nanog mailing list archives
Re: First real-world SCADA attack in US
From: Valdis.Kletnieks () vt edu
Date: Tue, 22 Nov 2011 19:51:59 -0500
On Tue, 22 Nov 2011 13:32:23 -1000, Michael Painter said:
http://jeffreycarr.blogspot.com/2011/11/latest-fbi-statement-on-alleged.html
And "In addition, DHS and FBI have concluded that there was no malicious traffic from Russia or any foreign entities, as previously reported."
It's interesting to read the rest of the text while doing some deconstruction: "There is no evidence to support claims made in the initial Fusion Center report ... that any credentials were stolen, or that the vendor was involved in any malicious activity that led to a pump failure at the water plant." Notice that they're carefully framing it as "no evidence that credentials were stolen" - while carefully tap-dancing around the fact that you don't need to steal credentials in order to totally pwn a box via an SQL injection or a PHP security issue, or to log into a box that's still got the vendor-default userid/passwords on them. You don't need to steal the admin password if Google tells you the default login is "admin/admin" ;) "No evidence that the vendor was involved" - *HAH*. When is the vendor *EVER* involved? The RSA-related hacks of RSA's customers are conspicuous by their uniqueness. And I've probably missed a few weasel words in there...
Attachment:
_bin
Description:
Current thread:
- Re: First real-world SCADA attack in US, (continued)
- Re: First real-world SCADA attack in US Jussi Peltola (Nov 21)
- Re: First real-world SCADA attack in US Valdis . Kletnieks (Nov 21)
- Re: First real-world SCADA attack in US Brett Frankenberger (Nov 22)
- Re: First real-world SCADA attack in US Jay Ashworth (Nov 22)
- Re: First real-world SCADA attack in US Brett Frankenberger (Nov 22)
- Re: First real-world SCADA attack in US Matthew Kaufman (Nov 22)
- Re: First real-world SCADA attack in US andrew.wallace (Nov 22)
- Re: First real-world SCADA attack in US Michael Painter (Nov 22)
- Re: First real-world SCADA attack in US Joe Hamelin (Nov 22)
- Re: First real-world SCADA attack in US Mike Andrews (Nov 23)
- Re: First real-world SCADA attack in US Valdis . Kletnieks (Nov 22)
- Re: First real-world SCADA attack in US Steven Bellovin (Nov 22)
- Re: First real-world SCADA attack in US Steven Bellovin (Nov 22)
- Re: First real-world SCADA attack in US Michael Painter (Nov 22)
- Re: First real-world SCADA attack in US Ryan Pavely (Nov 22)
- Re: First real-world SCADA attack in US andrew.wallace (Nov 22)
- Re: First real-world SCADA attack in US Jay Ashworth (Nov 22)
- Re: First real-world SCADA attack in US Brett Frankenberger (Nov 22)
- Re: First real-world SCADA attack in US Jimmy Hess (Nov 22)
- Re: First real-world SCADA attack in US Jay Ashworth (Nov 22)