Malicious Virus Shuttered Power Plant

H

HardOCP News

[H] News
Joined
Dec 31, 1969
Messages
0
What kind of lame ass company allows a third-party contractor to insert anything, especially a thumb drive, into a mission critical system?

A computer virus attacked a turbine control system at a power company when a technician unknowingly inserted an infected USB computer drive into the network, keeping a plant off line for three weeks, according to a recent U.S. government report.
Click to expand...
 
It's almost enough to make a person cry.....all I can do is hold my head down low.

Very few people are all that interested in security. It gets proven on a daily basis. Let's say they removed all open USB ports. This article would be discussing the lack of innovation and the will to move into the 21st century to a modern era. Forget the older os's used on these machines and take notice as to the fact that things are set to defaults. This creates the same kind of crap that know-nothing home users find themselves dealing with. These kinds of situations are what results from companies out-sourcing their IT departments (usually to people that have no-skin-in-the-game). Make no mistake about it....cable companies, phone companies, and governments do the same exact thing. There are places where you can find people that actually DO know things AND have the will to do them. But those are NOT the kind of people that any of these companies are likely to hire. The end result is that it all gets handed over to government so that they can create new laws and procedures that further bog down the system. The funny part to all this is that there WILL be plenty of people claim the all they have to do is upgrade their systems with Windows 8 or some such thing (which is complete nonsense). These things are important and should be treated as such. BUT NOOOO....we can't have that! We can't do it without having the "wow factor" with all it's shiny beads. Everything must be IP addressable with some other 3rd party in charge of security. Just send all your employees through a 45 minute online training course and maybe a two or three day class and everything will be alright.....WHAT B.S.!!!!!
 
Coming to an Nuclear ICBM control base near you...the "Shall we play a game?" virus.
 
MrD1234 said:
Why the hell are mission critical systems run by virus prone systems :rolleyes:
Click to expand...

Why are such systems not properly locked down and administered by System Admins is the question.....

I have USB ports blocked in our office with a GPO... took 5 mins to make and deploy...
 
MrD1234 said:
Why the hell are mission critical systems run by virus prone systems :rolleyes:
Click to expand...

You would think these systems would be running a custom version of Linux at level 3.
But nope, they run Windows. Fail. :rolleyes:
 
Turbine control system? Ouch. Full turbine inspection right there, on one or more units.
 
How could a USB stick possibly damage a critical system?

Oh, they used windows in a system that mattered. How much fail can you get?
 
I know of a bank that got nailed with a virus like this. Got super paranoid afterwards and required any USB drive to be brought into a secure room with an isolated computer that ran multiple antivirus/malware/rootkit utilities against the USB drive before it was cleared to go on the network.

One company I worked for configured the endpoint protection client on every workstation to immediately scan all removeable storage once plugged in.

Its enexcusable at this point for that to happen. If I was that stupid of an admin and that happened under my watch I would expect to get fired.
 
benzino_86 said:
I know of a bank that got nailed with a virus like this. Got super paranoid afterwards and required any USB drive to be brought into a secure room with an isolated computer that ran multiple antivirus/malware/rootkit utilities against the USB drive before it was cleared to go on the network.

One company I worked for configured the endpoint protection client on every workstation to immediately scan all removeable storage once plugged in.

Its enexcusable at this point for that to happen. If I was that stupid of an admin and that happened under my watch I would expect to get fired.
Click to expand...

The catch is that once you've been fired, whoever is left is stuck with a system that relies on a toy OS and will continue to get pwned no matter what they do. The cost of re-writing all the software for a real system is likely prohibitive, the cost of taking the whole system down so you can test the new stuff is even worse (certainly prohibitive). All because some pointy haired idiot couldn't imagine a computer not working the way he was familiar with.
 
Everyone is slamming Windows but I bet its been running perfectly fine for months/years on Windows. Ive installed and worked on mission critical hospital servers that run Windows and have 700-1000 day uptimes (blocked from internet, no USB keys etc). Someone should have disabled the USB ports and not allowed that system to be used by contractors/etc. WTF was he doing with it anyway? Its a turbine control system, it should be left alone regardless of OS.

