Slashdot Mirror

← Back to Stories (view on slashdot.org)

Experts Hack Power Grid in Less Than a Day

Posted by samzenpus on from the quick-everyone-panic dept.

bednarz writes "Cracking a power company network and gaining access that could shut down the grid is simple, a security expert told an RSA audience, and he has done so in less than a day. Ira Winkler, a penetration-testing consultant, says he and a team of other experts took a day to set up attack tools they needed then launched their attack, which paired social engineering with corrupting browsers on a power company's desktops. By the end of a full day of the attack, they had taken over several machines at the unnamed power company, giving the team the ability to hack into the control network overseeing power production and distribution."

20 of 302 comments (clear)

  1. Re:I hate the term "Social Engineering" by causality · · Score: 5, Funny

    What's wrong with the good old fashioned "lying" or "scamming"? Fucking con-artists trying to sound legit. It's "social engineering" if you fell for it.
    --
    It is a miracle that curiosity survives formal education. - Einstein
  2. penetration-testing? by Anonymous Coward · · Score: 5, Funny

    How do i get a job as a penetration tester? I wonder what that interview would be like?

    1. Re:penetration-testing? by Anonymous Coward · · Score: 4, Funny

      If an applicant goes to an interview, then he cannot merit the job.

      In penetration testing, the successful applicant hires himself.

    2. Re:penetration-testing? by gnud · · Score: 4, Funny

      I wonder how that works as a pickup line.
      Hey Baby, have you been with an professional penetrator before?

  3. Pfft.. by dartarrow · · Score: 5, Funny

    Trinity did it in 3 minutes.

    In Leather

    --
    I love humanity, it is people I hate
  4. By the power of Grayskull... by Bob54321 · · Score: 4, Funny

    He better of said "I have the power!" when he finally had access to everything.

    --
    :(){ :|:& };:
  5. Best Job Ever by SmlFreshwaterBuffalo · · Score: 5, Funny

    "Trust me baby, I'm a professional. See? It says so right here on my card -- Penetration-Testing Consultant."

  6. Re:free electricity? by Anonymous Coward · · Score: 2, Funny

    An unknown someone in Great Britain got free power for an unknown factory for an unspecified amount of time, because they knew another unknown someone at the unnamed power company. Sometime in the late 1940s.

    No-one was ever caught.

    Cops probably didn't have much to go on, really.

    That's a great story. Delivery could use a little work though.

  7. Re:I'm Shocked! by kestasjk · · Score: 2, Funny

    Yup the terrorists could shut down the power grid; it'd be like 9/11 but with light bulbs instead of people!

    Since OTT security costs OTT money I think they should stick with sane security checks, and not worry about headline grabbing pranks like these

    --
    // MD_Update(&m,buf,j);
  8. Re:I'm Shocked! by Anpheus · · Score: 4, Funny

    Wait, guys, I have a fix!

    *unplugs cat-5 from firewall between power control computer and local intranet*

    Wait, you were saying something about prevention and deterrence and I rudely interrupted. Please, carry on.

  9. So the Fuck What? by EdIII · · Score: 5, Funny

    Nobody would ever, ever, ever take down the power grid. Do you realize the implications of such an act? Screw 9/11 .... We are talking about PORN here. Hundreds of thousands of men that get off work everyday, all at different shifts, and have their pants around their ankles within 10 minutes of being home.

    You turn the power off, you take away the porn, the air conditioning for the cold beer, the TV to distract you from your bullshit. You force men to deal with that and I predict a couple hundred thousand men rabidly searching for whoever was responsible for THAT.

    Bin Laden has not been found yet, the idiot that takes out the power grid will be found in 30 minutes.....

  10. Re:Here is a "sane" security measure by kestasjk · · Score: 2, Funny

    I'm sure they have a good reason for it; they're not stupid

    --
    // MD_Update(&m,buf,j);
  11. Hilarious editorial problem by Dekortage · · Score: 2, Funny

    From the article: "In addition to consulting, Winkler is author of the books Spies Among Us and Zen and the Art of Information Security."

    (italics in the original)

    Spies Among Us and Zen? Can't wait to read that. And: "Hi, I'm Art. Art of Information Security." Or maybe that is a coffee-table book of famous paintings reimagined through security logs, Matrix-style.

    --
    $nice = $webHosting + $domainNames + $sslCerts
  12. Re:Here is a "sane" security measure by somersault · · Score: 3, Funny

    I'm sure they have a good reason for it; they're not stupid Haaaaaaaahahahahahahahahahaaaaahahahahaa! xD good one
    --
    which is totally what she said
  13. die hard by keirre23hu · · Score: 3, Funny

    I'm not impressed, the bad guy in the last Die Hard took down the grid in a couple of minutes..

  14. Unnecessary:The Cylons have been gone 40 years now by boombaard · · Score: 3, Funny

    Commander Adama: "It's an integrated compter network, and I will not have it
    aboard this ship!"
    Secretary Rosalyn: "I heard you're one of those people... you're actually
    afraid of computers."
    Commander Adama: "No... there are many computers on this ship. But they're
    not networked!"
    Secretary Rosalyn: "A computerized network would simply make it faster and
    easier for the teacher's to be able to teach..."
    Commander Adama: "Let me explain something to you...
    Commander Adama: "... many good men and women lost their lives aboard this
    ship, because someone wanted a faster computer to make life easier. I'm
    sorry that I'm inconveniencing you or the teachers, but I will not allow...
    a network computerized system to be placed on this ship while I'm in
    command. Is that clear?"
  15. Re:I'm Shocked! by 6Yankee · · Score: 4, Funny

    How can he? He was posting from that power control box, you insensitive clod!

  16. Call us when you get into the billing system... by jpellino · · Score: 3, Funny

    ...then you'll have our attention.

    --
    "Win treats sysadmins better than users. Mac treats users better than sysadmins. Linux treats everyone like sysadmins."
  17. Re:I hate the term "Social Engineering" by aproposofwhat · · Score: 2, Funny

    That's 'scamming', not spamming, dufus!

    --
    One swallow does not a fellatrix make
  18. Take it a step farther by Gription · · Score: 2, Funny

    Actually the USB drives don't even fall under the heading of 'Social Engineering'. Social engineering involves communicating with someone. The only way it could be social engineering is if you are interacting with your hardware on WAY to much of a personal level.