Slashdot Mirror

← Back to Stories (view on slashdot.org)

DDoS Attack Halts Heating in Finland Amidst Winter (metropolitan.fi)

Posted by msmash on from the topsy-turvy-world dept.

A Distributed Denial of Service (DDoS) attack halted heating distribution at least in two properties in the city of Lappeenranta, located in Eastern Finland. In both of these events, the attacks disabled the computers that were controlling heating in the buildings. An anonymous reader writes: Both of the buildings were managed by Valtia, the company which is in charge of managing the buildings overall operation and maintenance. According to Valtia CEO, Simo Ruonela, in both cases the systems that controlled the central heating and warm water circulation were disabled. In the city of Lappeenranta, there were at least two buildings whose systems were knocked down by the network attack. According to Rounela, the attack in Eastern Finland lasted from late October to Thursday -- the 3rd of November. The systems that were attacked tried to respond to the attack by rebooting the main control circuit. This was repeated over and over so that heating was never working.

84 of 138 comments (clear)

  1. Amidst Winter? by tsqr · · Score: 2, Funny

    I know it's cold in Finland this time of year, but the first day of winter is still a month and a half in the future.

    1. Re:Amidst Winter? by Anonymous Coward · · Score: 1

      "Winter" in cold areas is anywhere from October to April

      Technically Winter is only 3 months long... but 'feels like winter'... that is another thing entirely.

      I used to go trick or treating as a kid during snow storms... and I didn't even live in THAT cold of a place

    2. Re:Amidst Winter? by Anonymous Coward · · Score: 3, Interesting

      The issue is that "winter" doesn't mean the same thing to everyone. I used to argue with my (Finnish) wife about this for a while, but Finns typically refer to something which translates as "thermal winter" (terminen talvi) which starts on the first day the average temperature for an area consistently drops below 0C

    3. Re:Amidst Winter? by gweeks · · Score: 5, Interesting

      The temperature in Helsinki is below freezing and isn't expected to get above freezing even during the daytime highs for at least a week. That's close enough to winter for me, no matter what the divide the year into four equal seasons says.

    4. Re:Amidst Winter? by Anonymous Coward · · Score: 2, Informative

      Its -6C(22F in retarded units) in Lappeenranta right now which sounds Wintery to me.

    5. Re:Amidst Winter? by EvilSS · · Score: 4, Funny

      I know it's cold in Finland this time of year, but the first day of winter is still a month and a half in the future.

      Yes, this is the most important part of the story. Who cares if some dipshit HVAC system failed due to a DDOS attack, disabling heat for buildings in sub-freezing temperatures. What we should really be discussing is this completely unacceptable disregard for when winter actually starts!

      --
      I browse on +1 so AC's need not respond, I won't see it.
    6. Re:Amidst Winter? by kelemvor4 · · Score: 1

      "Winter" in cold areas is anywhere from October to April

      Technically Winter is only 3 months long... but 'feels like winter'... that is another thing entirely.

      I used to go trick or treating as a kid during snow storms... and I didn't even live in THAT cold of a place

      Let's just be clear. If you lived someplace where frozen water literally falls out of the sky... you lived in THAT cold of a place.

    7. Re:Amidst Winter? by DatbeDank · · Score: 3, Insightful

      Seriously, there is absolutely NO good that comes from wiring up every little thing to the internet. What's the purpose behind connecting this to the open internet?

      Call me a Luddite and get these things off of the open internet. These idiots deserve what happens to them and those same idiots should be held accountable when someone dies from their ineptitude.

    8. Re:Amidst Winter? by thegarbz · · Score: 1

      You haven't been in Europe this week have you? It's winter come 2 months early right now. Snowfall almost record early in the year and much of Europe had below freezing temperatures over the last few days.

      For all intents and purposes as far as heating a house goes, it's the middle of winter.

    9. Re:Amidst Winter? by Anonymous Coward · · Score: 5, Funny

      I believe you mean 22 in Freedom Units.