Its not like Linux never crashes.... Hell ive had BSD crash on me.
 
thedge said:
Someone should have disabled the USB ports and not allowed that system to be used by contractors/etc. WTF was he doing with it anyway? Its a turbine control system, it should be left alone regardless of OS.

Its not like Linux never crashes.... Hell ive had BSD crash on me.
Click to expand...

It could have been something completely harmless like a technician was pulling up a maintanance PDF and if the computer had no internet to pull up email then USB was probably the next logical choice to the technician, may have been copying a config file from another terminal or something.

I have also seen such things first hand where 20+ machines that had 0 access to the outside world had viruses. No idea how long they were on there, we just decided to run a virus check on them and boom, they all have various viruses. Granted with no internet access the chanes of the viruses actually doing anything were very slim (both in that they couldn't send anything and no one entered personal info on these terminals).

Whats more critical of this story is where the virus came from and how whether or not it targeted this machine. Remember that the United States admited to creating STUXNET and Flame. Stuff like that can really tick off the receiving country, and countries like Iran do have some pretty smart people (when they aren't being picked off by assasins and mysterious accidents).
 
westrock2000, they should not be using critical systems for reading pdf or files, they should have a separate machine for that or laptop.
 
You guys want something thats virus proof :D

Careful what you ask for.
skynet.jpg
 
MrGuvernment said:
westrock2000, they should not be using critical systems for reading pdf or files, they should have a separate machine for that or laptop.
Click to expand...

I am absolutly am not disagreeing......but you know how people are :(

When you have to copy something like a config file, you don't have many options to get from one controller to another. While there may be approved devices or best practice methods to do this, unfortionantly with how ubiquitous technology has gotten, most people will not even realize their dongle can get icky from sticking it in some random port.
 
thedge said:
Everyone is slamming Windows but I bet its been running perfectly fine for months/years on Windows. Ive installed and worked on mission critical hospital servers that run Windows and have 700-1000 day uptimes (blocked from internet, no USB keys etc). Someone should have disabled the USB ports and not allowed that system to be used by contractors/etc. WTF was he doing with it anyway? Its a turbine control system, it should be left alone regardless of OS.

Its not like Linux never crashes.... Hell ive had BSD crash on me.
Click to expand...

While windows still crashes infinitely more often than any real OS, the issue isn't stability, it is the fact that windows just had to search the USB stick for data and autorun the data it found on it. Now it has a virus. Windows grabs any data it can find anywhere, and instantly obeys it (unless virus protection swoops in and takes it out of its mouth like the parent of a two year old). And window users keep insisting that the reason their precious machines are dripping with malware is simply their greater numbers (ignoring that Apache vastly outnumbers IIS and somehow isn't hit nearly as hard or often). WRONG! WINDOWS SUCKS FOR SECURITY AND SHOULD NOT BE USED WHERE YOU WANT TO AVOID VIRUSES.

Clue
 
Red Falcon said:
That was "Would you like to play a game of chess?".
wargames_supercomputer.jpeg



"Shall we play a game?" was Jigsaw. ;)
jigsaw.jpg
Click to expand...
War Games "Shall we play a game?". https://www.youtube.com/watch?v=ecPeSmF_ikc
Perhaps both have the same line.


Wumpus said:
While windows still crashes infinitely more often than any real OS, the issue isn't stability, it is the fact that windows just had to search the USB stick for data and autorun the data it found on it. Now it has a virus. Windows grabs any data it can find anywhere, and instantly obeys it (unless virus protection swoops in and takes it out of its mouth like the parent of a two year old). And window users keep insisting that the reason their precious machines are dripping with malware is simply their greater numbers (ignoring that Apache vastly outnumbers IIS and somehow isn't hit nearly as hard or often). WRONG! WINDOWS SUCKS FOR SECURITY AND SHOULD NOT BE USED WHERE YOU WANT TO AVOID VIRUSES.

Clue
Click to expand...
At the very least they should have disabled autorun. Additionally they should have disabled/blocked the USB ports. My question is didn't they have AV, etc., and if not, why not, if so, what was it doing during that time?
 
You must log in or register to reply here.
Back
Top