Mar
20
Filed Under:
MISCELLANEOUS
Insider Indicted For SCADA Tampering
20 March 2009
A man stands indicted of a single count of having "caused damage by impairing the integrity and availability of data", to the tune of "thousands of dollars".
We're reporting on this partly because it's such a rare event - most true "hack attacks" either go un-reported or un-prosecuted, if they are successful in causing some harm. What's more, it's also what ze Germans would call "echt typisch", a veritable poster-child of a case where an insider with access and a chip on his shoulder goes to town on company servers.
The case is also interesting from another perspective - there seems to be a massive security blunder to be found between the lines of the press release, here:
"Azar helped set up a computer system that PER used to communicate between its offices and its oil platforms. The computer system also served a “leak detection” function for PER".
In other words, it appears that SCADA and regular IP traffic were made, by design, to share the same lines and systems. This is a big no-no, as nuclear powerplant operators in the US have already found to their expense.
The case is also interesting from another perspective - there seems to be a massive security blunder to be found between the lines of the press release, here:
"Azar helped set up a computer system that PER used to communicate between its offices and its oil platforms. The computer system also served a “leak detection” function for PER".
In other words, it appears that SCADA and regular IP traffic were made, by design, to share the same lines and systems. This is a big no-no, as nuclear powerplant operators in the US have already found to their expense.
It will be interesting to watch this case and find out whether an uncontained oil spill was a possibility at any point.
Article rating:
- |
- Send on Yahoo!
- |
- RSS
Copyright 2010. Site powered by BitDefender