Editor’s Note: The original “Hacking the Industrial Network” (Part I) was first published by IndustryWeek in the Spring of 2009. This article, Part II, is the summary of what has happened since the original publication, and the outcome of predictions which first appeared in Part I.
Why We're Vulnerable
Some may still believe that their SCADA networks are not susceptible to eavesdropping, hacking or virus propagation because industrial SCADA systems are difficult for an outsider to understand -- or that their networks are “air-gapped” to separate them from the Internet. It is not true. Access to the Programmable Logic Controllers (PLCs) used throughout your industrial network, including critical U.S. infrastructure, is possible from indeterminate remote locations outside the country, without ever visiting your site, through multiple routes into the heart of your network.
In August of 2011, Dillon Beresford of NSS Labs presented a demonstration at a security conference in Las Vegas. Beresford had no previous industrial control system expertise and limited resources. Working primarily from the bedroom of his apartment, within a few weeks he identified a “maintenance” backdoor with a permanent, hard-coded password within Siemens PLCs. Hundreds of thousands are installed. They are widely used in the energy sector.
Beresford was able to obtain full control, delete files, dump memory and execute commands, retrieve sensitive information, capture passwords, report false data back to the operator, lock the operator out of the PLC, and completely disable the PLC at will. Security consultants believe that PLCs from other manufacturers also have security weaknesses. ICS-CERT Alerts have been issued for 57 suppliers.
A bulletin board posting on the Internet in 2011 by an Italian security researcher with zero previous SCADA experience, provided thirty-four free exploits for common SCADA software produced by Siemens, Iconics, 7-Technologies, and Datac. Iconics systems are often used in the oil & gas industry in North America. Datac is popular in the water and wastewater sector. Siemens is used everywhere.
A SCADA toolbox exploit pack has been offered for sale on the Internet by a Russian information security company. It consolidates all known SCADA vulnerabilities into one package.
Beresford’s experimentation had been deliberately conducted at home on a limited budget to demonstrate that unlimited finances and man-hours were not required. “It’s not just the spooks who have these capabilities. Average guys sitting in their basements can pull this off,” said Beresford after his chilling demonstration.
