Stuxnet-Style Attack Could Wreak Havoc at Prisons

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
Hang on, a Stuxnet-style attack on a prison that leads to total pandemonium? Wasn't Sylvester Stallone in that movie?

In a white paper published July 31, the researchers say a Stuxent-like attack could conceivably be used to open doors and gates or to prevent doors from being opened for a short time, leading to possible scenarios that include escape, chaos, murders and assassinations, or allowing something to be brought into a prison.
 
Even worse, people could hack into the Federal Government, and fix it. The horror!
 
is it just me or are they idiots for announcing this?
now some silly hacker will get ideas...
 
is it just me or are they idiots for announcing this?
now some silly hacker will get ideas...

To pull off a Stuxnet kind of attack, you need an extremely large amount of resources(most likely government backed). In order to make the effort worth it, you're going to pick a target with extremely large financial or political gains and breaking out some prisoners is neither.
 
I worked in a jail during the Y2k scare (1999 new years eve)...they brought in extra officers because they were scared that all the computers would stop working and the doors would all open. Funny thing is while the doors could be electronically opened...they were not computerized. There was a switchboard in a control room where a person basically just pushed physical buttons (i.e metal to metal...not computerized) to close a circuit and walla door would open. A hacker could open the doors...if he broke in the jail and physically pushed the buttons. If the power went out we just had to use these huge jail keys to open the doors. Some people are stupid and scared and in charge.......but the overtime was nice.
 
This is why we don't need control systems to be hooked up to a connection source. And there should probably be a physical lock on a jail cell door as well.
 
To pull off a Stuxnet kind of attack, you need an extremely large amount of resources(most likely government backed). In order to make the effort worth it, you're going to pick a target with extremely large financial or political gains and breaking out some prisoners is neither.

That may have been true of the initial attack, but the thing with cyber attacks is once you use the weapon everyone else has the schematic to build their own. If someone nukes you, you can't pick up the pieces and build your own nuke out of them. Code is forever and once reversed can be reused or modified as needed. So yes, the original development must have required massive resources and some extremely intelligent folks, but the techniques they used are now known so the barrier for entry in future attacks is lower.

This has been true in the malware world for a long time. Once one malware writer (or even commercial software developers for things such as source code protection) come up with an idea, the others can copy it fairly easily.

I'm not saying there will be a point and click Stuxnet type attack (in the near future at least), but I'd say each generation of this sort of attack moves the bar down at least one notch (such as from state sponsored to organized crime level). SCADA type attacks are starting to show up in free tools such as Metasploit and this will only accelerate in the next few years IMO.

As for the prison system issue as the guy posted above most of the prisons likely use mechanical controls, but I would expect some of the newer ones use more of a digital system. That is just an assumption though since I really don't know anything about that particular industry.
 
In other news, if a nuclear bomb dropped on Los Angeles, Los Angeles would be SCREWED.

That's basically what this article is saying. You don't make a Stuxnet by yourself in your basement. This pretty much states the obvious.

Anything run by computers would be screwed if a Stuxnet style virus hit it.
 
This is why we don't need control systems to be hooked up to a connection source. And there should probably be a physical lock on a jail cell door as well.

stuxnet was not introduced via a wan connection... was introduced via an infected thumb drive
 
Back
Top