Stories
Slash Boxes
Comments

SoylentNews is people

posted by Fnord666 on Sunday September 10 2017, @11:11PM   Printer-friendly
from the lights-out dept.

Submitted via IRC for SoyCow1937

Nation-sponsored hackers have penetrated the operational networks multiple US and European energy companies use to control key parts of the power grid that supplies electricity to hundreds of millions of people, researchers warned Wednesday.

The incursions detected by security firm Symantec represent a dramatic escalation by a hacking group dubbed Dragonfly, which has been waging attacks against US and European energy companies since at least 2011. In 2014, Symantec reported that Dragonfly was aggressively establishing beachheads in a limited number of target networks, mainly by stealing the user names and passwords used to restrict access to legitimate personnel. Over the past year, the hacking group has managed to compromise dozens of energy firms and, in a handful of cases, install backdoors in the highly sensitive networks the firms use to supply power to the grid.

[...] After this Ars post went live, several security professionals with expertise in electric grids downplayed the likelihood of the operational network compromises being used to cause blackouts or take down parts of the grid. Robert Lee, the founder and CEO of Dragos Security, said the hackers would need more than the mere ability to control human machine interfaces that flip switches and open and close breakers. While he said an attack that mimicked the techniques that disrupted Ukrainian power in 2015 was possible, he said differences in the US grid would make those tactics much less effective.

Source: https://arstechnica.com/information-technology/2017/09/hackers-lie-in-wait-after-penetrating-us-and-europe-power-grid-networks/


Original Submission

 
This discussion has been archived. No new comments can be posted.
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
  • (Score: 2) by Aiwendil on Monday September 11 2017, @11:12AM (2 children)

    by Aiwendil (531) on Monday September 11 2017, @11:12AM (#566185) Journal

    Basically anything with a CPU and connected to a network should be assumed to be compromised.

    Ehm, no.

    Consider the following three quite common kinds of networked computers:
    *) ROM-only (not EEPROM) programs with all data (usually bitpatterns) read on fixed boundries.
    *) Behind "information diodes" (ie, only send but never accept [blind send])
    *) When the network consist of only this and other computers in the same housing/cabinet.

    (Combining all three isn't uncommon, have the things talking to instruments as fixed boundry, then have their output read [on fixed boundry] by a master computer in the same cabinet that send via an information diode to the interface for outside reporting)

    However - hooking up a general purpose computer to a two-way network is indeed insane if you expect security. It's just that networks and computers are a lot more than this.

    Starting Score:    1  point
    Karma-Bonus Modifier   +1  

    Total Score:   2  
  • (Score: 2) by Unixnut on Monday September 11 2017, @02:16PM

    by Unixnut (5779) on Monday September 11 2017, @02:16PM (#566223)

    Well, on one hand yes, you are right. However on the other hand, just because you can't compromise the ROM, doesn't mean that hackers can't mess you about.

    Stuxnet was pretty potent in its destruction of connected machinery, and I bet you those centrifuges were not directly compromised. More than likely the control computer (which is a general purpose computer) was compromised, and started sending commands that damaged the hardware.

    With embedded systems, the easiest thing to attack is either the control machine, or the bus itself (rs485 back when I was working on it), which can allow you to take control and issue commands to each and every node on the bus.

    Also, more and more embedded systems are pretty powerful in their own right, and they pretty much all have flash and/or EEPROM. The reason for this is because it is rather appealing to manufacturers to have a way to do rolling updates without needing to either issue a recall, or ship out an engineer to replace ROM chips.

    I mean, my keyboard has an ARM32 in it, and plenty of EEPROM, with a bootloader capable of auto-updating over USB . You could fit a keylogger in there just fine, and if you compromised my PC, you could upload the keylogger to my keyboard, and it would persist no problem.

    And that is a keyboard, something that sends keypresses to the machine. Once upon a time an 8048 and 1K ROM would have been more than enough. I guess back then the firmware was written in ASM, god knows what they write it in now, Java probably for this keyboard (judging by the beefy hardware in it).

    If my keyboard has this, I can imagine that more sophisticated/expensive machinery has something equivalent, if not better.

    I'd argue it is because they can't write software properly anymore. Rather than do it right the first time, they get it barely working, ship it, and then push updates at our inconvenience if bugs occur. Computing power is so cheap, that it makes more sense to hire cheap, crappy coders and just throw hardware at the problem, rather than pay good coders a lot of money to write tight, efficient code, and run it on lower powered hardware.

    So, the scope of what can be compromised has increased quite a lot now, and as more stuff gets connected, the more we are going to have big problems.

  • (Score: 2) by crafoo on Monday September 11 2017, @04:35PM

    by crafoo (6639) on Monday September 11 2017, @04:35PM (#566265)

    Great!

    Now consider this: Version 2. Marketing-driven. Extensive design-to-cost initiatives. We better use as much COTS software and hardware as possible to compete with our Chinese rivals.

    Guys break out a few cases of champagne! We cut units costs in half and added some cool IoT features! Plus that recent headcount reduction did wonders for the site's productivity and yield. Cigars all around boys!