Researchers Reveal Malware Designed To 'Power Down' Electric Grid (securityledger.com) 42
chicksdaddy writes: A sample of malicious software discovered at the site of a December, 2016 cyber attack on Ukraine's electrical grid is a previously unknown program that could be capable of causing physical damage to the electrical grid, according to reports by two security firms. The Security Ledger reports: "Experts at the firm ESET and Dragos Security said on Monday that the malicious software, dubbed CrashOverride (Dragos) or Industroyer (ESET) affected a 'single transmission level substation' in the Ukraine attack on December 17th, 2016 in what appears to have been a test run. Still, experts said that features in the malware show that adversaries are automating and standardizing what were previously manual attacks against critical infrastructure, while also adding features that could be used to physically disable or damage critical systems -- the first evidence of such activity since the identification of the Stuxnet malware in 2010. The Crash Override malware 'took an approach to understand and codify the knowledge of the industrial process to disrupt operations as STUXNET (sp) did,' wrote Dragos Security in a report. The malware improves on features seen in other malicious software that it knows to target industrial control systems. Specifically, the malware makes use of and manipulates industrial control system-specific communications protocols. That's similar to features in ICS malware known as Havex that targeted grid operators in Europe and the United States in 2014. The Crash Override malware also targeted the libraries and configuration files of so-called 'Human Machine Interfaces' (or HMIs) to understand the environment they have infected. It can use HMIs, which provide a graphical interface for managing industrial control system equipment, to connect spread to other Internet connected equipment and systems, Dragos said."
take down 9 take the full grid down! (Score:2)
http://spectrum.ieee.org/energ... [ieee.org]
Putin at work, once again (Score:3, Insightful)
No doubt Putin's team of state hackers are behind this. Part of his plan to reconquer all former soviet republics.
Now watch the filthy little payed russian shills downmod this post down to hell, as it always happens anytime Putin or Russia are mentionned on Slashdot,
Re: (Score:1)
I modded you down.
Where's my fucking check, then, asshole?
Power Down (Score:3, Informative)
Re: (Score:1, Funny)
Dude, not to worry, you're in SoCal. Arnold Schwarzenegger, Sylvester Stallone, Bruce Willis, Nicholas Cage, Clint Eastwood, Jason Statham, Harrison Ford, Dwayne Johnson, Denzel Washington, and the rest all live like blocks from here. These dudes can us out of anything.
What I find surprising (Score:4, Interesting)
Maybe I'm being too critical of everything these days but I find it surprising that these sort of things are even news. Shouldn't it be expected even before its inception that people are going to try and fuck with important things if they can? ESPECIALLY when they can do it anonymously?
I think I need to escape to the woods, and fucking soon, for a long time.
The question at hand: (Score:4, Insightful)
Why the fuck are these systems connected to the internet?
Re:The question at hand: (Score:4, Informative)
From a technical point of view, only because it was more convenient and less costly.
But the real reason is, in almost all countries this tends to be "good enough" as no one will dare to attack you -- even if the attack itself can be easily anonymized, "cui bono" makes the attacker obvious (and a false flag operation would be pretty risky).
Except for Ukraine -- a country with a big powerful enemy it's currently at war with, and has no friends. It's beyond obvious who wants to destroy their power grid, but at this moment Russia has no real downside in revealing their hand. Thus, this is a show of strength.
Re: (Score:3)
But the real reason is, in almost all countries this tends to be "good enough" as no one will dare to attack you -- even if the attack itself can be easily anonymized, "cui bono" makes the attacker obvious (and a false flag operation would be pretty risky).
The problem is that this is no longer true due to the threat that climate change poses. Every person on this planet now has cause to disrupt operations at the vast majority of the world's power plants. The most disruptive they are to a polluting power plant/company, the greater the monetary incentive to use non-polluting energy sources or people to go off-grid with solar and battery systems. Now that attacks have been shown to be quiet feasible, they could be coming to every polluting plant, everywhere.
Re: The question at hand: (Score:1)
I want some of what you're smoking.
The vast majority of environmentalists think that they are only using green electrons to make their frappaccinos and recharge their iPhones, and it's those capitalists who are using all the dirty electrons to watch their NASCAR and run their air conditioners. It's always some else causing the problem.
Re: (Score:2)
Re:The question at hand: (Score:4, Interesting)
My musings on it:
At the time, the engineers were cocky and thought nobody would be able to fuck with it. Maybe at the time they were correct. Current engineers see the problem, but the solution costs too much so everyone just wishes it would go away and don't talk about it too much. I've never had much fun trying to explain something super technical (but super important) to someone who was stressed out and knew fuck all of what I was talking about (but occupied a role of higher power, yeah I'm talking about managers, OK?).
Fortunately, we've all been able to sit back and enjoy corporations falling prey to this kind of thought process, but someday, they'll hit just the right target where it'll cause real damage. I'm not talking the kind of damage where some exec. can't refurbish his yacht, and formulates some kind of propaganda with his friends to make it so he can. I'm talking the kind of damage where civilization grinds to a halt, and mass panic ensues.
Re:The question at hand: (Score:4, Interesting)
You are incorrect.
