god forbid that the US gets hammered by the same malware infecting Iranian nuke facilities.
Viruses infect vital control systems at TWO US power stations
Two US power stations were infected by malware in the last quarter of 2012, according to a report by the US Department of Homeland Security's Industrial Control Systems Cyber Emergency Response Team (ICS-CERT). USB flash drives packed with software nasties were blamed for a compromise of industrial control systems in both …
-
Wednesday 16th January 2013 15:12 GMT Nick Ryan
Oh FFS, just how incompetent do they have to be. Turn off, disable and kill auto-run with prejudice. It's not an especially difficult concept to grasp, but so many industrial control systems still have it enabled.
I'll admit that MS have made it moronically hard to fully disable unless XP SP3 is installed along with one or more updates, prior to that turning it off didn't actually turn the fecking thing off completely. After all, MS knows best on how to propagate viruses easily and what harm can there be from automatically running executable files from arbitrary removable devices?
-
-
-
Wednesday 16th January 2013 17:19 GMT Anonymous Coward
> Care to suggest another operating system that is so lax ?
Linux.
http://www.h-online.com/open/news/item/USB-driver-bug-exposed-as-Linux-plug-pwn-1203617.html
http://www.charlescurley.com/blog/archives/2011/03/13/linux_usb_vulnerability/index.html
http://news.softpedia.com/news/Researcher-Demonstrates-USB-Autorun-Attack-on-Linux-183611.shtml
http://linux.slashdot.org/story/11/02/07/1742246/usb-autorun-attacks-against-linux
http://www.muktware.com/news/761/once-upon-time-there-was-usb-vulnerability-linux#.UPbg6Seqlws
-
Wednesday 16th January 2013 19:30 GMT eulampios
you got
an extremely weak case here... you don't have a case. One can discuss potential risks associated with external media on GNU/Linux. Another matter is to actually see it's happening in the wild. Of course there is always an explanation of blaming 1% of users that no bad guy really cares about.
-
-
-
-
-
-
-
-
-
Wednesday 16th January 2013 15:59 GMT Psyx
Re: @Destroy All Monsters
"You have obviously never seen a Flash Drive fail...or get lost...have you."
You don't just rely on one tape back-up, so why assume anyone would rely on one USB.
As to the loss thing, there is literally no reason why the drives can't be chained to a brick!
I'd rather trust and use USB back-up than optical media or tape. It's not perfect, but with safeguards it's not an inherently stupid idea... and certainly not worth a 'Fail' icon...
-
Wednesday 16th January 2013 22:41 GMT Yet Another Anonymous coward
Re: @Destroy All Monsters
I suspect the USB key was to copy some log files from a non-networked controller back to some central machine where they could be backed up properly.
Probably becuase the last security review demanded that all critical machines were disconnected from the network to protect them from viruses.
-
-
Wednesday 16th January 2013 16:02 GMT Dave 126
Re: @Destroy All Monsters
>You have obviously never seen a Flash Drive fail...or get lost...have you.
You work on the concept that all devices fail, and so use them redundantly. And use encryption in case they get lost.
Years back at a nuclear power station in the UK, there used to be a standalone PC in the security hut, through which all floppy disks had to be passed.
These days they tend to use laptops with custom Linux distros to connect to their network.
-
-
-
Thursday 17th January 2013 04:13 GMT Kevin McMurtrie
Re: Why are they backing up to a Flash Drive in the first place?
A USB drive can be used to bridge the air-gap protecting a critical system. It works well because it's a manual process that can't run itself while everybody is away. Of course, you need to keep an eye on the details or all of that security is pointless.
-
-
Wednesday 16th January 2013 15:28 GMT William Boyle
Just the facts mam.
Just so people don't forget, that this was NOT an internet hack, but some sort of social-engineering attack, or deliberate attack, in that infected USB drives were delivered into the hands of staff members of the facilities who then attached them to their PC's and thus compromised their systems and networks. All too often, this is how such stuff gets into play. As is often the case, people not networks are the weakest link!
