Slashdot Mirror

← Back to Stories (view on slashdot.org)

Ukraine Power Outage May Be the First One Caused By Hackers (arstechnica.com)

Posted by Soulskill on from the now-things-get-interesting dept.

bricko notes a report on what appears to be the first power outage known to have been caused by hackers: Highly destructive malware that infected at least three regional power authorities in Ukraine led to a power failure that left hundreds of thousands of homes without electricity last week, researchers said. ... On Monday, researchers from security firm iSIGHT Partners said they had obtained samples of the malicious code that infected at least three regional operators. They said the malware led to "destructive events" that in turn caused the blackout. If confirmed it would be the first known instance of someone using malware to generate a power outage.

Over the past year, the group behind BlackEnergy has slowly ramped up its destructive abilities. Late last year, according to an advisory from Ukraine's Computer Emergency Response Team, the KillDisk module of BlackEnergy infected media organizations in that country and led to the permanent loss of video and other content. The KillDisk that hit the Ukrainian power companies contained similar functions but was programmed to delete a much narrower set of data, ESET reported. KillDisk had also been updated to sabotage two computer processes, including a remote management platform associated with the ELTIMA Serial to Ethernet Connectors used in industrial control systems.

62 comments

  1. Ob by Hognoxious · · Score: 0

    In former and possibly future Soviet Russia frosty piss gets YOU

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."
  2. Cowards... by Anonymous Coward · · Score: 0

    Look, I know that Ukraine is in turmoil, and I really do sympathize with the Ukraines that are trying to keep their country together. But, regardless of which side these hackers were on, it is simply cowardly to attack the electrical system.

    People's lives depend on it, sometime's literally. By disrupting the electrical grid you aren't helping either side, and are actively putting people at risk.

    1. Re:Cowards... by Rei · · Score: 4, Insightful

      Hmm, organized hacking efforts that keep hitting important Ukrainian entities, with targeted code that can take out industrial systems... I can't imagine who could possibly be behind this.

      --
      Shiny New Australia.
    2. Re:Cowards... by phantomfive · · Score: 1

      it is simply cowardly to attack the electrical system.

      As opposed to actually shooting people with guns?

      --
      "First they came for the slanderers and i said nothing."
    3. Re:Cowards... by U2xhc2hkb3QgU3Vja3M · · Score: 3, Funny

      Aliens?

      Signed,
      fuzzy hairs guy.

    4. Re:Cowards... by Billy+the+Mountain · · Score: 1

      Hmm, I may have an unfair advantage after having read the top of this page but, if I ventured a guess I would say a group called "BlackEnergy?"

      --
      That was the turning point of my life--I went from negative zero to positive zero.
    5. Re:Cowards... by radarskiy · · Score: 1

      That dastardly Ukrainian Government is at it again!

    6. Re:Cowards... by guestapoo · · Score: 2
      I can imagine who behind this:
      Avakov:

      Maidan is being completely discredited, that's what's going on! They are sellingn off Ukraine piece by piece. No doubt this is a Russian FSB project.

      Yatsenyuk:

      Those who demand to increase social payments and salaries from Ukrainian budget, are FSB agents.

    7. Re:Cowards... by Darinbob · · Score: 0

      The logic is straight forward though. Screw up their country and they'll apologize to Saint Putin. The more they are hurt today the more they will smile tomorrow and sign up for Russian language classes.

    8. Re:Cowards... by Anonymous Coward · · Score: 0

      USA and Europe of course. They are obviously trying to smear a good name of Russian Federation.

    9. Re:Cowards... by Tough+Love · · Score: 2, Insightful

      By disrupting the electrical grid you aren't helping either side, and are actively putting people at risk.

      Much in the same spirit as Russia bombing civilians in Syria, don't you think?

      --
      When all you have is a hammer, every problem starts to look like a thumb.
    10. Re:Cowards... by campuscodi · · Score: 1

      It's war. What war do you remember being fair. Have you ever seen referees on the battlefield?

