SCADA / HVAC fail

Without further ado, straight from Wikipedia:

"SCADA stands for Supervisory Control And Data Acquisition. It generally refers to an industrial control system: a computer system monitoring and controlling a process. The process can be industrial, infrastructure or facility based as described below:

  • Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.
  • Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, civil defense siren systems, and large communication systems.
  • Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and space stations. They monitor and control HVAC, access, and energy consumption."
This too:

"HVAC (pronounced either "H-V-A-C" or "H-vak") is an initialism or acronym that stands for "heating, ventilating, and air conditioning". HVAC is sometimes referred to as climate control and is particularly important in the design of medium to large industrial and office buildings such as skyscrapers and in marine environments such as aquariums, where humidity and temperature must all be closely regulated while maintaining safe and healthy conditions within. In certain regions (e.g., UK) the term "Building Services" is also used, but may also include plumbing and electrical systems. Refrigeration is sometimes added to the field's abbreviation as HVAC&R or HVACR, or ventilating is dropped as HACR (such as the designation of HACR-rated circuit breakers)."

Think hospital, think critical air-conditioning systems for surgery and sterilisation - think the screenshot below (click to enlarge).

envision1.pngA naughty security guard at a hospital (The Carrell Clinic in Dallas) installed some malware onto the HVAC systems that controls all this goodness and welcomed it to his botnet.  He then had remote control of it from his home.  To cut a long story short, he planned to shut it down on 4th July.  It was only his posting of these images to a forum and a security researcher spotting this that led him to being raided and arrested.

The full story is at The Register.

Here are some more screenshots (which he posted up) to show you why it is so important that these old school SCADA systems have appropriate security controls applied to them.  Again, click to enlarge.

envision2.pngenvision.pngI won't be checking into here anytime soon.

Other Posts

Introducing Ncrack, a Network Brute Forcer on Crack
"Ncrack is an open source tool for network authentication cracking. It was designed for high-speed parallel cracking using a dynamic…
Hash Me Up (Mac OS X Styleee)
On a good day you'll catch me on my MacBook Pro like any other Apple fanboy.  However, I was on…
Kneber Botnet - The End is Nigh! Not Quite!
Just a quick one this morning...  A botnet has been discovered that has apparently hijacked more than 75,000 boxes across…
Web 2.0 + People = New Challenges
This article originally appeared on Verizon Business' ThinkForward blog.  It is written by me with a different audience in mind…
Nmap 5.20 released
More than 150 significant improvements,30+ new Nmap Scripting Engine (NSE) scriptsEnhanced Performance and Reduced Memory ConsumptionProtocol-specific Payloads for more Effective…
BackTrack Final 4 released
BackTrack 4 (Final) is officially released. If you didn't already know, "BackTrack is a Linux-based penetration testing arsenal that aids…
Second GSM Cipher Fail - A5/3
The GSM encryption algorithm A5/1 has been known to be broken for some time now... about 10 years to be…
Attack on PHP sessions and random numbers
PHP random numbers and session IDs weaker than thought.  Proof of concept code and further information at http://samy.pl/phpwn/…
Friend or foe? Automated Malware Analysis and Identification
I am doing a PhD on the subject so it's only right I post something up related to it.  Whether…
Give us a flash! Introducing SWFScan, the Flash Security Scanner
The nice people at the Web Security Research Group over at HP have created a bit of goodness that will…