Thread: OT: Gas Craziness 2021
View Single Post
  #47  
Old 05-14-2021, 10:29 AM
benb benb is offline
Senior Member
  
Join Date: Apr 2007
Location: Eastern MA
Posts: 9,893
Most of what I've heard is the pipeline itself was well insulated from the attack.

The ransomware took over the windows computers at the pipeline company's HQ and they shut down service more over their inability to process/fulfill orders and run billing.

Shutting down control systems connected to the network in an infrastructure system is much much harder than hacking windows machines.

There's a lot of buzz about control systems being vulnerable and having poor security but it's still much much harder to hack them.

The hackers have to know what specialized systems are in place in an infrastructure system and then gain access to those systems, and it might be hard for someone overseas to buy them due to export controls.

Whereas they can just assume Windows is going to be present, and everyone has access to Windows, and there's this global tsunami of hackers/crackers sharing everything about Windows and all the vulnerabilities, etc..

Stuxnet style hacks are vastly more scary but that is an entirely different level of sophistication to pull that off... we have still only seen the NSA and/or Mossad pull off that type of attack.

Chinese/Russian hackers with government backing will certainly be able to do that kind of stuff but it requires real money getting the hardware in question into a lab and then doing real security research on it, then setting up multi-stage attacks to get access to the network first through say the Windows machines and then move into the control systems. It can take multiple hacks over years, they might need to hack in first and install surveillance hacks, use that to gather data on what's inside the network, then acquire the specialized hardware in question and begin to hack it. These Windows hacks we typically see are literally things a teenager can do for free in their parents basements.

The hacks against Iran involved the US and/or Israel doing multi-stage hacks over years:

- Hack into the nuclear program
- Collect data on what kinds of systems the Iranians were using to control centrifuges
- Buy Siemens centrifuge systems and do security research on them
- Write a hack for Windows that could take over systems, check if they were connect to siemens systems, and then have the windows hack deliver a Siemens hack to the siemens hardware
- Then trigger the damage to the siemens hardware

You would need to do a similar set of steps to actually make a pipeline explode or an electrical control system overload. And if the system attached to the pipeline/grid was well designed it might have software controls in place that won't even allow a command to do physical damage.

In the case of the Stuxnet hack IIRC the US/Israel even made the hack download a hacked firmware update into the centrifuge controllers that lifted limits on controls that Siemens had put into to keep the computer from being able to break the centrifuges.
Last edited by benb; 05-14-2021 at 10:33 AM.
Reply With Quote