Date:08/08/11
"If somebody really has you in their sights, they've got you," he said of the situation. Black Hat presentations that triggered the NERC alerts revealed that "PLC" units that control basic factory functions ranging from turbines to valves or even sorting could be commandeered by hackers. The point was to debunk myths of how it took a nation state with millions of dollars and teams of researchers to penetrate nuclear power plants in attacks by an infamous "Stuxnet" virus, according to NSS Labs security researcher Dillon Beresford.
Beresford described finding a way into PLCs made by Germany-based Siemens AG (SIE.XE) in a matter of weeks working in his bedroom. A Siemens representative who took part in the presentation said the company has been working with researchers on the situation. "It is not only nation states that have this capability, it is now in the hands of researchers and will inevitably get into malicious hands," Beresford said.
"It could be some lone hacker," he continued."Most people with the time and resources could pull this off."Cyber attackers would need to get access to machines, which was said to be less daunting than it sounded, according to Beresford.
Research presented by iSEC Partners security consultant Don Bailey showed that mobile internet connection cards used in some PLCs in remote locations could be given commands by text messages, provided the senders knew the numbers assigned to cards."We can talk about vulnerabilities in PLCs, GSM (mobile networks), or my socks," Bailey said.
"But the talk has to be about the cost, and machine-to-machine communications exploding in the GSM world," he continued. Computers insulated from the internet by "air gaps" could find defenses breached by mobile connection cards used for long-distance monitoring or links to sensors that feed information to the internet, according to Bailey's research.
Industrial plants worldwide at risk of cyber attacks
Researchers warned Wednesday that energy facilities and industrial plants of all kinds are vulnerable to destructive cyber attacks, in some cases with something as simple as a text message.Frightening presentations at a prestigious Black Hat computer security conference were preceded by official alerts to energy producers detailing the weaknesses and urging steps be taken to beef up defenses. "This is not just the United States, it is around the globe," said Tim Roxey, director of risk assessment at the North American Electric Reliability Corp., or NERC, responsible for enforcement of industry standards."If somebody really has you in their sights, they've got you," he said of the situation. Black Hat presentations that triggered the NERC alerts revealed that "PLC" units that control basic factory functions ranging from turbines to valves or even sorting could be commandeered by hackers. The point was to debunk myths of how it took a nation state with millions of dollars and teams of researchers to penetrate nuclear power plants in attacks by an infamous "Stuxnet" virus, according to NSS Labs security researcher Dillon Beresford.
Beresford described finding a way into PLCs made by Germany-based Siemens AG (SIE.XE) in a matter of weeks working in his bedroom. A Siemens representative who took part in the presentation said the company has been working with researchers on the situation. "It is not only nation states that have this capability, it is now in the hands of researchers and will inevitably get into malicious hands," Beresford said.
"It could be some lone hacker," he continued."Most people with the time and resources could pull this off."Cyber attackers would need to get access to machines, which was said to be less daunting than it sounded, according to Beresford.
Research presented by iSEC Partners security consultant Don Bailey showed that mobile internet connection cards used in some PLCs in remote locations could be given commands by text messages, provided the senders knew the numbers assigned to cards."We can talk about vulnerabilities in PLCs, GSM (mobile networks), or my socks," Bailey said.
"But the talk has to be about the cost, and machine-to-machine communications exploding in the GSM world," he continued. Computers insulated from the internet by "air gaps" could find defenses breached by mobile connection cards used for long-distance monitoring or links to sensors that feed information to the internet, according to Bailey's research.
Views: 854
©ictnews.az. All rights reserved.Similar news
- Cellphone Use May Raise Cancer Risk
- Australian police pushes cyber safety education
- Vietnam aims to lead in e-government
- Senate Website Gets Hacked
- US builds net for cyber war games
- Japan enacts anti-computer virus law
- India passes law vs e-waste
- Anonymous Declares War On The City Of Orlando
- Microsoft highlights evolving dangers as online identity data proliferates
- Consumers want internet security to be provided by banks
- Government facilities targets of cyber attack
- South Korean web attacks might been war drill
- Sri Lanka to Establish National Passport Database to Increase Border Security
- Hi-tech crime agencies set to employ information security professionals
- Phone hacking and online campaign bring down the News of the World