Slashdot Mirror

← Back to Stories (view on slashdot.org)

Hacking Group Linked To Chinese Army Caught Attacking Dummy Water Plant

Posted by Unknown on from the bad-movie-plot dept.

holy_calamity writes "MIT Technology Review reports that APT1, the China-based hacking group said to steal data from U.S. companies, has been caught taking over a decoy water plant control system. The honeypot mimicked the remote access control panels and physical control system of a U.S. municipal water plant. The decoy was one of 12 set up in 8 countries around the world, which together attracted more than 70 attacks, 10 of which completely compromised the control system. China and Russia were the leading sources of the attacks. The researcher behind the study says his results provide the first clear evidence that people actively seek to exploit the many security problems of industrial systems."

7 of 214 comments (clear)

  1. Actually... by djupedal · · Score: 5, Funny

    The plant is real and the headline is a cover up/reverse sneak - because panic. But hey, if it turns out to be a honeypot, don't expect it to work twice :)

    1. Re:Actually... by sumdumass · · Score: 5, Interesting

      Well which is it? Not too sophisticated, but the busted into his lame decoys easily enough.

      Forcing a door open is not the same as sophisticated lock picking. But nonetheless, the point about sophistication seems to be what they did once they got access. Most did menial tasks while 4 meddled with a specific communication protocol.

      He claims to have triangulated where the attacker was based on their wifi card. REALLY? How is that done? He knows where every wifi router in the world is does he? Triangulate!!! All Wifi cards use three routers? Who knew! Each of which has its position known?

      I'm not sure your reading comprehension is up to speed here. The web interface that was hacked embedded an exploit framework called BeEF so the researcher could gain access to the attackers system through the browser. What he likely did was query the networks detected by the wifi cards then crossed them to data from sites like WiGLE or perhaps something even more specific.

      This is more then enough to get a Geographical location of a person and narrow it down to not only country, but city and even neighborhoods within the city.

      Oh, and the triangulation isn't on where the wifi car itself accesses a router, but with the names of the specific networks the wifi cards can see. If you see several distinctly different named networks, the odds of them being in more then one location is low so you know it has to be a location close enough to all of them to be seen at the same time. For instance, if I see the SSIDs duck_butter, shoreline, bbangsoon, and linksys, I can find that I am near the Chicago Water Commissioner's office at Pfc Milton Olive park, near the Chicago harbor. Go ahead and look it up.

      Somewhere there are some people chuckling at this guy.

      I think that happens to all of us every once in a while. I was laughing pretty good earlier at someone too.

  2. InSANE -- why...?!!! by Anonymous Coward · · Score: 5, Insightful

    Why are critical systems on the 'net?
    They functioned perfectly 30 years ago without the internet...

    CAPTCHA = 'yourself'

  3. Next Steps by FarField12 · · Score: 5, Funny

    Spoof the interface to make the attackers believe they are attacking a foreign industrial plant.
    In reality, they are attacking the utility plant located down street based on WiFi location.
    The main purpose of the honeypot system is to obfuscate the true location of the target (the attackers own infrastructure).
    Then watch hilarity ensue.
    Defense systems would be great. You could get countries to nuke themselves using their own cyber ops team.

     

  4. Bull by WGFCrafty · · Score: 5, Insightful

    "The researcher behind the study says his results provide the first clear evidence that people actively seek to exploit the many security problems of industrial systems."

    Uhhhhhh Stuxnet was an exploit of Siemen's industrial control systems which regulated the RPMs of centrifuges....

  5. Re:hacked by chinese by Endovior · · Score: 5, Informative

    RTFA. Yes, IP addresses are easily spoofed, and provide essentially no information on the target. That is, in fact, why more information than that was gathered, using the nature of the honeypot in question to gather additional data from the attacking machines. I suspect that it would be possible to configure your system and network in such a way as to spoof the nature of your own local network configuration so that a counterattack of this nature would reveal misleading information about your locality... but the nature of the attacks, and the response to them, make this exceedingly unlikely. tldr; yeah, it was people in China and Russia, and there's proof. Still doesn't mean that their governments were involved, of course.

  6. Re:Well color me shocked by Culture20 · · Score: 5, Funny

    Pooh sets up a honeypot; finds most attacks come from himself and bees. Oh bother.