A Distributed Denial of Service (DDoS) attack halted heating distribution at least in two properties in the city of Lappeenranta, located in eastern Finland. In both of the events the attacks disabled the computers that were controlling heating in the buildings.
Both of the buildings where managed by Valtia. The company who is in charge of managing the buildings overall operation and maintenance. According to Valtia CEO, Simo Rounela, in both cases the systems that controlled the central heating and warm water circulation were temporarily disabled.
In the city of Lappeenranta, there were at least two buildings whose systems were knocked down by the network attack. In a DDoS attack the network is overloaded by traffic from multiple locations with the aim of causing the system to fail.
In an interview with Etelä-Saimaa, Rounela estimated the attack in Eastern Finland lasted from late October to Thursday the 3rd of November. The systems that were attacked tried to respond to the attack by rebooting the main control circuit. This was repeated over and over so that heating was never working.
To DDoS heating systems is just, plain cold.
[Typos are in the original story; I suspect English is not their primary language. -Ed.]
(Score: 2) by bob_super on Friday November 11 2016, @09:55PM
If you've got industrial-grade heating bills, a modern smart thermostat could save you tens of thousands of dollars. Those often connect to the web to use "fancy" algorithms which know about the weather and the typical performance of your building.
But the proper reaction to "comms down" should always be at worst "I'm now a dumb thermostat".
(Score: 0) by Anonymous Coward on Friday November 11 2016, @10:04PM
It should also run 100% free software and be able to be customized (i.e. which server you want it to connect to, if any).
(Score: -1, Flamebait) by Anonymous Coward on Friday November 11 2016, @11:40PM
Free software isn't fucking good enough. If it's not Linux, it's shit!
(Score: 2) by Runaway1956 on Saturday November 12 2016, @12:04AM
Oh, really? My view is, Linux is just another Unix-like. It happens to be my favorite Unix-like, but let's not get all puffed up over it. Any Unix-like with a decent copy-left attached to it, you've got a good system. BSD's licensing scheme often seems a little inferior to that of Linux, but then, BSD doesn't have precisely the same goals that Linux does. Sys-V seems to be more restrictive than BSD, or maybe that's just me reading the license wrong. Unix itself is a good OS - it's where almost everything else came from. It's just to bad that Sco got hold of it, and dragged it through the barnyard muck.
As for Windows - I can't properly express my contempt for that steaming pile of dung. But, Windows is not free, in any way, shape, or form.
"Free" software. I do believe that GP was referring to libre free, as opposed to free as in beer. If you were referring to spyware, malware, botware, and other malicious code distributed without charge, but without the source, then you do have a point.
(Score: 0) by Anonymous Coward on Saturday November 12 2016, @12:07AM
If it's not Linux, it's shit!
My BSD kernel disputes your assertion.
(Score: 0) by Anonymous Coward on Friday November 11 2016, @10:11PM
But it does NOT need an INTERNET interface, period.
If it is cloud base in an way. Through it a way. It will fail to protect the residents VERY TIME, because there is no local controls.
If it has to be on the internet to adjusted or checked on remotely. Toss it. Again, it is not there to protect the residents.
If it is computer/software based and does not fail to a correct choices such as old fashion bi-metal switch, then toss it.
K.I.S.S. then add on top improve, keeping the basics in place for loss of power, wiring, pole knock down.....
It is same idea in cars, if power brake goes out, the car can still be controlled, since power brakes make it easier to press the brake, not in place of it.
(Score: 2) by kazzie on Saturday November 12 2016, @06:42AM
If it is cloud base in an way. Through it a way. It will fail to protect the residents VERY TIME
Oh, come on, Captain Scarlet [wikipedia.org] didn't do that bad a job against the Mysterons...
(Score: 1) by nobu_the_bard on Friday November 11 2016, @10:17PM
Client uses some HVAC systems that require internet access; its gateway is a proxy though and it has an external firewall we setup onsite. I'm the IT guy not the HVAC guy.
Actual problem is the thing talks to an onsite webhost and the webhost thing is only scheduled for its first security update this year (it was installed in 2014 i think?). Vendor wouldn't let us put it in the cloud or host it offsite. Needed to be onsite. I put some stuff on the external firewall we put in front of it to mitigate some of its vulnerabilities such as a country blocker and some other stuff. Its gone offline now and again, but never restarted... will have to ask the HVAC guys what they think of this story.
The webhost is accessed via the browser on technicians' phones to make adjustments; I know from watching the firewall that the site maintenance guys log into it to do things a few times a day from the work cellphones. I do not know why. They don't want to discuss it with non-union people. I'm told by the client's head of maintenance it's important for day-to-day operations that they fiddle with settings, check readings, and the like.