Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

Skip to comments.

Power Grid Attacks Q Anon / Great Awakening Banned From Reddit Hurricane Florence Update
IWB ^ | Ruby Henley

Posted on 09/13/2018 11:39:30 AM PDT by davikkm

Last December, the Ukraine power grid was attacked, and Russia is the suspect. A quarter of a million people lost power in the Ivano-Frankivsk region of Ukraine.

Vasyl Pemchuk is the electric control center manager. Remembering the nightmare when hackers took over their computers, he said all his workers could do was film it with their cell phones.

“It was illogical and chaotic,” he said. “It seemed like something in a Hollywood movie.”

This is, also, my fear, and as Hurricane Florence makes its way into the Carolinas my mind is fixated on weeks without power. But the truth is we do not have to wait for a hurricane for this to occur, an foreign Country will most likely do that for us in the near future.

How easy an operation was it for allegedly Russia to put parts of Ukraine in the dark? It was as easy as a click.

The alleged hackers sent emails with infected attachments to power company employees and went on to use their login credentials. The fact is it was not difficult to do – ultimately they took control of the grid’s systems to cut the circuit breakers at nearly 60 substations.

The suspected motive for the attack is the war in eastern Ukraine, where Russian-backed separatists were fighting against Ukrainian government forces.

(Excerpt) Read more at investmentwatchblog.com ...


TOPICS: Government; Politics
KEYWORDS: aaablogpimp; aaablogtrash; fireyour12yodaughter; nuttery; pimpdaddy; qanon; qisfake; rubyhenleyisanidiot; rubynuttery; rubysucks; tomfoolery

1 posted on 09/13/2018 11:39:30 AM PDT by davikkm
[ Post Reply | Private Reply | View Replies]

To: davikkm
The real question why is our power grid accessible from the Internet? If it needs to be networked, it needs to be on a private network independent of anything to do with the "real" Internet, completely unconnected. It should be partitioned, with each partition on its own private network too. We had a functioning power grid before the Internet, perhaps it's time to revisit it.
 
2 posted on 09/13/2018 11:45:11 AM PDT by Governor Dinwiddie ("Nature, Mr. Allnut, is what we are put in this world to rise above.")
[ Post Reply | Private Reply | To 1 | View Replies]

To: davikkm

Computers and devices that control public utilities and infrastructure should never be permanently networked and should only communicate in isolation with other devices and computers that operate within the framework of it’s purpose.

Redundancy is a good thing, but also only in isolation to it’s functions.

Remote telemetry and control is way overrated and a massive liability. Engineers who specify or permit it should be fired.


3 posted on 09/13/2018 11:49:22 AM PDT by z3n
[ Post Reply | Private Reply | To 1 | View Replies]

To: davikkm

There is some damn fine analog equipment out there.

Can’t be hacked.

Just a little more manpower intensive.

But why would you take a chance????


4 posted on 09/13/2018 11:56:10 AM PDT by 2banana (My common ground with terrorists - they want to die for islam and we want to kill them)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Governor Dinwiddie

It’s not.

Why do people believe everything they read on crap sites?


5 posted on 09/13/2018 12:31:02 PM PDT by bigbob (Trust Sessions. Trust the Plan.)
[ Post Reply | Private Reply | To 2 | View Replies]

To: bigbob; All

Are you an Industrial Control Systems SCAD A vulnerability expert?

Power control systems are not completely “air gap” isolated from internet access.
System control vendor administration accounts have been successfully accessed via exploiting unsecure system maintenance service accounts that system vendors have negligently left open via non-encrypted FTP, rlogin, telnet protocols, for instance.

Go to SANS, Dark Reading, Krebs on Security, Blackhat, and FBI Infragard to read up on the topic.

Many legacy power plant ICS SCADA control systems and old (20-30 yrs+) non/weak-encrypted wireless peripheral control units such as remote valves, sensors, pumps, electrical switches, still remain vulnerable to hacking from power station parking lots.
Upgrading old legacy components used in power plants can be technically difficult, expensive and disruptive to system availability.


6 posted on 09/13/2018 1:12:04 PM PDT by MarchonDC09122009 (When is our next march on DC? When have we had enough?)
[ Post Reply | Private Reply | To 5 | View Replies]

