Re: [Full-disclosure] Florida Power & Light Company (FPL) Fort Sumner Wind turbine Control SCADA was HACKED

Benji Sun, 17 Apr 2011 04:48:07 -0700

so wait? Let me humor you..


SSH was running and publically accessible so it was actually legal for me to
login to <something>,gov, as if they didnt want me to connect it wouldnt be
a publically accessible service?

On Sun, Apr 17, 2011 at 12:39 PM, Jeffrey Walton <noloa...@gmail.com> wrote:

> > so how long do you give yourself before you're in prison?
> lol....
>
> To pay devil's advocate here: FPL placed those hosts on a public internet.
> In addition, FPL also configured the hosts to advertise services. If FPL did
> not want the services accessed, the company would have removed the hosts
> from the public internet, shut down the services, or used leased [private]
> lines. Where's the leap to a criminal offense?
>
> Jeff
>
> On Sun, Apr 17, 2011 at 6:29 AM, Benji <m...@b3nji.com> wrote:
>
>> so how long do you give yourself before you're in prison?
>>
>> On Sat, Apr 16, 2011 at 4:22 PM, Bgr R <bgr_24...@yahoo.com> wrote:
>>
>>> Here comes my revenge for illegitimate firing from Florida Power & Light
>>> Company (FPL)
>>>    ... ain't nothing you can do with it, since your electricity is turned
>>> off !!!
>>>
>>> Secure you SCADA better! Leaked files are attached ...
>>>
>>> 1) http://img838.imageshack.us/i/49986845.png/
>>> 2) http://img718.imageshack.us/i/24380855.png/
>>> 3) http://img24.imageshack.us/i/58868342.png/
>>> 4) http://img228.imageshack.us/i/85258364.png/
>>> 5) http://img163.imageshack.us/i/90736853.png/
>>> 6) http://img217.imageshack.us/i/55439027.png/
>>> 7) http://img40.imageshack.us/i/87526089.png/
>>> 8) http://img864.imageshack.us/i/94061747.png/
>>> ------------------------------------------------------------
>>>
>>> 161.154.232.65
>>>
>>> HTTP/1.0 401 Unauthorized
>>> Date: Sat, 05 Feb 2011 23:43:13 GMT
>>> Server: VTS 9.0.05
>>> Content-Type: text/html
>>> Content-Length: 622
>>> Cache-Control: no-cache
>>> WWW-Authenticate: Basic realm="Ft. Sumner SCADA"
>>> Cache-control: no-cache="set-cookie"
>>> Cache-control: private
>>> Set-Cookie: VTS=9.0005;Version=1;Path=/
>>> Set-Cookie: SessionID=0;Version=1;Path=/Ft. Sumner
>>> SCADA/cc8620ba-ad1a-4ae9-96ed-036c22c3576a
>>> Set-Cookie:
>>> SessionID=0;Version=1;Path=/Ft%2e%20Sumner%20SCADA/cc8620ba-ad1a-4ae9-96ed-036c22c..
>>>
>>> NetRange:       161.154.0.0 - 161.154.255.255
>>> CIDR:           161.154.0.0/16
>>> OriginAS:
>>> NetName:        FPL2
>>> NetHandle:      NET-161-154-0-0-1
>>> Parent:         NET-161-0-0-0-0
>>> NetType:        Direct Assignment
>>> RegDate:        1992-12-17
>>> Updated:        2008-10-10
>>> Ref:            http://whois.arin.net/rest/net/NET-161-154-0-0-1
>>>
>>> OrgName:        Florida Power & Light Company
>>> OrgId:          FFPL-1
>>> Address:        700 Universe Blvd
>>> Address:        P.O. Box 14000
>>> City:           Juno Beach
>>> StateProv:      FL
>>> PostalCode:     33408-0420
>>> Country:        US
>>> RegDate:        1997-06-03
>>> Updated:        2007-06-29
>>> Ref:            http://whois.arin.net/rest/org/FFPL-1
>>>
>>> OrgAbuseHandle: INFOR40-ARIN
>>> OrgAbuseName:   Information Security
>>> OrgAbusePhone:  +1-305-552-3727
>>> OrgAbuseEmail:  information_secur...@fpl.com
>>> OrgAbuseRef:    http://whois.arin.net/rest/poc/INFOR40-ARIN
>>>
>>> OrgTechHandle: DHE37-ARIN
>>> OrgTechName:   Hertzog, Dean
>>> OrgTechPhone:  +1-305-552-4080
>>> OrgTechEmail:  fpl...@fpl.com
>>> OrgTechRef:    http://whois.arin.net/rest/poc/DHE37-ARIN
>>>
>>> OrgNOCHandle: DHE37-ARIN
