White hat hackers infiltrate a power grid in one day

[lucas1985]

Quote:

In a matter of hours, the team infiltrated the grid's supervisory, control and data acquisition (SCADA) networks using simple phishing tools: social engineering and browser exploits.

Social Engineering is seen by many as a glamorized confidence trick. The penetration team checked distribution lists for SCADA user groups, harvested appropriate email addresses, and then employed a simple trick to gain the targeted user's access. Employees were sent an e-mail about a plan to cut their benefits which included a link to a Web site with "more information." The address linked to a malware that granted the hackers remote access. The trick was effective within minutes.

Quote:

These SCADA systems suffer the same vulnerabilities any system does that runs on the same standard operating system and server hardware. Companies have perpetuated the weakness of these systems by not performing important software upgrades because they would force downtime.

Full article

[Pedro]

I think the problem is we're talking about the same network, the internet.
Some things probably shouldn't be connected. Cost and efficiency is definitely a factor, but.. one should analyze a problem from all angles.

[lucas1985]

Quote:

Originally Posted by Pedro

I think the problem is we're talking about the same network, the internet.
Some things probably shouldn't be connected. Cost and efficiency is definitely a factor, but.. one should analyze a problem from all angles.

Sure
Add basic education (social engineering was their weapon), patch policy (vulnerable systems aren't patched because of downtime), etc.

[Rasheed187]

They should put one of us in charge, let´s see if hackers can infect machines restricted and controlled by LUA, HIPS/Sandbox and a firewall passing all leaktests!

[Mrkvonic]

Hello,
Actually, you don't need any of those. Simply separate extranet from the intranet ... that's it. Remove or disable any peripherals and you have an uncrackable system.
Mrk

[Rasheed187]

Yes of course, I was just joking (although security tools will always be needed) but I never really understood these kind of news messages, I mean how the heck is it possible that hackers can penetrate for example air traffic control? I think I´ve read about that a while back, looks like they´ve got a couple of idiots in charge.

[Carver]

Quote:

Originally Posted by Rasheed187

Yes of course, I was just joking (although security tools will always be needed) but I never really understood these kind of news messages, I mean how the heck is it possible that hackers can penetrate for example air traffic control? I think I´ve read about that a while back, looks like they´ve got a couple of idiots in charge.

And people wonder how 9-ll happened, now with computers..well that brings a whole new level of distruction.