Page 1 of 2 12 LastLast
Results 1 to 13 of 14
  1. #1
    Join Date
    Mar 2005
    Location
    Pacific Time Zone
    Posts
    4,195

    '1st Controls Malware' from USB (Siemans Attack)

    "How it can be considered "Open" is beyond me. Calling it "voyeur-ed" would be more accurate." pka LeroyMac, SkyIsBlue, fka Freddy-B, Mongo, IndyBlue
    BIG Government = More Dependents
    "Any 'standard' would be great if it didn't get bastardised by corporate self interest." MatrixTransform
    http://threedevilskennel.com/ - not my website.
    Versatile Hunting Dog Federation - www.vhdf.org/


  2. #2
    Join Date
    Jun 2004
    Posts
    723
    Yea i had seen this article little while back.

    http://www.wired.com/threatlevel/2010/07/siemens-scada/

    Every "software" type system will one day be invaded by hackers/virus. When the guys get board of hacking the pentagon for the 100th time and writing their 100th virus for windows they'll move to new fun stuff like controls.

  3. #3
    Join Date
    May 2009
    Posts
    622
    I wondered how long till this made it here. If I read it right this comes in through a windows exploit and then looks for info in a DB using some passwords that are both well known and haven't been changed for years. Then like most zombie stuff it tries to phone home with what it found, where many of these machines aren't on an internet connected machine.

    Sounds bad but I think it's mostly media hype and all Siemens needs to do is tighten up a little and change some passwords? The real exploit part here is a windows vulnerability from what I gather.
    Scott Jalbert
    Harris Integrated Solutions

    Formerly Liebert (Emerson Network Power)
    Expressed opinions are my own

  4. #4
    Join Date
    Mar 2008
    Location
    Concord, NH
    Posts
    116
    This virus attacks Siemens Industrial Control Systems software. The Building Automation Software is safe... for now.

  5. #5
    Join Date
    Mar 2005
    Location
    Pacific Time Zone
    Posts
    4,195
    For now is correct.

    The last thing I heard of was software scanning IP's for linux based systems and default passwords. Forced a few manufacturer's to change their default passwords.
    "How it can be considered "Open" is beyond me. Calling it "voyeur-ed" would be more accurate." pka LeroyMac, SkyIsBlue, fka Freddy-B, Mongo, IndyBlue
    BIG Government = More Dependents
    "Any 'standard' would be great if it didn't get bastardised by corporate self interest." MatrixTransform
    http://threedevilskennel.com/ - not my website.
    Versatile Hunting Dog Federation - www.vhdf.org/


  6. #6
    Join Date
    Aug 2009
    Posts
    2,459
    There's now more to this story:

    Link

    Evidently this is a harbinger of what is to come- and it is not pretty for any of us. It looks like the tinfoil hat crowd might have been right about this...

    From the article:


    But what was the motive of the people who created it? Was Stuxnet intended to steal industrial secrets – pressure, temperature, valve, or other settings –and communicate that proprietary data over the Internet to cyber thieves?

    By August, researchers had found something more disturbing: Stuxnet appeared to be able to take control of the automated factory control systems it had infected – and do whatever it was programmed to do with them. That was mischievous and dangerous.
    But it gets worse. Since reverse engineering chunks of Stuxnet's massive code, senior US cyber security experts confirm what Mr. Langner, the German researcher, told the Monitor: Stuxnet is essentially a precision, military-grade cyber missile deployed early last year to seek out and destroy one real-world target of high importance – a target still unknown.

    "Stuxnet is a 100-percent-directed cyber attack aimed at destroying an industrial process in the physical world," says Langner, who last week became the first to publicly detail Stuxnet's destructive purpose and its authors' malicious intent. "This is not about espionage, as some have said. This is a 100 percent sabotage attack."

  7. #7
    Join Date
    Sep 2009
    Posts
    141
    The default password has been known for years the usb flaw has been "known" but un-patched for a while now. The fact that it specifically targets a system with relatively low market share kind of points to it being a targeted attack against a specific company/industry.

    SCADA and industrial control software has been getting "beaten up" the last couple years. DDC and building automation has not but it's pretty funny some of the glaring holes you can find in these systems. Often one can find them with cookie cutter scanning tools or simple mutation fuzzing (you don't need to understand the protocol very well to find a weak stack).

    What's even better is that most companies don't care about fixing issues or warning their customer base when they're made aware of it. Cisco is the only building automation system that I know of to have made full disclosure and subsequent patches available in the public domain. They're also the only company that I'm aware of that's actually doing internal (or external) security testing of their products.

    There's also a shiny new working exploit for Scada Engine's BACnet OPC client on the exploit database. Actual exploit here in case it gets bumped off the page.

    R/ D1G
    Last edited by D1G; 09-22-2010 at 11:06 PM. Reason: post about the exploit

  8. #8
    Join Date
    Apr 2007
    Location
    San Diego, CA
    Posts
    1,322
    "Siemens has advised its customers not to change the default passwords hard-coded into its WinCC Scada product, even though the Stuxnet malware that exploits the critical infrastructure systems software is circulating in the wild." emphasis mine... WTF Siemens?

    Stuxnet worm hits Iranian nuclear plant?

    screen-shot of the control system here.

    "The conclusion is that it is probably a screen-shot of a wast water treatment plan, not a nuke facility."

  9. #9
    Join Date
    May 2008
    Location
    Michigan
    Posts
    254
    its the government, and so is the earthquake.

  10. #10
    Join Date
    Aug 2009
    Posts
    2,459

    Update-

    New info released over the weekend:

    Stuxnet was developed as a two year joint project between the Israelis & the US. It was first tested on Israeli centerfuges in Dimona before it was deployed to Iran.

    The info above is not a shock at all, but this is- Evidently Siemens was in on it!!! Up until now most of us assumed that the Siemens SCADA equipment was merely a pawn in the stuxnet chess game. Evidently they were on board and working with us to develop it though...

    One article (of many this past weekend).


    I've got to tip my hat to Siemens. It seems they stepped up to the plate on this one.

  11. #11
    Join Date
    Jun 2004
    Posts
    723
    Why not just hide it in a service pack or an upgrade/firmware to software then? Siemens could easily do that in code and not go about this whole virus thing.

  12. #12
    Join Date
    Sep 2007
    Location
    SoCal
    Posts
    135
    I think bombing the facility would be easier than upgrading the firmware.

    Also, I think that Siemens was probably ensured that they would not be implicated in the development of the worm.

    Good to see the Germans and Israelis working well together.

  13. #13
    Join Date
    Mar 2005
    Location
    Pacific Time Zone
    Posts
    4,195

    Dozens of exploits released for popular SCADA programs

    "Giant bullseyes painted on industrial control software

    The security of software used to control hardware at nuclear plants, gas refineries and other industrial settings is coming under renewed scrutiny as researchers released attack code exploiting dozens of serious vulnerabilities in widely used programs. The flaws, which reside in programs sold by Siemens, Iconics, 7-Technologies, Datac, and Control Microsystems...."

    http://www.theregister.co.uk/2011/03...oits_released/

Page 1 of 2 12 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
Comfortech Show Promo Image

Related Forums

Plumbing Talks | Contractor Magazine
Forums | Electrical Construction & Maintenance (EC&M) Magazine
Comfortech365 Virtual Event