  3. Not the first time by Anonymous Coward · · Score: 0

    Ask Trinity

  4. Isn't this the same as... by Jonah+Hex · · Score: 2

    this story that's still on the front page? http://it.slashdot.org/story/1...

    --
    Horror & SciFi Erotic Nudes
    1. Re:Isn't this the same as... by SeaFox · · Score: 2

      Since the title is different the editors don't consider it a dupe.

  5. Estonia? by Carewolf · · Score: 2

    Didn't Putin Jugend already do something similar in Estonia?

  6. That's what happens when you use LUDDITE Internet! by Anonymous Coward · · Score: 0

    When LUDDITES put power stations on the Internet using LUDDITE systems, they get hacked by Modern App Appers!

    Modern app appers know that only Apps can app Apps, so if their power stations were powered by Apps instead of the LUDDITE Internet, they wouldn't be appable!

    Apps!

  7. It's always someone else's fault in Ukraine by Anonymous Coward · · Score: 3, Interesting

    Couldn't it be that Ukrainian power networks are just old and crumbling, management and specialists are incompetent and the cold weather last week didn't help? But hey, it's much easier to blame it on hackers, who are "clearly" sponsored by Putin himself.
    And sure enough Ukraine simply blows up power lines going to Crimea to leave 2 million people without power in the midst of winter - no hackers needed.

    1. Re:It's always someone else's fault in Ukraine by guestapoo · · Score: 2
      That is! I would mod this up, but I have just commented, which could strengthens your point:

      Avakov:

      Maidan is being completely discredited, that's what's going on! They are sellingn off Ukraine piece by piece. No doubt this is a Russian FSB project.

      Yatsenyuk:

      Those who demand to increase social payments and salaries from Ukrainian budget, are FSB agents.

    2. Re:It's always someone else's fault in Ukraine by rtb61 · · Score: 1

      More likely a pack of ass clowns stupidly hooked up an essential service to the internet because 'er' 'um', ass clowns. It was just a matter of time before it was taken down, nationality of black hats is pretty much arbitrary as black hats from all over the globe would have taken it down including those from inside the Ukraine but outside of course outside the affected region, especially if they were having a digital spat with those in that particular region. The attack nothing fancy at all, a MS Office document macro attack, where the hell is the security. A emailed document macro taking down a power station, talk about fucking amateur ass clowns being in charge, all those involved in not securing those system properly should be fired. Using fancy smancy names like BlackEnergy and KillDisk just really pathetic lame attempts at retaining employment ie not out fault really professional Russian government hackers, nope really lame security and amateur hackers who got in with an attempt that should have totally failed. Sure a system I was looking after got hacked by a document macro but that was near two decades ago and security services were just coming into force and I swapped from windows to Linux servers there and then and ran a full suite of security tools on top, never got hacked again on that system. Let me guess those Ukrainian system admins car pool to work in a clown car, all tumbling out when the car runs into the buildings back door, they one they leave open for easy access. In this case you have to be cruel to be kind, the only response for a admin team who fails to properly secure a power stations systems in this day and age is a thorough and very public firing.

      --
      Chaos - everything, everywhere, everywhen
    3. Re:It's always someone else's fault in Ukraine by Anonymous Coward · · Score: 0

      How is Moscow this AM comrade?

  8. Another form of terrorism by Theovon · · Score: 1

    I know that some people throw around the term “terrorism” too much. But this is a sad and increasing element of our modern society. When setting off bombs, the terrorists have to go through huge efforts to go to the target and plant bombs without getting caught. You know you’re killing humans. The terrible thing about cyberterrorism is that it’s too much like Ender’s game. From the comfort of their homes, they can take out infrastructures 1000s of miles away, and the people they’re affecting are dehumanized, because the terrorists never have to face their victims in any way. Hahaha, we took out the electrical grid, but we’re conveniently blind to the fact that we’re shutting down hospitals longer than their backup generators can handle.

