SoylentNews is people
SoylentNews
Ars technica - Computer intrusion inflicts massive damage on German steel factory
A German steel factory suffered significant damage after attackers gained unauthorized access to computerized systems that help control its blast furnace, according to a report published Friday by IDG News.
The attackers took control of the factory's production network through a spear phishing campaign, IDG said, citing a [pdf] report published Wednesday by the German government's Federal Office for Information Security. Once the attackers compromised the network, individual components or possibly entire systems failed.
This discussion has been archived.
No new comments can be posted.
Computer Intrusion Inflicts Massive Damage on German Steel Factory
|
Log In/Create an Account
| Top
| 29 comments
| Search Discussion
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.
Fame is a vapor; popularity an accident; the only earthly certainty is
oblivion.
-- Mark Twain
(Score: 2) by Gravis on Saturday December 20 2014, @07:40PM
poor security practices result in poor security. when will the world learn?
(Score: 0) by Anonymous Coward on Saturday December 20 2014, @08:15PM
> when will the world learn?
When there is a lot of money on the line.
Looks like they are just realizing that a lot of money is on the line.
That means the field of securing scada systems is going to be very lucrative very soon. All you greybeards get your resumes ready.
(Score: 0) by Anonymous Coward on Sunday December 21 2014, @10:14AM
From the article:
This wasn't purely a failure of technology.
This also had a lot to do with people trying to be co-operative and "look good" to managers.
No-one wanted to appear disobedient to authority. People with that obedient mentality are especially vulnerable to being hijacked, just like machines are vulnerable. They don't question or think - they just do as they are told.
I would be hard pressed to say I would not fail under similar circumstances.
In many cases, I can verify I have a bogus email... I even posted a couple of them here a couple of days ago, so if any here wanted to see a typical phishing attempt, those were typical examples.
However, had these emails come from a business I was doing business with, I would have likely opened those attachments.
And that is why I regard sending someone filetypes known to be used to harbor viral attacks about the same as sending a soiled condom.
This whole failure mechanism was made possible by the ignorance of those unwittingly pulled into this. Had they known what the code was they were feeding their machine, they would had the same reaction as a mother being asked to feed rat poison to her baby.
(Score: 2) by Thexalon on Saturday December 20 2014, @10:26PM
When security failures are commonplace enough that an individual manager who ignores security risks will be likely to have negative consequences for doing so within their time in authority. Otherwise, it's extremely tempting to skimp on security, maintenance, and other routine expenses to make an individual manager look good, with the knowledge that they'll probably be in a different position or department before the consequences of those decisions come home to roost.
"Think of how stupid the average person is. Then realize half of 'em are stupider than that." - George Carlin