German Nuclear Plant Infected With Computer Virus (reuters.com)

← Back to Stories (view on slashdot.org)

German Nuclear Plant Infected With Computer Virus (reuters.com)

Posted by msmash on Wednesday April 27, 2016 @07:20AM from the virus,-virus-everywhere dept.

archatheist shares a Reuters report: A nuclear power plant in Germany has been found to be infected with computer viruses, but they appear not to have posed a threat to the facility's operations because it is isolated from the Internet, the station's operator said on Tuesday. The Gundremmingen plant, located about 120 km (75 miles) northwest of Munich, is run by the German utility RWE. The viruses, which include "W32.Ramnit" and "Conficker", were discovered at Gundremmingen's B unit in a computer system retrofitted in 2008 with data visualization software associated with equipment for moving nuclear fuel rods, RWE said.

56 of 87 comments (clear)

Min score:

Reason:

Sort:

Running a nuclear plant on Windows? by Locke2005 · 2016-04-27 07:31 · Score: 1

Smart move! Gives a whole new meaning to the phrase "Blue Screen of Death", doesn't it? Doesn't the Windows license specifically say it shouldn't be used for nuclear plants?

--
I've abandoned my search for truth; now I'm just looking for some useful delusions.
1. Re:Running a nuclear plant on Windows? by jfdavis668 · 2016-04-27 07:35 · Score: 1
  
  I thought they still ran on OS/2
2. Re:Running a nuclear plant on Windows? by npslider · 2016-04-27 07:35 · Score: 4, Funny
  
  Windows machines are world famous for both stability and security. Over a billion devices can't be wrong!
3. Re:Running a nuclear plant on Windows? by npslider · 2016-04-27 07:39 · Score: 1
  
  OS/2 Uranium Edition?
4. Re:Running a nuclear plant on Windows? by halivar · 2016-04-27 07:52 · Score: 1
  
  No, they've already gone through OS/4, OS/8, and OS/16. It's been a while.
5. Re:Running a nuclear plant on Windows? by Joe_Dragon · 2016-04-27 07:53 · Score: 1
  
  I think green or red is the right color there.
6. Re:Running a nuclear plant on Windows? by jfdavis668 · 2016-04-27 07:58 · Score: 1
  
  I gave up after OS-9
7. Re:Running a nuclear plant on Windows? by solsburian · 2016-04-27 07:58 · Score: 1
  
  I did after OSX
8. Re:Running a nuclear plant on Windows? by OzPeter · 2016-04-27 08:07 · Score: 4, Interesting
  
  I gave up after OS-9
  OS-9 was/is a great OS. I used it to run a full multi-user multi-tasking system (with preemptive multi-tasking) on my Tandy CoCo back in the day (with 256kB of memory!), and also used it in many industrial embedded systems using a 68K.
  Perhaps you are thinking of OS 9?
  
  --
  I am Slashdot. Are you Slashdot as well?
9. Re:Running a nuclear plant on Windows? by jfdavis668 · 2016-04-27 08:09 · Score: 1
  
  I was referring to the 6809 OS that you are referring to. I was wondering how many people even remembered that it existed.
10. Re:Running a nuclear plant on Windows? by thegarbz · 2016-04-27 08:13 · Score: 3, Informative
  
  Windows doesn't run nuclear power plants. Windows displays a HMI that allows operators to interact with a specific control system with specifically custom coded control routines which run nuclear power plants. Nothing against that in the license.
  Now that that misconception is out of the way, please tell me what I should run instead of Windows, then tell me which manufacturer of industrial control systems offers such a product. Every major manufacturer of industrial control systems switched to Windows many years ago for their HMIs, more recently even back end servers have switched to Windows too.
11. Re:Running a nuclear plant on Windows? by OzPeter · 2016-04-27 08:15 · Score: 1
  
  *I* remember. But many people were confused over the OS-9/OS 9 naming.
  