    10. Re:Amidst Winter? by ShanghaiBill · · Score: 2

      The issue is that "winter" doesn't mean the same thing to everyone.

      Indeed. I lived in China for a few years, and there winter starts on Dec 1st and ends on Mar 1st. That makes more sense, since it syncs up with both the calendar and the weather. The first 21 days of Dec are shorter and usually colder than the first 21 days of March.

    11. Re:Amidst Winter? by mysidia · · Score: 1

      Seriously, there is absolutely NO good that comes from wiring up every little thing to the internet.

      Wiring things up to IP networks provides remote control which saves time, money, and effort.

      The reason they wind up connected to the internet is because internet connectivity is a commodity available through Internet service providers as a consumer service and other network-based services are not commodities, or require hiring professionals to help design and build, or paying the service provider extra costs. Internet is cheap, widely available, and easy to install --- there is no need to hire IT professionals to build a simple network that costs of an ISP line and a DHCP router, or no need to pay the phone company extra for an additional POTS line or serial lead-line, just slap in a patch cable hook it up (Newer HVAC products are probably including built in Wi-Fi, so just set the name of the Access point, and maybe the pre-shared password If the equipment supports WEP or WPA2 [It probably doesn't]), and route that traffic over a cheap, ubiquitous, and generic WAN service.

    12. Re:Amidst Winter? by Toad-san · · Score: 1

      Below 0C? Hell, that's not cold! Admittedly I'm living in Nawth Ca'lina now, far different from my years in Massachusetts, Bavaria, and winters in northern Maine.

    13. Re:Amidst Winter? by GNious · · Score: 1

      You haven't been in Europe this week have you? It's winter come 2 months early right now. Snowfall almost record early in the year and much of Europe had below freezing temperatures over the last few days.

      Sen Jim Inhofe must be celebrating this further evidence of Global Warming being a hoax!

    14. Re:Amidst Winter? by Mashiki · · Score: 1

      That's wintery? Pft wimps. That's still shorts weather in Canada, and I'm not even kidding. You'll see people out here in t-shirts and shorts when it's -10C(14F), it's only when the windchill starts kicking in and it's really cold that winter starts. Most people here don't consider it winter until there's 6cm of snow on the ground and it hits -15C in the daytime(or twilight).

      --
      Om, nomnomnom...
    15. Re:Amidst Winter? by orgelspieler · · Score: 2

      My wife used to work for a company that controlled the thermostats of all of its satellite locations remotely. It's called micromanagement. Basically, if her patients were uncomfortable, the only thing she could do was apologize. But it saved the company hundreds of dollars per site each year, so that's totally worth it, right?

    16. Re:Amidst Winter? by Darinbob · · Score: 2

      Winter is still coming.

    17. Re:Amidst Winter? by BitterOak · · Score: 1

      I know it's cold in Finland this time of year, but the first day of winter is still a month and a half in the future.

      You didn't see the white ravens released from the Citadel last June? Winter is here.

      --
      If I can be modded down for being a troll, can I be modded up for being an orc, or a balrog?
    18. Re:Amidst Winter? by jittles · · Score: 1

      You haven't been in Europe this week have you? It's winter come 2 months early right now. Snowfall almost record early in the year and much of Europe had below freezing temperatures over the last few days.

      For all intents and purposes as far as heating a house goes, it's the middle of winter.

      If there's one thing the internet taught me is that you really meant to say "intensive purposes." Cause freezing cold is intense!

    19. Re:Amidst Winter? by angel'o'sphere · · Score: 1

      These idiots deserve what happens
      Which idiots do you mean? The poor folks having no heating or the service provider company that is not serving its customers?

      --
      Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
    20. Re:Amidst Winter? by lars_stefan_axelsson · · Score: 1

      I know it's cold in Finland this time of year, but the first day of winter is still a month and a half in the future.

      Maybe in the Anglo-Saxon world. But in the nordics we use the meteorological definitions. Hence, "First day of winter" isn't a day on the almanac, it's officially announced by the met office. (And typically on the news, weather segment).

