Satellite Views Of The Blackout

An anonymous reader writes "These Before and After satellite views of the blackout, from the NOAA, show the geographic extent and intensity of the outage. Toronto, Ottawa, and Detroit seem the worst hit. Currently, a cnn article mentions that a reverse of power flow around Lake Erie may have caused an overload that triggered the programmed shutdown of the power grid. Would be interesting to know how the system and software works, but then again, that information could be dangerous in the wrong hands."

Dangerous in the wrong hands?

[bc90021]

If a private citizen were to show the interconnections of the power grid on their website, what would happen? How long would it be before the government ordered him/her to remove that information in the interest of "National Security"? Why is it that CNN can show it freely? A similar map was being broadcast on TV all morning.

And as for how the software works, it would be interesting to know just what OS the power company computers were running. Not to sound like a conspiracy theorist (well, ok, that's exactly what I'm trying to sound like ;) ) as soon as there were variants on the Blaster worm, a large section of the power went out? Hhhmmm...

Re:Dangerous in the wrong hands?

[weave]

Some people on bugtraq are already speculating that the blaster worm may have had something to do with it...

• a post
• another post
• Info on SCADA

Got me if it's true. I'm not up on that stuff. Made for some interesting reading though! :)

Re:Dangerous in the wrong hands?

[Lars+T.]

Article in German, Google Translation.

With our searches we are encountered the following connections: The failed Niagara power station belongs too national to Grid the USA . This power supplier is specified as a reference customer of Northern Dynamics. This company calls itself as "Home OF the OPC Experts" and offers a set of products, which use OPC for communication with control and control systems.

OPC stands for Process control "for" OLE for and touches down on Microsofts COM/DCOM model. That is however exactly the technology with the safety hole, which the worm W32.Blaster uses. In a net, in which this worm is active, malfunctioned due to the regular restarts, which observe now final users also concerned with their PCS, DCOM communication and concomitantly OPC on ungepatchten systems.

Story refused yesterday.

Re:Dangerous in the wrong hands?

[TimTheFoolMan]

This is almost funny, were it not something that has affected so many people in a serious way. My group works with OPC systems every day (doing integration work between various BAS systems and 3rd party products), and one of my biggest concerns with OPC is when we're forced to deploy it via DCOM.

By definition, OPC uses COM for local (within the same PC) client/server interaction, and DCOM for client/server interaction across a network. The setup, connect, and disconnect issues surrounding DCOM have spawned an industry within the OPC industry for working around these issues.

For example, some OPC servers require "remote registry browsing." This means exactly what it sounds like. My computer browses the registry of your computer so I can find out what OPC servers you have installed. In one of its better moves, Microsoft told the OPC foundation that future versions of Windows would restrict remote registry browsing, so they've come up with various solutions. However, some older servers still require this for server browsing, and some companies (ahem) are perfectly OK with it!

Last week, I exchanged e-mails with another engineer who suggested that because my group wanted to avoid DCOM security issues, that it must be because we weren't technically savvy enough to do so. I'm on the other side wondering why he's willing to put the customer's system at risk.

Now, back to reality, W32.Blaster attacks a machine using remote procedure calls, and OPC uses RPC to perform client/server data transfer. While setting up a network to facilitate OPC *may* not inherently make it susceptible to W32.Blaster, it may, depending on how Blaster actually works (I don't know enough about it to say one way or the other).

In short, I'm not ready to point the finger at OPC for the blackout, but it wouldn't surprise me to find that many places that implement OPC using DCOM have been hammered by W32.Blaster. The very settings that make it easy to make OPC/DCOM work correctly open their systems up to all sorts of nasty things once a rogue program is running on one of them.

OPC/DCOM (as typically implemented) represents a serious "trust relationship," and most companies don't make process control PCs part of an NT domain. As a result, setting up launch/access/config permissions becomes a tricky and error-prone matter of managing account names and passwords from other PCs. Since managing those becomes a distributed nightmare, many places unwisely don't force those machines to abide by password policy, and (even worse) use simple password & username combos.

This should sound like a recipe for disaster.

Tim

P.S. I sincerely hope that RPC and the W32.Blaster had *nothing* to do with the blackouts, but I doubt that most of the public will ever know. The insiders will most certainly not let out the details if it did.

Re:Dangerous in the wrong hands?

[Dr.+Manhattan]

How many died in this, the biggest outage in the US for decades? A half-dozen.

You don't target the plants. You hit the high-voltage transformers. They step down the power from the high-voltage long-distance power lines to the local transmission lines. There's only ~3000 in the whole United States. They're not made domestically and there's an 18 month lead time on manufacture.

