Virus Attacks Siemens


formatting link
"Virus Attacks Siemens Plant-Control Systems "
[
....
Computer hackers have designed a virus that targets industrial control systems
built by German engineering giant Siemens AG, activating a kind of malicious
software that analysts say represents a growing corporate-espionage threat.
The virus, dubbed Stuxnet, is spread by devices plugged into USB computer ports.
....
]
Reply to
Cliff
Loading thread data ...
(off-topic crosspost)
Cliff wrote:
formatting link
"Virus Attacks Siemens Plant-Control Systems "
Hmm. I wonder how many good paying jobs Siemens has outsourced/exported to India. Oh well.
Reply to
John Doe
that is a seriously dangerous development
Reply to
raamman
If true no one should be surprised, Siemens control systems run on Micro $oft products.
Reply to
Curly Surmudgeon
it was forecast long ago that hackers/ terrorists will attack manufacturing through the computerized control systems- force a plant to shut down to either pay a blackmailer's fee or bring in it antivirus experts to clean their systems; altering part geometry that might cause a critical component to fail- the possibilities and potiential are almost endless
Reply to
raamman
---------------------------------------------------------------------------­---
---------------------------------------------------------------------------­---
Yup, the industry has had a decade to prepare. Many have, some have even jettisoned Micro$oft.
Reply to
Curly Surmudgeon
this is not a microsoft problem - you put a program on a machine and allow me access, I'll change it. There is no reason that any USB port on any production machine should be open. There is no reason that any production facility should have a pathway to the internet - there should always be an air gap. The simplest possible security practices completely eliminate this threat
Reply to
Bill Noble
not just usb ports; some shops are using wireless networking
Reply to
raamman
using wireless is asking for trouble. using wireless with weak or no encryption is guaranteeing trouble
Reply to
Bill Noble
Energy providers *require* internet connection.
I also challenge you to hack an OpenBSD system.
Even with a user account.
Reply to
Curly Surmudgeon
wireless is important for shops with many machines on numerous different parts; wired brings in a whole host of networking problems caused by rf; also robots are helping to move stuff around too - I know of one shop hereabouts that has gone this direction. even at home my desktop cnc is running off a laptop with wireless network which I use to transfer my programs; even just at home I have too many LAN cables requirements that necessitate wireless. wireless is easier for IT to deal with than copper.
Reply to
raamman
">> >> > --
of course wireless is easier, so is not having locks on the door - but both leave you open to intrusion - wireless can be secure, but many folks don't take the time to do so - as for RFI or EMI - wired includes fiber cable, and that is pretty immune to RFI. Certainly if you are running a wireless network, I'd configure the security so that only computers already known to you have access to the network.
Reply to
Bill Noble
Industrial control systems like those that manage water, sewer, electric infrastructure.
Reply to
Winston_Smith
Yup. Rule one of security "deny them access".
Reply to
Winston_Smith
Hell, my engineers don't want my assembly cells connected to the corporate network. Do you have any idea how disruptive it is when some pin head at corporate decides to push out a patch to a system running production? I had a cell a few years ago that died every patch tuesday at 11:50 PM. Updating a winbox while programming asics isn't a great idea. Nor is it a great idea when testing the performance of said asics in the next station using another winbox.
Here is another corporate brain storm. PC's used to access the corporate network must have a screen saver installed with a corporate mandated timeout value. Really sucks when the PC is connected to air gaging and the operator has to do the mouse shake to gage parts after he can see the screen again. LCD screens, how much are they saving? We got the microsoft windows crawly thing going on so even the backlight is powered up.
We can't get that one changed. They have software that enforces corporate registry settings.
Wes -- "Additionally as a security officer, I carry a gun to protect government officials but my life isn't worth protecting at home in their eyes." Dick Anthony Heller
Reply to
Wes
Might not a virus spread even easier & faster that way? Depends on handshaking protoclls suppose .. do you have a secret or encrypted one? IIRC the first IP address to reply that it IS that specific IP gets the traffic (& cable TV networks are easy to abuse if the forged IP is upstream of the real one).
Reply to
Cliff
that is why you don't do it by IP address - you use the MAC address - when I said "computer known to you" I specifically DID NOT mean an IP address
Reply to
Bill Noble
And when, exactly, were all the protocalls & standards changed? Defined?
Reply to
Cliff

PolyTech Forum website is not affiliated with any of the manufacturers or service providers discussed here. All logos and trade names are the property of their respective owners.