The Israeli SCADA’s That Weren’t and The Media Who Do NOT Fact Check
TAKE THAT ISRAEL!! AH HA! ALL ARE SCADA’S BELONG TO US!
The ongoing war of who can be more annoying has been raging between the “Muslim Hackers” and the “Israeli Hackers” since about January 2nd. 0xOmar and his crew dumped thousands of credit cards (Isreali) and the Isreali’s threatened him/her/them with being whacked or detained. After the threat by Israel, Omar and company (Nightmare and others) decided to DDoS the El-Al website and the Stock Exchange.
Which really went nowhere…
Just as the tensions were getting to a heated level suddenly a pastebin was dumped by a “guest” that claimed to have Israeli SCADA systems on them. Now the war was REALLY ON!
*crickets*
THEN on January 17th another Pastebin was put out and signed “Anonymous” which purported to be more SCADA systems and invoked the kiddies to go play. This time the dump had some emails and passwords (hashes as well)
OH MY.
The media ate it up.. The CYBERWAR between Israel and the Muslims was ON! And Israel is DOOMED!
What’s That? You Say Anonymous and Saudi Hackers Have.. “PWNT” SCADA’s In Israel! OMG OMG OMG CYBERWARRR!
Fearlessly the media clamped onto the pastebin’s and the hue and cry went out. The cyberwar was heating up and credit cards and SCADA systems hung in the balance! What would happen next? What would be the escalation? Would there be war in the streets as Palestinians and Israelis hurled useless credit cards at each other like small, mostly harmless shuriken?
How could these SCADA systems be online like this anyway?
What are the dangers here?
FUD FUD FUD….
Enter The Captain BUZZKILL (REALITY)
This is where reason and sanity enter the picture… I was asked by someone in the media to look at this. No not someone in mainstream media, but more a researcher investigating something to do with all of this. So I got hold of the IP addresses/pastebins and began looking through each of their WHOIS records, googling the pages and eventually just hitting them up directly to see just what was what.
Out of the 22 systems listed as SCADA by the skids, only 3 were really SCADA and 4 may have been.. Maybe.. Though not likely.
Those that were SCADA were not in default state for passwords and in general, did not seem to be important systems such as government or large power company hardware… Hell, for that matter none were water facilities, which I should think in a desert would be kinda important no? Anyway, the sites all were a bust really and itreally kind of bothers me that none of the reporters out there actually took the time to ask someone like me, or anyone with a limbic system, to look them up and check if they were in fact SCADA AND EXTREMELY VULNERABLE
None.
Niente
Not a one.
Never mind if they were important systems that could cause damage to Israel.. But then again, the perception of some is that dumping credit cards numbers is really really gonna do some major damage to “the man”
Heh.
I’m sorry all you reporters out there are unable to dial phones or actually know any security folks out in the real world.. Oh.. Wait, Maybe you called on Greg Evans to confirm this?
CNN?
FOX?
MSNBC?
I know, he is your “go to guy”….
*Le Sigh*
Dear Mainstream Media.. The INFOSEC COMMUNITY (apart from Greg Evans and those on the Attrition charlatans page) Are Here To Help!
Dear media.. There are many among you in the world who know who to use WHOIS and other tools as well as “The Googles” to understand the things that you might not. Those people are easy enough to find really. All you need to do is contact groups like ISC2 (shh all of you I know you are grumbling about that one) and other organizations that can easily provide you with some reputable people.
Call them, email them, TALK TO THEM!
Stop just rapid fire reporting on stuff you don’t understand and are certainly not taking the time to, oh, research on, in order to fulfil your jobs as “Reporters”
I know.. It’s a lot to ask..
But please.. For my sanity and others…
Do it.
K.
Krypt3ia 
Media never gets it correct. That is not to say that there are not risk and threats. A google search will provide you with a list of public facing scada. Metasploit (rapid 7) release just provided tools to the masses.
The press never verifies sources, picks up comments from news groups and considers them reliable sources.
It is important to consider fact vs fiction. Still there is a dynamic list of scada systems on public networks. Easy as google to find it. So if you find one related to US infrastructure report it to that organization.
The middle east conflict actors have been at it a long time , cyber space (lack of better term) is the boarder less combat zone. Counter intelligence in Beirut against Masad/CIA was big. With more open Arab states these Arab sprocket hacktivist are a threat to Israeli. How much is the 24000 question.
Nice article, tone down anger, press today are click through chaser.
Julius Strasberg
2012/01/21 at 10:05
If you walk to engage with the press, you need to do something more than just post on a blog complaining about them. Consider joining ProfNet (https://profnet.prnewswire.com/ProfNetHome.aspx) so reporters can find better sources (like YOU) to ask about these things.
Daniel
2012/01/22 at 15:14
Wow, novel idea. Somewhere along the line you missed the point. They don’t perform their due diligence on average. This is the lament. Offering my services would not make a difference as I have seen thus far. Instead, I would rather shame them with writing a post that gets attention on places like infosecisland. Maybe someday they will change their ways… I am not hopeful though.
Krypt3ia
2012/01/23 at 01:11
/me shrugs
I didn’t miss the point, I just don’t think it’ll be effective. Reporters don’t care what infosecisland or the rest of us think about them (with rare exceptions). If you want to change behaviors, you need to change incentives & costs. Just suggesting its easier for us to decrease fact-check cost by participating than it is to increase incentive by trying to shame people who don’t care what you think.
Daniel
2012/01/23 at 16:25
Odd, then all the calls from journalists of late has nothing to do with me bashing them so verbally and publicly. You underestimate the breadth and depth of the internet.
Krypt3ia
2012/01/23 at 16:36
Heh, well, touché then.
Daniel
2012/01/23 at 16:52
Indeed 😉
Krypt3ia
2012/01/23 at 17:17
[…] Cet article en anglais a été rédigé par un professionnel de la sécurité qui a vérifié les systèmes correspondants aux adresses IP, pour s’apercevoir rapidement que c’était du flan : il y avait en effet quelques systèmes SCADAs, mais dont les systèmes n’était ni sensibles ni vulnérables… […]
Palmarès des cyber-attaques industrielles 2012 (ou pas) | Secur'id : cybersécurité industrielle, web, logiciel libre (securid)
2012/10/23 at 10:51