>>> OrgNOCName:   Hertzog, Dean
>>> OrgNOCPhone:  +1-305-552-4080
>>> OrgNOCEmail:  fpl...@fpl.com
>>> OrgNOCRef:    http://whois.arin.net/rest/poc/DHE37-ARIN
>>>
>>>
>>> -------------------------------------------------------------------------------
>>> Configuration file from the central Cisco Router and Security Device
>>> Manager: 161.154.232.2 (FPL - FFPL-1)
>>>
>>> Building configuration...
>>>
>>> Current configuration : 8467 bytes
>>> !
>>> ! Last configuration change at 18:01:57 UTC Mon Oct 25 2010 by ro5810
>>> ! NVRAM config last updated at 18:01:59 UTC Mon Oct 25 2010 by ro5810
>>> !
>>> version 12.2
>>> no service pad
>>> service timestamps debug datetime localtime
>>> service timestamps log datetime localtime
>>> service password-encryption
>>> service udp-small-servers
>>> service tcp-small-servers
>>> !
>>> hostname cpr622i00bct
>>> !
>>> logging buffered 65000 debugging
>>> logging rate-limit all 10 except critical
>>> enable secret 5 $1$7uN5$Ok9fYku/HC/KNqWQkHoWP.
>>> !
>>> aaa new-model
>>> aaa authentication login default group tacacs+ enable
>>> aaa authentication enable default group tacacs+ enable
>>> aaa authorization exec default group tacacs+ none
>>> aaa accounting exec default start-stop group tacacs+
>>> aaa accounting commands 15 default start-stop group tacacs+
>>> !
>>> aaa session-id common
>>> ip subnet-zero
>>> no ip source-route
>>> ip routing
>>> !
>>> no ip domain-lookup
>>> ip host cs00noc 172.16.0.132
>>> ip host cs01noc 172.16.0.133
>>> ip host cs00noc-pub 209.215.34.12
>>> ip host cs01noc-pub 209.215.34.11
>>> ip name-server 205.152.132.23
>>> ip name-server 205.152.144.23
>>> vtp domain Core
>>> vtp mode transparent
>>> !
>>> mls qos
>>> no mpls traffic-eng auto-bw timers frequency 0
>>> !
>>> !
>>> no file verify auto
>>> spanning-tree mode pvst
>>> spanning-tree extend system-id
>>> !
>>> !
>>> !
>>> vlan internal allocation policy ascending
>>> !
>>> vlan 1578
>>>  name FPL
>>> !
>>> policy-map SHAPER1
>>>   class class-default
>>>    shape average 250000000
>>> !
>>> !
>>> !
>>> interface FastEthernet1/0/1
>>> !
>>> interface FastEthernet1/0/2
>>> !
>>> interface FastEthernet1/0/3
>>> !
>>> interface FastEthernet1/0/4
>>> !
>>> interface FastEthernet1/0/5
>>> !
>>> interface FastEthernet1/0/6
>>> !
>>> interface FastEthernet1/0/7
>>> !
>>> interface FastEthernet1/0/8
>>> !
>>> interface FastEthernet1/0/9
>>> !
>>> interface FastEthernet1/0/10
>>> !
>>> interface FastEthernet1/0/11
>>> !
>>> interface FastEthernet1/0/12
>>> !
>>> interface FastEthernet1/0/13
>>> !
>>> interface FastEthernet1/0/14
>>> !
>>> interface FastEthernet1/0/15
>>> !
>>> interface FastEthernet1/0/16
>>> !
>>> interface FastEthernet1/0/17
>>> !
>>> interface FastEthernet1/0/18
>>> !
>>> interface FastEthernet1/0/19
>>> !
>>> interface FastEthernet1/0/20
>>> !
>>> interface FastEthernet1/0/21
>>> !
>>> interface FastEthernet1/0/22
>>> !
>>> interface FastEthernet1/0/23
>>> !
>>> interface FastEthernet1/0/24
>>> !
>>> interface GigabitEthernet1/0/1
>>> !
>>> interface GigabitEthernet1/0/2
>>> !
>>> interface GigabitEthernet1/1/1
>>>  switchport trunk allowed vlan 1578
>>>  switchport mode trunk
>>>  switchport nonegotiate
>>>  ip access-group 112 in
>>>  service-policy output SHAPER1
>>>  load-interval 30
>>>  speed nonegotiate
>>> !
>>> interface GigabitEthernet1/1/2
>>>  no switchport
>>>  ip address 161.154.232.2 255.255.255.0
>>>  ip access-group 115 in
>>>  load-interval 30
>>>  keepalive 10
>>>  speed nonegotiate
>>>  mls qos trust dscp
>>>  no cdp enable
>>>  no clns route-cache
>>>  hold-queue 100 in
>>>  hold-queue 100 out
>>> !
