SoylentNews is people
SoylentNews
Risevatnet Lake is a small dammed lake near the city of Svelgen in the South-West of Norway. It primarily serves as a fish farm.
On April 7 its dam control system was breached by a Russian hacktivist group, Z-PENTEST (guess what the Z stands for). The main valve was put on maximum opening, increasing the water flow to maximum volume for four hours before the incident was detected; on April 10 the dam's owner alerted authorities.
The hackers got in through a weak password -- the classical 123456, or risevatnet123, perhaps -- on the web interface used to control the dam. This web interface was directly connected to the Internet.
Once logged in, the hackers could directly control a motorized valve which controlled the water flow. (Why local teenagers hadn't discovered this before remains a mystery.)
About 145,000 Industrial Control Devices (ICS) were found to be directly connected to the Internet in a 2024 Censys scan (pdf). Of these devices, 48,000, or 38%, were located in the US, with Europe accounting for a comparable number (35%). A sizeable portion (34%) of devices were water and wastewater related, while 23% were associated with agricultural processes. Many of these devices -- including HMIs, PLCs, and SCADA panels—were discoverable with simple scans, and often "protected" by default or easily guessed passwords.
If you read around a bit, the impression is that Z-PENTEST is something like a splinter group from another "hacktivist" group, the People's Cyber Army. Both groups have boosted on Telegram about similar actions before -- aiming for oil wells, dams and rural water systems. Their targets have been in the United States, Canada, Australia, France, South Korea, Taiwan, Italy, Romania, Germany, and Poland.
It has to be seen whether this latest action -- freeing fish from Western Propaganda and the Capitalists' Deadly Grip -- will give them much street cred in the hacker scene.
(Score: 4, Insightful) by Gaaark on Saturday July 05, @06:21PM (1 child)
...stupid is as stupid does. Put it on the internet with a weak password. Dumb-da-dum-dumb.
This is why we can't have nice things: people use insecure OS's; people use insecure passwords; people put systems on the internet when they don't need to be and people are people (with apologies to Depeche Mode).
--- Please remind me if I haven't been civil to you: I'm channeling MDC. I have always been here. ---Gaaark 2.0 --
(Score: 4, Funny) by driverless on Sunday July 06, @09:36AM
Note to self: Change combination on luggage, Russian hackers have guessed it.
(Score: 4, Insightful) by Mojibake Tengu on Saturday July 05, @06:49PM
Some industrial equipment manufacturers are actively complying with recent no default password laws of certain funny countries with... not establishing a default password for default login by default at all. The same logic as recently used in some Linux distros.
You may reminisce for "at least some default passwords, please!" with nostalgia soon.
Rust programming language offends both my Intelligence and my Spirit.
(Score: 4, Insightful) by VLM on Saturday July 05, @08:46PM
Somewhat less sensational than reported
My experience with this in megacorporate land is bad security often comes from turf wars. Who's legally allowed to change the gate settings in Norway? I donno. But I bet the guys with the budget and legal requirement to pay for the gate control is different than the people with the legal ability to control the gates, so there was at some point a disagreement and "F you guys the password is now 12345"
Another often misunderstood effect is often people just don't care. In the long run it saves money to log in remotely to change the setting and fine tune the absolute heck out of it, but 99% of the time nobody "really" cares what the setting is. When its important there will be human eyes on it and human hands near the controls, when it does not matter, "meh log in over the internet using password 12345 and call it good".