An Open Source Offensive Methodology To Attack Critical Infrastructure
The goal of this article is to demonstrate how attackers with moderate skill levels can cause disruption to outright destruction of critical infrastructure installations around the world at low cost and in relatively short order. Contrary to popular wisdom, an attack against a nuclear power plant or hydro-electric plant doesn't require long periods of time nor the resources of a nation state. All that's required is some open source research based upon the findings of S4's Project Basecamp, familiarity with how to use Rapid7's Metasploit Penetration Testing Software, and one or more individuals with engineering training in Industrial Control Systems.
Project Basecamp identified four Programmable Logic Controllers (PLC) with major security flaws made by GE, Koyo, Rockwell, and Schneider:
Project Basecamp identified four Programmable Logic Controllers (PLC) with major security flaws made by GE, Koyo, Rockwell, and Schneider:
- GE D20
- Koyo DirectLOGIC ECOM
- Rockwell Automation ControlLogix
- Schneider Modicon Quantum
Schneider Electric's customers include the Three Gorges Dam in China (the world's largest hydro-electric power plant) and multiple utilities in France, India, the U.S., Spain, Australia, Brazil, Italy and many other countries - any of whom may be susceptible to attack via the Metasploit module for Schneider Electric.
This is literally a disaster waiting to happen. The above vendors along with Siemens (who wasn't included in Project Basecamp because its S7 vulnerabilities were already well-known) have done nothing to remediate the disclosed vulnerabilities. The boards of directors of companies who use these products aren't forcing their CEOs to change them out for more secure devices. The U.S. Congress won't pass legislation requiring U.S. companies to stop using those devices because of political pressure from business interests who don't want to a) be "forced" to do anything and b) hurt their profits by spending the money needed to fix their networks. It's because of that cluster-f__k that penetration testing research like the Metasploit Framework exists and ironically it may be that same research which is used to bring harm to thousands of innocent victims who rely on their utility companies to provide critical services.
Comments
Post a Comment