Hackers exploit holes to take control of U.S. infrastructure

By F. Michael Maloof

ComputerData

WASHINGTON – With concern mounting over recent cyber attacks on critical national infrastructures and government agencies, experts are pointing to the high vulnerability of remote automated industrial control systems, known as SCADAs, according to a report from Joseph Farah’s G2 Bulletin.

SCADAs, or Supervisory Control and Data Acquisition systems, are computer-based systems that monitor and control industrial processes remotely, enabling the automatic functioning of the nation’s critical infrastructures. They monitor and regulate the national electrical grid system; the flow of oil and natural gas; nuclear power facilities; finance and banking systems; telecommunications; the pumping of fuel; food and water delivery; rail and truck transportation; and traffic lights.

But SCADAs provide a gateway for hackers from anywhere in the world, because they don’t have firewalls, and their passwords and other access-control systems can be evaded.

The Obama administration acknowledged Thursday that hackers stole Social Security numbers, health histories and other highly sensitive data from more than 21 million people. Believed to be the largest data breach in U.S. history, it follows the disclosure earlier this year that hackers stole records for about 4.2 million people from the Office of Personnel Management’s personnel database.

Officials have privately linked both intrusions to China, according to the National Journal.

“A Nation Forsaken: EMP: The Escalating Threat of an American Catastrophe” spotlights what America’s enemies already know about the vulnerability of its infrastructure.

Last Wednesday, New York Stock Exchange trading, United Airlines flights, the Wall Street Journal website and other U.S. business activity were temporarily shut down. The official explanation blamed “technical glitches,” but some cyberwarfare experts believe the shutdowns were the result of a deliberate attack from hackers in China, as WND reported.

SCADAs “sit outside of traditional security walls,” according to a report by Symantec Corporation, an information technology security solutions company.

Get the full report from Joseph Farah’s G2 Bulletin.

The report said the risks are increasing as the technology progresses in the energy industry.

“As smart grid technology continues to gain momentum, more new energy systems will be connected to the Internet of Things, which opens up new security vulnerabilities related to having countless connected devices,” it said. “The increasing number of connected systems and centralized control for ICS systems means that the risk of attacks in the future will increase.”

Ripe for exploitation

Two Russian security researchers, Sergey Gordeychik and Gleb Gritsai of Positive Research, disclosed to the Chaos Communication Congress – an annual meeting of the international hacker scene – that they found more than 60,000 exposed control systems online that were ripe for exploitation by taking “full control of systems running energy, chemical and transportation systems.”

The Russian hackers discovered the ease at which they could gain full access to Programmable Logic Controllers, or PLCs.

As reported by Computer World, the two researchers identified more than 150 vulnerabilities in SCADA, ISC and PLCs, with 5 percent being “dangerous remote code execution holes.”

At the Chaos Communication Congress, the researchers released an updated version of THC-Hydra, said to be a password-cracking tool that targeted the vulnerability of such systems as Siemens PLC devices.

“Trying to find SCADA/PLC/HMI in the Internet? No success? SCADA StrangeLove strike forces to the rescue,” the Strangelove website declared, featuring Gordeychik.

“With our Pretty Shiny Sparky ICS/SCADA/PLC Cheat Sheet,” a release by Gritsai said, “you will become a real SCADA Hacker and will search for SCADA for free.”

Get the full report from Joseph Farah’s G2 Bulletin.

Related stories:

Feds refused to encrypt data of 21.5 million Americans

Hackers exploit holes to take control of U.S. infrastructure

F. Michael Maloof

F. Michael Maloof, contributing writer for national security affairs for WND and G2Bulletin, is a former senior security policy analyst in the office of the secretary of defense, and is author of "A Nation Forsaken." Read more of F. Michael Maloof's articles here.


Leave a Comment