      The official definition of winter being; the average temperature being below freezing for five days in a row. (The other limit being 10C. I.e. above 10C for five days, then it's summer, below then it's autumn.

      --
      Stefan Axelsson
    21. Re:Amidst Winter? by fintux · · Score: 1

      It makes no sense to define the seasons by the months globally. Think about the southern hemisphere for example - the seasons are timed exactly the opposite in there as in the northern hemisphere, so saying that "winter is the time from December to February" (or whatever like that) in a global context is simply nonsense. Also, there are even different seasons in different parts of the world (for example, wet season and dry season in the tropics). You can read about the seasons in Finland in the web pages of the Finnish Meteorological Institute at http://en.ilmatieteenlaitos.fi... if you want to know more.

  2. Probably only going to get worse by Anonymous Coward · · Score: 1

    This time last year, I had my boiler replaced. While shopping around for a new one, a number of companies attempted to flog me cloud-based heating solutions.

    "You can control it from your mobile phone."

    "It knows you've left the house and turns itself off."

    "It can be made to learn when you're coming home, and to switch on so that the house is warm when you get in."

    "You can have them installed in your elderly relatives' homes, and control their heating for them, remotely."

    My first thought was, well, if I can control all this shit remotely, so could someone else. An intranet solution would've been cool, though.

    1. Re:Probably only going to get worse by Hognoxious · · Score: 1

      An intranet solution would've been cool, though.

      I suppose that's batter than bloody freezing.

      --
      Confucius say, "Find worm in apple - bad. Find half a worm - worse."
    2. Re:Probably only going to get worse by fustakrakich · · Score: 1

      "It knows you've left the house and turns itself off."

      Will it call the plumber when the pipes freeze?

      --
      “He’s not deformed, he’s just drunk!”
    3. Re:Probably only going to get worse by thegarbz · · Score: 1

      You know that none of the systems on the market work like this right?

    4. Re:Probably only going to get worse by fustakrakich · · Score: 1

      So very sorry

      --
      “He’s not deformed, he’s just drunk!”
    5. Re:Probably only going to get worse by 0100010001010011 · · Score: 1

      Eh, it's not as big and scary as you make it sound out to be.

      There's a perl module someone wrote so you can self host the front end.

      You can also change your DNS and redirect stuff to where ever you want it.

    6. Re:Probably only going to get worse by sjames · · Score: 1

      That's exactly it. An intranet controllable thermostat suitable for control from a browser and a well documented REST based API would be potentially useful. Ideally it should have a switch to take it off of the network and operate in local-only mode in case of trouble. A thermostat that has to phone home to work is a terrible idea.

      I can't decide if the big push for the cloud when it comes to the (id)IOT is based primarily on incompetence or a cynical move to lock people in.

    7. Re:Probably only going to get worse by afidel · · Score: 1

      Actually the Nest thermostat did that to quite a few people when the mandatory firmware update was pushed to their unit while they were on vacation and the units failed to work post-update. It's the #1 reason I won't buy a Nest or any similar cloud controlled product.

      --
      There are 4 boxes to use in the defense of liberty: soap, ballot, jury, ammo. Use in that order. Starting now.
    8. Re:Probably only going to get worse by mysidia · · Score: 1

      My first thought was, well, if I can control all this shit remotely, so could someone else.

      Yeah.... I do think there's a simple solution though.
      "Sanity-protected smart thermostat"

      Put the system on an automated internet-connected thermostat, But in the wiring include a supplementary Limiting device in series
      with the Smart stat which will transfer control of heat to a mechanical T-stat if temperature exceeds 68 degrees,
      Or if temperature drops below 60 degrees... And transfer control of A/C to mechanical if temperature goes below 72 or above 78.

      Install the mechanical override T-stats with permanently established settings,
      and put them inside the cold-air return to make sure ordinary people cannot see or mess with the limiter T-S.

    9. Re:Probably only going to get worse by thegarbz · · Score: 1

      Actually the Nest thermostat did that

      Actually the Nest had a major fault as the result of a botched firmware update. The way Nests works for many people all over the world without any issue what so ever is to have a safety temperature which brings me back to:

      "You know none of the systems on the market work like this right?"

