Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Broke Into Brazil Power Grid Operator's Website Last Thursday

Posted by kdawson on from the wolf-no-really-this-time-i-mean-it dept.

An anonymous reader writes "A week ago, 60 Minutes had a story (we picked it up too) claiming that hackers had caused power outages in Brazil. While this assertion is now believed to be in error, hackers were inspired by the story actually to do what was claimed. Last Thursday, they broke into ONS, the operator of the grid (Google translation; Portuguese original). DarkReading has specific details on the SQL injection vulnerabilities the hackers probably used."

6 of 85 comments (clear)

  1. Re:Really.... by mr+exploiter · · Score: 2, Interesting

    That's not how things work in practice. Remote monitoring from anywhere in the world is too tempting. You can take a look at what kind of thing SCADA vendors are selling to realize things are getting worse before they're getting better.

  2. Re:actually by TubeSteak · · Score: 3, Interesting

    the hackers invaded the _website_, the ONS network of computers that actually control the system is private and not connect to the internet.

    They may not have hacked the power grid, but TFA says the website has all kinds of fun docs which, I'm assuming, any smart hacker would go after in order to study up on their target.

    Never forget that the next best thing to an insider is the freakin' manual.

    --
    [Fuck Beta]
    o0t!
  3. Re:Really.... by Anonymous Coward · · Score: 1, Interesting

    And yet, your bank probably uses internet based VPNs for their ATMs, because they are cheaper to run than dedicated lines.

  4. Re:full disclosure by Anonymous Coward · · Score: 1, Interesting

    What kind of action? Leave the country, then report it. Any government that paranoid of a situation such as you describe is up to something.

  5. Re:Really.... by Itninja · · Score: 3, Interesting

    I've seen this happen. An engineer needed to get some files from his laptop to a Linux server. Since the server was not on the WAN he decided to use a USB drive, which was fine. Except that what he inserted was not a USB drive, but a USB wireless adaptor (he didn't know that). He spent over an house trying to get the 'drive' to work and then (for reasons unknown to me) left the adaptor in the server...maybe he forgot I don't know. It was there for over a week before anyone discovered it.

    I am told by the security people that the adaptor defaulted to 'ad-hoc' mode and could have easily been paired with passerby outside in the parking lot who had the know-how (and presumably the right credentials).

    --
    I judt got a nre Kinesis keybiartf so please excusr ant egregiou typos.
  6. Re:SQL injection? by ArsenneLupin · · Score: 2, Interesting
    Not just Brazilian state-run companies...

    Or maybe not just state-run companies even...