Well, if Cyberwar means controlling the temps at a mall in Fresno, then we have a problem…
So, You Wanna Be Zer0C00l?
I was made aware of a pastebin alleged to be from Anonymous/AntiSec sourcing about 49 IP addresses that had SCADA systems on them. Furthermore those said systems were claimed to not have any authentication on them whatsoever. To quote Anonymous/AntiSec;
@ntisec Exposes Amerikan #SCADA systems #fulldisclosure
The world has been warned enough, and corperate power has done nothing. People are at risk. We all need to be made aware of
our infrastructure lacking normal forms of safety procedures.
Hackers are targetting #SCADA this year and we have to do something about it.!
So here we go.
Please take some Screenshots and show them to me on @twitter @ntisec.
Be carefull and dont cause rampant anarchy. They might trace you and I have warned you not to alter control states. Just have a look around
To see 4 yourself how these systems affect our everyday life.
Maybe its time politics pointed their attention to bigger problems then #SOPA #PIPA etc.
Trying to regulate the last freedom, will cause uprising and dangerous cyber threats.
As our financial state gets worse and the smart IT and SEC workers have nothing to da
they will at least cause mayhem against what in our view is injustice.
Arresting and kidnapping foreign people for spreading bandwith? #OPMEGAUPLOAD?
Go try and fix your infrastructure first. Its wide open to legally expose and enter your
buildings. Like urban exploring from behind my PC.
Locking up Bradley manning? Better be carefull a hacker does not open his jaildoors 4fun!
Dont even need an exploit to get in here. Dont even have to be a hacker. No passwords what so ever.
So how is the state of your other #SCADA systems like your electrical grid? Or trafic management?
What about chemical industry? Or can hackers swich some stuf that sends trains to another fail?
That pump you saw a while back is just the first sign af being infiltrated.
It can be your vent system, a cooky factory up to a switch that switches of an entire country and economy.
These systems where found through google and shodanHQ by using the search term:
I took the IP’s and checked them all and indeed many were HVAC or other systems belonging to a range of churches, a mall, and some other businesses across the country that were in fact online without any authentication mechanism whatsoever. The first IP in fact in the list was a demo system a company was using to sell their services in the SCADA arena, so overall, I have to say “meh” on this little dump by the skiddies.
I also have to take them to task for crying wolf a bit here. See, when you dump SCADA systems and compare the issues to OPMegaupload etc, you really should in fact be presenting something that people should worry about. Frankly, if anyone can control the heat at a mall, I say ho hum. However, if you present me with a hospital or a power plant, THEN you have something to wield as leverage to make an argument kids.
You failed once again.
Who is doing your recon out there? Really, you wasted your own time as well as mine (well I do enjoy these posts and looking into these things) looking at these systems. Sure, they could be a nuisance and yes, they do make a point (basically don’t put this stuff online without authentication.. If online at all) but this is not an earth shattering and scary finding.
Shodan, A Wonderous Tool For Mischief and Education
Ok, so now you guys have found Shodan and you know how to look for SCADA (at least this type: ord?) but really, Shodan has been around quite a while now and those in the know have been messing about with it as well. The security wonks out there have been beating on people quite a bit (S4 recently releasing new findings on SCADA systems without pre-warning the companies that they found the vulns in) so really, what have you done here?
Again the comment that comes to my mind is the title of this piece: “Well, if Cyberwar means controlling the temps at a mall in Fresno, then we have a problem…” Personally, until someone comes along with a pastebin list of important infrastructure systems that are unprotected and available to attack, I will pretty much say the same thing..
Of course if you all out there are mapping things like say H.D. Moore with his latest on video conference systems, and you are in fact archiving it on pastebin or in blog posts, then you are in fact perhaps doing something interesting.
This stuff though Anon/AntiSec is just showing your lack of understanding of the issues you think you are being ever so clever about.
SCADA CYBERWAR! (Eh, not so much)
Meanwhile, the press does not seem to have caught on to this little paste dump whereas many folks grabbed right on the Israeli dump earlier. I guess its just not as sexy as “Middle East Cyber War” as some put it on the net. I am willing to bet soon enough though someone else will pick up on this dump and think that there’s a story in there that they can pimp.
Let me be clear to you reporters and media… There’s a case to be made that people need to learn about this technology and how to secure it… But… This stuff plunked down by the skiddies just isn’t it.. This story does not have legs.
As for the Anon’s.. Hey ZER0C00l, this little stunt was lame… Time to go back to fighting Ac1dBurn over a rinky dink television cart system…
So, on we plod.. Show me the real infrastructure and I will say you have done something…
Until then.. Just go use the LOIC somewhere and wait for the cops to show up.