Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacker Claims He Broke Into Wind Turbine Systems

Posted by samzenpus on from the I've-got-the-power dept.

itwbennett writes "Claiming revenge for an 'illegitimate firing,' someone has posted screenshots and other data, apparently showing that he was able to break into a 200 megawatt wind turbine system owned by NextEra Energy Resources, a subsidiary of Florida Power & Light. In an e-mail interview, Bgr R said he's a former employee who discovered a vulnerability in the company's Cisco security management software that he then used to hack into the SCADA systems used to control the turbines. His motive was to embarrass the company, he said."

17 of 105 comments (clear)

  1. Former employee? by atari2600a · · Score: 4, Insightful

    Well that pretty fucking much limits the list of possible suspects now doesn't it?

    1. Re:Former employee? by fostware · · Score: 3, Funny

      At least he's used to port protection and possibly port blocking

      --
      "We know what happens to people who stay in the middle of the road. They get run over." - Aneurin Bevan
    2. Re:Former employee? by Tx · · Score: 2

      Yes, he'd have to worry more about securing his own backdoor, rather than exploiting anyone else's.

      --
      Oh no... it's the future.
  2. Re:Wind turbines? Insecure! Let's abolish them! by mug+funky · · Score: 3, Funny

    yes. too much can go wrong. this has the potential to be another Windscale.

    i suggest we go to nuclear as soon as feasible.

  3. Hacker breaks wind by Anonymous Coward · · Score: 5, Funny

    News at 11.

  4. Sounds dodgy to me... by BrokenHalo · · Score: 5, Insightful

    In an e-mail interview, Bgr R said he's a former employee who discovered a vulnerability in the company's Cisco security management software that he then used to hack into the SCADA systems

    That just tripped my bullshitometer. Most Cisco systems (in my experience) are pretty robust, but an employee would have been in a good position to create an open door for himself to use later. So the "vulnerability" (if I'm right) would simply be his employer's misplaced trust in him.

    1. Re:Sounds dodgy to me... by amanicdroid · · Score: 3, Insightful

      Oo oo I love Cisco Jeopardy! I'll go with:

      What is he had remote access to the KVM that the Cisco's console port was connected to?

    2. Re:Sounds dodgy to me... by Charliemopps · · Score: 2

      They are more robust than the people maintaining them. Most systems I've worked on have been years behind in updates and how do they maintain their logins? Does the entire site use the same login like I saw at one place? Did his boss keep his login and pass on a sticky note on his desk?

    3. Re:Sounds dodgy to me... by Anne_Nonymous · · Score: 2

      I was at a friend's workplace on Sunday and needed web access. Fortunately a co-worker had written her password on the bezel of her monitor with a Sharpie.

    4. Re:Sounds dodgy to me... by aardwolf64 · · Score: 2

      I worked for a Fortune 500 company (who shall remain nameless) that distributed the Cisco VPN client with the group password already set. I took the config file and Googled the hash, and came up with the password. Turns out that's the same password they used for the Domain Admin. I'd be surprised if it didn't go to other important things as well...

  5. "His motive was to embarrass the company" by Huntr · · Score: 2

    Um, not gonna work. Like most power companies, FP & L has no shame.

  6. Just waiting for the follow-up... by BagOCrap · · Score: 4, Funny

    When the shit hits the fan.

    --
    -- Chaos, panic, pandemonium... My job here is done!
  7. Stupid goal by DoofusOfDeath · · Score: 5, Funny

    He'll risk prison just to break wind in public?

  8. FAKE by StickyWidget · · Score: 4, Insightful
    FAA: "Wind power company sees no evidence of reported hack
    " http://www.itworld.com/security/156817/wind-power-company-sees-no-evidence-reported-hack

    Also:
    http://seclists.org/fulldisclosure/2011/Apr/264
    http://seclists.org/fulldisclosure/2011/Apr/265

    ~Sticky

  9. Re:Link to pics? by StickyWidget · · Score: 2
    http://seclists.org/fulldisclosure/2011/Apr/264 [seclists.org]
    http://seclists.org/fulldisclosure/2011/Apr/265 [seclists.org]

    ~Sticky

  10. Re:You don't need a weatherman by plover · · Score: 2

    Supposedly he accessed the SCADA system. If so, he could alter the behavior of any or all of the mechanical controls: he could disable the logic that locks the wind turbine blades when the wind is too strong in order to prevent damage. He could shut off the lubricating pumps, and send phony sensor data back indicating the bearings are all operating within normal temperature and vibration parameters. He could remove the generator load, allowing the blades to freewheel, then instantly reconnect the full load once the blades were spinning over their max rated speed. He could alter the pitch of the blades (possibly one blade at a time) causing an out-of-balance condition. He could alter the motors that position or hold the turbine blades facing into the wind. Basically, changing any limiting parameter that prevents the system from damaging itself places the system at risk.

    There is no doubt a long list of potential attacks, both subtle and overt, that a well placed hacker could execute. I am not a wind-generator expert, so any or all of the above suggestions could be completely off-base, but I took inspiration from the damage Stuxnet was coded to cause. A real wind-generator engineer would no doubt have a real list of actual damage a malprogrammed SCADA system could inflict.

    --
    John
  11. Re:You don't need a weatherman by plover · · Score: 2

    Do you know for sure that's true, or is that something you desperately want to believe with all your heart that we're not stupid enough to turn over all mechanical functions to embedded systems? Because I have to say I've been amazed to learn of the diversity of different physical systems that have been turned over to software control. Sensors, motor speed controllers, pumps, switches, relays, etc., all are frequently software operated, or have some measure of software control over them.

    Power companies are no strangers to automation systems. They've been early adopters in the field of automating control systems because their systems are so geographically diverse. And it's hard to blame the engineers, because those things make systems flexible, easy to monitor, and easy to manage, all from remote sites. Any time you can use a controller that will save a maintenance guy a trip in a truck and up a ladder, you're saving money and improving problem response time.

    Sure, I like to imagine that there are still failsafe mechanical systems in place. That if there is too much current that some fuse will blow, or that a cog will trip an actual power relay when some motor tries to reach beyond its absolute limit of travel. But I've also come to believe that even the most innocuous devices could be subverted to cause serious problems. Maybe it's a sump pump, responsible for draining rainwater from a motor pit, or a ventilation louver that is supposed to close when the rain sensors are tripped. Maybe it's the lubrication system, or the weather vane, or the access hatch, or a hydraulic pump.

    I see the cost of everything trumps engineering decisions all around us. I have so little faith that everyone is doing things "the right way" instead of "the cheap way" that I would be surprised if these systems couldn't be remotely destroyed by a malicious attacker.

    --
    John