funsec mailing list archives
SCADA Watch: Polish Teen Derails Tram After Hacking Train Network
From: "Paul Ferguson" <fergdawg () netzero net>
Date: Fri, 11 Jan 2008 20:38:33 GMT
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Via The Register. [snip] A Polish teenager allegedly turned the tram system in the city of Lodz into his own personal train set, triggering chaos and derailing four vehicles in the process. Twelve people were injured in one of the incidents. The 14-year-old modified a TV remote control so that it could be used to change track points, The Telegraph reports. Local police said the youngster trespassed in tram depots to gather information needed to build the device. The teenager told police that he modified track setting for a prank. "He studied the trams and the tracks for a long time and then built a device that looked like a TV remote control and used it to manoeuvre the trams and the tracks," said Miroslaw Micor, a spokesman for Lodz police. [snip] More: http://www.theregister.co.uk/2008/01/11/tram_hack/ Note: As Steve Bellovin writes on his blog regarding this incident: "There are several lessons here. The first is that security through obscurity simply doesn't work for SCADA systems, whether it's a tram, a traffic light, or a sewage plant." "A second lesson is that security problems can have real-world consequences, such as injuries." http://www.cs.columbia.edu/~smb/blog/2008-01/2008-01-11.html - - ferg -----BEGIN PGP SIGNATURE----- Version: PGP Desktop 9.6.3 (Build 3017) wj8DBQFHh9PHq1pz9mNUZTMRAp1HAKCQeyH5SBX9bGEbPAFRb5I3z5pP/ACghA4y Fr6igTSdSOVPz5D11alGDXA= =Kcmv -----END PGP SIGNATURE----- -- "Fergie", a.k.a. Paul Ferguson Engineering Architecture for the Internet fergdawg(at)netzero.net ferg's tech blog: http://fergdawg.blogspot.com/ _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
Current thread:
- SCADA Watch: Polish Teen Derails Tram After Hacking Train Network Paul Ferguson (Jan 11)