  3. Explain to me by The-Ixian · · Score: 5, Insightful

    1. Why are these infrastructure computers reachable from the Internet?
    2. Why this system doesn't fail safe if the controller is taken down?

    Yet another cautionary tale of IoT woe, but also some seemingly bad design...

    --
    My eyes reflect the stars and a smile lights up my face.
    1. Re:Explain to me by Anonymous Coward · · Score: 1

      I do security in automotive. This is a classic case of a design which did not consider security whatsoever. But, like you say, a lack of robustness in the design exacerbates the security problem, because attackers can more easily cause big problems.

      Getting into the nitty gritty details (which the article does not), there are two ways I can see a DDoS causing systems to go down:

      1. There was a dependency on the network, and when the network was down, the devices didn't work
      2. Flooded requests reached end nodes and overpowered their processors, bogging them down so that they no longer performed their primary function properly.

      3. Let's hope it was not #1. I shutter to think that there are industrial control system engineers creating systems that don't operate when a network goes down. #2 is difficult to solve, but not impossible. An RTOS, properly configured (and tested), could probably handle this challenge. I don't want to trivialize, however. Fixing #2 is genuinely difficult. Fixing #1, though? That's kid stuff. I certainly hope it wasn't #1.

    2. Re:Explain to me by EvilSS · · Score: 1

      Hell even a simple VPN would have shielded the control units from the DDOS. Yes, they would not be remotely manageable, but they probably would have just kept on doing what they were last told to do, instead of freaking out and going into a reboot loop.

      --
      I browse on +1 so AC's need not respond, I won't see it.
    3. Re:Explain to me by Critical+Facilities · · Score: 1

      1. Why are these infrastructure computers reachable from the Internet? 2. Why this system doesn't fail safe if the controller is taken down? Yet another cautionary tale of IoT woe, but also some seemingly bad design...

      Exactly. I've been working in Facilities Management for 16 years. I have a LOT of experience with Building Automation systems and Building Monitoring systems. If these dummies were stupid enough to put their Building Automation System on the Internet and didn't bother to put the infrastructure in place to provide adequate security and/or failsafe modes for controller or communications failures, then they deserve what they got.

      This is not the way the pros do it. I've never heard of this management company, and it's clear why.....they suck. There is no reason this should have happened. I'd be willing to bet that someone took a shortcut so he/she wouldn't have to come in after hours to respond to issues, so they grabbed an old copy of PC Anywhere and installed in on a client machine or something stupid like that. Too often, I see cases like this where human laziness ends up being the culprit.

    4. Re:Explain to me by GerardAtJob · · Score: 1

      Viva el Internet of things XD

      --
      I can't call that English ;-)
    5. Re:Explain to me by sinij · · Score: 1

      I do security in automotive.

      Personal request, since your industry doesn't quite get it, please help fellow nerds and add an easily accessible jumper somewhere to turn it all off. I don't want my car to have an ability to connect to anything, but right now finding, isolating, and/or disabling radios is very involved process.

      Much appreciated!

    6. Re:Explain to me by Depili · · Score: 1

      2. Why this system doesn't fail safe if the controller is taken down?

      Yet another cautionary tale of IoT woe, but also some seemingly bad design...

      It is actually failsafe, because the system goes safely to a safe state when the control is lost. The heater running at full blast would certainly not be failsafe...

    7. Re:Explain to me by thegarbz · · Score: 1

      1. This system relies on remote control. On loss of remote signal it would likely happily operate autonomously. This doesn't excuse the fact that it wasn't locked behind a tight VPN though.
      2. It did fail safe. On loss of control the safe thing to do is shutdown and turn off energy sources, no blindly feed heat into apartments. That's the key here, on loss of the computer it would probably operate autonomously using the last setpoint, this is called Loss of View (loss of the computer commanding the controller to do its thing). Loss of the controller however is just that, loss of control. By definition you can't then control so the only safe thing to do is shut down.

