Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Claims He Broke Into Wind Turbine Systems

Posted by samzenpus on from the I've-got-the-power dept.

itwbennett writes "Claiming revenge for an 'illegitimate firing,' someone has posted screenshots and other data, apparently showing that he was able to break into a 200 megawatt wind turbine system owned by NextEra Energy Resources, a subsidiary of Florida Power & Light. In an e-mail interview, Bgr R said he's a former employee who discovered a vulnerability in the company's Cisco security management software that he then used to hack into the SCADA systems used to control the turbines. His motive was to embarrass the company, he said."

67 of 105 comments (clear)

  1. You don't need a weatherman by JamesonLewis3rd · · Score: 1

    I'm sure that NextEra Energy Resources, a subsidiary of Florida Power & Light, was mortified.

    --
    Hebrews 11:8
    Jeremiah 33:3
    1. Re:You don't need a weatherman by The+Mysterious+Dr.+X · · Score: 1, Funny

      Wow. This just proves that you can never be too careful with your wind energy security... I had always thought of NextEra Energy Resources as one of the most secure energy systems in all of Florida, but this guy's success would seem to prove otherwise. I'll have to be more careful in the future. I may even have to privatize all of my wind energy needs... Anyone selling a turbine?

    2. Re:You don't need a weatherman by Anonymous Coward · · Score: 1

      Wow. This just proves that you can never be too careful with your wind energy security... I had always thought of NextEra Energy Resources as one of the most secure energy systems in all of Florida, but this guy's success would seem to prove otherwise. I'll have to be more careful in the future. I may even have to privatize all of my wind energy needs... Anyone selling a turbine?

      To be fair, it doesn't really prove anything. It could be a hoax, as the article mentions, and FPL is denying any knowledge of the incident ever occurring. He also didn't really give any info about the supposed vulnerability in the Cisco architecture.
      But on the other hand, they DO use a Siemans controlling system, and it would not surprise me at all if he stumbled across one of the government's "secret" backdoors.

      So without any details, the juries still out as to whether this was really hacked or not. But it should certainly be a wake-up call to the industry that they need to perform regular intrusion tests and system audits.

    3. Re:You don't need a weatherman by The+Mysterious+Dr.+X · · Score: 1

      I can't tell if my sarcasm was too subtle or if yours is simply more so.

    4. Re:You don't need a weatherman by dr2chase · · Score: 1

      Zen sarcasm.

    5. Re:You don't need a weatherman by plover · · Score: 2

      Supposedly he accessed the SCADA system. If so, he could alter the behavior of any or all of the mechanical controls: he could disable the logic that locks the wind turbine blades when the wind is too strong in order to prevent damage. He could shut off the lubricating pumps, and send phony sensor data back indicating the bearings are all operating within normal temperature and vibration parameters. He could remove the generator load, allowing the blades to freewheel, then instantly reconnect the full load once the blades were spinning over their max rated speed. He could alter the pitch of the blades (possibly one blade at a time) causing an out-of-balance condition. He could alter the motors that position or hold the turbine blades facing into the wind. Basically, changing any limiting parameter that prevents the system from damaging itself places the system at risk.

      There is no doubt a long list of potential attacks, both subtle and overt, that a well placed hacker could execute. I am not a wind-generator expert, so any or all of the above suggestions could be completely off-base, but I took inspiration from the damage Stuxnet was coded to cause. A real wind-generator engineer would no doubt have a real list of actual damage a malprogrammed SCADA system could inflict.

      --
      John
    6. Re:You don't need a weatherman by SCHecklerX · · Score: 1

      Luckily, real engineers, and not computer programmers, are the ones that design the systems themselves, and the mechanical failsafes typically cannot be programmed or overridden by software. Still, the security nightmare that is SCADA needs to be fixed.

    7. Re:You don't need a weatherman by plover · · Score: 2

      Do you know for sure that's true, or is that something you desperately want to believe with all your heart that we're not stupid enough to turn over all mechanical functions to embedded systems? Because I have to say I've been amazed to learn of the diversity of different physical systems that have been turned over to software control. Sensors, motor speed controllers, pumps, switches, relays, etc., all are frequently software operated, or have some measure of software control over them.

