Stories
Slash Boxes
Comments

SoylentNews is people

SoylentNews is powered by your submissions, so send in your scoop. Only 18 submissions in the queue.

Computer Intrusion Inflicts Massive Damage on German Steel Factory

posted by martyb on Saturday December 20 2014, @06:47PM   Printer-friendly
from the hope-nobody-was-hurt dept.

Blackmoore writes:

Ars technica - Computer intrusion inflicts massive damage on German steel factory

A German steel factory suffered significant damage after attackers gained unauthorized access to computerized systems that help control its blast furnace, according to a report published Friday by IDG News.

The attackers took control of the factory's production network through a spear phishing campaign, IDG said, citing a [pdf] report published Wednesday by the German government's Federal Office for Information Security. Once the attackers compromised the network, individual components or possibly entire systems failed.

 
This discussion has been archived. No new comments can be posted.
Computer Intrusion Inflicts Massive Damage on German Steel Factory | Log In/Create an Account | Top | 29 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 0) by Anonymous Coward on Saturday December 20 2014, @08:15PM

    by Anonymous Coward on Saturday December 20 2014, @08:15PM (#127811)

    > when will the world learn?

    When there is a lot of money on the line.
    Looks like they are just realizing that a lot of money is on the line.
    That means the field of securing scada systems is going to be very lucrative very soon. All you greybeards get your resumes ready.

  • (Score: 0) by Anonymous Coward on Sunday December 21 2014, @10:14AM

    by Anonymous Coward on Sunday December 21 2014, @10:14AM (#127985)

    From the article:

    The attack used spear phishing and sophisticated social engineering techniques to gain access to the factory’s office networks, from which access to production networks was gained. Spear phishing involves the use of email that appears to come from within an organization. After the system was compromised, individual components or even entire systems started to fail frequently.

    This wasn't purely a failure of technology.

    This also had a lot to do with people trying to be co-operative and "look good" to managers.

    No-one wanted to appear disobedient to authority. People with that obedient mentality are especially vulnerable to being hijacked, just like machines are vulnerable. They don't question or think - they just do as they are told.

    I would be hard pressed to say I would not fail under similar circumstances.

    In many cases, I can verify I have a bogus email... I even posted a couple of them here a couple of days ago, so if any here wanted to see a typical phishing attempt, those were typical examples.

    However, had these emails come from a business I was doing business with, I would have likely opened those attachments.

    And that is why I regard sending someone filetypes known to be used to harbor viral attacks about the same as sending a soiled condom.

    This whole failure mechanism was made possible by the ignorance of those unwittingly pulled into this. Had they known what the code was they were feeding their machine, they would had the same reaction as a mother being asked to feed rat poison to her baby.