  --
  I am Slashdot. Are you Slashdot as well?
12. Re:Running a nuclear plant on Windows? by RobinH · 2016-04-27 08:16 · Score: 3, Informative
  
  I work in the automation industry. PC-based control is very common now, and is increasing in popularity, and yes you have to firewall those systems off from the network, or air-gap them, depending on the threat model. However, even an air-gapped control system needs to have maintenance people move files on and off of it. In the typical PLC-based system there's typically a laptop with the programming software on it which you have to hook up to the PLC to program, debug, troubleshoot, etc. The fact is, a PC-based control system sometimes has advantages because the PC has the programming software on it and doesn't leave the controlled area. Still, people want to copy files, so you have to defend air-gapped systems anyway. It's a tough problem, and one that the major control system manufacturers aren't providing any assistance to help us solve either. Remember, most controls people have electrical/mechanical engineering degrees. In a large plant it should be IT's job to come up with security procedures as the automation people just aren't qualified.
  
  --
  "I have never let my schooling interfere with my education." - Mark Twain
13. Re:Running a nuclear plant on Windows? by radiumsoup · 2016-04-27 09:18 · Score: 1
  
  is there a 418.1 "I am a nuclear reactor" status code?
14. Re: Running a nuclear plant on Windows? by Anonymous Coward · 2016-04-27 09:21 · Score: 1
  
  Because when you spend houndreds of millions of dollars on a plant like this you have no leverage over the suppliers at all?
15. Re:Running a nuclear plant on Windows? by macs4all · 2016-04-27 09:49 · Score: 3, Interesting
  
  OS-9 [wikipedia.org] was/is a great OS. I used it to run a full multi-user multi-tasking system (with preemptive multi-tasking) on my Tandy CoCo back in the day (with 256kB of memory!), and also used it in many industrial embedded systems using a 68K.
  I second that; although I didn't know it would run on a CoCo. I worked at a summer job in 1989 as a technician at XYZ Corp., who made primarily OS-9 based industrial control boards. I remember writing a C-Compiler for their 68K board just for fun that produced "ROM-able" code. Incredible multitasking support in OS-9. I grew to really like that OS.
16. Re:Running a nuclear plant on Windows? by Anonymous Coward · 2016-04-27 10:35 · Score: 1
  
  Nope, but there is an "LP0 melting down" error code.
17. Re:Running a nuclear plant on Windows? by Platinumrat · 2016-04-27 11:14 · Score: 3, Interesting
  
  I was developing a Train Control System for OS-9, then Apple came out with there similarity named operating system for the Mac. Suddenly the newsgroups became unusable and you could no longer get rely on support for driver development, as they became flooded with Apple fanbois posting how they couldn't install this or that or some stupid thing. Way to kill a reasonably good OS, Apple.
18. Re:Running a nuclear plant on Windows? by sumdumass · 2016-04-27 11:42 · Score: 1
  
  I don't disagree with what you say but IT has shown to not be qualified in the past too. Well not all IT but certainly some working in it. I have walked in behind people and saw servers wide open to the internet with no root password, little to no attempt at disabling unused services or closing unused ports, no virus protections, and enough IE popup Windows open that it creates a 10 minute delay on the desktop trying to access anything. Of course I was called in because they had enough of restarting the server 2 or 3 times a day.
  Just saying, in a perfect world, the perfect world can still be run by idiots.
19. Re: Running a nuclear plant on Windows? by thegarbz · 2016-04-27 21:23 · Score: 2
  
  Yep exactly. You and the power industry would like to think otherwise, but control systems even Nuclear 1E certified systems are almost commodity and are just standard industrial control systems with a piece of paper attached from the school of thought of making one device that does everything is cheaper.
  The nuclear industry doesn't have leverage. Heck downstream oil/gas doesn't have leverage. These are markets that aren't dominated but are outright owned by chemical / upstream. Unless you place an order of about 10 of such control systems per year every year you have very little say (and also very little effect on the vendor's bottom line).
  Vendors are incredibly pissed at the nuclear industry especially due to the incredible slow pace and amount of paperwork (reads: cost) involved in taking part in a project.
20. Re:Running a nuclear plant on Windows? by korgitser · 2016-04-28 00:28 · Score: 1
  
  > Windows doesn't run nuclear power plants. Windows displays a HMI
  > more recently even back end servers have switched to Windows too.
  Have your cake and eat it too?
  
