Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cal-ISO Breach Revealed

Posted by timothy on from the breaking-and-entering dept.

HiredMan writes: "The LA Times says in a story that 'hackers' had penetrated the Cal-ISO, the California electric grid parent company, and were attempting to compile code to allow them penetrate the 'firewalls' to access the actual grid control computers. Apparently the 'hackers' -- who came through a Chinese server -- breached a development computer that wasn't hardened and the intrusion went undetected for over two weeks until the intruders brought too much attention to themselves. Trying to downplay the incident one official said, 'It was a compromise, not really an attack.'" An anonymous reader pointed to coverage at MSNBC as well.

7 of 158 comments (clear)

  1. Close call by Mike+Schiraldi · · Score: 5
    The hackers were this close to setting off their attack, but luckily before they could initiate the program, the rolling blackouts hit the server they were using.

    --

    --

    --
    Mod up a post Rob doesn't like and you'll never mod again

  2. Re:War Ethics by Rinikusu · · Score: 5

    You know, I seem to recall the US bombing the shit out of Serbian power infrastructure...

    Cracking Power Grid = bad
    Putting 5000 pound bomb on the generators = good

    Hmmm.

    --
    If you were me, you'd be good lookin'. - six string samurai
  3. Uh, why? by chompz · · Score: 5

    Why the hell would important computers which control the power grid be accessable from the internet in any way. I realize everyone wants to look at thier porn while they are at work, but bring it on CD god damn it! Repeat after me: Mission critical systems which to not explicitly require internet access should not have internet access or be on the same network as machines with internet access. Its all about which machines can be trusted, and as far as I am concerned, any machine which is accessable from the internet or has internet access is not to be trusted.

    --
    Spring is here. Don't believe me, look outside!
    1. Re:Uh, why? by blang · · Score: 5
      Because the internet exists.

      Power generating companies, power distribution companies, power exchanges all need to talk to each other. In the old ages that may have been done by dedicated links, faxes, phone calls and many other ways. Standards for information exchange have existed for a long time (for example EDIFACT). The bank world has it own worldwide network for bank transactions, but that network existed before the internet tok off.

      Computers at the core of the powergrid control need inputs from computers on the outside. It's not like the old days anymore, where all you needed was a control center with dials, lights and switches, and a handful of information from the outside. These days, systems are connected, and if the security job is not done well, systems will be compromised.

      I don't know the network topology for CAL-ISO, but it should be possible to achieve decent security if the job is well done. I don't think the power industry is going to build their own proprietary network.

      --
      -- Another senseless waste of fine bytes.
  4. Re:This needs to be investigated by the Feds ASAP by tulare · · Score: 5
    Great. So let me see... is this how it goes?
    [BUZZWORD]..hack attack... [BUZZWORD]...Chinese servers... {Knee suddenly jerks}"What? How dare they? Call the cops! Write my congressmen! Facts be damned - we can ask questions after everyone's dead! We have do DO something, right now!"
    Silly. We don't even know what part of the world the attacks came from - just that some of the servers were in China. Did you notice that some of them were in Oklahoma, too? Maybe California should start a pr blitz on that account - "Oklahoma is not ok!" Of course that would be ridiculous. Just about as bad as blaming an entire country for one script kiddie who may have been operating out of it.
    My point isn't to ridicule you, but to strongly encourage you to think before you talk about military attacks. Nobody wins when a country goes to war. The first time somebody dies, everyone loses, simply because we know better, or should.
    --
    political_news.c: warning: comparison is always true due to limited range of data type
  5. Read the WHOLE article by metalhed77 · · Score: 5

    no no no, the attack came through several servers, one of which was chinese, the others were in the US. They mentioned china, cuz of their political significance

    ----------
    www.shockthemonkey.org

    --
    Photos.
  6. Cool by Ayende+Rahien · · Score: 5

    Now the Californian can blame *someone* for their power problems.


    --

    Two witches watch two watches.

    --

    --
    Two witches watched two watches.
    Which witch watched which watch?