Cyberwar Comes to a Mall in Fresno? Not so Much...

Tuesday, January 24, 2012

Infosec Island Admin

7fef78c47060974e0b8392e305f0daf0

Well, if Cyberwar means controlling the temps at a mall in Fresno, then we have a problem…

So, You Wanna Be Zer0C00l?

I was made aware of a Pastebin alleged to be from Anonymous/AntiSec sourcing about 49 IP addresses that had SCADA systems on them. Furthermore those said systems were claimed to not have any authentication on them whatsoever.

To quote Anonymous/AntiSec:

@ntisec Exposes Amerikan #SCADA systems #fulldisclosure

The world has been warned enough, and corperate power has done nothing. People are at risk. We all need to be made aware of
our infrastructure lacking normal forms of safety procedures.

Hackers are targetting #SCADA this year and we have to do something about it.!

So here we go.

Please take some Screenshots and show them to me on @twitter @ntisec.
Be carefull and dont cause rampant anarchy. They might trace you and I have warned you not to alter control states. Just have a look around
To see 4 yourself how these systems affect our everyday life.

Maybe its time politics pointed their attention to bigger problems then #SOPA #PIPA etc.
Trying to regulate the last freedom, will cause uprising and dangerous cyber threats.
As our financial state gets worse and the smart IT and SEC workers have nothing to da
they will at least cause mayhem against what in our view is injustice.
Arresting and kidnapping foreign people for spreading bandwith? #OPMEGAUPLOAD?
Go try and fix your infrastructure first. Its wide open to legally expose and enter your
buildings. Like urban exploring from behind my PC.

Locking up Bradley manning? Better be carefull a hacker does not open his jaildoors 4fun!

Dont even need an exploit to get in here. Dont even have to be a hacker. No passwords what so ever.

So how is the state of your other #SCADA systems like your electrical grid? Or trafic management?
What about chemical industry? Or can hackers swich some stuf that sends trains to another fail?

That pump you saw a while back is just the first sign af being infiltrated.

It can be your vent system, a cooky factory up to a switch that switches of an entire country and economy.

These systems where found through google and shodanHQ by using the search term:

I took the IP’s and checked them all and indeed many were HVAC or other systems belonging to a range of churches, a mall, and some other businesses across the country that were in fact online without any authentication mechanism whatsoever.

The first IP in fact in the list was a demo system a company was using to sell their services in the SCADA arena, so overall, I have to say “meh” on this little dump by the skiddies.

(click image to enlarge)

I also have to take them to task for crying wolf a bit here. See, when you dump SCADA systems and compare the issues to OPMegaupload etc., you really should in fact be presenting something that people should worry about.

Frankly, if anyone can control the heat at a mall, I say ho hum. However, if you present me with a hospital or a power plant, THEN you have something to wield as leverage to make an argument kids.

You failed once again.

Who is doing your recon out there? Really, you wasted your own time as well as mine (well I do enjoy these posts and looking into these things) looking at these systems.

Sure, they could be a nuisance and yes, they do make a point (basically don’t put this stuff online without authentication... if online at all) but this is not an earth shattering and scary finding.

Shodan, A Wondrous Tool for Mischief and Education

Ok, so now you guys have found Shodan and you know how to look for SCADA (at least this type: ord?) but really, Shodan has been around quite a while now and those in the know have been messing about with it as well.

The security wonks out there have been beating on people quite a bit (S4 recently releasing new findings on SCADA systems without pre-warning the companies that they found the vulnerabilities in) so really, what have you done here?

Again the comment that comes to my mind is the title of this piece: “Well, if Cyberwar means controlling the temps at a mall in Fresno, then we have a problem…”

Personally, until someone comes along with a Pastebin list of important infrastructure systems that are unprotected and available to attack, I will pretty much say the same thing.. “ho hum”...

Of course if you all out there are mapping things like say H.D. Moore with his latest on video conference systems, and you are in fact archiving it on Pastebin or in blog posts, then you are in fact perhaps doing something interesting.

This stuff though Anon/AntiSec is just showing your lack of understanding of the issues you think you are being ever so clever about.

SCADA CYBERWAR! (Eh, not so much)

(click image to enlarge)

Meanwhile, the press does not seem to have caught on to this little paste dump whereas many folks grabbed right on the Israeli dump earlier. I guess its just not as sexy as “Middle East Cyber War” as some put it on the net.

I am willing to bet soon enough though someone else will pick up on this dump and think that there’s a story in there that they can pimp.

Let me be clear to you reporters and media… There’s a case to be made that people need to learn about this technology and how to secure it… but… This stuff plunked down by the skiddies just isn’t it.. This story does not have legs.

As for the Anon’s... Hey ZER0C00l, this little stunt was lame… Time to go back to fighting Ac1dBurn over a rinky dink television cart system…

So, on we plod... Show me the real infrastructure and I will say you have done something…

Until then... Just go use the LOIC somewhere and wait for the cops to show up.

K.

Cross-posted from Krypt3ia

Possibly Related Articles:
12192
SCADA
Industrial Control Systems
SCADA Authentication Shodan Cyberwar Network Security Infrastructure Anonymous Hacktivist hackers ICS AntiSec Pastebin Scot Terban Data Dump Industrial Control Systems Krypt3ia Zer0C00l Fresno
Post Rating I Like this!
924ce315203c17e05d9e04b59648a942
Richard Stiennon Glad you covered this. I too checked out those URLs and reacted with a ho-hum when I saw they were benign sites. But do you really want to exhort Anon to try harder?
There is a news angle here. The poster used Google to look for a SCADA config URL and encouraged others to do so. They may yet stumble on something.

If/when someone screws with an HVAC system at a mall it will be big news. Glad you reported on this for the historical record.
1327434544
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia Richard, I don't think of it as exhorting them as much as chiding them. I do not expect that they in fact have the skills to locate the real problems nor to exploit them.
1327440146
Da3ca2c61c4790bcbd81ebf28318d10a
Krypt3ia Also, as an aside, by chiding them, I am also pointing out the fallacies of their alleged movement. Were they serious, they would not just go around dumping hvac systems. They make claims but they cannot deliver either real attacks nor solid arguments for their actions.
1327440246
924ce315203c17e05d9e04b59648a942
Richard Stiennon I agree there Scott. These threats to take down DOZENS of government servers with DDoS is a yawner. Big deal. Wait a few hours and they go away.
1327440668
924ce315203c17e05d9e04b59648a942
Richard Stiennon A follow up pastebin to the original is here: http://pastebin.com/SLBMbviK

They are delving deeper, posting screen shots.
1327441612
The views expressed in this post are the opinions of the Infosec Island member that posted this content. Infosec Island is not responsible for the content or messaging of this post.

Unauthorized reproduction of this article (in part or in whole) is prohibited without the express written permission of Infosec Island and the Infosec Island member that posted this content--this includes using our RSS feed for any purpose other than personal use.