Interesting People mailing list archives

Previous By Date Next
Previous By Thread Next

Could W32.Blaster have caused the blackout? NREAD AT OWN RISK :-)

From: Dave Farber <dave () farber net>
Date: Tue, 19 Aug 2003 15:48:43 -0400


Date: Tue, 19 Aug 2003 09:53:56 -0700
From: jm () jmason org (Justin Mason)
Subject: Could W32.Blaster have caused the blackout?
Sender: jm () jmason org
To: dave () farber net



Hi Dave -- for IP.

There's an article from Heise Security in Germany at [1], which raises
some interesting questions about whether W32.Blaster could be to blame for
the blackout.  Some translated points are at [2] -- quote:

  ... it becomes a bit more likely if one considers what the authors of
  that article found out:

      - The Niagara Mohawk power grid which seemed to got overloaded first
        is owned by National Grid USA.
      - National Grid is listed as an important customer of Northern
        Dynamic who call themselves the "OPC Experts".
      - OPC is an acronym for OLE for Process Control and is used for
        communications between control systems.
      - OPC is based on DCOM, exactly that Windows technology attacked by
        W32.Blaster.
      - One symptom of a W32.Blaster attack is that a crashing DCOM
        service (not only under Windows), often taking down the whole
        server.

  One usage of OPC is the coupling of so-called SCADA (Supervisory Control
  and Data Acquisition) systems. Among other things is SCADA used in power
  plants and grids to exchange data between some central instance and
  external measuring units. And for some reason did the monitoring system
  which should prevent snowball effects like the one on thursday from
  happening.

  So the questions the authors of the article have are:

      - For which processes does National Grid utilise OPC?
      - Were there any problems regarding OPC when the power went down?
      - If yes, were they related to W32.Blaster?


1. http://www.heise.de/newsticker/data/ju-15.08.03-001/
2. http://msquadrat.de/archive/03/08/16/02

--j.


-------------------------------------
You are subscribed as interesting-people () lists elistx com
To manage your subscription, go to
 http://v2.listbox.com/member/?listname=ip

Archives at: http://www.interesting-people.org/archives/interesting-people/
Previous By Date Next
Previous By Thread Next

Current thread: