Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cyberattack On German Steel Factory Causes 'Massive Damage'

Posted by Soulskill on from the social-engineering-is-the-bug-you-can't-fix dept.

An anonymous reader writes: In a rare case of an online security breach causing real-world destruction, a German steel factory has been severely damaged after its networks were compromised. "The attack used spear phishing and sophisticated social engineering techniques to gain access to the factory's office networks, from which access to production networks was gained. ... After the system was compromised, individual components or even entire systems started to fail frequently. Due to these failures, one of the plant's blast furnaces could not be shut down in a controlled manner, which resulted in 'massive damage to plant,' the BSI said, describing the technical skills of the attacker as 'very advanced.'" The full report (PDF) is available in German.

10 of 212 comments (clear)

  1. English translation by WoOS · · Score: 4, Informative

    Translation to English to the best of my abilities:

    3.3 Incidents in private enterprises
    In contrast to governmental offices there is no duty up to now for private companies to report grave security incidents to the BSI.
    [.... ]
    3.3.1 APT attacks on plants in Germany
    Issue
    Targeted attack on a steal plant in Germany
    Method
    Using spear-phishing and advaced social engineering the attackers gained initial access to the office network of the plant. From there they gradually penetrated into the production networks.
    Damage
    Failures of individual control units or complete facilities occured increasingly. The failures prevented the controlled shut down of one blast furnance and brought it into an undefined state. As a result the facility sustained heavy damage.
    Targets
    Operators of plants
    Technical capabilites
    The attackers showed very advanced technical capabilities. Several different internal systems up to industrial components were compromised. The know-how of the attackers did not only cover IT-security very thoroughly but also included detailed technical knowledge on the running industrial control units and production processes.

  2. Re:What took them so long? by WoOS · · Score: 4, Informative

    The article tells us that "...hackers managed to access production networks..." The question is, why was this allowed?

    When I was in university we wrote an optimizer in "Operations Research" for a still-mill as a practise which determined optimum cutting lengths of steel 'bars' based on customer orders.

    Orders probably arrive in the office network. I can well understand people don't want to walk with a USB stick (if that would survive the environment at all) from their office to the plant to feed instructions into the industrial control units. So probably some network connection was introduced and thought to be sufficiently secured. And then the Windows on the "safe" side was never updated because it couldn't connect to the internet anyway. Wind forward 10 years and you have a Windows full of completely unimaginable holes (which are easy to exploit because Windows is the same everywhere) which is indirectly accessible from the internet.

  3. Re:Why Germany? They sell anything to anyone. by burni2 · · Score: 3, Informative

    Your numbers are not existent:

    compare the numbers in steel production from germany & U.S. to for example china, US ranks No 3 germany ranks No 7, but they do play in the same league. (1)

    Also if you take a look at this map(2) you will recognize China, US and Germany on all exported goods do play in the same league.

    according to the table from (3) which is based on data (4)

    1.) China - 1.898.600
    2.) US - 1.480.646
    3.) Germany - 1.473.889

    Conclusion:
    IRONY_ON
    Yeah, it's totally transparent to me, germany does really not sell anything!
    IRONY_OFF

    Germany does export many things, however not much on such low level things like raw steel.

    Further conclusion, divide the export numbers and the amount of population, and you will recognize the efficiency gap.

    1.) China - 1.366.040.000
    2.) USA - 317.238.626
    3.) Germany - 80.760.000

    (1) http://en.wikipedia.org/wiki/L...

    (2) http://de.wikipedia.org/wiki/D...

    (3) http://de.wikipedia.org/wiki/W...

    (4) http://stat.wto.org/Statistica...

  4. Re:Fundamental failure of process design by drinkypoo · · Score: 5, Informative

    What kind of a plant is designed in a way that a full failure of their control system would result in being unable to shutdown in a controlled manner.

    Pretty much all of them. At best, you can lose a batch of something if the process fails in the middle. If Sunsweet loses power in the middle of cooking a batch of fruit paste, the batch not only fails and has to be trashed but cleaning the system is far more difficult than if the batch succeeds. At the point where factories become complex enough to need digital automation, you cannot reasonably create a failsafe mechanism which will prevent an error from losing a batch. The best you can hope for in some situations, probably most, is to create mechanical interlocks which will prevent immediately catastrophic combinations of inputs and outputs.

