Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Power play: Electric company hacked

From: William Knowles <wk () C4I ORG>
Date: Fri, 15 Dec 2000 02:13:38 -0600
http://www.zdii.com/industry_list.asp?mode=news&doc_id=ZD2665199

By Robert Lemos
ZDNet News
December 14, 2000

Unknown intruders have hijacked an electric company's servers, using
its computers and the company's Internet connection to host and play
games, the National Infrastructure Protection Center revealed
Wednesday.

The intruders gained access to the power company's servers by
exploiting a vulnerability in the company's file storage service, said
NIPC, which would not name the power company. The federal agency, in
conjunction with the FBI and the Department of Justice, investigates
such attacks on the United States information and communications
systems.

"The intruders used the hacked FTP site to store and play interactive
games that consumed 95 percent of the organization's Internet
bandwidth," NIPC said in a prepared statement. "The compromised
bandwidth threatened the (company's) ability to conduct bulk power
transactions."

Apparently, the intruders used an automated tool that scanned the
Internet for so-called anonymous FTP servers with the vulnerability.

Several such vulnerabilities exist, including a well-publicized
exploit of a popular Linux FTP service. In cases similar to the one
described by NIPC, the attacker can replace a directory name with code
that, when run, will allow the intruder to take over the system, said
Elias Levy, chief technology officer and co-founder of security
information site SecurityFocus.com.

Yet, Levy stressed that far from threatening, the incident seems just
like a bunch of kids playing.

"It sounds like they weren't even targeting the company," he said. "It
just seems like one of those indiscriminate acts."

He added that the attack says little about the vulnerability of the
power company's critical systems.



*==============================================================*
"Communications without intelligence is noise;  Intelligence
without communications is irrelevant." Gen Alfred. M. Gray, USMC
================================================================
C4I.org - Computer Security, & Intelligence - http://www.c4i.org
*==============================================================*

ISN is hosted by SecurityFocus.com
---
To unsubscribe email LISTSERV () SecurityFocus com with a message body of
"SIGNOFF ISN".
Previous By Date Next
Previous By Thread Next

Current thread: