Slashdot Mirror

← Back to Stories (view on slashdot.org)

Wind Power Firm Sees No Evidence of Hack

Posted by CmdrTaco on from the why-can't-we-all-get-along dept.

alphadogg writes "One day after a hacker posted screen shots and data to a hacking mailing list, saying he had broken into a New Mexico wind turbine facility, the company that runs the turbines says it has seen no evidence of a computer intrusion. The hacker, who calls himself Bigr R, made the claims Saturday, posting screenshots of the facility's management interface, screenshots of an FTP server and project management system, as well as Web server info and configuration data from a Cisco router."

16 of 99 comments (clear)

  1. Language by bezking · · Score: 3, Interesting

    If you look at the screenshots he posted (example) you'll see that some of the screens were in the German language or a derivative thereof. Why would a New Mexican power plant have its systems in German!?

    1. Re:Language by 0100010001010011 · · Score: 4, Interesting

      Germans Make Good Stuff.

      Seriously, if you start getting into high level automation of PLC and other industrial systems, there are only a few key players in the game. Siemens is one of those companies. Sure enough, if you search for SINAMICS S120, the Siemens page is the first hit.

      How often do you dump your error codes into 5-10 languages? If you go to Europe and use a piece of GE technology you'll probably get errors in English.

    2. Re:Language by shish · · Score: 2

      Looking at that example, a more confusing thing comes to mind: why would their systems be built with MS-Paint o_O?

      --
      I mod down anyone who says "I will be modded down for this", regardless of the rest of their comment
    3. Re:Language by Themer · · Score: 2

      All of the Siemens PLC error codes come out in English for English interfaces. I have used them extensively.

  2. None of this means it didn't happen by royallthefourth · · Score: 5, Insightful

    It's possible that the IT staff who failed to secure the networks and websites also lack the expertise to detect an intruder. It's certainly not easy, and if they were able to cleanly socially engineer (or perhaps guess) passwords to get it done, there may be no way to detect it at all.

    1. Re:None of this means it didn't happen by Anonymous Coward · · Score: 3, Funny

      I would argue that the burden of proof is on the hacker, and not on the power company.

    2. Re:None of this means it didn't happen by afidel · · Score: 2

      Not really, with a good IDS system you should have no trouble. We log everything that happens on our server and DMZ vlan's to a Network General box and could easily pull up all conversations between the firewall and any server box, or any workstation and any DMZ box. I would hope critical infrastructure such as a SCADA system is at least as well monitored.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    3. Re:None of this means it didn't happen by Anonymous Coward · · Score: 2, Insightful

      I am sorry to disappoint you, having worked at a company developing SCADA systems... these systems are developed a bit like this:

        Assumption 1: SCADA systems... should be on a completely separate infrastructure.
        Assumption 2: If the system is on a separate, secure infrastructure... we have no need for additional security measures.

        Reality-check 1: 'I want to see what they h*ck is going on at the site when I'm at home!!!'
        Reality-check 2: Nobody listens to the security-conscious-guy when they want to have fancy graphics./

    4. Re:None of this means it didn't happen by Lumpy · · Score: 2

      They checked the windows 98 gateway machine and their virus scanner did not find anything. There is no way he got in, the AV software said so!

      --
      Do not look at laser with remaining good eye.
  3. Next story on slashdot in an hour... by pasv · · Score: 2

    Wind Turbine Firm hack confirmed: "Oh wait, never mind. We found his rootkit on port 31337 going out from our webserver! D'oh!"

    1. Re:Next story on slashdot in an hour... by jamesh · · Score: 2, Funny

      I'm more concerned that Slashdot itself has been hacked, and some unscrupulous bad guys is posting the news as it happens, instead of weeks, months, or years later.

    2. Re:Next story on slashdot in an hour... by jamesh · · Score: 3, Funny

      and some unscrupulous bad guys is posting the news as it happens

      ... and the same bad guys is inserting bad grammar in my posts.

  4. Re:Simple Message by LordLimecat · · Score: 3, Informative

    And if youll note, it doesnt say "there was no hack", but that "they see no evidence".

  5. Re:maybe a stupid question, but.. by jasen666 · · Score: 2

    Any SCADA/HMI system should be physically isolated from the business LAN regardless of whether it's internet accessible or not. Sounds like a few inherently bad choices were made here if this is true.

  6. He was just that good by JTsyo · · Score: 2

    You can't backtrace him.

  7. Stupid... by WaffleMonster · · Score: 2

    If BigR is really a former disgruntled employee he might as well have just posted his full name and address along with the dumps.

    The response by Benji on the seclist mailing list sums it up: "so how long do you give yourself before you're in prison?"