Stuxnet operation against the Iranian nuclear program.
Previously, the Defense Science Board released a report that said viruses and exploits with Stuxnet-like results are incredibly complicated and likely require the backing of state-sponsored hacking units to perform. The Black Hat findings paint a completely different picture — it seems the idea of a few people in a basement causing cataclysmic damage is not really that far-fetched.
Read more: http://www.businessinsider.com/hackers-could-shut-down-the-us-2013-8#ixzz2bRIJZelc
No comments:
Post a Comment