    I really wish I knew more about cybersecurity, because I would love to get involved in the defense against this kind of terrorism and wanton destruction. I want to protect against attacks and also develop ways of identifying the attackers so they can be arrested and stopped before they can do any damage.

    I don’t care if someone hates me for being part of the “Christian West” or whatever. They can argue with me and call me all sorts of offensive things, and I think that is their right to have an opinion. I mean, I think sexist, racist, and homophoic remarks are terribly distasteful, but I think that people should have the right to have a distasteful opinion. It’s only when you injure someone or directly interfere in their lives does something become criminal. These terrorists are criminals, and everyone else needs to work very hard to stop the spread of this kind of behavior.

    1. Re:Another form of terrorism by Anonymous Coward · · Score: 0

      There's nothing wrong with wanting to be on the side of good, protecting people and keeping them safe.

      But if you aren't skilled, GET skilled...bitching about it here isn't saving anyone.

    2. Re:Another form of terrorism by khasim · · Score: 2

      I want to protect against attacks ...

      You mean like telling upper management that putting the control systems ON THE INTERNET is a really stupid idea?

      Good luck with that.

      How about restricting access to one system (and a backup) that requires real two-factor-authentication AND IS NOT ON THE INTERNET?

    3. Re:Another form of terrorism by wyHunter · · Score: 1

      But how could we do that? Then, we couldn't hire folks for $.02 per month in other parts of the world to do stuff for us!

    4. Re:Another form of terrorism by amorsen · · Score: 1

      Designing control systems with the view that they are disconnected from the Internet leads the developers to become lazy.

      Every system has some level of connection to the Internet today. If nothing else, the software needs updating, and those updates will almost certainly be fetched over the Internet.

      Control system developers need to deal with this reality. That means getting patches installed immediately after they become available -- tricky, because today most serious SCADA installations rely on in-house testing for days or weeks before deploying to production. It also means designing protocols to be safe when used over hostile infrastructure, and having authentication that does not just rely on IP addresses or supposedly-secure networks.

      We are very far from this today.

      --
      Finally! A year of moderation! Ready for 2019?
    5. Re:Another form of terrorism by just+another+AC · · Score: 1

      If nothing else, the software needs updating, and those updates will almost certainly be fetched over the Internet.

      For mission critical systems of vital infrastructure:

      1. All changes (including every minor update) should be done manually, after a significant test period.
      2. Changes should only be made as necessary (where it can be proven there is an existing vulnerability/flaw).

      For powerstation control systems, if it ain't broke, dont fix it. They don't need to be running the latest OS. They don't need to be streaming social media updates. Get them off the damn internet.

      But of course this is completely against the profit at all costs capitalism society we live in. And due to the lack of effective penalties that can be levied against corporations, we have no way of changing this.

    6. Re:Another form of terrorism by amorsen · · Score: 1

      You say the completely opposite of my post, but you provide no arguments why your position is correct and mine is wrong.

      You did not deal with the most important point:

      Every system has some level of connection to the Internet today.

      This is simply unavoidable. It might be air gapped, but it will still have an indirect connection in the form of USB sticks or other media transfers. And since that is the case, the old way of working is no longer an option.

      --
      Finally! A year of moderation! Ready for 2019?
  9. AIR GAP by Anonymous Coward · · Score: 0

    And to think that a FREE air gap would have prevented this. Pay attention US Energy Companies, you already have personnel at your plants -- turn off the dang outside network. When someone needs in, an inside operator turns on a VPN line for that person for that event only, then turned off again. Better and cheaper than the millions that they want to pump into network security.

    1. Re:AIR GAP by phantomfive · · Score: 2

      And to think that a FREE air gap would have prevented this.

      It's more than just an air gap. We know that an air gap isn't enough to stop hacking, although it helps and recommendable.