      Power companies are no strangers to automation systems. They've been early adopters in the field of automating control systems because their systems are so geographically diverse. And it's hard to blame the engineers, because those things make systems flexible, easy to monitor, and easy to manage, all from remote sites. Any time you can use a controller that will save a maintenance guy a trip in a truck and up a ladder, you're saving money and improving problem response time.

      Sure, I like to imagine that there are still failsafe mechanical systems in place. That if there is too much current that some fuse will blow, or that a cog will trip an actual power relay when some motor tries to reach beyond its absolute limit of travel. But I've also come to believe that even the most innocuous devices could be subverted to cause serious problems. Maybe it's a sump pump, responsible for draining rainwater from a motor pit, or a ventilation louver that is supposed to close when the rain sensors are tripped. Maybe it's the lubrication system, or the weather vane, or the access hatch, or a hydraulic pump.

      I see the cost of everything trumps engineering decisions all around us. I have so little faith that everyone is doing things "the right way" instead of "the cheap way" that I would be surprised if these systems couldn't be remotely destroyed by a malicious attacker.

      --
      John
    8. Re:You don't need a weatherman by uninformedLuddite · · Score: 1

      I have privatised all of my energy and water needs. It is a very good feeling. I haven't had a power bill in 4 years. I have had to run a generator at times mainly for battery maintenance. The fuel came mostly came from chip shop waste. Adding another 3.5Kw over the next twelve weeks which will cut generator use to pretty much battery maintenance only. If I could privatise my communications that would be great but it's never going to happen.

      --
      The new right fascists are bilingual. They speak English and Bullshit.
  2. Former employee? by atari2600a · · Score: 4, Insightful

    Well that pretty fucking much limits the list of possible suspects now doesn't it?

    1. Re:Former employee? by Anonymous Coward · · Score: 1

      If I was a random hacker thats what i would say!

    2. Re:Former employee? by taiwanjohn · · Score: 1

      Hope he covered his tracks well. Not sure how useful Cisco hacking skills would be in prison.

      --
      XML is like violence. If it doesn't solve your problem, you're not using enough of it. --AC
    3. Re:Former employee? by fostware · · Score: 3, Funny

      At least he's used to port protection and possibly port blocking

      --
      "We know what happens to people who stay in the middle of the road. They get run over." - Aneurin Bevan
    4. Re:Former employee? by Tx · · Score: 2

      Yes, he'd have to worry more about securing his own backdoor, rather than exploiting anyone else's.

      --
      Oh no... it's the future.
    5. Re:Former employee? by DoofusOfDeath · · Score: 1

      Hope he covered his tracks well.

      Do you mean that literally? Because honestly, I hope people who hack into power systems get caught.

    6. Re:Former employee? by karnal · · Score: 1

      He'll be taught all the joys of port address translation.

      --
      Karnal
    7. Re:Former employee? by jimbolauski · · Score: 1

      I'm sure he is more worried about a SQL injection.

      --
      Knowledge = Power
      P= W/t
      t=Money
      Money = Work/Knowledge so the less you know the more you make
    8. Re:Former employee? by Sky+Cry · · Score: 1

      1) Depends on how many people you fire every day.
      2) It's dangerous to believe everything your enemies tell you.

    9. Re:Former employee? by Anonymous Coward · · Score: 1

      He'll learn all about the proper use of SOAP too.

  3. This seems like a terrible plan... by fuzzyfuzzyfungus · · Score: 1

    Given that getting hacked is practically an Industry Standard Best Practice(tm) by now, I'm pretty sure that some random subsidiary of a utility company that most of its customers think of as "the power bill" will be largely immune to embarrassment, even in financial terms. If you then narrow the list of suspects down, the odds are higher than you would like of getting some slammer time in exchange for basically nothing.

    Unless pen-testing them is your job, I would say that you should either stay the hell out of turbine SCADA systems, or go in with a clever plan to have them shake themselves apart. Anything in between, though, is just a risky waste of time.

    1. Re:This seems like a terrible plan... by WrongSizeGlass · · Score: 1

      ... or go in with a clever plan to have them shake themselves apart.

      So something like Stuxnet for wind turbines?

    2. Re:This seems like a terrible plan... by fuzzyfuzzyfungus · · Score: 1

      That was the example that I had in mind.