-
-
Wednesday 16th January 2013 16:01 GMT Anonymous Coward
Re: I'll bet ....
Neither is *NIX. As a long-time Linux user, collector of old UNIX variants, and fan of the UNIX philosophy, there are very few variants that would be able to handle this. Maybe a very stable release of OpenBSD.
Windows doesn't bear all the blame for this. It's crap, but so is everything else.
-
Wednesday 16th January 2013 16:02 GMT Nick Ryan
Re: I'll bet ....
The actual real time control systems will use dedicated systems for the job. These are restricted systems and they do what the are designed to do and generally nothing more.
The management systems, on the other hand, are often Windows systems. This makes the development task of producing a system than can collate figures, poke configuration changes onto control systems, generate reports and all the normal stuff that people, or more accurately end users and managers, need to see feasible. In any properly designed system the actual operation side is independent of these management systems.
-
-
Wednesday 16th January 2013 16:18 GMT annodomini2
Critical point
The malware in question is 'unspecified' no where in the article does this state that this was a targeted attack.
Or that the malware was designed to disrupt the operation of these systems.
The fact they got infected is obviously a major security fail, but no where is it stated that the reason the machines were infected was deliberate.
-
Wednesday 16th January 2013 16:48 GMT TheRealLifeboy
Why the hell are these system still running windows??
Are they totally dense or what? We don't even know what a virus infection looks like since switching to Linux 5 years ago. These jokers know that Stuxnet and the like where created to attach Iran (probably by the US) and now they're turning on themselves.
It's not that hard to move away from Windows, for Pete's sake!!
-
Wednesday 16th January 2013 17:26 GMT Anonymous Coward
Re: Why the hell are these system still running windows??
If it's a targeted attack where the attacker targets the specific company or sector, another OS will not help. Linux has more than twice the number of vulnerabilities discovered in the *kernel* compared to Windows, year after year.
If the attackers target a specific entity that uses Linux, they will just use one of the Linux vulns. Because of the distro system, an attacker who monitors kernel commits can gain information about vulnerabilities weeks or months before they sift through to the distros and become available as patches.
There has been *many* Linux vulnerabilities (and exploits) in USB drivers.
-
Wednesday 16th January 2013 19:58 GMT eulampios
@the vulnerability counter
You're just like our friend RICHTO, aren't you?
First, you combine all vulnerabilities of different severity level, say, an app can crash is equated with an arbitrary code could be executed remotely, like the last IE vuln.
Second, how long does it take for MS to patch a vuln. ? Say, the mentioned IE took MS a couple weeks, not usually the case with Linux.
Third, you're trying to compare the volumes of a daily droppings for a mouse and an elephant. Say, putting side-by-side MS products with the OS supporting lesser architecture than Linux, 1 web browser, 1 Office, 1 web server, 1 db server etc vs. 10s of Gigs of software available in distro's repos with 4-5 web browsers and server, 3-4 db servers., several Office suites and so on.
PS Those 10s of gigs are much meaner than what MS think of it . Win8 RT >12gb of disk usage for an OS and Office --> WTF?
-
-
-
-
Thursday 17th January 2013 05:28 GMT Anonymous Coward
Re: *facepalms*
>Apparently, if someone doesn't club them over the head repeatedly, the masses are unwilling to perform even basic security checks for their computers.
That would suggest to me that the experts should gives the masses computers that perform their own security checks (easier said than done, I know).
-
-
This post has been deleted by its author
-
Wednesday 16th January 2013 22:57 GMT Anonymous Coward
I know of power stations out there that are running SCADA control stations on Windows NT 4 Dell Desktops (Pentium III 500MHz). The software won't run on anything newer and they're biding time until the whole control system is replaced. Another station I know of has its SCADA system hooked straight into the corporate network.
Most industrial control system actually run on Windows. Siemens, GE, ABB ... The current generation of HMIs are windows boxen too (COPA-DATA Zenon or GE Cimplicity for example)
With the right controls it is all OK, but Corporate IT and Operational IT are different things, and companies often blend the two to save money.
Yes, people can really be that stupid.