You pick a municipality, e.g. New York. You get ~20 men, armed with automatic weapons and explosives. They start ~1am, and go around taking out HVTs. You have four groups; the first two hits each group makes (maybe more) meet no resistance at all, there's no security on these things beyond a padlocked gate.

By the time people realize that a coordinated attack is going on, and get armed guards capable of fighting off automatic weapons placed around the remaining HVTs, at least 30 of them are down. Restoring power takes weeks, possibly a couple of months. Imagine what that'd do to, e.g., Wall Street.

Now, imagine one of those four groups, instead of targeting HVTs, targets water mains instead. You now have a very large region without power or water. That requires a massive support effort, possibly even refugee camps. Picture the economic impact.

Pick two widely separated regions (e.g. New York and, I dunno, Dallas, Texas (they're even more dependent on water and power for survival there than most)) and you halve the damage to each one but more than double the chaos.

The only weird thing is why something like this hasn't happened yet.

wtc reflection index

[digitalsushi]

i dont know how they referred to it precisely; it was something like reflection index. basically, it was all the stuff floating in the air. i'm not saying this is in any way cool, but it is interesting --

http://digitalsushi.com/wtcreflection.gif

Wrong hands?

[saitoh]

And your telling me that publicising a blackout's cause as being one grid station, and then showing how its braught half of the northeast practically to a halt for a day or two isnt information in the wrong hands?

I'm just waiting for some half baked terrorist to whack off a couple of power grids now... Then our excuse of an administration will want to inspect everything about power right down the the electrons because of "national security"... ;-p

On a larger note, I'm surprised that nobody has really taken it seriously that there are other things in America then commercial airplanes that can bring this nation to its knees (like power, water, lack of a starbucks...)

North Korea

[Eric+Sharkey]

Somehow, even during the blackout, it doesn't look as bad as North Korea on a normal night.

Re:Ridiculous

[dkemist]

using obscurity as the soles means of security is a bad thing. However, using obscurity as another layer of an already hardended system isn't a bad thing, and would in fact be encouraged.

For a quick example, I'm sure the NSA has all sorts of crazy security measures (both physical and virtual) around some of their sensitive systems. Do they publish the specs to the security methods? No, they hide them as much as the secrets they protect. But if the specs were to be revealed, the security itself probably isn't compromised. The obscurity is just another layer on top of any already tight system.

Dangerous in the "right" hands?

[jc42]

Would be interesting to know how the system and software works, but then again, that information could be dangerous in the wrong hands."

Well, maybe, but if it can be kept secret by the authorities, they'll just "explain" it with reassuring PR, while not bothering to do any real fixes to the problems.

A lot of us have had far too much experience with big organizations to believe that secrecy will lead to solving the problems. The right way to prevent such things is to make the entire system public information. Then independent engineers can study it, point out the weakness, and suggest solutions, without worrying about losing their jobs if they go public with the bug reports.

(Hmmm ... This sounds a lot like the explanations of why Open Source software is so much more secure and reliable than proprietary software. ;-)

Re:Not blacked out in New England

[specialized_sworks]

If I interpret the photos correctly, they were taken at 0114Z and 0129Z... only 15 minutes more than exactly 24 hours apart. So I think the relative brightness should be the same.

I would go with extra cloud cover in the second photo as an explanation.

I was funny hearing people talking about lightning strikes near Niagara asa possible cause... There was not a cloud in the area at that time.

-Dubya

MSBlaster and the Blackout....(securityfocus)

[inKubus]

Read this today:

It is ridiculous to accept that a lightning strike could knock out the grid, or the transmission system is over stressed. There are many redundant fault, limit and Voltage-Surge Protection safeguards and related instrumentation and switchgear installed at the distribution centers and sub stations along the Power Grid
that would have tripped to prevent or otherwise divert such a major outage.

I believe that the outage was caused by the MSblaster, or its mutation, which was besieged upon the respective vulnerability in certain control and monitoring systems (SCADA and otherwise) running MS 2000 or XP, located
different points along the Grid. Some of these systems are accessible via the Internet, while others are accessible by POTS dialup, or private Frame relay and dedicated connectivity.

Being an old PLC automation and control hack let me say that there is a very good plausibility that the recent East Coast power outage was due to an attack by an MBlaster variant on the SCADA system at the power plant master terminal, or more likely at several of the remote terminal units "RTU". SCADA runs under Win2000 / XP and
the telemetry to the RTU is accessible via the Internet.

- From what I recall SCADA based monitoring and control systems were installed at many water / sewer processing, gas and oil processing, and hydro-electric plants.

I also believe that yesterdays flooding of a generator sub- facility in Philadelphia was also due to an MBlaster variant attack on the SCADA or similarly Win 2000 / XP based system.