  4. Re:Wind turbines? Insecure! Let's abolish them! by mug+funky · · Score: 3, Funny

    yes. too much can go wrong. this has the potential to be another Windscale.

    i suggest we go to nuclear as soon as feasible.

  5. Hacker breaks wind by Anonymous Coward · · Score: 5, Funny

    News at 11.

  6. Sounds dodgy to me... by BrokenHalo · · Score: 5, Insightful

    In an e-mail interview, Bgr R said he's a former employee who discovered a vulnerability in the company's Cisco security management software that he then used to hack into the SCADA systems

    That just tripped my bullshitometer. Most Cisco systems (in my experience) are pretty robust, but an employee would have been in a good position to create an open door for himself to use later. So the "vulnerability" (if I'm right) would simply be his employer's misplaced trust in him.

    1. Re:Sounds dodgy to me... by amanicdroid · · Score: 3, Insightful

      Oo oo I love Cisco Jeopardy! I'll go with:

      What is he had remote access to the KVM that the Cisco's console port was connected to?

    2. Re:Sounds dodgy to me... by olden · · Score: 1

      ...or he just knew that the password to remotely administer the thing was 'cisco'.
      But if it was indeed so easy, he's certainly not the only one to have figured that out by now. :/

    3. Re:Sounds dodgy to me... by Charliemopps · · Score: 2

      They are more robust than the people maintaining them. Most systems I've worked on have been years behind in updates and how do they maintain their logins? Does the entire site use the same login like I saw at one place? Did his boss keep his login and pass on a sticky note on his desk?

    4. Re:Sounds dodgy to me... by drinkypoo · · Score: 1

      There have been tons of remote holes in Cisco routers over the years, there are plenty of advisories just lying around for the googling. If they're running outdated IOS for some reason, it makes it all the more likely.

      --
      "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
    5. Re:Sounds dodgy to me... by Anne_Nonymous · · Score: 2

      I was at a friend's workplace on Sunday and needed web access. Fortunately a co-worker had written her password on the bezel of her monitor with a Sharpie.

    6. Re:Sounds dodgy to me... by aardwolf64 · · Score: 2

      I worked for a Fortune 500 company (who shall remain nameless) that distributed the Cisco VPN client with the group password already set. I took the config file and Googled the hash, and came up with the password. Turns out that's the same password they used for the Domain Admin. I'd be surprised if it didn't go to other important things as well...

    7. Re:Sounds dodgy to me... by KnownIssues · · Score: 1

      It could have been a vulnerability in the configuration of the company's Cisco security management software.

    8. Re:Sounds dodgy to me... by splatter · · Score: 1

      Damn I never thought of googling a hash to get a plain text, that is clever. I bow to your google-Fu...

      --
      "(I) have this unfortunate condition that causes me not to believe a single thing any politician says when a mic's on.
  7. Re:hacker? i call him jerk by Smallpond · · Score: 1

    Especially when "hacked in" might be "used the default password"

  8. "His motive was to embarrass the company" by Huntr · · Score: 2

    Um, not gonna work. Like most power companies, FP & L has no shame.

  9. Why Use The Internet To Communicate by rally2xs · · Score: 1

    Saaaayyy... something this important, why are these jokers doing communications through the internet? It should be bloody difficult to even intercept control signals for these wind turbines, nuke power plants, etc. IOW, they should be using dedicated wires and microwave point-to-point communications with encryption, not broadcasting it all over the entire planet for everybody to be able to try to "hack" it.

    1. Re:Why Use The Internet To Communicate by skids · · Score: 1

      Well, this hack is probably a hoax, but to answer your question, a lot of the small power industry is full of people who do not let security get in the way of the bottom line, or expedience. This is less true of the well established, institutional systems... but new upstart companies and newly acquired subsidiaries sometimes shoot from the hip while they are building things. I remember reading of a hydro refurb where they were using SMS for controls on a dam. I guess part of it is that we now have people getting up into project management who have grown up as end-users and the worst computer security consequence they have ever internalized was losing their MP3 collection to a Windoze reinstall.

      These are "daring entrepeneurs" here. They expect the tech to work, know at least some of what it can do, but don't have an idea of the side-effects of their actions.

