

Hacking Team Caught Taking Over Decoy Water Plant - WestCoastJustin
http://www.technologyreview.com/news/517786/chinese-hacking-team-caught-taking-over-decoy-water-plant/

======
ChuckMcM
Ok, that is an interesting result. I ran a honey pot BBS for a while (kremvax)
which was fun to watch folks try to break into but this is more unsettling.
Given the exploitable javascript also talked about at the conference it seems
like if you were in a tor node you might still be able to do the equivalent of
the DNS hack where private addresses are inverse spoofed.

One of the things about radar guided missiles that interested me early on is
that you pretty much have to have your radar on for them to work, and if you
had a radar on you could find it and kill it (hence the variety of HAARM
missiles). Similarly when people are trying to exploit our search engine it is
hard to obfuscate since they have to include what they are trying to find in
the search query in order for it to work. And now netwar requiring network
traffic which has to return to the source to be useful.

~~~
keefe
I'm with you in principle but not the intensity of the last couple
sentences... some script kiddie yeah true statements, but in larger
contexts...

~~~
pkinsky
Do you mean that a serious hacker would upload (encrypted) data from a
compromised machine to pastebin for later retrieval?

------
chrisbennet
At the end of the day, it is not in China's best interest to harm the US
economy.

J. P. Getty said "If you owe the bank $100 that's your problem. If you owe the
bank $100 million, that's the bank's problem." We owe China a _lot_ more than
that.

~~~
haldujai
Great quote. However you're under the assumption that China will always act in
the best interests of their people. You are right in that should China harm
the US economy they would enter a massive recession, but who says the CPC
care?

Many civilizations (look at some of Africa and the Middle East for that last
several hundred years) haven't particularly cared about their citizens beyond
collecting tax. This helps to explain why North Korea and Iran do what they do
despite the damage to their people.

~~~
pkinsky
The CPC cares about maintaining legitimacy and avoiding unrest. Their
legitimacy rests on continued economic growth.

China has had massive popular insurrections in living memory and continues to
have local ones to this day.

------
greenyoda
What I don't understand is why systems like power grids and water plants need
to be connected to the public internet. Why couldn't the owners of these
systems lease some fiber optic cables from the internet backbone operators
(AT&T, Sprint, Level 3, etc.) and set up their own control networks that are
totally isolated from the internet? From what I understand, there's lots of
"dark fiber" capacity that's not currently being used, so it couldn't be that
expensive to lease. Or, they could just contract with the existing backbone
operators to run these private secure networks for them.

And if that's too difficult or expensive, why not just set up secure VPN
tunnels over existing internet connections to connect these sensitive sites?

Anyone have any insight into why this isn't happening?

~~~
cnvogel
Well, as far as I know "professionally run" (e.g. multi-site plants run by a
big corporation with a dedicated network-security staff and so on...)
industrial automation networks _are_ using VPNs, isolation of special-purpose
segments with dedicated gatways, VPNs and similar technology. This I've
learned from what I could see from contemporary power-plant projects.

But "smaller" projects (for example when a few-people engineering firm builds
a water-plant with one or two PLCs and tries to give the owner access to
monitor it from the office) still just puts a port-forward to a basically
unprotected device into the plastic DSL modem/router.

Why's that?

In my experience the guys running industrial automation were very always
concerned about the reliability of their field-busses, redundancy of links,
possibility of faults. But they only ever concerned themselves about the
possibility of someone introducing faults deliberately and maliciously when we
pointed it out explicitly. It was something that, in their world of
professionally installed point-to-point-links, in armoured cable ducts on
fenced industrial plants, did not exist.

And that mind-set is still very much alive in the heads of the
designers/engineers but takes a lot of effort to adjust to threats as they
exist these days. Without a IT/Plant security department enforcing the rules
(to the annoyance of all involved parties...) convenience, cheap hardware,
less labor and planning will win.

------
cnvogel
Presumably these are the slides of the BlackHat 2013 talk mentioned in the
article.

[http://www.slideshare.net/KyleWilhoit/bh-
europe-2013wilhoit](http://www.slideshare.net/KyleWilhoit/bh-
europe-2013wilhoit)

The abstract of the talk is to be found on blackhat's server.

[https://www.blackhat.com/eu-13/briefings.html#Wilhoit](https://www.blackhat.com/eu-13/briefings.html#Wilhoit)

Why can those online newspapers never cite/link to the original works? Or at
least cite the correct title of the talk, so it's easily googable? It's a
pithy.

~~~
toyg
Because it'd become too obvious that most online journos are glorified human
clipboards, cutting & pasting from feed A to feed B.

~~~
walshemj
no you mean rewriting A to suit their owners agenda.

------
stretchwithme
I don't understand why these systems need to be on the Internet. If engineers
really need to be able to connect to them remotely, those seeking to connect
shouldn't be establishing the connection, just requesting that one be
established. Like the old modem connections where you just wait for a call at
an already known phone number.

------
tantalor
_The community needs to know there are people explicitly targeting these
systems_

Is there any evidence of this? It is possible they were looking for _any_
vulnerable systems.

I would not be surprised if they were explicitly targeting industrial systems,
but that claim ought to be supported by facts.

------
tantalor
Please fix the title, should be: Chinese Hacking Team Caught Taking Over Decoy
US Water Plant

~~~
foobarqux
Making the problem you raise more explicit:

"Hacking Team" is an Italian security firm that has been in the news for other
reasons.

------
geoffmacdonald
This is far more important than the NSA bullshit.

~~~
LAMike
How so?

~~~
at-fates-hands
imagine an attack on the power grid. Now think about a large portion of the US
without electricity and it won't come back because these hackers have full
control of the power grid.

Be scared, be very scared.

~~~
jrockway
Someone would totally have to swap some parts out or something to fix that!
What a crisis! Make a movie!

~~~
socillion
_Live Free or Die Hard_ is the movie.