      If you want to have secure software, you need to think about security from the very beginning. US infrastructure is at risk because SCADA programmers didn't think about security from the ground up, which you really should if you're going to be running anything critical on software.

      --
      "First they came for the slanderers and i said nothing."
    2. Re:AIR GAP by darkain · · Score: 3, Informative

      Oh, you mean like how Stuxnet couldn't infect airgapped machines? https://en.wikipedia.org/wiki/...

    3. Re:AIR GAP by Burz · · Score: 1

      VM guests can be better isolated than air gaps.

      Physical interfaces are usually more complex and exploitable than the interfaces available from a locked-down hypervisor.

    4. Re:AIR GAP by phantomfive · · Score: 1

      That paper is an advertisement for Qubes OS. Is there any part of it that you find particularly convincing? Virtual Machines can be exploited, an air gap can not unless you plug a USB stick in or similar.

      --
      "First they came for the slanderers and i said nothing."
  10. "Hackers" of the past by davidwr · · Score: 1

    In times past when you wanted to "hack" the power lines you used an axe or something similar.

    Or maybe those were "whackers" *whackwhackwhack*.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
    1. Re:"Hackers" of the past by phantomfive · · Score: 1

      Serious question.....has anyone ever actually used an ax to chop down a telephone pole? As a terrorist act?

      --
      "First they came for the slanderers and i said nothing."
    2. Re:"Hackers" of the past by Locke2005 · · Score: 1

      Us technologically advanced rednecks use chainsaws to take out the power grid... much faster and more satisfying! If use an axe, your beer usually gets warm before you finish taking down the pole.

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    3. Re:"Hackers" of the past by davidwr · · Score: 1

      Serious question.....has anyone ever actually used an ax to chop down a telephone pole? As a terrorist act?

      Probably in the 19th century, but it might have been a telegraph pole.

      I'm sure there have been some one-off cases of people taking out utility poles in the 20th and maybe even the 21st century that could be classified as "a terrorist act" by modern "definitions" which sweep lost of "acts done in anger/for revenge" under the "terrorism" label, but as someone else mentioned, they probably used something faster than an ax.

      --
      Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  11. As provided elsewhere by Bob+the+Super+Hamste · · Score: 1

    As provided elsewhere here is some more information on what was actually found.

    --
    Time to offend someone
  12. It's Russia by Anonymous Coward · · Score: 0

    Isn't it simpler to assume it is Putin's computer terrorists? The outage does coincide with increases sanctions by Ukraine on the criminals in Russia.

  13. How is this important? by bobbied · · Score: 2

    A hundred thousand customers? Drop in the bucket. Not much to see here.

    What happened is 3 substations went offline. Three out of thousands of substations. In the USA we've had larger outages caused by a single squirrel who decided to become charcoal and crawled across the wrong two wires or by some hapless lineman who hit the wrong disconnect in the switchyard.

    Heck, I've heard second hand where a couple of theater workers crashed the local grid on purpose back in the late 80's by wiring up every stage light they had and then bumping all the dimmers to full at 2AM. The lights all when bright just before the power shut down. The dramatic and unexpected power surge caused the local grid to disconnect and presto, hundreds of thousand of sleeping customers' power went out. I wasn't there, but I have no reason to doubt their story...

    Where this idea that hackers could bring down electric service is troubling, it is not really a significant risk, nor is the way this exploit took place hard to counter. Virus scanners, firewalls, all are commonplace as are "air gapped" data networks used by utility providers in North America. And so 100,000 customers loose power sometime? Big deal. Yea it shouldn't happen, but mistakes get made and equipment sometimes fails. It's not like the restoration of power wasn't possible nearly instantly. The hack didn't cause a pile of expensive equipment to be reduced to junk, or that somebody armed with an RPG launcher (commonly available in the area) couldn't do more damage.