      --
      Someone had to do it.
  10. Alternate Headline by Anonymous Coward · · Score: 1

    Hacker Claims He Broke Wind Into Turbine Systems

  11. Re:Wind turbines? Insecure! Let's abolish them! by burni2 · · Score: 1

    Yes because a wind turbine going havoc causes the public order to collapse, instead of a nice and silent nuclear reactor meltdown.

  12. Just waiting for the follow-up... by BagOCrap · · Score: 4, Funny

    When the shit hits the fan.

    --
    -- Chaos, panic, pandemonium... My job here is done!
    1. Re:Just waiting for the follow-up... by groslyunderpaid · · Score: 1

      I haven't chuckled that well on /. in a while. Thank you, sir, and your u/n for the double wordplay.

  13. OPC involved? by anchovy_chekov · · Score: 1

    I'm never surprised when I hear about industrial systems getting hacked for two reasons: (1) the venerable OPC protocol and (2) the mad insistence of IT departments that everything - including process control systems - has to come under their control.

    There's nothing wrong with OPC per se, but it relies on DCOM (which isn't secure). Even if they've moved to the better OPC UA or some other architecture there's still the craziness of making industrial systems accessible over the corporate network.

  14. Oh no! by chill · · Score: 1

    What if he were a terrorist? Al-queda could sabotage the wind turbines, creating a MASSIVE wind spill! Think of the economic impact...the devastated lives...the broken families! Did we learn nothing from BP in the Gulf?

    Oh the humanity!

    We need Michael Bay to create a movie to fully articulate the possibilities of such a disaster. Wind everywhere...

    --
    Learning HOW to think is more important than learning WHAT to think.
  15. Stupid goal by DoofusOfDeath · · Score: 5, Funny

    He'll risk prison just to break wind in public?

  16. Dear world.... by Lumpy · · Score: 1

    MOST SCADA systems are horribly protected. idiot managers and phb's want remote access to systems that should be on protected and isolated networks. Please sack the managers that demand remote internet access to SCADA systems that do not have a legitimate reason other than to satisfy the demand of that manager.

    I know of several Water filtration plants that are horribly open to attack because the supervisor of them is too damn lazy to drive in to do his work. And YES you can easily make a secure connection between the SCADA system and a unprotected network for extraction of data, A one way 100bt or 1000bt connection is trivial to do by anyone that is competent in networking, removal of the RX wires makes it impossible for any hacker on this planet to get into the system. And yes you CAN broadcast data and receive it on the server to give a live view for the managers as well as for data logging to their favorite MS Access script.

    Instead we get the entire scada system on the municipality's network with full internet access and have employees checking email and surfing the web on the freaking SCADA interface PC's.

    --
    Do not look at laser with remaining good eye.
    1. Re:Dear world.... by pnewhook · · Score: 1

      Yes. And if you dont want anyone breaking into your house, only put in an OUT door and cut the IN door. lol - you do realize internet lines are not only one way, right?

      --
      Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
    2. Re:Dear world.... by Lumpy · · Score: 1

      You obviously don't understand how ethernet works at all.
      Please come back when you have a basic education about the topic at hand.

      --
      Do not look at laser with remaining good eye.
    3. Re:Dear world.... by pnewhook · · Score: 1

      I do. If you think you can cut the receive lines and leave only the transmit, and still have a functioning ethernet system then you are a complete moron. You are the one that needs basic education about the ethernet protocol.

      --
      Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
    4. Re:Dear world.... by pnewhook · · Score: 1

      If you were going to go through the bother of rewriting the code so it didn't check for the handshakes just so you can cut the receive wires, then why not just write the software so it doesn't accept incoming packets? Please get a basic understanding of how things work before you go off and comment on them.

      --
      Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
    5. Re:Dear world.... by Lumpy · · Score: 1

      I suggest you learn networking as well as Ethernet, oh and take your lithium your Bipolar is showing.

      Here is some reading material that might be too advanced for you, but I like to share...

      http://www.sun.com/bigadmin/content/submitted/passive_ethernet_tap.jsp -- how to receive only network traffic.
      http://www.public.asu.edu/~sksrini2/Projects/TFTP/AP36.pdf -- basics on how to broadcast data on transmit only, might be too advanced for you.
      http://www.stearns.org/doc/one-way-ethernet-cable.html -- more info for your basic education.

      and that was with 3 seconds of Google searching... another thing you seem to be incapable of understating, there are a lot of websites out there that can help you learn how to use a search engine and google.

