Slashdot Mirror
Hackers Manipulated Railway Computers, TSA Memo Says
An anonymous reader sends this excerpt from Nextgov:
"Hackers, possibly from abroad, executed an attack on a Northwest rail company's computers that disrupted railway signals for two days in December, according to a government memo recapping outreach with the transportation sector during the emergency. ... While government and critical industry sectors have made strides in sharing threat intelligence, less attention has been paid to translating those analyses into usable information for the people in the trenches, who are running the subways, highways and other transit systems, some former federal officials say. The recent TSA outreach was unique in that officials told operators how the breach interrupted the railway's normal activities, said Steve Carver, a retired Federal Aviation Administration information security manager, now an aviation industry consultant, who reviewed the memo."
Is a computer that controls anything like this connected to the exterior instead of it's own private network?
Why?!
Hackers have been involved in railroads since the very beginning!
Now they'll have the excuse they need to do to the rails what they've done to the airlines.
"Tell me doctor, with all of your defenses, are there any provisions for an attack by killer bees?"
The only thing they would have access to is the equivalent of log files. We are talking big iron access. The system was designed to keep the system out of reach from anywhere outside the system itself. Developers not on the big iron don't have the access, nor would many have credentials to get anywhere useful. If there is any validity then it means someone with an H1B visa stole credentials and is using someone else's terminal to do anything. Not impossible, just improbable and easy to track down.
To me this sounds like some contractor introduced a bug to the system and is attributing the issues it caused to "hackers". If the system is really open to attacks of this nature, then it is fundamentally flawed.
"Have you ever thought about just turning off the TV, sitting down with your kids, and hitting them?"
...when someone might hijack a train and crash it into a skyscraper.
There's no -1 for "I don't get it."
or else the outsourced IT department overseas has senior staff with, ahhh, alternate loyalties... .
if this is supposed to be a new economy, how come they still want my old fashioned money?
So in your mind they have two choices:
1. Use a network that's publicly available and has known hackers.
2. Run private fiber
In my mind I have more options, for example:
3. Lease private exclusive connections
4. Lease private connections on trusted networks
5. Lease private connections on multiplexed fibers.
If they opened their controls to a public network with known hackers, then that's criminal negligence. What if a train had been derailed, what if people had lost lives? The rail network has a public duty to a BASIC LEVEL OF COMPETENCE.
Just as the very brightest criminals are the ones that are never caught, I tend to assume that there are many people poking around in just about any system of consequence. Anonymous, Wikileaks, and similar operations are just the tip of the iceberg.
I expect that we're heading for something that resembles John Brunner's Shockwave Rider, where one day a clever hacker will make all governmental data banks miraculously be wide open. The kind of thing that will make Wikileaks seem like a trifle.
As for hacking a transportation system? I kind of assume that various governments are already doing to each other.
Three Squirrels
I'm sure that it is coincidence that this sort of story gets publicity now. Nothing to do with countering the bad press the TSA has gotten today. And I'm sure there is no way this sort of thing could be prevented in the future without an all-seeing, all-knowing, all-powerful TSA keeping watch on everyone who decides not to stay in one place all the time. Nothing to see here. Move along. Except for you, and you over there. We'll need you to step over here for a moment...
My hovercraft is full of EELS.
Of important or critical items made accessible through the Inet, what idiot bean counter thought that was a good idea?
This never would have been possible prior to putting control infrastructure on the Inet and then thinking the incompetent law makers and management would be able to secure it, in addition it's one more incident showing how ineffective the TSA really is, machine gun toting thugs roughing up citizens at the social security office or bus station while train systems get hacked.
The TSA is useless.
The law makers are stupid old men.
The corporations run everything.
"If any question why we died, Tell them because our fathers lied."
First off there are many reasons you'd connect these systems to the internet. the #1 reason is to allow people remote access into them to support them 24/7 from any location. Vendors and consultants are always asking for this. Saves a trip in for . Secondly, convience. People can sit down at a computer and get on the internet, e-mail, etc. Dosent matter that its the computer that controls .
