Hackers destroy blast furnace in German steel mill

by
in security on (#2WPR)
A recent report by Germany's Federal Office for Information Security reveals that hackers caused "massive" damage to an unnamed steel mill. They did so by manipulating and disrupting control systems to such a degree that a blast furnace could not be properly shut down. The report doesn't name the plant or indicate when the breach occurred.

This is only the second confirmed case in which a wholly digital attack caused physical destruction of equipment. The first case, of course, was Stuxnet, the sophisticated digital weapon the U.S. and Israel launched against control systems in Iran in 2008 to sabotage centrifuges at a uranium enrichment plant. Industrial control systems have been found to be rife with vulnerabilities, though they manage critical systems in the electric grid, in water treatment plants and chemical facilities and even in hospitals and financial networks.

Re: I Understand (Score: 2, Interesting)

by tanuki64@pipedot.org on 2015-01-13 22:58 (#2WQ0)

You didn't read the article. The SCADA systems were on a different, firewall controlled network. That is not nearly enough to keep attackers out, for many reasons.
Oh yes, I know the reasons. At the very beginning of my career I worked for almost a year as system administrator for a small company. My first task? Make our net secure. We need a firewall. I did it. And then the complaints started:
"I can't do this, I can't do that. I NEED ftp, I NEED telnet.. no, ssh and scp is not enough (I don't know how it works, I don't want to learn anything new).
But...
No 'but'. You are only admin, I am very important person... Open the ports for me or go job hunting.
That's what I did.... both. No 'or'. The company does not exist anymore.So yes, security is never 100% free. You say one possible attack vector is a USB drive? I know a company where all USB ports were glued shut. A few 'experts' opened their machines to circumvent this useless chicanery with USB boards. Hey, the sys admins are paranoid a**holes with a god complex. Security is important, but not when it interferes with real work... and who can work without music from his personal mp3 collection on USB?

Of course I cannot say for sure that something like this happened in this steel mill, but I would not be surprised a bit. For years now, the most important attack vector isn't the hard- and software anymore, but the wetware.
Post Comment
Subject
Comment
Captcha
Thirty three, four and twenty: the 1st number is?