  --
  FCKGW 09F9 42
21. Re:Running a nuclear plant on Windows? by angel'o'sphere · 2016-04-28 11:35 · Score: 1
  
  You called for it:
  
  Windows NT crashed.
  I am the Blue Screen of Death.
  No one hears your screams.
  - Peter Rothman
  http://baetzler.de/humor/haiku...
  
  --
  Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
Because it's Germany by npslider · 2016-04-27 07:32 · Score: 1

I must ask...
Were they falsifying power-plant emissions?
1. Re:Because it's Germany by Locke2005 · 2016-04-27 07:46 · Score: 1
  
  Only for the diesel power plants...
  
  --
  I've abandoned my search for truth; now I'm just looking for some useful delusions.
2. Re:Because it's Germany by Anonymous Coward · 2016-04-27 08:06 · Score: 1
  
  No they're not. You anti-nuke idiots are part of the reason we're still burning so much coal, which really does get toxins and radiation into the air with normal use. Nuclear power is only a problem in case of rare accident, which they can be designed to avoid.
3. Re:Because it's Germany by Cramer · 2016-04-27 09:21 · Score: 1
  
  Nuclear power is only a problem in case of rare accident
  If you don't count the tones of radioactive waste they produce.
4. Re:Because it's Germany by Anonymous Coward · 2016-04-27 21:03 · Score: 1
  
  Most of the manfacturers caught manipulating emissions so far were not German...
5. Re:Because it's Germany by michelcolman · 2016-04-27 23:46 · Score: 1
  
  Not to mention they're the reason why so many old reactors are having their lives extended. We can't build new, safer ones because "nukes are dangerous".
6. Re:Because it's Germany by michelcolman · 2016-04-27 23:48 · Score: 1
  
  In fact, eat a staggering pile of shit.
  What kind of advice is that, do you know how much radiation a pile of shit emits?!
Re:Much more interesting snippet by Tx · 2016-04-27 07:45 · Score: 2

Yea, it sounds like total bullshit. Why would the software in the planes be copying a bunch of files off of every phone that is plugged in to recharge, and then writing all those files blindly onto every subsequent phone that was plugged in? That would obviously be utterly insane, but I don't see any other way to read that paragraph, and I find it hard to believe.

--
Oh no... it's the future.
Re:Much more interesting snippet by sims+2 · 2016-04-27 07:47 · Score: 1

Why does the charger even pass data??

--
Minimum threshold fixed. Thanks!
Re:fascinating by Mr+D+from+63 · 2016-04-27 07:48 · Score: 1, Informative

Specifically, it was the control board in a crane. That controller not connected to anything else, it is a standalone locally controlled item.
Re:fascinating by Mr+D+from+63 · 2016-04-27 07:50 · Score: 1

My apologies, I was thinking of another event. Ignore previous statement.
No. No. No. by LWATCDR · 2016-04-27 07:59 · Score: 4, Insightful

"As an example, Hypponen said he had recently spoken to a European aircraft maker that said it cleans the cockpits of its planes every week of malware designed for Android phones. The malware spread to the planes only because factory employees were charging their phones with the USB port in the cockpit.
Because the plane runs a different operating system, nothing would befall it. But it would pass the virus on to other devices that plugged into the charger."
Okay for a system to spread a virus it must execute code...
So does this mean that F_Protect have no idea what they are doing or are they just spreading FUD.

--
See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
1. Re:No. No. No. by LWATCDR · 2016-04-27 08:52 · Score: 1
  
  " Like when you plug in a storage device it automatically runs scripts on the filesystem"
  That is executing code on the system...
  
  --
  See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
2. Re:No. No. No. by AmiMoJo · 2016-04-27 10:24 · Score: 1
  
  It depends what the aircraft USB ports are configured as. Rather than acting as hosts, they might be acting as mass storage or MTP. Ideal for uploading updates to flight and navigation data.
  Having said that, it does sound suspicious. Android malware is pretty rare and since most people don't root their phones or enable unknown sources, and Google is proactive about deleting it.
  And you would think anyone with access to aircraft systems could control the urge to charge too.
  