      Also look up what UDP broadcast is, you seem to be significantly deficient in your education as a whole. Networking is hard, you should leave it to those of us that know what we are doing and actually have an education in it.

      --
      Do not look at laser with remaining good eye.
  17. Yes, but by Fr05t · · Score: 1

    pics or it didn.... oh.

  18. Not so illigitimate. by Restil · · Score: 1

    Justification for his firing is sounding better and better all the time.

    -Restil

    --
    Play with my webcams and lights here
  19. FAKE by StickyWidget · · Score: 4, Insightful
    FAA: "Wind power company sees no evidence of reported hack
    " http://www.itworld.com/security/156817/wind-power-company-sees-no-evidence-reported-hack

    Also:
    http://seclists.org/fulldisclosure/2011/Apr/264
    http://seclists.org/fulldisclosure/2011/Apr/265

    ~Sticky

  20. Link to pics? by vlm · · Score: 1

    Anyone got a link to the actual pics that the article merely talks about? Would be hilarious if he's trying to pass off vendor instruction / tech manual screen shots as his "proof".

    The guy could have caused a heck of a lot more disruption if he knew he was going to be canned and collected his screenshots first... You can imagine the extremely expensive chaos if he later publishes screenshots of a system that in fact cannot be remotely broken into. Millions of dollars spent trying to figure out how he got in, when he never did. The comedy might come later when they discover its actually wide open after all. Would that be considered ironic in the real sense, or only in the angsty music sense?

    Another question is what does a typical SCADA do at a windmill? Can anything really bad happen? I'm guessing the inputs will be RPM, transmission oil temp, windspeed.... maybe temperature to detect icing conditions (err does it ever freeze in FL?) ... maybe some vague vibration sensor thingy to detect damage... The outputs at a windmill SCADA are maybe AoA of the blades if they're dumb enough to control that remotely instead of internal to the control system, and probably a braking system to shut er down remotely. What I'm getting at, is theres not too much possibility of damage here, compared to a refinery SCADA or ... pretty much any other SCADA installation I have heard of (in strong contrast to the ones I've actually worked with, that are pretty harmless). I guess worst case scenario is you could Possibly theoretically thru horrible system design allow someone to remotely reprogram the automatic blade feathering speed and next time a hurricane blows thru the blades could fly off, although that'll be blamed as an act of god rather than hack. Why you'd allow someone to remotely reprogram something like that is mystifying, sounds like engineering malpractice at the design phase to me.

    I'm sure there's plenty of fear mongering, like the SCADA could program the onsite R2D2 droid to use its arm to unscrew the bolts holding the blade to the hub, and BS like that, but is there actually any possibility of damage? I'm guessing no.

    Finally, not to violate any NDAs, but at one of the many telecom operations I worked for, we had a very elaborate and expensive SCADA system that was almost purely read only... Thousands of channels of read only data... temperature of all kinds of communications gear, humidity to detect rain leaks, nitrogen system pressure, essentially the worlds most expensive monitored door security system, voltage of pretty much anything that generates a voltage either for power or communications monitoring, alarm connections on all gear that has alarm relay outputs... If someone broke into that SCADA hoping to "blow up the phone company" they would probably be very pissed off that the only remotely controllable output was an indicator light (to be used as a morse code order wire if all else failed, also we periodically blinked those lights so the remote site techs knew if they saw it blink once in a while, the SCADA system was up, and of course the light shared the SCADAs power system to prove it even had power). I guess it could be considered confidential secret knowledge that relay rack #7 is running about 82 degrees F at this moment, if nothing else you now know we have at least 7 racks on site... but its not exactly going to destroy the world if anyone finds out it exists or that its 82 as opposed to 81 or 83 degrees. I'm guessing a windmill is equally hands off, there's just not that many knobs and levers to be controlled in person, much less remotely.

