24 January 2012

Living in a Fool's Paradise: Spritely Foundations of the Modern World

A security researcher was able to locate and map more than 10,000 industrial control systems hooked up to the public internet, including water and sewage plants, and found that many could be open to easy hack attacks, due to lax security practices.

...Leverett used the SHODAN search engine developed by John Matherly, which allows users to find internet-connected devices using simple search terms. He then matched that data to information from vulnerability databases to find known security holes and exploits that could be used to hijack the systems or crash them. He used Timemap to chart the information on Google maps, along with red markers noting brand devices that are known to have security holes in them. He described his methodology in a paper (.pdf) about the project.

Leverett found 10,358 devices connected through a search of two years worth of data in the SHODAN database _Wired
Of course, in China and Russia, teams of hackers are paid well to find ways of exploiting security weaknesses in government and industrial infrastructure. The US NSA is on that like buzzing insects on excreta.

Your life depends upon the smooth working of industrial, commercial, governmental, and municipal infrastructure. If something mucks that up, you will suffer the consequences.
Leverett’s tool shows how easy it is for a dedicated attacker or just a recreational hacker to find vulnerable targets online to sabotage.

...“Vendors say they don’t need to do security testing because the systems are never connected to the internet; it’s a very dangerous claim,” Leverett said last week at the S4 conference, which focuses on the security of Supervisory Control and Data Acquisition systems (SCADA) that are used for everything from controlling critical functions at power plants and water treatment facilities to operating the assembly lines at food processing and automobile assembly plants.

“Vendors expect systems to be on segregated networks — they comfort themselves with this. They say in their documentation to not put it on an open network. On the other side, asset owners swear that they are not connected,” Leverett said. But how do they know? _Wired
Here is more about the network threat to vital utilities.

This is just the tip of the iceberg. It is likely that you do not really want to know about the many vulnerabilities that underlie your existence. Perhaps it is best to trust the media, trust your professors, trust the things people tell you. What possible good could come from trying to look too deeply into such things as the nuts and bolts which make modern high tech civilisations possible?

And they tell us that the world can run on big wind castles in the sky and high-rise buildings covered with solar glass and solar paint. All we need in order for it all to work -- to turn the innate unreliability and intermittency of wind and solar into a rock solid foundation for civilisation -- is "the smart grid" and its ultraconnectivity. What could go wrong?

Shodan search engine

Labels: , ,

Bookmark and Share


Post a Comment

“During times of universal deceit, telling the truth becomes a revolutionary act” _George Orwell

Links to this post:

Create a Link

<< Home

Newer Posts Older Posts