Omg Abcnews Says Hackers Are Going To Blow Up The World Woowoooooo! P

[h3%5kr3w]

abc news is known for being real dumbshits when it comes to anything related to viruses or malware or even hackers but this one is hillarious. Here is my type-interpretation of the piece.

{Michael Ball - ABC news}

Federal agents this morning are investigating what could be a major security threat to power plants and big industries.

The threat comes from computer hackers, agents say their methods are advanced and unusual.

It's not just a nationwide threat, it's a world wide threat to power plants. Federal investigators discovered hackers are trying to break into computer systems and gain control. The department of homeland security discovered for the first time, a malicious computer code that was created to seize inner workings of not only power plants but industrial plants. They call it the Struxnet worm.

-Sean McGurk - Director of Control Systems Security Department of Homeland Security -

"Most of the activity that we have seen over the past several months has involved intrusions into enterprise or corporate networks, that is the front office area of a control plant or a power plant"

Investigators have discovered the computer code is capable of opening and closing doors and gates to allow access for potential intruders

-Sean McGurk

"That is very targeted and very soffisticated and that's why it's unique. This is the first peice of malicious code of this complexity that we have ever identified"

The Struxnet worm is considered serious because it can be unleased on a wide variety of industries

-Sean McGurk

"It can be used to purify water, it can be used to generate power, it can be used to build equiptment and vehicles; it tends to have a wide variety of purposes."

But the biggest concern it may be is aging power plants.

-Sean McGurk

"because if you can shut a power plant down, you can in fact shut down an entire interconnected infrastructure. In other words, the water will stop flowing, the banks wont operate, you cant pump gas"

13 teams of govt. cyber experts are investigating this unusual and complex computer threat.

Now here is the kicker.. If you read it when it says "that is the front office area of a control plant or a power plant" you would think they mean like a server closet in the front office... No. Someone made a worm that can open and close an automated gate or automated doors.. You should have seen the gate they showed. It was armed with soldiers. Surree your going to get into that one :/

Don't get me wrong I am sure the basically lead network security guy from Homeland Security knows his stuff (I hope so anyways...) but to say crap like someone can hack a power station and basically I guess shut it off? Why would anyone do that? And also if it's an AGING power plant, would it even be networked?! Most of everything that could be hacked would have to be something around the 90's era or higher, and very little of that would be on mission critical applications that the plant would have to have to function..

And so what this so called Struxnet worm is basically a virus with plugin capability? Big deal. That's been around for a long time. It's just another way the news can try to scare the crap out of people who don't know any better.

So... is it like.. Diehard 4?! WHERE'S MY NOKIA!!! :P

Oh and btw. Where is my water purifying worm for crying out loud?! I want my faucet infected with some of that! hah!

Edited August 4, 2010 by h3%5kr3w

[VaKo]

I hate to break this to you, but a lot of old systems have been jury rigged to connect to networks/the internet over the last 15 years or so. Often this work was done by the lowest bidder, and with scant disregard for anything we would recognize as security. And even more often these systems are not documented, and may have even been forgotten about. Things like modem lines for remotely dialling into the network, they often have no security on them at all. So yes, people being able to hack into power stations or similar is a very big problem.

As for why people would want to do it, its called cyber-warfare, and currently China is the worlds #1. The USAF has the 67th Network Warfare Wing (24th AFSPC) . Most other developed and developing nations have this ability. Imagine being able to cause the same level of disruption as a $87million bomber with a netbook? Imagine if Saddam had just been able to reach into the US and switch the east cost off? Or flood the drinking water supply of NYC with raw sewage? The homeland security guy is worth listening to.

[Infiltrator]

This news article reminds me of the Die Hard 4.0 film. Where the hackers took over the whole country from a mobile station.

I always had this bad feeling, that something like that would happen one day. The technology has advanced so dramatically and arrived to a point where all devices must be interconnected in order to exchange information and this is what makes the whole system so vulnerable to attacks.

I hope there is no Fire Sale.