Back in the day we wanted either a total air gap (which we used to have) or dedicated secure networks like the banks were using. Management just about everywhere didn't like that and went shopping for consultants that gave them a cheap answer and they didn't care if the consultants knew what they were talking about or not. Various trade magazines at the time had a lot about the fuss and potential consequences but were ignored.
Don't blame the engineers for a policy decision that they argued against.
As for "Current engineers see the problem" - have you SEEN the IoT security clusterfucks in progress? Over the weekend there was an article about one here, poor defaults on the Raspberry Pi causing problems. There is definitely no reason to be smug and certainly no reason to feel superior.
Re: The question at hand: (Score:2, Informative)
In the old days, I.e. Before 1994 when most of the US deregulated, a utility company could gold plate their EMS SCADA and pass all the costs on to us residential consumers in the name of reliability services. Once they had to compete, you start seeing cost saving measures like VPN arrive, and yes, there was a time when one would say Why Is this on the Internet?!? The 2001 terrrorist attack led to CEII rules, but people were getting complacent by 2007. The DOE ran a project called Aurora that scared the cr
Re: (Score:3)
The Pi issue wasn't about poor defaults: It was about the designers making the assumption, which turned out to be wrong, that every user would know the importance of changing the password before putting their device on the internet. It turns out that even for the more technically-minded people who would usually buy a pi, a lot of them are completely ignorant of the most basic of security practices.
Re: (Score:3)
Re: (Score:2)
It was all completely obvious stuff anyway.
Re: (Score:2)
Hah it's funny cause I was thinking to actually log on last night to reply to my comment, bashing myself about how cynical that was towards a group of people who, in general, definitely don't get cocky, and for sure don't exercise their "I don't care" muscles very often either. Apologies, I've been on rant mode as of late.
I have HEARD of the "IoT security clusterfuck in progress". I think anyone who has access to the internet would have. Knowledge of what IoT even is or not.
My stance? I don't honestly care.
Re: (Score:3)
Todays networked engineers replaced the union staff.
Networks span services that should never have been opened to the outside "internet" just to save costs, for investment and free trade in upgrades or so shareholders could feel good.
Re:The question at hand: (Score:5, Informative)
That's the thing, they don't have to be to be a problem. That was the ingenious thing with Stuxnet... It had two parts, the worm that infected internet connected hosts, and the thumbdrive vector that allowed it to jump the air gap. It's entirely likely that it originated with infected thumb drives that were dropped in parking lots/buses/etc... frequented by the Engineers working on Iran's nuclear programme. People being people, they stuck the thumb drives into their machines, on either side of the air gap, and then the worm spread through the isolated side of the network, infecting the PLCs driving their centrifuges.
That said, I operate the network for an organization that has their own private power system (small hydro-electric system isolated from the main grid). As much as I would like to physically isolate our power control network from our main operational network, it's unfortunately not practical. Instead the main control of the turbines, exciters, generators and such is strongly firewalled, and then the load shedding components in the rest of the campus are on an isolated VLAN. There is additional protection through strategic use of VRFs and the like. Is it perfect? no, but it's the best I can do.
Re: (Score:2)
I still wonder if the "jumping the air gap" capability of Stuxnet was added as a diversion to protect an inside agent at Natanz. It seems like a sketchy plan to rely on someone inserting an infected USB stick into the isolated network. Instead, they may have had an anti-war sympathizer on the inside who didn't want to be a part of weaponizing their uranium, and who agreed to insert the stick as long as it couldn't be traced back to them.
Remember, the Stuxnet operation had to cross the air gap three times.
Re: (Score:2)
Nobody wants to pay for union workers to turn up to work and watch over equipment in their state. Just have an engineer do it from a more central location.
The selling of the upgrade hardware for the network.
The renting and selling for later upgrades, security and more networking.
Teaching staff how to use the new systems.
Re: (Score:2)
Why the fuck are these systems connected to the internet?
What systems are you talking about? In the US, systems that control grid infrastructure are not connected to the internet. Maybe there are a few countries left where that isn't true, but just because malware extsts doesn't mean the target is vulnerable.
Re: (Score:2)
In the US, systems that control grid infrastructure are not connected to the internet.
Oh how little you know.
Re: (Score:2)
So, how much do you really know?
Re: (Score:2)
Because any company who runs electric infrastructure has parts of it scattered geographically about. Modern grids have at least two "networks", the power network you see as transmission lines, and the control gird used to integrate the pieces as it is impossible to run them efficiently or probably at all as autonomous pieces. SneakerNet is not an option.
So, you can set up your own network and be on the hook for its maintenance, as it too will have maintenance issues, or you can piggyback off the internet. R
Re: (Score:2)
You write as if M2M communications [wikipedia.org] is a brand new thing.
Re: (Score:2)
People who think allowing these networks to be accessed from the internet at large are stupid.
Actually that is probably the point of this malware. To demonstrate how stupid it is. And yes it is stupid as well as arrogant.
To solve, hold the Cxx's personably responsible (Score:2)
Somehow I think the focus will shift pretty quickly.
It was no hackers (Score:3)
It was that maintenance guy from British Airways.
Insert cyber BS .. (Score:1)
With UMBRAGE and related projects the CIA cannot only increase its total number of attack types but also misdirect attribution by leaving behind the "fingerprints" of the groups that the attack techniques were stolen from." link [wikileaks.org]