    There are much bigger fish to fry here in the risk pool than this; Bigger fish which are much harder to protect from. Just the physical security problem presented by the hundreds of thousand substations is a bigger risk than the risk of hacking attacks. Add to that all the towers holding up the transmission lines running between all those substations. That risk is huge and literally everywhere. Why sweat the small stuff?

    --
    "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
    1. Re:How is this important? by Anonymous Coward · · Score: 0

      "Loose" means "not tight".

    2. Re:How is this important? by sims+2 · · Score: 1

      Yep and spell check won't catch the mistake because it's still a word albeit not the correct one.

      --
      Minimum threshold fixed. Thanks!
    3. Re:How is this important? by amorsen · · Score: 1

      Attacks on substations and power lines mean that you actually have to be physically nearby. Despite Putin's efforts, it is also easier to identify men in green uniforms with tools to do such acts than it is to say for sure that e.g. Israel made Stuxnet.

      Everything just scales better when you automate it.

      --
      Finally! A year of moderation! Ready for 2019?
    4. Re:How is this important? by bobbied · · Score: 1

      Everything just scales better when you automate it.

      Not in this case. Automation of such an attack implies you have your exploit installed on a lot of separate systems and you can access them all remotely. Even in this case, the number of compromised systems was limited and the damage was exceedingly light. Plus this is Ukraine, home of Chernobyl and other well designed soviet technologies. Am attacker would have a much more difficult time in North America.

      --
      "File to fit, pound to insert, paint to match" - Aircraft Maintenance 101
  14. why is critical infrastructure on the internet? by lkcl · · Score: 5, Insightful

    i've said it once and i'll say it again: what the FUCK is wrong with people who think it's okay to put a country's critical infrastructure on the public internet AT ALL? there should be absolutely no way that power, water, gas, electricity or any kind of public utility should be even VAGUELY "internet connected". to anyone considering responding "but they might want to quotes manage quotes the infrastructure" then they should fucking well have a private closed-loop network or pay key emergency staff to live right next door to the infrastructure. there's a whole boat-load of long-range communications options that don't involve the public internet, which we *know* is wide-open to attack. any country that doesn't have laws in place which make it illegal for critical infrastructure to be on the public internet is quite literally asking for trouble. you don't leave the door to your house unlocked and then complain "but someone stole all my stuff!" - this is exactly the same thing.

    1. Re:why is critical infrastructure on the internet? by mongothesecond · · Score: 2

      ... you mean like America? Use Shodan to look for SCADA devices. Not hard to find.

    2. Re:why is critical infrastructure on the internet? by swb · · Score: 1

      Probably because a good chunk of "critical infrastructure" runs on bog-standard Wintel systems that have reached the point where they almost don't work without a continuous Internet connection for licensing, updates, and non-stop marketing data.

      I agree that not airgapping is d-u-m-b, but I also think the people who do it basically run up against all the usual obstacles of time, skill and resources in building out systems that work in an expected manner without Internet access and somebody, somewhere decides that a deadline must be met, a budget must be met, etc and it just becomes easier to bridge that gap than explain to a bunch of nontechnical executives who have already spent expected bonuses why their deadline was unrealistic when a whole bunch of extra work had to be done to operate the products in a manner contrary to the manufacturers built-in expectations of connectivity.

      I think they're both to blame, but I kind of blame the software vendors more because they are the ones who make it so inordinately more complex and cumbersome to use their products without a continuous Internet connection. And most of the time the benefit isn't really to the product owner, but to the manufacturer who wants to data to further their own goals.

    3. Re:why is critical infrastructure on the internet? by wyHunter · · Score: 1

      I was just gonna type this :)

    4. Re:why is critical infrastructure on the internet? by Anonymous Coward · · Score: 0

      It's because the people with the power (management) don't comprehend the technical side and also don't listen to their technical staff. I've been through it at every place I've worked.

      This has actually happened in a meeting I've been in.