    8. Re:Explain to me by slashcross · · Score: 1

      2. Why this system doesn't fail safe if the controller is taken down?

      Yet another cautionary tale of IoT woe, but also some seemingly bad design...

      It is actually failsafe, because the system goes safely to a safe state when the control is lost. The heater running at full blast would certainly not be failsafe...

      The definition of "failsafe" depends a great deal on where you are. In areas where it's cold more than it's hot, the heater running at full blast definitely is the failsafe condition. I have had to deal with that exact issue. Midsummer we had a failure in the temperature control system. All the heaters were running full blast. I was told it's part of the building code here, a requirement.

      --
      Slashdot your i and slashcross your t.
    9. Re:Explain to me by ljw1004 · · Score: 1

      Why are these infrastructure computers reachable from the Internet?

      If I were a city council purchasing a heating system, and one option was 20% cheaper and and could be controlled and configured by offsite engineers even in the middle of an impenetrable blizzard, while the other one couldn't -- then choosing the first (connected to internet) is a no-brainer.

    10. Re:Explain to me by sjames · · Score: 1

      Actually, neither problem is that hard to solve with appropriate hardware. You just have to rate limit the network interrupt by only re-enabling it if there is room in the Rx queue. Another answer is to use a dedicated I/O processor for networking and a main processor that polls it only when idle. You can get WiFi devices with such a dedicated CPU built in these days. If it gets a DDOS, the I/O processor gets overloaded and polls from the main CPU just time out and the device continues to operate normally in local mode (even accepting local control inputs). No need for real time at all. Perhaps it turns on a status light to indicate network failure.

    11. Re:Explain to me by sjames · · Score: 1

      Thinking about it, if they're actually thinking of relocating tennants rather than just unplugging the internet connection, it must be #1 :-(

    12. Re: Explain to me by MarkH · · Score: 1

      Fail safe is usually to disable system - as in this case.

      As for backup comms route ( manual in building, sms or even plain old modem ) good point

    13. Re:Explain to me by DarthVain · · Score: 1

      Yes, my first question was "why are these things connected to the internet in the first place?" The only rational reason would mean to operate remotely. Again "Why?" Then the next question is "There is no manual operation/override, that seems a bit dumb?"

      I've seen things like this with Wind Turbines, being "controlled" by the manufacture a continent away over the internet, which at first blush seems a bad idea. However as you say there is a default fail safe in place basically a windows safemode, not to mention they can also be controlled locally, as well as individually manually.

    14. Re:Explain to me by Darinbob · · Score: 2

      Jumalauta! It's damned cold in Finland right now. You really expect them to trudge through the snow just to flip some switches? That may be what they do in sunny Spain, but in Finland they are smart and stay inside!

    15. Re:Explain to me by AHuxley · · Score: 1

      Because contractors, branding, profit, shareholders.
      Or:
      Why send out a repair crew when the user can be helped with a phone call?
      So the energy producers know what load to expect every year.
      It's more sensitive and better for the earth?
      Think of the local IT networking jobs for design, support and upgrades.
      It makes the design look more modern and stand out from other brands.

      --
      Domestic spying is now "Benign Information Gathering"
  4. so Hollywood isn't too far off? by gemtech · · Score: 1

    Why, oh why, do software engineers (or maybe just coders) allow external access to mission critical processes?

    --
    Insanity: doing the same thing over and over again and expecting different results. Albert Einstein
    1. Re:so Hollywood isn't too far off? by EvilSS · · Score: 1

      Why, oh why, do software engineers (or maybe just coders) allow external access to mission critical processes?

      Why would a software engineer have any control over this? This sounds more like an individual implementation issue where the property managers exposed the systems directly to the internet instead of securing them properly.

      --
      I browse on +1 so AC's need not respond, I won't see it.
  5. Moron designed systems fail by Lumpy · · Score: 2

    Sorry but if your heating system is 100% cloud based so that a DDOS attack or internet outage will stop heat control, then it was designed by the worlds biggest morons.

    Cloud based is great for toys, for anything important it's 100% shit.

