Overclock.net › Forums › Industry News › Technology and Science News › [Cnet] Power Plant Passwords Discoverable via Google
New Posts  All Forums:Forum Nav:

[Cnet] Power Plant Passwords Discoverable via Google

post #1 of 8
Thread Starter 
Not the official article title; but this makes it easier to understand.

Quote:
Not only are SCADA systems used to run power plants and other critical infrastructure lacking many security precautions to keep hackers out, operators sometimes practically advertise their wares on Google search, according to a demo today during a Black Hat conference workshop.

...

That's like putting up a billboard saying SCADA (Supervisory Control and Data Acquisition) system here and, oh by the way, here are the keys to the front door. "You can do a Google search with your Web browser and start operating [circuit] breakers, potentially,"
http://news.cnet.com/8301-27080_3-20...le-via-google/



post #2 of 8
Google is actually a very powerful hacking tool if you have access to the old API to automate various attack methods. You can search websites for vulnerabilities and unprotected sensitive data.
G36 "Terminus"
(13 items)
 
  
CPUMotherboardGraphicsRAM
Xeon X3440 OC 3.0Ghz EVGA P55 LE XFX Radeon HD 5770 4Gb Ripjaws DDR3 2000 
Hard DriveOptical DriveOSMonitor
WD Black 750Gb Sony Optiarc Windows 7 Pro Sceptre 22'' Widescreen 
KeyboardPowerCaseMouse
G15 Antec True Power 750 watt CM Storm Scout Microsoft 
  hide details  
Reply
G36 "Terminus"
(13 items)
 
  
CPUMotherboardGraphicsRAM
Xeon X3440 OC 3.0Ghz EVGA P55 LE XFX Radeon HD 5770 4Gb Ripjaws DDR3 2000 
Hard DriveOptical DriveOSMonitor
WD Black 750Gb Sony Optiarc Windows 7 Pro Sceptre 22'' Widescreen 
KeyboardPowerCaseMouse
G15 Antec True Power 750 watt CM Storm Scout Microsoft 
  hide details  
Reply
post #3 of 8
Interesting. In pretty much every power plant I have worked in (and there have been a few) the control room computers are not connected to the internet for this very reason. Seems like a major security slip by someone here.
Main
(21 items)
 
HTPC
(10 items)
 
 
CPUMotherboardGraphicsRAM
i5 2550k P8P67 Pro Sapphire HD 7950 G.Skill RipJaws X 1600 Cas 9 
Hard DriveHard DriveHard DriveCooling
Corsair Force 120 WD Blue 500GB WD Caviar Green 1TB XSPC RayStorm 
CoolingCoolingCoolingCooling
RX240 MCR 220 EK 7950 Copper Acetal  DDC-1T 
OSMonitorMonitorKeyboard
Windows 7 64-bit Dell U2311H Oculus Rift DK2 Ducky Shine 3 MX Brown 
PowerCaseMouseAudio
Corsair TX 750W CoolerMaster CM690 II G500 Klipsch ProMedia 2.1 
Audio
Asus Xonar DX 
CPUMotherboardRAMHard Drive
A10-6800K Gigabyte GA-F2A85XN-WIFI G Skill 1600 CAS9 Kingston SSD Now 60GB 
Hard DriveOptical DriveCoolingOS
WD Caviar Blue 1TB LG Slim Blu-Ray player Silverstone NT06-PRO  Widows 7 Home Premium 
PowerCase
Silverstone Sfx Series ST45SF 450W Silverstone SG05 
  hide details  
Reply
Main
(21 items)
 
HTPC
(10 items)
 
