SCADA Watch: Polish Teen Derails Tram After Hacking Train Network

["Paul Ferguson" <fergdawg () netzero net>]

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Via The Register.

[snip]

A Polish teenager allegedly turned the tram system in the city of Lodz into
his own personal train set, triggering chaos and derailing four vehicles in
the process. Twelve people were injured in one of the incidents.

The 14-year-old modified a TV remote control so that it could be used to
change track points, The Telegraph reports. Local police said the youngster
trespassed in tram depots to gather information needed to build the device.
The teenager told police that he modified track setting for a prank.

"He studied the trams and the tracks for a long time and then built a
device that looked like a TV remote control and used it to manoeuvre the
trams and the tracks," said Miroslaw Micor, a spokesman for Lodz police.

[snip]

More:
http://www.theregister.co.uk/2008/01/11/tram_hack/

Note: As Steve Bellovin writes on his blog regarding this incident:

"There are several lessons here. The first is that security through
obscurity simply doesn't work for SCADA systems, whether it's a tram, a
traffic light, or a sewage plant."

"A second lesson is that security problems can have real-world
consequences, such as injuries."

http://www.cs.columbia.edu/~smb/blog/2008-01/2008-01-11.html

- - ferg

-----BEGIN PGP SIGNATURE-----
Version: PGP Desktop 9.6.3 (Build 3017)

wj8DBQFHh9PHq1pz9mNUZTMRAp1HAKCQeyH5SBX9bGEbPAFRb5I3z5pP/ACghA4y
Fr6igTSdSOVPz5D11alGDXA=
=Kcmv
-----END PGP SIGNATURE-----



--
"Fergie", a.k.a. Paul Ferguson
 Engineering Architecture for the Internet
 fergdawg(at)netzero.net
 ferg's tech blog: http://fergdawg.blogspot.com/


_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.