  --
  const int one = 65536; (Silvermoon, Texture.cs)
  SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
3. Re:No. No. No. by LWATCDR · 2016-04-28 01:03 · Score: 1
  
  Then your android phone must support OTG and the next device that you plug in that gets infected must also support OTG and for some really odd reason copy the fill from mass storage all on it's own and run it.
  In other words?
  Huhhhh?
  
  --
  See my blog http://ilovecookes.blogspot.com/ for light hearted technical information.
Re:Much more interesting snippet by Anonymous Coward · 2016-04-27 07:59 · Score: 1

It's not a charger, it's a USB cable. The same cable you use to copy files between your phone and PC. Maybe this should inspire designers to return to the old legacy of having a dedicated power port and a dedicated data cable, but such designs would not sell after the populous has had the convenience of one-cable systems.
logic fail by Thuktun · 2016-04-27 08:00 · Score: 1

The proposition "not to have posed a threat" does not seem to follow from the combination of "found to be infected" and "isolated from the Internet".
Were the computers isolated from the control board of the nuclear power station? That's the important question.
1. Re:logic fail by Anonymous Coward · 2016-04-27 08:12 · Score: 2, Informative
  
  Yes, the fuel transfer equipment is basically cranes and such to move the fuel in and out of the plant and into spent fuel pools. It has nothing to do with the control board which controls the reactor.
2. Re:logic fail by michelcolman · 2016-04-27 23:50 · Score: 1
  
  Oh, thank god, I mean, it's not like you could use the cranes that move fuel in and out of the plant to cause any havok with radioactive material, right?
Re:Much more interesting snippet by OzPeter · 2016-04-27 08:02 · Score: 1

From the article:

a European aircraft maker that said it cleans the cockpits of its planes every week of malware designed for Android phones. The malware spread to the planes only because factory employees were charging their phones with the USB port in the cockpit. Because the plane runs a different operating system, nothing would befall it. But it would pass the virus on to other devices that plugged into the charger.
How does that even make sense?!? What is running on the charger for it to spread the malware?
The so-called "charger" would simply seem to be a USB port on a computer in the cockpit. Still I can't say as to how this malware uses this setup in order to propagate itself given that TFS says the original OS is not affected.

--
I am Slashdot. Are you Slashdot as well?
Re:Much more interesting snippet by DarkOx · 2016-04-27 08:05 · Score: 1

Maybe....
Its possible that virus on infected device causes it to write any attached media. Maybe the plane shows up as mass storage. Next victim device comes along and attaches the plane as storage. This devices does some brain dead autorun type BS and gets infected.

--
Repeal the 17th Amendment TODAY! Also Please Read http://www.gnu.org/philosophy/right-to-read.html
Re:fascinating by PPH · 2016-04-27 08:26 · Score: 1

That's odd. Why is that crane running itself? And why is it piling all the fuel rods in one big critical ma.......

--
Have gnu, will travel.
Re:Conficker??? by EndlessNameless · 2016-04-27 08:55 · Score: 4, Informative

The systems were setup in 2008. They probably do run Windows XP.
And don't forget that most industrial control systems are not modified after installation. Vendors are notoriously reluctant to support any changes at all, including basic OS updates.
My employer has equipment connected to unpatched XP SP1 systems because the vendor won't support anything else, and the organization is not willing to spend $200K+ to replace machines that are doing their jobs.
They are standalone systems because of issues exactly like this one. If someone took an infected file over, it would be a long time before we noticed. There is no value in traditional antivirus without signature updates---which might be a consideration if the vendor supported it with antivirus in the first place.
This is what a lack of competition looks like. They don't have to support basic security measures because there are only one or two other companies in the world that make comparable equipment, and they offer the same level of support. So our security is screwed until the government decides to regulate it.
And nevermind all the man-hours we waste doing data transfers to/from these systems. That's just a cost of doing business.

