Breaking news: Cyber attack started Eyjafjallajökull volcano eruption
Anchises de Paula
‘We know that cyber intruders have probed SCADA systems, and that in other countries cyber attacks have started volcano eruptions. Several prominent intelligence sources confirmed that a cyber attack in Iceland in April 2010 affected several European countries and hundreds of thousands of people. The Icelandic Meteorological Office had several plants knocked offline, which indicates that the cyber incident is connected to the explosive activity from the Eyjafjallajökull volcano. It is not clear who did it or what the motive was.’
Calm down, the story above is not true, as far as I know. Actually, I just created it by copying and pasting text from a major US news program’s story on cyber war and system sabotage. There is a lot of FUD, paranoia and an obscure political agenda behind the recent news about hackers’ capabilities to attack SCADA Systems and disrupt critical infrastructures. Are hackers able to blackout a country, to destroy an oil platform, to disrupt Wall Street, or to lead a volcano to eruption?
We have seen plenty of rumors about cyber attacks against the nation’s critical infrastructures, including security vulnerabilities in the power grid control systems (the ones that run dams, power plants, transmission lines and more). Some security professionals are highly skeptical about the claims, raising questions about the veracity of the penetration of industrial systems by criminals, while several sources from the government and the industry keep mentioning this story, over and over.
In this presentation, Anchises will discuss the misinformation, disinformation and myths that support such cyber Armageddon theories and stories. He will elaborate on the technical feasibility of such threats, the political agenda and the press agencies’ trustworthiness. In addition, he will present a review of the press stories about SCADA attacks and discuss the real feasibility of them. Are these stories real, lies, or exaggeration? What is the likelihood of each of them? The truth is out there and we will find it.
The press are also hot for stories of SCADA or cyber attacks currently, that the press would almost accept anything as a cyber attack.
The Volcano eruption would be a perfect terrorist attack. Disruption, Cost, Fear.
How could you achieve this….
Simple, sensors that monitor volcanos are network connected. Attacking these to show false readings, cause pulses, etc..
STOP –> This is stupid… it’s FUD
Some people believe these things are possible however –> US Military behind Haiti quake, says Innsbruck scientist (see links)
60 Minutes also discussed the Brazilian Blackouts in 2005/7 were caused by hackers. It was later found that sooty insulators caused the blackouts… not hackers. Then again, sooty insulators don’t make news!
Many SCADA systems are old, just like the systems in Brazil. Naturally things go wrong, and when they fail, people start to think it’s hackers instead of looking at the obvious first.
News even surfaced that the BP disaster could be a Cyber Attack (see links)
Other information points to faulty sensors (deactivated and not replaced)
People believe anything the press say…
- Few reports with technology background
- The press want to sell newspapers/viewers
- Press Hype threats… more interesting than other stories
Cyber Armageddon stories
Fact: SCADA systems are vulnerable
- Software, hardware, architecture
- Old technologies: old bugs
- New technologies: TCP/IP Internet
Bad combination! Old bugs, easily accessible!
Airgaps are disappearing as SCADA needs to send data to other systems
Tools for testing SCADA
- ModScan –> SCADA MODBUS Network Scanner
1999: Russia – Malicious crackers took control of a gas pipeline
2001: Australia – A disgruntled ex-employee hacked into the water control system and caused millions of liters of raw sewage to spill out
2003: US – Slammer worm affected the corporate network at a nuclear plant and disabled a safety monitoring system
2007: US – Aurora Generator Test –> Test in a controlled environment
2007: US – Operators manually shut down a nuclear reactor after two water pumps’ controllers locked up following a spike in data traffic
2008: Ireland – SCADA system at Dublin Port Tunnel collapsed
2009: US – Human error shutting down cooling system
2009: US – an IT consultant tampered with a SCADA system from an oil and gas corporation
2010: US – Computer failure interrupts flow from a city plant
Press are over-hyping things
It’s not possible to prove/dis-prove. Therefore it could be blamed on anybody from hackers, to cyber attacks from foreign nations.
Before the press started talking about SCADA, nobody was looking at them. Since then, hackers are looking for them and researchers are testing them.
Self for-filling prophecy?
Response from a Journalist: Press are starved of real technical assistance. Most news stories come from press-releases and are hard to double-check. A lot of press do simple copy & paste from AP articles. Deadlines restrict what a journalist can really do to confirm things, especially with highly technical content.
Response from Anchises de Paula: Press is no longer a one-way process. Readers can feedback to the journalists. However, if people see enough of a story, it becomes true. Journalists cite other journalists as sources. Journalists often have a story, and even when talking to a technical source, they pick and choose the one line quotes to make their point, and not convey the whole story.
- Plumbercon/Ninjacon Synopsis –> http://plumbercon.org/schedule/51
- Anchises de Paula Twitter –> http://twitter.com/anchisesbr
- Haiti earthquake conspiracy –> LINK
- US Military behind Haiti quake, says Innsbruck scientist –> LINK
- Report: Cyber Attacks Caused Power Outages in Brazil –> LINK
- Brazilian Blackout Traced to Sooty Insulators, Not Hackers –> LINK
- Oil Spill, Acident or Cyber Attack –> LINK
- ModScan: A SCADA MODBUS Network Scanner –> LINK