Another part in this is the fact that these systems often fall outside the corporate IT's scope of operations. This system belongs to . Sometimes they will have systems analysists and mabye even a couple IT staff of their own to manage the system, sometimes they wont, sometimes it will be the oldest person in the department who got the responsiblity for maintaining a computer network, along with the systems because "He's been here a long time". This usually leads to turf wars and the systems owner usually tends to win. Also, many times these systems are simply added after the fact, and without proper design consultation and documentation from the IT department, and often have their own infrastructure and other systems that are not managed by the IT Department. So instead of being securly buried within the corporate network and monitored as part of, It is largely unmanaged flying outside the scope of IT, probally not even touching the corporate network, and lacking proper compliance and monitoring. This is the way it's been done for fifty years and it sure as hell is not going to change now.
And this is why you have problems like this.
Because private networks with entry points all over town can not be hacked, right.
We need SOPA and PIPA so that such hackers servers can be blocked the moment intrusion is detected. But anarchist tech industry and uneducated blogger won't lets have it.
If you've ever ridden an amtrak train in this country the only thing a hacker could have done is speed it up. I bet if we just turned the signal system over to any hacker with the skills the train service in this country would improve!
I believe them.
Creating more TSA jobs again?
To hack a network with a physical separation, you have to physically hack the link.
Are you saying that unless you can make something 100% secure, we shouldn't make it 99.99% secure, and should keep it at, well about 70% secure??
You understand that on a multiplexed fiber, there's nothing you can do with the little light pulses to affect the other little light pulses, where as on a TCPIP packet network with login, it's as easy for a hacker to send login commands as for the real user.
In systems like this, misdirection like yours has no place, they need to be secure and the railway has a liability. It is criminally negligent to open its network in this way.
I'm old enough that Hacker has a very different and positive connotation. These are terrorists and thugs and at the very least people on ego trips. Even in the early days groups like phone phreaks weren't trying to get away with making free phone calls they were taking issue with a corrupt system. You may complain about your phone bill now but with long distance charges we were paying a $100 to a $150 in phones bills in the 80s if you made out of state calls regularly. Imagine a $500 phone bill today! These types of attacks give hackers a bad name. Too many destructive things are lumped under hacking.
"The recent TSA outreach was unique in that officials told operators how the breach interrupted the railway's normal activities, said Steve Carver, a retired Federal Aviation Administration information security manager, now an aviation industry consultant, who reviewed the memo.""
This is direct evidense of TSA being involved in acts of esponage and sabotage against the USA!
Why isn't the Sec. of DHS not being arrsted for authorizing acts of esponage and sabotage against the USA!
Wonders as these of USA beauracy do amaze.
Oh. Checking my Mickey Mouse Watch alerts me that yet another baffoon is about to emerge on the US Congress Stage.
Land 'O Lakes. Seems the idiots are crawling out to the woodwork these days.
LoL
...the well-publicized "attack" on an Illinois water system by Russian Hackers that, unsurprisingly, never actually happened.
I usually try to. Right now, I honestly can't think anything but
FUCK the TSA, everything they do, and everything they stand for.
mov ah, 4ch
int 21h
Mod this up, please as it appears to be first example of a /.er who has first hand knowledge.
What do you think rail is? It is essentially a private roadway network. Fiber can be laid at the same time.
Wonder which country its about..
Hmm.. they don't really say which railroad, but..
Given that they imply "passenger service" was affected and use terms like "rush-hour", there's really only two railroads that could have been affected.
My money's on the smaller of the two: P&W. Anybody else care to lay a wager?
Railroad signalling used to be all special purpose hardware. Not any more. Here's the "VitalNetâ Wayside Message Server". Runs Red Hat Linux. Talks "Interoperable Train Control Messaging" protocol.
It gets worse. Here's a General DataComm unit for railroad signal control. "SC-ADT ports configured for Telnet/ SSH sessions, for bypass transport (port forwarding), and to convert async PPP data to IP for transport over a cellular data network. SC-ADT managed via Telnet, SSH, SNMP, FTP, TFTP and HTTP from the Dispatch Facility. "
TFTP? FTP? Telnet? What's wrong with this picture?
There's even a hobbyist program for listening in on signal control traffic, some of which is passed around on unencrypted radio links.
I've read a number of these "revelations" of "foreign attacks" on our infrastructure, and all of them ended up being someone making rash pronouncements that had zip to do with reality. Examples include the so-called attacks on water supplies. It seems that the problems were internal, and technical. They had zip, zero, zilch to do with outside attackers! It is time we removed these pinheads from ANY position of authority, especially over technical domains. They don't have the intelligence to fix a faucet, let alone to determine the root cause of some system issue!
