CIA says that terrorists have blacked out several cities via cyber-terrorism.
Sigh. Where to start. Okay, first of all, I work in the computer security industry, and my brother works in the SCADA industry doing systems control and data acquisition for public utilities. Now, the thing about SCADA is that it predates the public Internet. The vast majority of their control points are controlled via cellular radio modems on private spectrum or via microwave links to a handy telco POP. Then they use a dedicated phone line to tunnel the control point protocol from the nodes to the central office, at which point it gets de-tunneled back onto serial lines hooked up to a monitoring computer (the control points are controlled via RS-232 ports, because, duh, networking didn't exist back when all this was created). The monitoring computers aren't hooked up to the corporate network other than a dedicated pipe to the business office to feed them billing data for what just went over the wire or pipeline, a pipe that doesn't allow anything to come back from the business office.
Now, theoretically it's possible to hack into this. But practically speaking? No. You'd have better luck hacking into your local bank's computer systems. The guys who designed all this crap didn't on purpose set out to design an unhackable system. But practically speaking, by their emphasis on serial ports and modems and dedicated links, they pretty much created one. Short of going out there and physically interfering with their microwave links or breaking into a telco POP and physically hacking into a data line, ain't no "there" there.
So what, then, of the CIA's bold pronouncements? Who knows. The NSA, not the CIA, is the only intelligence outfit in the USA that knows shit about technology, and the NSA ain't said shit about it. I got two theories: a) the CIA got snow jobbed in an area they don't know shit about (computer technology ain't in the CIA skillset), or b) the CIA for some reason felt it necessary to ratchet up the paranoia level of Americans (that ole' color coded alert system again, where we're all supposed to run around pulling out our hair saying "save me, save me, Big Brother, from those mean tewwists!"). Either way, it irritates me -- either the CIA is a buncha fuggin' idiots, or they're trying to stampede us into a fascist dictatorship. Whatta buncha maroons...
-- Badtux the Security Penguin
i once started a legendary bar fight in saigon. we were nailing back some thai scotch and waiting for snake burgers and i overheard some "civilian advisors" (cia types in bananna republic drag) waxing all poetic about the "real" war.
ReplyDeletei rose, somewhat unsteadily, and proposed the following toast:
to our brothers in the Sea Eye AAAYYY. Their Motto: Proudly overthrowing Castro for the last thirty fucking years.
i really didn't need to throw the shot glass i had just drained at the one dude's head. the fight was on. they fucking lost, big time. we bailed before the MPs and shore patrol could arrive, they mostly couldn't walk.
like you say, scada is pre-internet, but if it's true that people really have been recklessly adding wireless and windows to their scada systems, then i suppose it's easier to do.
ReplyDeleteone of the problems with these old systems is that they really do too often have passwords like 'password' or the name of the company. at least that's any easy fix.
those blackouts, though, were sorta-kinda attributed to someone having inside knowledge, which sorta refutes their scare tactics that just any old outsider[s] can just hack into the utility system of their choice.