    --
    Do not look at laser with remaining good eye.
    1. Re:Moron designed systems fail by thegarbz · · Score: 1

      They didn't DDOS the internet, they DDOSed the device controlling the heater itself. This also isn't cloud based and has nothing to do with the cloud and everything to do with remote control of infrastructure.

    2. Re:Moron designed systems fail by sjames · · Score: 1

      In other words, the device was connected to the cloud so that it could be attacked. And since they apparently can't fix it by disconnecting the controller from the internet (they're talking about relocating tenants), it is cloud dependent. Cloud doesn't JUST mean a massive provider like Amazon.

    3. Re:Moron designed systems fail by sysrammer · · Score: 2

      Got it. The cool kids use the cloud, the rest of us are stuck using the internet.

      --
      His ignorance covered the whole earth like a blanket, and there was hardly a hole in it anywhere. - Mark Twain
    4. Re:Moron designed systems fail by sjames · · Score: 1

      In the sense that Cloud is more a marketing term than a technical one, yes. It's basically just the hipster way to say internet. It often indicates some sort of dependence on a remote server somewhere, generally unwarranted.

      It's a reference to the cloud icon in old style data flow diagrams.

    5. Re:Moron designed systems fail by sysrammer · · Score: 1

      It reminds me of one of the earlier buzzwords, "database". In the tech journals, the word "database" had specific properties (though those were still being argued about, so yeah). Then the marketing folks and PHB's heard enough techs saying the word, and soon the trade journals were full of copy, describing pretty much any collection of files used by a program as "their database", whether it was related to a DBMS or not.

      And don't get me started on when programs became apps.

      --
      His ignorance covered the whole earth like a blanket, and there was hardly a hole in it anywhere. - Mark Twain
    6. Re:Moron designed systems fail by thegarbz · · Score: 1

      In other words, the device was connected to the cloud

      Yes because Slashdot has deranged to the point where a network connection is now suddenly a cloud, even the same remote management systems that have existed since the internet first came online.

      Someone with your UID should know better.

    7. Re:Moron designed systems fail by sjames · · Score: 1

      "The Cloud" is just marketing speak for being utterly dependent on a remote server on the internet. How did you miss that one? Marketers like calling it the cloud because it's so fluffy.

      OP's point stands, it was stupid as hell to make the thing so that a flood or any other loss of connectivity would cause it to fail at it's most important function. Which end of the connection is DDOSed is of little importance to determining the level of stupidity.

    8. Re:Moron designed systems fail by thegarbz · · Score: 1

      Except it's not Cloud dependent. Remote access does not mean something is cloud dependent. It means that some additional abilities are exposed by it and this is something which we have doing since the day you first singed up to Slashdot.

    9. Re:Moron designed systems fail by sjames · · Score: 1

      According to TFA, the system failed as a result of the DDOS and they were talkiong about relocating people.

      I have seen a followup article from another source saying that the system was actually maintaining the last temperature set and could be disconnected from the internet. That does put a very different light on the situation, but it is from a different article and different information.

      But you're still missing it. The only thing new about "The Cloud" is calling it "The Cloud". One of it's more famous complainants is just virtual server rental with more automation and a shorter timeframe.

    10. Re:Moron designed systems fail by thegarbz · · Score: 1

      the system failed as a result of the DDOS

      Yes, by forcing the main controller to reboot. What does this have to do with the cloud again? Again there's nothing new or cloudish here. Shithouse security for a device that was remotely operated, nothing more. An attack on the device directly caused it to reboot over and over again. That's a denial of service. DDOS doesn't mean "cut off internet access", it just means "cut off access" the means are not relevant.

      This isn't virtual cloud someone else's computer anything. It's a physical machine with optional remote access. This has been happening for 25 years now, possibly longer.

    11. Re:Moron designed systems fail by sjames · · Score: 1

      Again, going by the first article, relocating people implied that disconnecting it from the internet wasn't a viable solution. The onlyu reason that would be is if it depended on tyhe internet. Is that hard to grok?