>>> interface Vlan1
>>>  no ip address
>>>  shutdown
>>> !
>>> interface Vlan1578
>>>  ip address 65.14.117.30 255.255.255.252
>>>  load-interval 30
>>>  no clns route-cache
>>> !
>>> ip classless
>>> ip route 0.0.0.0 0.0.0.0 65.14.117.29
>>> ip route 155.109.5.0 255.255.255.0 161.154.232.1
>>> ip route 155.109.19.0 255.255.255.0 161.154.232.1
>>> ip route 155.109.29.0 255.255.255.0 161.154.232.1
>>> ip route 155.109.29.204 255.255.255.255 65.14.117.29
>>> ip route 155.109.29.214 255.255.255.255 65.14.117.29
>>> ip route 155.109.66.0 255.255.255.0 161.154.232.1
>>> ip route 155.109.88.0 255.255.255.0 161.154.232.1
>>> ip route 155.109.95.0 255.255.255.0 161.154.232.1
>>> ip route 161.154.0.0 255.255.0.0 161.154.232.1
>>> ip route 170.55.0.0 255.255.0.0 161.154.232.1
>>> ip route 204.238.236.0 255.255.255.0 161.154.232.1
>>> no ip http server
>>> ip http secure-server
>>> !
>>> !
>>> !
>>> access-list 98 permit 205.152.144.226
>>> access-list 98 permit 205.152.132.250
>>> access-list 98 permit 205.152.132.226
>>> access-list 98 permit 205.152.144.250
>>> access-list 98 permit 205.152.144.165
>>> access-list 98 permit 205.152.37.19
>>> access-list 98 permit 205.152.37.20
>>> access-list 98 permit 205.152.144.163
>>> access-list 98 permit 205.152.37.26
>>> access-list 98 permit 205.152.37.27
>>> access-list 98 permit 205.152.132.163
>>> access-list 98 permit 205.152.132.165
>>> access-list 98 permit 205.152.37.250
>>> access-list 98 permit 205.152.37.226
>>> access-list 98 permit 205.152.132.27
>>> access-list 98 permit 205.152.132.26
>>> access-list 98 permit 205.152.144.20
>>> access-list 98 permit 205.152.37.163
>>> access-list 98 permit 205.152.37.165
>>> access-list 98 permit 205.152.144.19
>>> access-list 98 permit 205.152.144.27
>>> access-list 98 permit 205.152.144.26
>>> access-list 98 permit 139.76.53.0 0.0.0.255
>>> access-list 98 permit 139.76.68.0 0.0.3.255
>>> access-list 98 permit 139.76.88.0 0.0.1.255
>>> access-list 98 permit 139.76.228.0 0.0.3.255
>>> access-list 98 permit 139.76.240.0 0.0.1.255
>>> access-list 98 permit 172.16.0.0 0.0.1.255
>>> access-list 98 permit 205.152.6.0 0.0.0.255
>>> access-list 98 permit 205.152.66.0 0.0.0.255
>>> access-list 98 permit 205.152.204.0 0.0.0.255
>>> access-list 99 permit 68.153.6.0 0.0.1.255
>>> access-list 99 permit 172.16.0.0 0.0.1.255
>>> access-list 99 permit 139.76.53.0 0.0.0.255
>>> access-list 99 permit 139.76.68.0 0.0.3.255
>>> access-list 99 permit 139.76.88.0 0.0.1.255
>>> access-list 99 permit 139.76.228.0 0.0.3.255
>>> access-list 99 permit 139.76.240.0 0.0.1.255
>>> access-list 99 permit 205.152.6.0 0.0.0.255
>>> access-list 111 permit ip 65.14.117.28 0.0.0.3 any
>>> access-list 111 permit ip 74.175.105.64 0.0.0.31 any
>>> access-list 111 permit ip 205.152.17.0 0.0.0.255 any
>>> access-list 111 permit ip 155.109.0.0 0.0.255.255 any
>>> access-list 111 permit ip 161.154.0.0 0.0.255.255 any
>>> access-list 111 permit ip 205.152.161.0 0.0.0.255 any
>>> access-list 111 permit ip 204.238.236.0 0.0.0.255 any
>>> access-list 111 permit ip 170.55.0.0 0.0.255.255 any
>>> access-list 112 deny   ip 204.0.0.0 0.0.255.255 any
>>> access-list 112 deny   ip 204.1.0.0 0.0.255.255 any
>>> access-list 112 deny   ip 204.3.0.0 0.0.255.255 any
>>> access-list 112 deny   ip 69.22.0.0 0.0.192.255 any
>>> access-list 112 permit ip any any
>>> access-list 115 deny   53 any any
>>> access-list 115 deny   55 any any
>>> access-list 115 deny   77 any any
>>> access-list 115 deny   pim any any
>>> access-list 115 permit ip any any
>>> no cdp run
>>> snmp-server community Ty#Qr53b RO 98
