Slashdot Mirror

← Back to Stories (view on slashdot.org)

Support Forums Reveal SCADA Infections

Posted by samzenpus on from the patient-zero dept.

chicksdaddy writes "We hear a lot about vulnerabilities in industrial control system (ICS) software. But what about real evidence of compromised SCADA and industrial control systems? According to security researcher Michael Toecker, a consultant at the firm Digital Bond, the evidence for infected systems with links to industrial automation and control systems is right under our eyes: buried in public support forums. Toecker audited support sites like bleepingcomputer.com, picking through data dumps from free malware scanning tools like HijackThis and DDS. He found scans of infected systems that were running specialized ICS software like Schweitzer Engineering Labs (SEL) AcSELerator Software and GE Power's EnerVista Software (used to configure GE electric power protection products). The infected end user systems could be the pathway to compromising critical infrastructure, including electrical infrastructure. 'With access to a protection relay through a laptop, a malicious program could alter settings in the configuration file, inject bad data designed to halt the relay, or even send commands directly to the relay when a connection was made,' Toecker wrote."

2 of 66 comments (clear)

  1. Re:wtf... by gnarfel · · Score: 5, Funny

    'Updated ReactorCoreSafety to 8.34, can't access admin interface. Anyone else having this problem?'

    --
    Local music(to upstate NY). http://gnarfel.com/ radio.
  2. it will never heal.. by TheGratefulNet · · Score: 4, Funny

    if you keep picking on the SCADA, it will never heal!

    of course it gets infected.

    --

    --
    "It is now safe to switch off your computer."