Академический Документы
Профессиональный Документы
Культура Документы
How?
Sauk Water Storage Dam Failure
• When?
- In December 2005
• Where?
- Approx. 100 miles south of Saint Louis, Missouri (USA)
• What happened?
- A catastrophic failure, releasing accidentally a billion
gallons of water.
• Why?
- The gauges at the dam read differently than the gauges
at the dam’s remote monitoring station.
Water Treatment System Hack
• When?
- In October 2006
• Where?
- In Harrisburg, Pennsylvania (USA)
• What happened?
- A foreign hacker penetrated security of a water
filtering plant through the Internet.
• How?
- The intruder planted malicious software that was
able to affect the plant’s water treatment operations.
Water Canal System Attack
• When?
- On 15 August 2007
• Where?
- In Willows, California (USA)
• What happened?
- Michael Keehn installed unauthorized software to a
protected computer, causing water to be diverted from the
Sacramento River and was sentenced to 10 years in prison.
• Why?
-On that day he was dismissed after 17 years of employment.
Water Supply Pump Failure
• When and where?
- In November 2011 in Springfield, Illinois (USA).
• What was reported?
- The first foreign cyber attack on a public utility in the USA.
• Why?
- A user connected to the network from a Russian IP address.
• What happened really?
- The pump had failed due to physical and mechanical issues.
The user proved to be a contractor who legitimately accessed
the network remotely while in Russia on personal business.
Water Supply Plant Hack
• When and where?
- In November 2011 in South Houston, Texas (USA).
• What happened?
- A hacker identified as ‘pr0f’ hacked the system.
He took some screenshots and posted one online.
• How?
- In less than 10 minutes he had connected using
the default 3-digit password in the device’s manual.
• Why?
- He wanted to show that such an attack was not
only easy, but also potentially catastrophic.
Pr0f’ s post in Pastebin
• “I don’t really like mindless vandalism. It’s
stupid and silly. On the other hand, so is
connecting interfaces to your SCADA
machinery to the internet. I wouldn’t even call
this a hack, either, just to say. This requires
almost no skill and could be reproduced by a
two year old with a basic knowledge of
Simatic. As for how I did it, it’s usually a
combination of poor configuration of
services, bad password choice, and no
restrictions on who can access the interfaces.”
Pr0f’s online posted screenshot