Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hackers Manipulated Railway Computers, TSA Memo Says

Posted by Soulskill on from the so-nobody-was-affected dept.

An anonymous reader sends this excerpt from Nextgov: "Hackers, possibly from abroad, executed an attack on a Northwest rail company's computers that disrupted railway signals for two days in December, according to a government memo recapping outreach with the transportation sector during the emergency. ... While government and critical industry sectors have made strides in sharing threat intelligence, less attention has been paid to translating those analyses into usable information for the people in the trenches, who are running the subways, highways and other transit systems, some former federal officials say. The recent TSA outreach was unique in that officials told operators how the breach interrupted the railway's normal activities, said Steve Carver, a retired Federal Aviation Administration information security manager, now an aviation industry consultant, who reviewed the memo."

6 of 116 comments (clear)

  1. Why... by errandum · · Score: 5, Insightful

    Is a computer that controls anything like this connected to the exterior instead of it's own private network?

    Why?!

    1. Re:Why... by currently_awake · · Score: 5, Interesting

      I don't think it was. They clearly tried to blow this thing up as a major terrorist attack, but they never claimed risk to life. I'm guessing the "attacks" were a virus on the windows boxes used for selling tickets.

    2. Re:Why... by Anonymous Coward · · Score: 5, Informative

      Sweet, a topic that I know something about for once!

      I am an S&C technician for a railway in Canada, and can tell you, the opposite is in fact true. A fibre conduit running coast to (almost) coast is a valuable thing. A few years back (before I started with them) they plowed a conduit underneath the rail bed. I hear they used multiple locomotives to pull a massive plow burying the conduit 10' under the rail bed. Sounded pretty sweet. The fiber is now leased to Rogers (may they rot in... er... never mind). I believe we have exclusive use of 4 fibers in the bundle, but I don't know too much about that end of it.

      The network of fiber is connected to strategically located radio towers. Another profitable venue is leasing space on a tower to the cell companies.

      Intermediate bungalows connect to the radio towers and relay control to switch machines and signal mechs. Our truck radios also communicate to the towers, and through the fiber to either RTC (Rail Traffic Control) or to another tower and another technician anywhere along the railway.

      I'm not sure about other railways, but I feel our system is pretty robust.

    3. Re:Why... by Anonymous Coward · · Score: 5, Informative

      Railway signalling usually consists of two pieces - vital logic and control logic. Vital logic is the sort of thing that prevents showing two trains signals that would make them crash, or would allow the points on a switch to throw under a train, or other safety-related functionality. It's designed to be failsafe, and the design methodology is usually very rigorous because of the huge liabilities involved. This stuff is usually (these days) carried on the rails themselves by what are known as coded track circuits - basically on/off values via carrier frequencies placed on the rails themselves. In some areas and in prior eras, this was carried by signal lines paralleling the railway, either open wire or buried. Regardless, all this stuff is designed such that if pieces fail or communication is lost, everything goes red and train traffic stops.

      Control logic is the other half. It's the part of the system that communicates from a dispatcher hundreds or thousands of miles to the local control points. It communicates instructions that can be roughly translated as "allow a westbound past this control point" or "throw the switch to the siding and permit an eastbound through". This is then shot across somebody's network to the control point, where it's handed off to the vital logic. Commands from the dispatcher are really more like requests to the vital logic to perform that function when it's safe to do so. As a dispatcher, even if you'd send commands that would direct a pair of trains to proceed at each other, the vital logic will keep the appropriate signals red and never allow a collision to happen.

      So, given the hype-riddled press release, I'm guessing one of two things happened.
      1) There's a link between the dispatching computers and the field endpoints that travels over the public network, likely via VPN. Somebody found a way to interfere with that link and prevented commands from getting through (a stupid DDoS could work here, as rail signalling is extremely low bandwidth). Worst case impact - dispatchers can't issue requests for things to happen in the field. That said, I've never seen such a system that connected to an IP network. The ones I've seen are serial and go via modem, frame relay or leased line. There's also a dedicated railway signal control standard that travels over dedicated radio frequencies that's often used from a common radio base to a number of signal installations along a line.

      2) Somebody found a way to compromise the dispatching computers themselves and mess with them. Unlikely, but it wouldn't be the first time somebody had compromised a corporate firewall and found the cool toys inside. That said, they'd really have to know what these machines did and how commands were sent in order to do anything beyond send random crap or again, just prevent commands from being sent. The other possibility is that they got between the dispatch machines and the outbound serial links inside the corporate network.

      3) The scary but horribly unlikely one - somebody put a vital logic processor where it could be reached via the network. I've never heard of a vital logic processor with an ethernet port, but most of them just have a bunch of serial, one of which is a configuration/communication port through which the unit is programmed. Typically these are only accessible by a dude in the field plugged into the logic unit, but it's remotely possible some bonehead connected it to a network-accessible terminal server or something.

      1&2 are possibly crippling to a rail network, but not unsafe. Things stop and nothing moves, but nobody gets hurt. 3 is much more frightening, but I can't see any sane engineer (particularly in the signal department at a railroad, as these guys tend to be risk averse to a fault for good reason) ever signing off on this design. I would

      Most of this is just theorizing based on what I know from my association with the industry almost a decade ago, but because of that I'm posting as an A/C.

  2. Re:You never know... by ajpuciat · · Score: 5, Interesting

    "Amagasaki, Japan 26 April 2005 A seven-car train with 580 passengers derailed and slammed into an apartment building of nine floors. 73 people were killed and nearly 450 injured"

    Trains, in my buildings?

    It's more likely than you think.

  3. Re:Shenanigans! by Samantha+Wright · · Score: 5, Informative

    What are you talking about? The hackers are "possibly from abroad"! This is serious! Why would the article author use such a blatantly sensationalist subclause if it weren't serious?! Especially when the last time this was claimed turned out to be exactly what you're describing!

    --
    Bio questions? Ask me to start a Q&A journal. Computer analogies available for most topics!