Steven Bellovin wrote:
On Nov 21, 2011, at 4:30 PM, Mark Radabaugh wrote:
Probably nowhere near that sophisticated. More like somebody owned the PC running Windows 98 being used as an
operator
interface to the control system. Then they started poking buttons on the
pretty screen.
Somewhere there is a terrified 12 year old.
Please don't think I am saying infrastructure security should not be improved - it really does need help. But I
really doubt
this was anything truly interesting.
That's precisely the problem: it does appear to have been an easy attack.
(My thoughts are at
https://www.cs.columbia.edu/~smb/blog/2011-11/2011-11-18.html)
--Steve Bellovin, https://www.cs.columbia.edu/~smb
Umm hmm. And here's another one poking around:
http://pastebin.com/Wx90LLum
"I'm not going to expose the details of the box. No damage was done to any of the machinery; I don't really like mindless
vandalism. It's stupid and silly.
On the other hand, so is connecting interfaces to your SCADA machinery to the Internet. I wouldn't even call this a hack,
either, just to say.
This required almost no skill and could be reproduced by a two year old with a basic
knowledge of Simatic."
--Michael