To make things worst, the Web Interface is MS ActiveX. Now lets see, how can one craft an ActiveX vuln vector into the blaster?

Oh, and for the wardrivers, SCADA can be access via wireless connections on the road... puts a new perspective on sniffing around sewer plants.

It is also reasonable to assume that we could have a similar security threat regarding those system (SCADA and otherwise based on MS 2000 or XP) involved in the control, data acquisition, and maintenance of other critical infrastructure, such as inter/intra state GAS Distribution, Nuclear Plant Monitoring, Water and Sewer
Processing, and city Traffic Control. IMO

I think we will see a lot of finger pointing by government agencies, Utilities, and politicians for the Grid outage, until someone confess to the security dilemma and vulnerabilities in the systems which are involved in running this critical infrastructure.

Regardless of whether the Grid outage can be attributed to the blaster or its variant, this is not entirely a Microsoft problem, as it reeks of poor System Security Engineering practiced by the Utility Companies, and associated equipment and technology suppliers.

Nonetheless, the incident will cause lots of money to be earmarked by the US and Canadian Governments, to be spent in an attempt to solve the problem, or more specfically calm the public.

This incident should be fully investigated, and regulations passed to ensure that the Utility companies and their suppliers develop and implement proper safeguards that will help prevent or at least significantly mitigate the
effects of such a catastrophe.

Conversely, I do not want to see our Government directly involved in yet another "business", which has such a controlling impact over our individual lives.

That's quite an improvement

[n9hmg]

Now, if we can just shut off the rest of the outside lights... I'll bet some children saw stars for the first time in their entire lives.

Re:Not blacked out in New England

[usotsuki]

Since I live in Niagara Falls, NY, I can vouch for that.

It was a bright, sunny day. I was in Wilson Farms (convenience store) picking up some supplies, and had just paid for it, when the power just died.

Oddly, the power at home was fine.

-uso.

An even more impressive photo

[devphil]

is the one in the Rotten Library entry for North Korea.

Dark vs. dim and "the wrong hands"

[badasscat]

As a New Yorker, I can assure you the city was 100% dark on Thursday night. The fact that it looks brighter on the satellite view than Ottawa or even Toronto could be for a number of reasons but is most likely due to nothing more than population density - more cars (and their headlights), more people outside (using flashlights, or other light sources to light up local areas), and more businesses with backup power in a smaller amount of space. Most of the light I see on that image from the NY area is on what I know are the major roadways, particularly the NJ Turnpike. The electricity itself, though, was out to 100% of the city. Ottawa wasn't hit any harder than NYC.

As for info on the power grid getting into "the wrong hands", this isn't some sort of national secret. It's not classified information. Some of the security methods used to protect individual plants or other parts of the power grid are not made public, but anyone who watches The Discovery Channel on a fairly regular basis probably has as good an idea of how the power grid works as would be needed to bring part of it down. The method of the failure this time (3 high power transmission lines failing simultaneously, causing an overload) seems remarkably similar to what happened in 1965. Which in itself is pretty ridiculous - this wasn't supposed to happen again. Any terrorist could plant a few bombs at the base of some of these high tension wire towers and bring the system down if this is all it takes - this is not something that would require declassifying information to figure out.

And I don't agree with those who say this is not a dangerous thing. I was one of the millions of New Yorkers who had to walk home over one of our river crossings on Thursday. Imagine a coordinated attack involving first taking out the power to the northeast, followed by any one of the following:

• An aerosol anthrax attack from the air on the millions of people who had taken to the street.
• One or more intentional crashings of small learjet-sized airplanes (probably the biggest they could get away with now) and/or helicopters into the major bridges as millions of people used them to cross the rivers.
• The smuggling of nuclear and/or radiological devices into major cities as power is off to the newly-installed radiation detectors scattered around inner cities.

Those are just a few examples - I'm sure there are many more that terrorists have already thought of. It is very dangerous for power to be completely out in any major city, let alone the northeast - nobody is able to get any news or announcements (land and cel phones were down on Thursday, and even the news outlets not knocked off the air were relying on those who could get through on phones for information), emergency calls cannot be made, emergency vehicles cannot get through streets choked by pedestrians, police and fire departments cannot communicate with their bases, hospitals have to rely on minimal power from backup generators, etc.

Until we heard definitively that this was not a terrorist act on Thursday, everyone in this city was very nervous - I was surely not the only one who thought it could be a setup for something larger. After all, we've been through this before - both large-scale power outages and large-scale terror attacks. Once we were told that it definitely was not terrorism, that's when the partying started - but until that point, there was what I consider to be a perfectly justified fear in the voice of pretty much everyone I talked to.