    --
    "You're right," Fisheye says. "I should have set it on 'whip' or 'chop.'"
  5. Re:Fundamental failure of process design by amorsen · · Score: 4, Informative

    That is pretty much how industry works. There is a right way to shut down a plant, and it involves a lot of things done in the right order. You can do an emergency shut down, and that will not kill anyone, but you will at minimum have to throw a lot of the stuff away that was going through the plant at the time.

    Steel works are about a worst-case example of this. Lose power at the wrong time and you have no-longer-melted steel stuck in all the wrong places with no way to remove it. Removing this risk is impossible.

    --
    Finally! A year of moderation! Ready for 2019?
  6. Re:No big red button? by burni2 · · Score: 5, Informative

    blast furnace:

    You intermix iron ore and coke (not the drug! it's processed coal)
    and then you start an exothermic reaction, what you then do is process control, you blow in Oxygene to react carbon to CO2 to a certain percentage and when the steel is ready you poke a hole into the furnace and then molten steel poures out.

    This is a reaction that is ongoing.

    We are talking here about huge amounts of energy.

    A smaller example: ever been test running inside a wind turbine of +1,5MW megawatt class, during nominal power operation ?

    Push the red button and you will realize what energy is - rollercoaster ride - and how long the rotor will need to come to a full stop.

    Bigger Bigger example, push the red button in a nuclear power plant, yes the control rods will react, but if you don't cool the heat from radiactive decay away, you will get a Fukushima.

    I hope you are not a pro nuke, because keeping that in mind (the virtually non 100% hardware red button) you would now have ruled operators of nuclear power plants as stupid that it borders on criminal.

    Also there were hardware level overrides and they worked, however if you leave the molten mass inside the furance it will solidify == damaged beyond repair

    Which happend there, you have then to rebuild the furnace and beforehand have to cut the wrecked furnace open with a many ton heavy steel clump (happy cutting)

  7. Re:Fundamental failure of process design by 140Mandak262Jamuna · · Score: 5, Informative

    Where is the big-arse power switch?

    It is a bloody blast furnace. They could hold anywhere between 20 and 120 tons of liquid molten iron. They are designed to hold that much of liquid metal continuously for five to 10 years. They keep adding raw materials, keep pouring batches and batches of it out. But it always 50% to 100% full of liquid metal. Once in 10 years, they drain, and essentially dismantle the lining of the furnace, and relay the refractory bricks. A three to six month process typically. I don't know the details, I am sure they have a safety pit lined with refractory bricks to drain the furnace in an emergency, like earthquakes, floods or factory fire. It is possible that process was triggered in this instance.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  8. Re:No big red button? by Shinobi · · Score: 4, Informative

    Data invariance, even if you can somehow implement it properly on a hardware level, does not protect you if it's the execution pattern that is the attack method for example.

    As an example, rapid power cycling/power state change due to a program swiftly being shunted between CPU intensive and idle threads, etc can cause power surges that can damage the PSU or the motherboard or even the CPU(as voltage regulators etc move onboard, they become ever more vulnerable to this), and for all intents and purposes the data input to the program will be fully valid and unchanged. Excessive head parking on a mechanical HD can cause the HD to become faulty. Frequent standby/active cycles on monitors can kill them fairly rapidly.

    As for the emergency shutdown, nowadays, with modern equipment, the big red button and the emergency shutdown button in the control program do the same thing: Send a signal to the correct circuit and halt all operation. In some heavy machinery that means just cutting all power, in others it disengages pneumatic valves and thus engaging mechanical brakes etc etc. It depends on what kind of machinery it is.

  9. Re:No big red button? by itzly · · Score: 3, Informative

    Or... power down the Large Hadron Collider, and see what happens :) http://lhc-machine-outreach.we...

  10. Re:No big red button? by Shinobi · · Score: 3, Informative

    Even with emergency shutdowns, you can still get massive damage