

How To Hack A Brazilian Power Company - rbanffy
http://darkreading.com/blog/archives/2009/11/how_to_hack_a_b.html

======
ErrantX
_Data has to be transferred somehow from the power transmission grid to the
front-end network. Once a hacker breaks into the network, he can usually find
that connection._

A fair enough point.

Though in my experience the kind of access you would need to harness this
connection is of a higher level than simply compromising the website - you
would probably need access to the underlying system (a whole different ball
game - though entirely possible it is not mentioned in the article at all)

~~~
rbanffy
Gain access by compromising the website, fix the compromise so nobody calls
attention to it after you but leaving enough access for you to map
vulnerabilities on the inner network so you can target a small piece of
malware to a specific computer and/or user in order to get more information on
the control network, maybe piggybacking his/her authentication/authorization
profile.

Rinse and repeat.

This is no secret. The really evil people who would be willing to compromise a
nationwide energy distribution network are no script kids.

~~~
ErrantX
It depends what kind of access you can get from the site. I highly doubt
simply compromising the website is enough (unless there are hidden or
protected pages that allow you to control the network; something we cant
assume either way - if there is your dead on, if not..).

If you have to utilize the underlying operating system in some way to access
the network (for example gaining access to an internal LAN network) then
simple website access probably isn't directly enough you have to take the
exploit further.

Yes, there are plenty of ways you could try to leverage access to the
underlying OS using the site - however there is no discussion of this in the
article.

All Im trying to say there are a lot of assumptions from _Data has to be
transferred somehow from the power transmission grid to the front-end network_
to actually compromising the network. Nothing in that article is indicative of
the latter being possible. and in my experience that is instantly a warning
sign ;)

(I do this sort of testing for a living)

~~~
rbanffy
Agreed. Compromising the public facing web site is more likely to lead to
compromising other front end sites for other government agencies (or companies
that host on the same hosting provider, if that's the case) than to any
particular compromise of power distribution network servers, but, still, the
possibility exists to grab passwords, specific OS/browser versions for key
users and using the website as a finely tuned malware launch point for those
key users.

We must always assume the evil guys the other side of the router are evil,
skilled and determinate.

~~~
ErrantX
Yeh, that's a completely fair point - though somewhat different to the theory
the writer was presenting. And I would say infinitely more likely (or at least
something we can feel better making theories about)

> We must always assume the evil guys the other side of the router are evil,
> skilled and determinate.

No need to assume :D. They certainly are (though in some respects evil is a
difficult term to use; cold is better IMO)

------
jacquesm
The police department in a _major_ (2 million +) city in North America has a
UDP packet controlled internet connected control system for their lights and
air-conditioning based on a wide-spread SCADA package that has no security
whatsoever (and no checksums on their packets either), simply hose the right
port with packets and you control their lights and AC.

------
perone
Bullshit, the control of power transmission is not connected in internet or
other LAN with PCs accessing it, the control of the power transmission here in
Brazil uses security patterns like voice analysis, etc...

~~~
rbanffy
They mention how the public facing website was invaded, which is interesting
and a rather impressive display of utter incompetence. There is little
information on what really went wrong with the control systems, if they are
top blame for the blackout.

The timing of the blackout was particularly unlucky, days after the CBS
attributing two previous blackouts to computer invasions. And I wouldn't count
invasions out right now.