To: bigbob; All
Educational opportunity 4 u: https://www.infosec-city.com/sg18-ctf-ics-scada ICS/SCADA​ Capture-the-Flag (CTF) Sponsored By: Registration The ICS/SCADA CTF competition is open to all conference ticketholders to play, enjoy and compete.Participants simply have to register at the NSHC booth located in the Exhibition Foyer.​GameplayThere are altogether 6 scenarios, each with its own set of challenges and scores. The scenarios and challenges are based on real ICS/SCADA simulation using real ICS/SCADA components. ​There are more than 50 challenges — Providing an enjoyable and unforgettable experience for both Beginners and Experts. ScenariosScenario 1: Malware/Forensics An Operator's Workstation Windows System Email Attachment Scenario 2: IoT/Web Vulnerability/Forensics Wireless LAN (WLAN)No Access Control​Scenario 3: Bypass Airgap/Network/CryptosystemWindows System Default Installation No Internet Access​Scenario 4: Bypass Airgap/HMI Windows SystemPLC Developer's WorkstationUSB BlockOnly Mouse & Keyboard​Scenario 5: ICS Vulnerability in PLCPLC Software/Firmware0-day Scenario 6: ICS Infrastructure/Real-WorldSimulation RailwaySmart Grid Challenge CategoriesEach challenge may span across various challenge categories.  Category 1: Bypass AirgapIndustrial WiFi Hacking Industrial BluetoothRadio Frequency (RF) HackingUSB-based Microcontroller Default Network-based Attack  Category 2: ICS ProtocolIEC 60870-5-101 or 104, IEC 61850, DNP3ModbusIncident Response for Security Operations Centre (SOC)  Category 3: PLC & HMIWell-known vulnerabilitiesPassword Cracking0-day Vulnerabilities (Discovered by NSHC Red Alert Team)Control PLC, HMI  Category 4: ForensicsNetworking — Industrial Network CaptureDocuments  Category 5: Misc.Shodan & IoT ManipulationZoomeye Search for SCADA EquipmentOSINT for Critical Infrastructure
7 posted on 09/13/2018 1:42:54 PM PDT by MarchonDC09122009 (When is our next march on DC? When have we had enough?)
[ Post Reply | Private Reply | To 5 | View Replies]

To: MarchonDC09122009

Aw, heck, I can’t even remember Spectra 70 Assembly language! (Anybody still use RCA mainframes?)


8 posted on 09/13/2018 6:28:00 PM PDT by Pete from Shawnee Mission
[ Post Reply | Private Reply | To 7 | View Replies]

To: Pete from Shawnee Mission

Many power stations still use DEC PDP/11’s.
It’s the ones that use legacy Microsoft XP, 95, 98 and 2000 that are very worrisome.


9 posted on 09/13/2018 6:41:50 PM PDT by MarchonDC09122009 (When is our next march on DC? When have we had enough?)
[ Post Reply | Private Reply | To 8 | View Replies]

To: MarchonDC09122009

Digital Equiptment Corp? 1960s? Wow, although not quite the dawn of digital. Amazing to think that Power plants still use MS XP.


10 posted on 09/13/2018 6:59:38 PM PDT by Pete from Shawnee Mission
[ Post Reply | Private Reply | To 9 | View Replies]

To: Pete from Shawnee Mission

I worked for GE in the 1990’s, as a generator and excitation specialist. I routinely worked on equipment that had been installed in the 1950s. I was at a paper mill once and a lot of the equipment the was war surplus, you could tell because it had”war emergency” nameplate values. The oldest unit I worked on was installed in the 20s. The generator controls were patented during the first world war.


11 posted on 09/13/2018 8:42:06 PM PDT by Fellow Traveler
[ Post Reply | Private Reply | To 10 | View Replies]

To: Whenifhow; null and void; aragorn; EnigmaticAnomaly; kalee; Kale; 2ndDivisionVet; azishot; ...

p


12 posted on 09/13/2018 9:49:48 PM PDT by bitt (We know not what course others may take, but as for me, Give me Liberty, or Give me Death!)
[ Post Reply | Private Reply | To 1 | View Replies]

To: davikkm

Hey, think it’d work on Silicon Valley? /sarc>


13 posted on 09/13/2018 9:51:49 PM PDT by grey_whiskers (The opinions are solely those of the author and are subject to change without notice.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: Pete from Shawnee Mission
DEC lasted into the mid-late 80s or early 90s, before workstations ate their lunch.

And then PCs ate the workstations' lunch.

Then mobile devices ate the PCs' lunch.

14 posted on 09/13/2018 9:53:14 PM PDT by grey_whiskers (The opinions are solely those of the author and are subject to change without notice.)
[ Post Reply | Private Reply | To 10 | View Replies]

To: Fellow Traveler

Analog controls? Sycros & Servos?

Important stuff, but outside my training.


15 posted on 09/17/2018 5:37:09 PM PDT by Pete from Shawnee Mission
[ Post Reply | Private Reply | To 11 | View Replies]

To: grey_whiskers

Grey! The smaller ones keep eating the bigger ones! Moore’s fish!


16 posted on 09/17/2018 5:38:37 PM PDT by Pete from Shawnee Mission
[ Post Reply | Private Reply | To 14 | View Replies]

To: Pete from Shawnee Mission

“Moore’s fish” — cool! never heard that one before! :-)


17 posted on 09/17/2018 9:14:02 PM PDT by grey_whiskers (The opinions are solely those of the author and are subject to change without notice.)
[ Post Reply | Private Reply | To 16 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
Bloggers & Personal
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson