Breaking news: Cyber attack started Eyjafjallajökull volcano eruption

Anchises de Paula

Synopsis

‘We know that cyber intruders have probed SCADA systems, and that in other countries cyber attacks have started volcano eruptions. Several prominent intelligence sources confirmed that a cyber attack in Iceland in April 2010 affected several European countries and hundreds of thousands of people. The Icelandic Meteorological Office had several plants knocked offline, which indicates that the cyber incident is connected to the explosive activity from the Eyjafjallajökull volcano. It is not clear who did it or what the motive was.’

Calm down, the story above is not true, as far as I know. Actually, I just created it by copying and pasting text from a major US news program’s story on cyber war and system sabotage. There is a lot of FUD, paranoia and an obscure political agenda behind the recent news about hackers’ capabilities to attack SCADA Systems and disrupt critical infrastructures. Are hackers able to blackout a country, to destroy an oil platform, to disrupt Wall Street, or to lead a volcano to eruption?

We have seen plenty of rumors about cyber attacks against the nation’s critical infrastructures, including security vulnerabilities in the power grid control systems (the ones that run dams, power plants, transmission lines and more). Some security professionals are highly skeptical about the claims, raising questions about the veracity of the penetration of industrial systems by criminals, while several sources from the government and the industry keep mentioning this story, over and over.

In this presentation, Anchises will discuss the misinformation, disinformation and myths that support such cyber Armageddon theories and stories. He will elaborate on the technical feasibility of such threats, the political agenda and the press agencies’ trustworthiness. In addition, he will present a review of the press stories about SCADA attacks and discuss the real feasibility of them. Are these stories real, lies, or exaggeration? What is the likelihood of each of them? The truth is out there and we will find it.

<FUD>Volcano Hacking</FUD>

The press are also hot for stories of SCADA or cyber attacks currently, that the press would almost accept anything as a cyber attack.

The Volcano eruption would be a perfect terrorist attack. Disruption, Cost, Fear.

How could you achieve this….

Simple, sensors that monitor volcanos are network connected. Attacking these to show false readings, cause pulses, etc..

STOP –> This is stupid… it’s FUD

Some people believe these things are possible  however –> US Military behind Haiti quake, says Innsbruck scientist (see links)

60 Minutes also discussed the Brazilian Blackouts in 2005/7 were caused by hackers. It was later found that sooty insulators caused the blackouts… not hackers. Then again, sooty insulators don’t make news!

Many SCADA systems are old, just like the systems in Brazil. Naturally things go wrong, and when they fail, people start to think it’s hackers instead of looking at the obvious first.

News even surfaced that the BP disaster could be a Cyber Attack (see links)

Other information points to faulty sensors (deactivated and not replaced)

People believe anything the press say…

• Few reports with technology background
• The press want to sell newspapers/viewers
• Press Hype threats… more interesting than other stories

Cyber Armageddon stories

Fact: SCADA systems are vulnerable

• Software, hardware, architecture
  • Old technologies: old bugs
  • New technologies: TCP/IP Internet

Bad combination! Old bugs, easily accessible!

Airgaps are disappearing as SCADA needs to send data to other systems

Tools for testing SCADA

• ModScan –> SCADA MODBUS Network Scanner
• SHODAN

SCADA incidents

1999: Russia – Malicious crackers took control of a gas pipeline

2001: Australia – A disgruntled ex-employee hacked into the water control system and caused millions of liters of raw sewage to spill out

2003: US – Slammer worm affected the corporate network at a nuclear plant and disabled a safety monitoring system

2007: US – Aurora Generator Test –> Test in a controlled environment

2007: US – Operators manually shut down a nuclear reactor after two water pumps’ controllers locked up following a spike in data traffic

2008: Ireland – SCADA system at Dublin Port Tunnel collapsed

2009: US – Human error shutting down cooling system

2009: US – an IT consultant tampered with a SCADA system  from an oil and gas corporation

2010: US – Computer failure interrupts flow from a city plant

Perfect FUD

Press are over-hyping things

It’s not possible to prove/dis-prove. Therefore it could be blamed on anybody from hackers, to cyber attacks from foreign nations.

Before the press started talking about SCADA, nobody was looking at them. Since then, hackers are looking for them and researchers are testing them.

Self for-filling prophecy?

Q&A:

Response from a Journalist: Press are starved of real technical assistance. Most news stories come from press-releases and are hard to double-check. A lot of press do simple copy & paste from AP articles. Deadlines restrict what a journalist can really do to confirm things, especially with highly technical content.

Response from Anchises de Paula: Press is no longer a one-way process. Readers can feedback to the journalists. However, if people see enough of a story, it becomes true. Journalists cite other journalists as sources. Journalists often have a story, and even when talking to a technical source, they pick and choose the one line quotes to make their point, and not convey the whole story.

Links :

• Plumbercon/Ninjacon Synopsis –> http://plumbercon.org/schedule/51
• Anchises de Paula Twitter –> http://twitter.com/anchisesbr
• Haiti earthquake conspiracy –> LINK
• US Military behind Haiti quake, says Innsbruck scientist –> LINK
• Report: Cyber Attacks Caused Power Outages in Brazil –> LINK
• Brazilian Blackout Traced to Sooty Insulators, Not Hackers –> LINK
• Oil Spill, Acident or Cyber Attack –> LINK
• ModScan: A SCADA MODBUS Network Scanner –> LINK