      No need to argue further over the name. Call it purple parakeet poop if you like. No skin off of my nose if someone says cloud and you look like a fool because you don't know what it might mean. (Why not, they look like fools for not knowing it's just the same-old with a shiny new name.)

    12. Re:Moron designed systems fail by thegarbz · · Score: 1

      Honestly it probably comes down to lowest common denominator journalism. I'm clearly applying some biases to my reading.

  6. Yeh, even heating systems should be hardened by Anonymous Coward · · Score: 1

    Turn off the heating in a critical office building to shut the office down. Even heating systems are critical in cold countries.
    Even heating should be hardened and not available to Putin attack.

    2007 Russian cyber attacks Estonia, blocking banking, government, newspaper headlines and Estonian Reform Party head quarters. This was after Russia tried and failed a propaganda attack during that years elections. Does that sound familiar? They failed to get their stooge into power.

    https://en.wikipedia.org/wiki/2007_cyberattacks_on_Estonia
    https://en.wikipedia.org/wiki/Estonian_parliamentary_election,_2007

    "The Centre Party, led by the mayor of Tallinn Edgar Savisaar, had been increasingly excluded from collaboration, since his open collaboration with Putin's United Russia party, real estate scandals in Tallinn,[1] and the Bronze Soldier controversy, considered as a deliberate attempt to split Estonian society by provoking the Russian minority.[2]"

    Putin tried to get his puppet elected. The people rejected the Putin puppet, so Russia did widespread cyber attacks on the country. Latvia has electronic voting, it is at the biggest risk of a Putin hacker rigged election. Estonia is more aware about the risks. Finland is very glib, but they were once under Russian control and should be more careful.

    Never underestimate the power of a Russian puppet leader to undermine the security of a country. Never underestimate a cyber attack on critical systems, or worse, election systems.

    1. Re:Yeh, even heating systems should be hardened by gtall · · Score: 1

      Currently, the Reform Party will probably lose control of the government and Centre Party is expected to take over given the fractious nature of the governing coalition. So maybe Putin will finally succeed in getting his stooge into power. Maybe he'll screw up spectacularly before turning the country over to Putin and his merry band of kleptocrats.

  7. The Internet Of Hacked Things by Citizen+of+Earth · · Score: 1

    Someday, we'll figure out that it's not a good idea to subject critical infrastructure to Internet control.

    1. Re:The Internet Of Hacked Things by thegarbz · · Score: 1

      No, some day we'll figure out that it's not a good idea to subject critical infrastructure to internet control insecurely.

      People have been doing this for as long as the internet has existed, it's all a question of competence.

    2. Re:The Internet Of Hacked Things by gtall · · Score: 1

      Right, so all industries should build out their own private network infrastructure. That shouldn't cost you too much, should it?

    3. Re:The Internet Of Hacked Things by misxn · · Score: 2

      Not true. If you want to secure it with competence then you separate the two domains, not connect them.

    4. Re:The Internet Of Hacked Things by GerardAtJob · · Score: 1

      +1! (Where are my mods points when I really need them!???)

      --
      I can't call that English ;-)
    5. Re:The Internet Of Hacked Things by thegarbz · · Score: 1

      Not true but true? Is that what you're trying to tell me? Or are you implying that leased lines are still easy to come by in the modern world and that we don't live in a world of common infrastructure?

      I say this as someone who was forced to decommission a dedicated leased line in exchange for a modem with a public IP address by a major telecom company, so it's not a far out scenario.

    6. Re: The Internet Of Hacked Things by misxn · · Score: 1

      Leased lines? Are you replying to the right thread? I simply stated that one should airgap their domains and not connect critical infrastructure to the Internet. If one HAS to be on the Internet, then use a data guard.

    7. Re: The Internet Of Hacked Things by thegarbz · · Score: 1

      So that's kind of what I was saying when I mentioned insecurely and it's a question of competence.

      And you replied with not true... I can't understand if you are agreeing with me or disagreeing with me.