      Project Manager: "Well why can't we use the server we already have?"
      IT Manager: "Because it's 8 years old, doesn't meet the software vendor's minimum specs and is suffering frequent hardware failures. By the way, if you don't approve IT's purchase request for a couple new hard disks to replace the disks that errored out of the raid array, the entire facility will likely shut down when another disk fails."
      Project Manager: "You IT people spend too much money, I can't allow $500 for some new computer gadgets."
      Project Manager proceeds to spend $15,000 on painting the floor of the plant because it needs to look pretty when the COO comes to visit.

    5. Re:why is critical infrastructure on the internet? by Graymalkin · · Score: 1

      While not universally true, there's a good deal of critical infrastructure that is airgapped and "secure". What can happen is these systems end up compromised when an engineer plugs a previously invected laptop or flash drive into that secure network/system. The payload can then either infect those airgapped systems or exfiltrate data (onto the infected laptop/drive) in order to exfiltrate it to the internet once its on a connected system.

      This is the sort of hacking that is done by APTs, i.e. full blown cyber espionage. The infection can occur through highly targeted exploitation (spear phishing, etc).

      While air-gapping a critical system is easy in theory in practice it is much more difficult to truly do so. Air gaps aren't just an absence of a physical connection to the outside world but also lacking a logical connection to the outside world. That process gets much more difficult and expensive because the operator needs to build a fully isolated environment for the critical system themselves as well as any sort of management and monitoring systems.

      --
      I'm a loner Dottie, a Rebel.
    6. Re:why is critical infrastructure on the internet? by Locke2005 · · Score: 1

      In windows, it it possible to disable all USB interfaces so no USB drives can be plugged in. That, and MAC address filtering on the local network switch should make it difficult to connect equipment to the airgapped local network, shouldn't it? I worked for a company that was so paranoid they actually disabled USB on all computers. I didn't tell them that anybody could easily plug in a laptop or unsecured router to the Ethernet and copy all their data anyway, precisely because I didn't want them implementing MAC address filtering and making my job a lot harder.

      --
      I've abandoned my search for truth; now I'm just looking for some useful delusions.
    7. Re:why is critical infrastructure on the internet? by Anonymous Coward · · Score: 0

      AC as usual. Every time this topic comes up.

      In a previous career in industrial automation, I observed, integrated with, and authored software controlling petrochemical infrastructure:

      (Never simultaneously containing all of the below)

      - Running on win95, 98, and once ME not more than 10 years ago
      - Connected to standard comcast/verizon cable/DSL modems on plain public IPs (believe me, the firewall was turned off if they had one).
      - Rarely running PPTP VPNS. Such were always configured with default 'password' passwords.
      - Frequently utilizing public DNS servers that weren't in the owner's control.
      - Sometimes capable of downloading firmware updates on the wire over plain old HTTP
      - Often capable of being rebooted by SMS less than 10 characters long
      - Rarely capable of being reprogrammed by an SMS containing a URL linking to a firmware image

      That's before getting into the ZigBee enabled devices, that at least were local, but so wide open anybody with an antenna could have done anything.

      Every engineer worth even college hire wages knows this is asking for trouble. And they will be told to shut up, stop talking , or find a new job.

      What was wrong with me? Nothing. I knew better and was paid to write the software, or make my software talk to a lot of the shit above. I was not a member of the ACM, the IEEE or any other engineering society, and there was no professional code of ethics to turn to. Even if there was, there wouldn't have been another job for me, and noncompetes prevented doing anything remotely career-related for anyone that could have offered such.

      There shouldn't be laws on the book against this, because they'll probably cripple smart monitoring, and other intelligent, well engineered, one-way read only protocols that can be established, and in so doing set back production 20 years (Oh, the systems are never installed that way, but some can be safely internet enabled). Read-only reporting can be done safely, and 'managing infrastructure' need not be a high risk activity -- but it does take a lot of labor to setup, and an actual attempt at system design.