--

---
According to the latest ruleset, this post should be modded as Vorpal Flamebait +5.
Nuclear Plants Running on Windows by macs4all · 2016-04-27 09:39 · Score: 1

Is there anything more that has to be said?
1. Re:Nuclear Plants Running on Windows by LordWabbit2 · 2016-04-27 21:16 · Score: 1
  
  Erm, perhaps "It's not yet the year of linux", but hang in there, maybe next year.
  
  --
  There are three kinds of falsehood: the first is a 'fib,' the second is a downright lie, and the third is statistics.
2. Re:Nuclear Plants Running on Windows by macs4all · 2016-04-28 04:26 · Score: 1
  
  Erm, perhaps "It's not yet the year of linux", but hang in there, maybe next year.
  I'm sorry; how is that germane?
Nuclear Plant Infected With Computer Virus? by tetraverse · 2016-04-27 09:46 · Score: 1

By any chance would this 'computer Virus' only work on Microsoft Windows running on Intel based hardware?
Re:Much more interesting snippet by Anonymous Coward · 2016-04-27 09:55 · Score: 1

The fundamental question would be "why does the plane have a USB port?"
Chances are there's some reason for that, and if it's to load updated software or retrieve logs well that would presumably involve coppying/writing files to the thing you plugged into it.
If you plug a phone that presents as a mass storage device into the port that the technicians routinely plug a USB stick into for some matinance reason...
Re:Conficker??? by AmiMoJo · 2016-04-27 10:31 · Score: 1

The problem with security patches is that you then need to re-certify the system. For a nuclear plan or other complex system that is going to be expensive, and next month there are a load more updates so you have to start from scratch again.
What's really worrying is the lack of physical security and appropriate software policies. On windows you can block access to USB ports with a group policy, for example. The ports should be physically blocked anyway. As usual, it's a procedural and management issue.

--
const int one = 65536; (Silvermoon, Texture.cs)
SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
Re:fascinating by tchdab1 · 2016-04-27 11:21 · Score: 1

Yes. Because, of course, with increased radiation levels, the viruses will mutate at an accelerated rate and will soon be shedding from the site uncontrollably. Can I copyright this plot before Stan Lee steals it?
Not by mdsolar · 2016-04-27 14:48 · Score: 2

But there is a lot of concern about security at German nuclear plants. http://m.dw.com/en/safety-chec...
Re:Conficker??? by thegarbz · 2016-04-27 21:27 · Score: 1

This is what a lack of competition looks like.

Not at all. There's quite heavy competition in the control system market, both for small SCADA systems, mid sized PLCs, and large DCSs'. What you're seeing here are architectural effects at work.
What's the point of securing a system on the OS level when the vendor recommends a heavily tiered network architecture combined with physical security that doesn't even expose ports of a PC? This here is a result. Malware which did nothing, though chances are if the vendor's recommendations were followed they wouldn't have the malware in the first place.
The man-hours you're spending (not wasting) is the standard method of working with these systems, and that has nothing to with competition or the fact that your system is running Windows XP.
Re:Much more interesting snippet by michelcolman · 2016-04-27 23:42 · Score: 2

I bet they are talking about the Airbus Navaero electronic flight bag (EFB) system. It's a standalone add-on system with a large touch screen used for electronic charts, manuals and performance calculations, separate from the actual airplane systems. It can receive certain information from the Flight Management System (airplane and flight ID, GPS position) but as far as I know cannot send anything back. At least I hope it can't. We certainly have to copy the performance data from the EFB into the FMS manually.
Guess what wonderful choice they made for the EFB operating system? Yep, why use common sense if you can use Windoze? It has two USB ports that are strictly for maintenance use (updates), and in my company they screwed a metal plate over those ports to keep us from charging our phones from them. I guess that was a wise precaution, although I doubt it would be enough to keep a determined hacker at bay.
Re:Much more interesting snippet by Coren22 · 2016-04-29 07:38 · Score: 1

Maybe the plane shows up as mass storage.
Never underestimate the bandwidth of a 747 full of hard drives?

--
APK likes to ask for responses to the same things over and over. Maybe he just likes the responses?