We may all be sitting in the dark without electricity in the near future. The Stuxnet malware that was used to attack the control systems in the Iranian nuclear power plants has been cloned and is for sale to anyone who wants it. Stuxnet was designed to attack and take control of the Siemens computers that control many industrial operations, including power plants.
Recently, the code for this malware program surfaced on the Internet and was “packaged” to sell. What this means is that this very sophisticated malware, probably developed by a nation-state (it is rumored that the US and Israel are those nations), will now be available to any hacker who may want to use it to disrupt operations in nuclear plants, power plants, manufacturing plants, anywhere these controllers are used.
Recently, at the Black Hat Conference in Las Vegas, a security researcher demonstrated to a group of reporters and US Government Homeland Security types that he could take control of these controllers, including turning them off. Thankfully, these controllers were in his hotel room and not in a nuclear power plant. You see, these Siemens controllers are responsible for controlling valves that regulate water flow that cools (or not) reactors to keep them from melting down. They are also used to control our water supplies across the world, they also control valves on our oil and gas pipelines. And now Stuxnet can be used by any two-bit hacker to disrupt the operations that these computers control. Are you concerned yet? I am.
From Wikipedia: Black Hat is composed of two major sections, the Black Hat Briefings, and Black Hat Trainings. Training is offered by various Computer security vendors, in effort to keep the conference vendor-neutral. In the past, the conference has hosted the National Security Agency’s Information Assurance Manager course, and various courses by Cisco Systems, Offensive Security, and others.
The Black Hat Conference is a computer security conference that brings together a variety of people interested in information security. Representatives of federal agencies and corporations attend along with hackers. The Briefings take place regularly in Las Vegas, Barcelona (previously Amsterdam) and Tokyo. An event dedicated to the Federal Agencies is organized in Washington, D.C.
The Briefings are composed of Tracks, covering various topics including Reverse Engineering, Identity and Privacy, and hacking.
Let’s hope Siemens or Homeland Security do something quickly to thwart these attacks. Or we may have a very hot, dark summer ahead of us at best, and a nuclear meltdown at worst.
Please comment on this subject; we all learn from each other when our views and opinions are shared.
Don’t miss an article. If you enter your email address in the Email Subscriptions box on the right column of this page, I’ll send you an email when a new article is posted. I don’t share your email address with anyone…no one; I hate spam too. Please share my site with your friends and family. Thanks.
Home computing is a blast…keep it safe, productive and enjoyable.
ref: NetworkWorld article: A power plant hack that anybody could use