...we're all still alive.
TSA contractors organize fear campaign to help boost sales.
The railways never share any information, and are well known for being more or less a monopoly.. They leave engines running in the middle of the track for crying out loud, with no operator to found within 5 miles (of course these are manned), and refuse to answer for it, something that had been brought up several times with terrorists possibly hi-jacking them and riding them into a town with chemical, or biological, (or worse) weapons.They pretty much do whatever they want even with the public or government agencies hounding them. They have the money to run there own system but no one is going to force them to. They really do not care if the system they have in place is hacked. Obviously they can use preventive measures to protect the system they have now but I doubt they will do that.
Make the ethernet cables run through an X-Ray machine, or pat down the IP packets. It'll be as efficient as in airports to prevent future breaches.
When I worked on these, we had dedicated links (X25 serial in those days).
There simply is NO EXCUSE for routing stuff like this over the public internet, VPN or not. Even a DDOS on those communications is unacceptable. If the railway techs sent that data across a public network, their employment should immediately be terminated and the railway company liable.
"Investigators discovered two Internet access locations, or IP addresses, for the intruders on Dec. 1 and a third on Dec. 2, the document noted, but it does not say in which country they were located".
Who in their right minds connect a railway signals control system directly to the Internet?
The article tells us that this event happened to a railroad that (1) is in the Northwest, (2) runs scheduled trains during the workweek (Dec 1 was a Thursday) and (3) has frequent enough service that a 15 minute delay would be noticed.
It appears to me that the railroad described is either Washington State's Sounder Train (en.wikipedia.org/wiki/Sounder_commuter_rail) or Oregon's Westside Express Service (WES) (http://en.wikipedia.org/wiki/Westside_Express_Service).
I am a network engineer and I specialize in information security, penetration testing, white hat stuff.
If this story came from anybody other than TSA I might have believed it, but TSA is incompetent at best. They are nothing but a bunch of white trash security guards, and the few people skilled in computer networks do not have the skills to assess the Railway signal system.
This is all speculation and I challange their claim.
I should start a service selling "industrial control system security retrofits." Between the Internet and the PLC, I'll set up a simple Linux box, with cryptknock and brute-force protection that only allows SSH logins with passphrased keyfiles. Then I'll give the operators a nice script (in .bat form and shellscripts) that puts them to the login prompt in one click and sets up a tunnel between their localhost and the PLC or whatever. Then they connect to the control client to localhost and work as usual. Because the places that do this shit usually have NO IT STAFF, I'll put together a simple interface for managing the keyfiles (some GUI on the box itself would be safest - really stripped down of course, ncurses-based ideally).
For each installation I will charge $3k, maybe with a support option if they want me to manage their keyfiles remotely, very affordable to them but I am actually taxing them out the ass for stupidity >:)
"When information is power, privacy is freedom" - Jah-Wren Ryel
...so we'll need to cup your junk at railway stations now. -TSA
Wouldn't be easier to just setup a VPN and secure the damm thing?
Because them VPN thingies are just too damn hard to set up and make work. They give you a headache and slow you down from having immediate and unfettered access to everthing, like when you just place everything on teh internets and always log on as 'Administrator'.. that's much more convenient for me. /sarcasm (as if you couldn't tell).
"The remotely taking of pelham 123"
Not only IS it very cheap to lay down cables along rail tracks, it so CHEAP that in Holland one of the current telco's started out just like this as a daughter of the dutch railway company (NS + BT created Telfort). How do you think signals are connected? Once you laid one cable, adding more is incredible cheap especially if you can lay it down over very long distances and only need to deal with 1 owner of the land, yourself.
MMO Quests are like orgasms:
You may solo them, I prefer them in a group.
You know what else can get you into town with chemical, biological, or worse weapons? A truck.
if you pull facts and reality out of your ass ......
Read radical news here
It is sad that 90% of today's problems were predicted by movies made in the 90's. Let's see if they're already tampering with individual travel hubs, I guess next they'll make us think they sunk a ship full of gold, or go for the fire sale. Don't forget, The Net predates identity theft too.