 
CPUMotherboardGraphicsRAM
i5 2550k P8P67 Pro Sapphire HD 7950 G.Skill RipJaws X 1600 Cas 9 
Hard DriveHard DriveHard DriveCooling
Corsair Force 120 WD Blue 500GB WD Caviar Green 1TB XSPC RayStorm 
CoolingCoolingCoolingCooling
RX240 MCR 220 EK 7950 Copper Acetal  DDC-1T 
OSMonitorMonitorKeyboard
Windows 7 64-bit Dell U2311H Oculus Rift DK2 Ducky Shine 3 MX Brown 
PowerCaseMouseAudio
Corsair TX 750W CoolerMaster CM690 II G500 Klipsch ProMedia 2.1 
Audio
Asus Xonar DX 
CPUMotherboardRAMHard Drive
A10-6800K Gigabyte GA-F2A85XN-WIFI G Skill 1600 CAS9 Kingston SSD Now 60GB 
Hard DriveOptical DriveCoolingOS
WD Caviar Blue 1TB LG Slim Blu-Ray player Silverstone NT06-PRO  Widows 7 Home Premium 
PowerCase
Silverstone Sfx Series ST45SF 450W Silverstone SG05 
  hide details  
Reply
post #4 of 8
so... why to power plants need to be connected to the internet?
z87
(18 items)
 
Media Rig
(18 items)
 
 
CPUMotherboardGraphicsRAM
AMD Phenom II 720 ASRock 870 Extreme 3 HIS 5750 (840core/1200mem) 2*2GB A-Data DDR3 1600 
Hard DriveHard DriveOptical DriveCooling
Seagate Barracuda ST1000DM003 Seagate Barracuda ST3000DM001 Lite-On Blue Ray WH14NS40 Arctic Cooling Freezer 64 PRO 
OSMonitorKeyboardPower
Windows 10 pro 64-bit Vizio M43-c1 Logitech K400 Corsair CX-430 
CaseMouseAudioAudio
NZXT Beta EVO Gigabyte M7700 Sony STR-DN1070 Definitive Technology BP8 Tower Speakers 
AudioAudio
Definitive Technology 2002 Series Center Speaker Definitive Technology ProMonitor 1000 Bookshelf... 
  hide details  
Reply
z87
(18 items)
 
Media Rig
(18 items)
 
 
CPUMotherboardGraphicsRAM
AMD Phenom II 720 ASRock 870 Extreme 3 HIS 5750 (840core/1200mem) 2*2GB A-Data DDR3 1600 
Hard DriveHard DriveOptical DriveCooling
Seagate Barracuda ST1000DM003 Seagate Barracuda ST3000DM001 Lite-On Blue Ray WH14NS40 Arctic Cooling Freezer 64 PRO 
OSMonitorKeyboardPower
Windows 10 pro 64-bit Vizio M43-c1 Logitech K400 Corsair CX-430 
CaseMouseAudioAudio
NZXT Beta EVO Gigabyte M7700 Sony STR-DN1070 Definitive Technology BP8 Tower Speakers 
AudioAudio
Definitive Technology 2002 Series Center Speaker Definitive Technology ProMonitor 1000 Bookshelf... 
  hide details  
Reply
post #5 of 8
I heard of this happening over places. I woulda never thought a power plant would be a victim on this.
    
CPUMotherboardGraphicsRAM
[ Q6600 2.4GHz ] [ ASUS P5K ] [ Radeon HD5830 ] [ 4GB 800MHz ] 
Hard DriveOptical DriveOSMonitor
[ WD 500GB SATA ] [ DVD Burner/Reader 16x ] [ W7 Ultimate x64 ] [ Viewsonic 19" ] 
KeyboardPowerCaseMouse
Microsoft [ 600W ] [ Antec 900 ] Microsoft 
Mouse Pad
Desk 
  hide details  
Reply
    
CPUMotherboardGraphicsRAM
[ Q6600 2.4GHz ] [ ASUS P5K ] [ Radeon HD5830 ] [ 4GB 800MHz ] 
Hard DriveOptical DriveOSMonitor
[ WD 500GB SATA ] [ DVD Burner/Reader 16x ] [ W7 Ultimate x64 ] [ Viewsonic 19" ] 
KeyboardPowerCaseMouse
Microsoft [ 600W ] [ Antec 900 ] Microsoft 
Mouse Pad
Desk 
  hide details  
Reply
post #6 of 8
I thought these were closed systems or networks, why are they connected to the public internet.