  8. Could be worse by davidwr · · Score: 1

    They could've turned off the heating at a polling location in the United States. Everyone would be blaming Putin even if he didn't do it.

    --
    Knowledge is how to play a game, intelligence is how to win, wisdom is knowing what game to play.
  9. Re:Explain to me Why? by BoRegardless · · Score: 1

    Default ought to return to my 80 year old, still working bimetallic thermostat, with no electronics. Never failed in 80 years.

  10. Re:Moron designed systems fail, ... so by BoRegardless · · Score: 4, Insightful

    Let a mechanical thermostat be the default control when the computer fails, regardless of why!

  11. Re:You anti-science denialist scum! by gtall · · Score: 2

    You don't really get global warming, do you?

  12. IoT by p51d007 · · Score: 1

    With the attach a couple weeks ago, the more crap that doesn't but gets hooked up to the internet, WITHOUT PROPER SECURITY, it's only going to get worse.

  13. Re:Solution by WaffleMonster · · Score: 1

    The solution is simple. For some reason the people responsible don't take action. Maybe we are waiting for the big one? Like an explosion in a nuclear electricity facility?

    GET. ALL. CRITICAL. INFRASTRUCTURE. SYSTEMS. OFF. THE. INTERNET.

    To play the devils advocate.. what is the alternative? Leased lines and private networks?

    Do you think Telco you pick one of those up from isn't going to provision it using same (mostly virtualized) infrastructure and management systems they use for Internet traffic? Do you really think their systems are any more secure?

    I strongly believe any and all attempts at securing the network is both dangerous and counterproductive. It is dangerous because it sucks resources from the only thing that matters... securing *systems* and counterproductive because it essentially amounts to "castle defense" in the age of super sonic jet fighters.

    If people connect their shit to the Internet with the understanding that it is both a hostile and unreliable environment and take precautions to guard against it (obviously these jokers did no such thing) such systems end up being better engineered and more secure over time vs. dolts with leased lines or private cables who never see an unsolicited byte or dropped packet and become complacent and less investment is subsequently made in engineering systems for reliability and security.

    The alternative is when someone does hack a leased line or cut into dark fiber in anger all bets are off. This shouldn't be. Control systems don't have to be the joke that lies just behind most corporate firewalls. It takes investment to get there. Every dollar spent on private lines and DIY networks are dollars not spent on R&D into control systems that are more survivable in hostile environments.

  14. With this global warming.. by Keruo · · Score: 1

    Finnish winters are starting to resemble the summer, but unlike the summer, which was on Thursday this year, the winter is scheduled on Tuesday.

    --
    There are no atheists when recovering from tape backup.
  15. I have had first-hand experience by thebigmacd · · Score: 1

    I am an HVAC controls Technologist and the product we use used to have an unintentional DOS issue. If there was too much traffic on the controller's network port (including traffic not intended for it), the processor would spend all of its time responding to network interrupts and actual operation would grind to a halt. The fix was simple...the manufacturer made new firmware that would simply ignore network interrupts if the program scan rate got too low. Sure, the controller would quit communicating on the LAN but it was still accessible via rs-232/485.

    These controllers have 32MHz processors, 2MB ram, and 10Mb half-duplex ethernet, and cost multiple thousands of dollars.

  16. Re:Explain to me Why? by angel'o'sphere · · Score: 1

    We are not talking about a remote control that is for some absurd reason controlling your local heating in the house.
    We actually are talking about remotely distributed heat, hot water, steam, to heat the houses in question.
    Otherwise the owners could simply fiddle with the controls I guess.

    --
    Cost free eBook I read (by iBook/Kobo/Amazon/ObookO/Gutenberg etc.): "The Green Odyssey" by Philip Jose Farmer.
  17. If only they used an Amiga by sad_ · · Score: 1

    I'm sure that school that has their heating system controlled by an Amiga won't have this problem :P

    --
    On a long enough timeline, the survival rate for everyone drops to zero.
  18. curso NR 10 by Instituto+Santa+Cata · · Score: 1

    Curso NR 10 online curso NR 10 curso NR 10 online