    --
    "Science flies us to the moon. Religion flies us into buildings." - Victor Stenger
    1. Re:Link to pics? by StickyWidget · · Score: 2
      http://seclists.org/fulldisclosure/2011/Apr/264 [seclists.org]
      http://seclists.org/fulldisclosure/2011/Apr/265 [seclists.org]

      ~Sticky

    2. Re:Link to pics? by johnny+cashed · · Score: 1

      Sure, one wind farm, you can't cause any trouble. However, if you hack a whole bevy of windfarms, you can command the grid to back feed the wind turbine, turning them into gigantic fans that can then alter the rotation of the earth itself. Not to mention the ability to blow away small towns. Truly a threat of S.P.E.C.T.R.E proportions.

  21. ...and commit a Felony by realsilly · · Score: 1

    Is this guy really touting that he hacked this stuff, because he was let go from his job? Embarrassing a company is nothing new these days. Assuming his claims are indeed true, he's now boasted about his mis-deeds and it will only served to be used against him in a court of law.

    --
    Life takes interesting turns, but the most interest is when you're off the beaten path.
    1. Re:...and commit a Felony by nedlohs · · Score: 1

      And the government will do enough squinting to frame it as an terrorist attack on essential energy infrastructure.

    2. Re:...and commit a Felony by tnk1 · · Score: 1

      Idiots that carry out these actions don't do it so that they can get away with it, otherwise it would be very carefully made to look like an accidental malfunction. They want everyone to know how much smarter they are than their employer.

      The problem with their tactics are that:

      a) getting caught means they will get in a lot more trouble than simply losing their job, proving beyond a doubt that they are self-destructive and stupid.
      b) having something break isn't going to show how stupid the company is, they'll just blame someone who misused access and PR the structural issues into oblivion.
      c) even if he succeeded in seriously damaging the company, he'd probably just get a bunch of innocent (and likely more competent) people fired.

      His action is a purely emotional response to getting fired, and as such, is not going to make rational sense.

  22. Air Humor by Fnord666 · · Score: 1

    "It's probably still up in the air as to whether this was a real threat or a hoax," Cusimano said.

    Hopefully he put air quotes around that as well.

    --
    'The tyrant will always find pretext for his tyranny.' - Aesop's Fables
  23. Re:WTF by pnewhook · · Score: 1

    Glad to be living on the seacoast in NH.

    Well since you are so paranoid, I'd like to point out that Ontario Canada generates over 200 times the nuclear generation capacity of Florida, and it's right next door to NH !

    --
    Tesla was a genius. Edison however was a overrated hack who liked to torture puppies.
  24. Re:Wind turbines? Insecure! Let's abolish them! by GameboyRMH · · Score: 1

    this guy want to blow us all!

    And how is that a bad thing? I personally don't swing that way, but I can only applaud this guy's generosity.

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  25. Re:Wind turbines? Insecure! Let's abolish them! by GameboyRMH · · Score: 1

    I heard their foundations are built with a material composed partly of dihydrogen monoxide! 8-(

    --
    "When information is power, privacy is freedom" - Jah-Wren Ryel
  26. Re:WTF by tnk1 · · Score: 1

    Not to mention when the megatsunami from the Canary Islands arrives at some point in the future, you can expect that your house will be upgraded to houseboat in one easy step.

  27. Re:WTF by dimethylxanthine · · Score: 1

    I'd like to point out that Ontario Canada generates over 200 times the nuclear generation capacity of Florida

    [citation needed]

  28. What this probably is. by DarthVain · · Score: 1

    I have been to a wind farm and seen the setup. I would not be surprised if this is possible at all.

    Basically you have a company that runs the windmills and you have a different company that actually builds the damn things.

    So while NextEra Energy Resources may run the stupid things, likely someone like Siemens actually built the things. Generally speaking while NextEra Energy Resources may maintain things, Siemens would really be the technical experts.

    Thus this is why I was told companies like Siemens can actually connect to windmills in the US and Canada from Denmark or wherever they are located. They have full control so they can try and fix problems remotely. They do this over the Internet. As soon as I heard that, I was like "What? Really?" as it was a huge red flag for security. Of course these are supposed to be secure systems, but I know the one I saw didn't look all that awfully sophisticated. If there was a "flaw" in the system, someone that works there, particularly in IT would be well placed to discover it. Likely he was able to connect much like Siemens would.

  29. Re:Wind turbines? Insecure! Let's abolish them! by cbiltcliffe · · Score: 1

    No kidding.

    That stuff makes the sweat pour off me....

    --
    "City hall" in German is "Rathaus" Kinda explains a few things......