      Unfortunately, most places I saw don't bother to do ANYTHING about it, and policies at many corporations against such issues are at best 'paper tigers' waiting to justifiably terminate one of the dozens of people routinely in violation in the event the public finds out something like this is hooked up.

      A better fix would be to make the protocols, configurations, and defaults of all such systems public in order to be eligible the subsidies and exploration deducations -- if there's a problem, the resulting after-the-fact hacks, PR and lawsuits should destroy the company. No private SMS, fax-modem, or modbus-over-tcp-ip protocols. No private register maps owned by a vendor that hide a thousand writeable addresses as 'off limits'. No black boxes plugged into the middle of a switch with POE and a couple of antennas. Don't want your distribution recompressor frozen up because of someone trying to get cute cat pictures -- mandate publishing the full manual with default passwords on the vendor's website and in the library of congress.

      Key emergency staff next door -- laughing my ass off. In many cases 'key' emergency staff were often hours away. They would typically arrive in 2 by doubling the speed limit at 11 PM. Sometimes while drunk (why do you think they demanded the ability to shut it down with a text message...they'd have their phone at the bar, but not a computer). Sure, there'd be 'local' contractors for hire if you couldn't make it on site, but they aren't knowledgeable -- just some guy that owns a pickup and can shut a valve off if they're voiced through it.

      If you want this solved -- shine daylight on the malpractice, not regulation. Legislation is just going to make more of the people doing this hide it deeper

    8. Re:why is critical infrastructure on the internet? by SchroedingersCat · · Score: 1

      It is hard to lock down pirated Windows XP.

    9. Re:why is critical infrastructure on the internet? by KGIII · · Score: 1

      I say this mostly because I like to nitpick from time to time. But, well... I've heard it stated, and I'm inclined to agree, that the internet is itself a part of the critical infrastructure. I've even heard it stated that one should have a right to basic access - I've even heard people postulate that a minimal access level should be paid for by tax payers indirectly or by an increased tax on those who pay for full services.

      To the point!

      So, if we count the internet as a part of a country's critical infrastructure then...

      No, no I don't actually have a real point other than that. I'm also in full agreement with the rest of what you said but I suppose we should make an exception to that rule to cover then internet itself. Though, I suppose, one could argue that certain equipment that runs/facilitates the 'net shouldn't be connected to the internet itself.

      --
      "So long and thanks for all the fish."
  15. It's deja vue... by neo-mkrey · · Score: 1

    ...all over again.

  16. Why? by Locke2005 · · Score: 1

    I'm still not clear on why anybody thinks it's ok to connect computers that control the power grid to the Internet. Can somebody help me out on this? Sure, smart meters would connected to the net, so you could hack the billing side of the utility. But the actual powerplant and switching station controls? If you're going to control remote switches over the 'net, wouldn't you use a secure tunnel?

    --
    I've abandoned my search for truth; now I'm just looking for some useful delusions.
    1. Re:Why? by Anonymous Coward · · Score: 0

      Laziness, pure and simple. As you say, using a secure tunnel is not a very difficult thing to do. Oh and there's no liability when things fuckup.

  17. Re:That's what happens when you use LUDDITE Intern by Darinbob · · Score: 1

    Don't worry comrade, Putin will invade the Luddites once he is done with the Ukraines.

  18. Air gap my ass. by sshir · · Score: 2

    The reason for connecting vital infrastructure systems to the Internet is very simple. Many of those systems are distributed. So you have a choice: build your own network or use existing one (Internet). In most cases building your own network is a no go for many obvious reasons. Like, for example, money, uptime, etc.

  19. Re:That's what happens when you use LUDDITE Intern by Anonymous Coward · · Score: 0

    57 Americans are currently trying to find a country called Luddael on the map.

  20. Re:That's what happens when you use LUDDITE Intern by Hognoxious · · Score: 1

    Be realistic. There aren't that many who could find their own country.

    --
    Confucius say, "Find worm in apple - bad. Find half a worm - worse."