From this guys comment it seems to just be more fear mongering on the subject.


Quote:
I've looked up the stuff mentioned, and these are demo controllers that are ment to have the password showing, as its a demo of the web interface for customers to look at before they buy the equipment.

If you click on the cached copy of the demo pages, you can look without any problem and see for yourself.

Edited by Dillmiester - 8/2/11 at 8:12pm
My System
(15 items)
 
  
CPUMotherboardGraphicsRAM
Xeon E5506  Intel DX58SO Evga GTX 460 1GB 8gb Ramaxel 12800u  
Hard DriveCoolingOSMonitor
x2 Western Digital 500 RAID0 Stock Intel Windows 10 x64 Vizio  
KeyboardPowerCaseMouse
HP Seasonic 650 Lian Li V1200 Microsoft Comfort Mouse 
Audio
Realtek 
  hide details  
Reply
My System
(15 items)
 
  
CPUMotherboardGraphicsRAM
Xeon E5506  Intel DX58SO Evga GTX 460 1GB 8gb Ramaxel 12800u  
Hard DriveCoolingOSMonitor
x2 Western Digital 500 RAID0 Stock Intel Windows 10 x64 Vizio  
KeyboardPowerCaseMouse
HP Seasonic 650 Lian Li V1200 Microsoft Comfort Mouse 
Audio
Realtek 
  hide details  
Reply
post #7 of 8
Didn't Stuxnet have passwords taken straight from manuals?

If you think that is bad, one recent company used the same exact key for every single electronic voting machine. They key was to open a panel to access the computer.
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
Once again...
(13 items)
 
  
CPUMotherboardGraphicsRAM
i7 920 [4.28GHz, HT] Asus P6T + Broadcom NetXtreme II VisionTek HD5850 [900/1200] + Galaxy GT240 2x4GB G.Skill Ripjaw X [1632 MHz] 
Hard DriveOSMonitorKeyboard
Intel X25-M 160GB + 3xRAID0 500GB 7200.12 Window 7 Pro 64 Acer H243H + Samsung 226BW XARMOR-U9BL  
PowerCaseMouseMouse Pad
Antec Truepower New 750W Li Lian PC-V2100 [10x120mm fans] Logitech G9 X-Trac Pro 
  hide details  
Reply
post #8 of 8
is anyone reminded of die hard, the one with the hacker guy?
Boeing 777-300er
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2600k asus sabertooth p67 SLI Asus GTX 570 Patriot Viper Xtreme 8GB (4x2GB) 
Hard DriveOptical DriveOSMonitor
WD 1.5 TB caviar Green, 500GB Seagate X2 raid 0 Generic Windows 7 Ultimate 64bit samsung 1920x1200, 2X asus 24" 1920x1200 
KeyboardPowerCaseMouse
Logitech G19 Thermaltake TR2 RX 1000W Corsair 800d Razer Deathader 
Mouse Pad
Razer Vespula 
  hide details  
Reply
Boeing 777-300er
(13 items)
 
  
CPUMotherboardGraphicsRAM
Core i7 2600k asus sabertooth p67 SLI Asus GTX 570 Patriot Viper Xtreme 8GB (4x2GB) 
Hard DriveOptical DriveOSMonitor
WD 1.5 TB caviar Green, 500GB Seagate X2 raid 0 Generic Windows 7 Ultimate 64bit samsung 1920x1200, 2X asus 24" 1920x1200 
KeyboardPowerCaseMouse
Logitech G19 Thermaltake TR2 RX 1000W Corsair 800d Razer Deathader 
Mouse Pad
Razer Vespula 
  hide details  
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: Technology and Science News
Overclock.net › Forums › Industry News › Technology and Science News › [Cnet] Power Plant Passwords Discoverable via Google