What kind of military cyber team can't tell a fake ICS plant from a real one?

Evidently, the PLA is either the most incompetent Army in the world or is tasked with exploiting anything and everything that they can, including obvious honey pots. A paper and BlackHat talk by Kyle Wilhoit of Trend Micro got a lot of press including this article at MIT Technology Review "Chinese Hacking Team Caught Taking Over Decoy Water Plant".

My first reaction when I saw this headline was why would anyone bother? Every ICS expert that I know discounts the potential harm that a hacker might be able to do against a water system. My second reaction was - How the f__k would a hacker who knows SCADA systems not know that he was attacking a fake water plant?

I asked my friend Dale Peterson, a world-renowned authority in this area, the same question and he was as perplexed as me. A friend of his who attended BlackHat agreed. "Have you ever seen a plant with one pump?", he asked?

So what does this mean? In my opinion, it raises questions about who Comment Crew aka APT1 aka PLA Unit 61398 really is because they clearly don't know shit about Industrial Control Systems.


  1. Absolutely correct! I am sick of those companies out there quickly dissecting the problem, something that governments and intelligence folk have been working on for years. It's truly amazing how these "professionals" are able to quickly identify and attribute activity without so much as a blink of an eye. I wonder how much mis-identification is going on, which makes me sorry for the security world. If you're listening to this nonsense, who knows what you may be missing?


Post a Comment