>>> snmp-server community R5t3bF5c RW 98
>>> tacacs-server host 172.16.0.132
>>> tacacs-server host 209.215.34.12
>>> tacacs-server host 172.16.0.133
>>> tacacs-server host 209.215.34.11
>>> tacacs-server timeout 10
>>> tacacs-server directed-request
>>> tacacs-server key 7 010703174F
>>> !
>>> radius-server source-ports 1645-1646
>>> !
>>> control-plane
>>> !
>>> banner motd ^CC
>>> ######################################################################
>>> #                                                                    #
>>> #                    ***PRIVATE/PROPRIETARY***                       #
>>> #                                                                    #
>>> #       ANY UNAUTHORIZED ACCESS TO, OR MISUSE OF BELLSOUTH           #
>>> #       SYSTEMS OR DATA MAY RESULT IN CIVIL AND/OR CRIMINAL          #
>>> #       PROSECUTION, EMPLOYEE DISCIPLINE UP TO AND INCLUDING         #
>>> #       DISCHARGE, OR THE TERMINATION OF VENDOR/SERVICE CONTRACTS.   #
>>> #                                                                    #
>>> #       BELLSOUTH MAY PERIODICALLY MONITOR AND/OR AUDIT SYSTEM       #
>>> #       ACCESS/USAGE.                                                #
>>> #                                                                    #
>>> #                                                                    #
>>> ######################################################################
>>> #                                                                    #
>>> #             <VERSION TEMPLATE DATE@TIME>                           #
>>> ######################################################################
>>> ^C
>>> privilege exec level 1 traceroute
>>> privilege exec level 1 ping
>>> privilege exec level 1 terminal monitor
>>> privilege exec level 1 terminal
>>> privilege exec level 1 show line
>>> privilege exec level 1 show snmp
>>> privilege exec level 1 show arp
>>> privilege exec level 1 show accounting
>>> privilege exec level 1 show service-module
>>> privilege exec level 1 show version
>>> privilege exec level 1 show reload
>>> privilege exec level 1 show debugging
>>> privilege exec level 1 show controllers
>>> privilege exec level 1 show users
>>> privilege exec level 1 show sessions
>>> privilege exec level 1 show access-lists
>>> privilege exec level 1 show privilege
>>> privilege exec level 1 show interfaces
>>> privilege exec level 1 show startup-config
>>> privilege exec level 1 show
>>> privilege exec level 1 clear line
>>> privilege exec level 1 clear counters
>>> privilege exec level 1 clear
>>> !
>>> line con 0
>>>  exec-timeout 5 30
>>>  password 7 070C285F4D06
>>> line vty 0 4
>>>  access-class 99 in
>>>  exec-timeout 30 0
>>>  password 7 03075218050061
>>> line vty 5 15
>>>  access-class 99 in
>>>  exec-timeout 30 0
>>>  password 7 03075218050061
>>> !
>>> end
>>>
>>> ----------------------------------------------------
>>> Fort Sumner wind turbines:
>>> http://www.flickr.com/photos/30325073@N02/4113855086/
>>> _______________________________________________
>>> Full-Disclosure - We believe in it.
>>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>>> Hosted and sponsored by Secunia - http://secunia.com/
>>>
>>
>>
>> _______________________________________________
>> Full-Disclosure - We believe in it.
>> Charter: http://lists.grok.org.uk/full-disclosure-charter.html
>> Hosted and sponsored by Secunia - http://secunia.com/
>>
>
>

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Re: [Full-disclosure] Florida Power & Light Company (FPL) Fort Sumner Wind turbine Control SCADA was HACKED

Reply via email to