[deleted]

After DieHard 4.0, I had quite a few people ask me if the whole "fire sale" concept was possible (because I'm the computer guy), they were expecting the "No, its just a film" and were quite surprised when I told them that its possible (although a little far-fetched) and that our nations infrastructures aren't as well protected as we should hope.

The way things are set up at the moment is very high physical security but very lax virtual security. Its like guarding your front door while your back door is wide open. Many plants will be using SCADA (supervisory control and data acquisition) systems which were modern and secure in their day, but not any more. A lot of them still run Windows CE and Windows 3.1. Sure they will probably be firewalled, but it shouldn't be the only line of defence. If I was running the infrastructure, I would just take them off any sort of network completely and put them on their own, closed circuit network because that way you need to get through the physical security to access it.

Sadly, I don't think there will be any action to resolve this issue until there is a major incident. Our governments use a wait-and-see attitude towards these kinds of threats and they have to realise that there are people out there who want to see our nations disrupted through any means.

Edited August 4, 2010 by DarkBlueBox

[Inked]

I hate to break this to you, but a lot of old systems have been jury rigged to connect to networks/the internet over the last 15 years or so. Often this work was done by the lowest bidder, and with scant disregard for anything we would recognize as security. And even more often these systems are not documented, and may have even been forgotten about. Things like modem lines for remotely dialling into the network, they often have no security on them at all. So yes, people being able to hack into power stations or similar is a very big problem.

As for why people would want to do it, its called cyber-warfare, and currently China is the worlds #1. The USAF has the 67th Network Warfare Wing (24th AFSPC) . Most other developed and developing nations have this ability. Imagine being able to cause the same level of disruption as a $87million bomber with a netbook? Imagine if Saddam had just been able to reach into the US and switch the east cost off? Or flood the drinking water supply of NYC with raw sewage? The homeland security guy is worth listening to.

VaKo, your reply just made me THAT MUCH MORE PARANOID! :(

[Zimmer]

Die Hard 4 is a little far fetched (ok a lot) but the basic principle of real world damage being caused by a netbook is plausible. Now why are these on any network or even computer (ok computers to monitor it (but should be able to do anything else) and embed systems but a computer that is connected to the internet)!?!?!?!?!

[digip]

The SCADA worm has been out for a while now, and targeting systems like this. SIEMENS being one of the largest targeted systems. I'm surprised they didn't come right out and say what it was in the news cast. If your going to try and spread fear and propaganda, at least give it a name.

http://www.google.com/search?hl=en&q=s...sa=N&tab=wn

[Infiltrator]

They always wait for the last moment, for something bad and as threating to happen to the public, before action is a requirement. And I agree, systems especially like power plants should not be connected to the internet, they pose a serious threat to the national security.

Systems that requires a high availability, just like power plants should be completely isolated from the internet, they should be configured as standalone systems.

[VaKo]

The other issue with these systems is that due to the nature of the tasks they perform and the software they run, patching them isn't as easy as enabling auto-updates. Fixing this is going to be expensive.

[okiwan]

i kinda do feel like blowing up the world right about now. if only it were so easy.

Edited August 5, 2010 by okiwan

[deleted]

i kinda do feel like blowing up the world right about now. if only it were so easy.

Well it seems the SCADA system running the US Nuke system has an old version of Apache running on port 8080... Does Metasploit have an ICBM payload? :P

[Infiltrator]

i kinda do feel like blowing up the world right about now. if only it were so easy.

I've taught about not blowing up the world, but engineering a super smart computer worm to bring down the whole world computer system.

Oh yes, now we are talking about blowing things up.

[h3%5kr3w]

Damn VaKo.. Did not know that. I didn't figure they would actually spend any money connecting that stuff to the net.

[Trip]

lmao thats why they came down so hard on captain crunch :D

they were worried he had phone access

[Trip]

Well it seems the SCADA system running the US Nuke system has an old version of Apache running on port 8080... Does Metasploit have an ICBM payload? :P

lol :) hehe