Power Grid Attacks – Q Anon / Great Awakening Banned From Reddit – Hurricane Florence Update

IWB ^ | Ruby Henley

[davikkm]

Last December, the Ukraine power grid was attacked, and Russia is the suspect. A quarter of a million people lost power in the Ivano-Frankivsk region of Ukraine.

Vasyl Pemchuk is the electric control center manager. Remembering the nightmare when hackers took over their computers, he said all his workers could do was film it with their cell phones.

“It was illogical and chaotic,” he said. “It seemed like something in a Hollywood movie.”

This is, also, my fear, and as Hurricane Florence makes its way into the Carolinas my mind is fixated on weeks without power. But the truth is we do not have to wait for a hurricane for this to occur, an foreign Country will most likely do that for us in the near future.

How easy an operation was it for allegedly Russia to put parts of Ukraine in the dark? It was as easy as a click.

The alleged hackers sent emails with infected attachments to power company employees and went on to use their login credentials. The fact is it was not difficult to do – ultimately they took control of the grid’s systems to cut the circuit breakers at nearly 60 substations.

The suspected motive for the attack is the war in eastern Ukraine, where Russian-backed separatists were fighting against Ukrainian government forces.

[Governor Dinwiddie]

The real question why is our power grid accessible from the Internet? If it needs to be networked, it needs to be on a private network independent of anything to do with the "real" Internet, completely unconnected. It should be partitioned, with each partition on its own private network too. We had a functioning power grid before the Internet, perhaps it's time to revisit it.
 

[z3n]

Computers and devices that control public utilities and infrastructure should never be permanently networked and should only communicate in isolation with other devices and computers that operate within the framework of it’s purpose.

Redundancy is a good thing, but also only in isolation to it’s functions.

Remote telemetry and control is way overrated and a massive liability. Engineers who specify or permit it should be fired.

[2banana]

There is some damn fine analog equipment out there.

Can’t be hacked.

Just a little more manpower intensive.

But why would you take a chance????

[bigbob]

It’s not.

Why do people believe everything they read on crap sites?

[MarchonDC09122009]

Are you an Industrial Control Systems SCAD A vulnerability expert?

Power control systems are not completely “air gap” isolated from internet access.
System control vendor administration accounts have been successfully accessed via exploiting unsecure system maintenance service accounts that system vendors have negligently left open via non-encrypted FTP, rlogin, telnet protocols, for instance.

Go to SANS, Dark Reading, Krebs on Security, Blackhat, and FBI Infragard to read up on the topic.

Many legacy power plant ICS SCADA control systems and old (20-30 yrs+) non/weak-encrypted wireless peripheral control units such as remote valves, sensors, pumps, electrical switches, still remain vulnerable to hacking from power station parking lots.
Upgrading old legacy components used in power plants can be technically difficult, expensive and disruptive to system availability.

[MarchonDC09122009]

Educational opportunity 4 u: https://www.infosec-city.com/sg18-ctf-ics-scada ICS/SCADA​ Capture-the-Flag (CTF) Sponsored By: Registration The ICS/SCADA CTF competition is open to all conference ticketholders to play, enjoy and compete.Participants simply have to register at the NSHC booth located in the Exhibition Foyer.​GameplayThere are altogether 6 scenarios, each with its own set of challenges and scores. The scenarios and challenges are based on real ICS/SCADA simulation using real ICS/SCADA components. ​There are more than 50 challenges — Providing an enjoyable and unforgettable experience for both Beginners and Experts. ScenariosScenario 1: Malware/Forensics An Operator's Workstation Windows System Email Attachment Scenario 2: IoT/Web Vulnerability/Forensics Wireless LAN (WLAN)No Access Control​Scenario 3: Bypass Airgap/Network/CryptosystemWindows System Default Installation No Internet Access​Scenario 4: Bypass Airgap/HMI Windows SystemPLC Developer's WorkstationUSB BlockOnly Mouse & Keyboard​Scenario 5: ICS Vulnerability in PLCPLC Software/Firmware0-day Scenario 6: ICS Infrastructure/Real-WorldSimulation RailwaySmart Grid Challenge CategoriesEach challenge may span across various challenge categories.  Category 1: Bypass AirgapIndustrial WiFi Hacking Industrial BluetoothRadio Frequency (RF) HackingUSB-based Microcontroller Default Network-based Attack  Category 2: ICS ProtocolIEC 60870-5-101 or 104, IEC 61850, DNP3ModbusIncident Response for Security Operations Centre (SOC)  Category 3: PLC & HMIWell-known vulnerabilitiesPassword Cracking0-day Vulnerabilities (Discovered by NSHC Red Alert Team)Control PLC, HMI  Category 4: ForensicsNetworking — Industrial Network CaptureDocuments  Category 5: Misc.Shodan & IoT ManipulationZoomeye Search for SCADA EquipmentOSINT for Critical Infrastructure

[Pete from Shawnee Mission]

Aw, heck, I can’t even remember Spectra 70 Assembly language! (Anybody still use RCA mainframes?)

[MarchonDC09122009]

Many power stations still use DEC PDP/11’s.
It’s the ones that use legacy Microsoft XP, 95, 98 and 2000 that are very worrisome.

[Pete from Shawnee Mission]

Digital Equiptment Corp? 1960s? Wow, although not quite the dawn of digital. Amazing to think that Power plants still use MS XP.

[Fellow Traveler]

I worked for GE in the 1990’s, as a generator and excitation specialist. I routinely worked on equipment that had been installed in the 1950s. I was at a paper mill once and a lot of the equipment the was war surplus, you could tell because it had”war emergency” nameplate values. The oldest unit I worked on was installed in the 20s. The generator controls were patented during the first world war.

[bitt]

p

[grey_whiskers]

Hey, think it’d work on Silicon Valley? /sarc>

[grey_whiskers]

DEC lasted into the mid-late 80s or early 90s, before workstations ate their lunch.

And then PCs ate the workstations' lunch.

Then mobile devices ate the PCs' lunch.

[Pete from Shawnee Mission]

Analog controls? Sycros & Servos?

Important stuff, but outside my training.

[Pete from Shawnee Mission]

Grey! The smaller ones keep eating the bigger ones! Moore’s fish!

[grey_whiskers]

“Moore’s fish” — cool! never heard that one before! :-)