26 Jul
2025
26 Jul
'25
11:10 p.m.
Thank you for the information. Sadly i wish we were on the "soft and squishy"
security model as you describe it. Ive raised concerns, and its not been made a priority.
Most of what we have is very dumb 1200 baud packet modems, all the stations get polled by
a central station and they just reply with sensor readings and levels. This is changing
with some of our newer models of plc tech, but of course if its not broke, why replace it?
That 15 year old plc is just fine dont change it.... Adoption of our latest more secure
hardware is extremely slow. Interesting to hear the security concerns you mentioned.
I had gone to defcon, they had a neat little model of a city there you could try to wreck.
The whole city was run by different plc vendors, intentionally set up insecure, so you
could break in, kill the power, overflow wells etc. Nice illistrative example of whats at
stake.
--Devin D..
On July 25, 2025 9:12:40 PM EDT, Doug Jackson via cctalk <cctalk(a)classiccmp.org>
wrote:
As part of my day job, I have been involved with
ethical hacking of some
SCADA environments.
Typically, they use encrypted radios for communicating with remote sites.
The RF side is pretty good. But, once you are at a remote site and you
open an outside control box beside some pumps, they almost never have the
alarm sensors configured and you can access the data side of the encrypted
radio. Once there, everything is like a university network (hard on the
outside, soft and squishy inside)!
And because it's SCADA, nobody flashes firmware or does other upgrades,
because they are scared of the system coming down. So the list of open
exploits is massive. Sometimes they even trust network traffic coming in
from the SCADA environment because they think it's secure, and it provides
a useful launchpad into the corporate network..... Then it gets fun.
Kindest regards,
Doug Jackson
em: doug(a)doughq.com
ph: 0414 986878
Follow my amateur radio adventures at vk1zdj.net
On Sat, 26 Jul 2025 at 11:00, Jon Elson via cctalk <cctalk(a)classiccmp.org>
wrote:
> On 7/25/25 15:28, Fred Cisin via cctalk wrote:
> >> Also, way back, there was a case where a SCADA
> >> manufacturer thought some of their gear was being bought
> >> for the trans-Siberia pipeline, and couldn't be sold for
> >> that under trade restrictions. Somebody at that company
> >> got in touch with a contact at the CIA, and asked if they
> >> wanted to insert a "feature" into those units. They put
> >> in a time bomb that was essentially the same as the Y2K
> >> shutdown, and blew up the entire pipeline when all the
> >> valves slammed shut at the same time. This info was
> >> reported by the famous Jack Anderson in the Washington Post.
> >
> > That's not just a nasty prank, that is an act of war.
>
> Well, this was during the "cold" war. This prank moved the
> meter toward the hot side a bit. But, the Russians couldn't
> really complain, they KNEW they were taking a risk to try to
> circumvent trade restrictions.
>
> Get hold of the book Spycraft" by Robert Wallace and H.
> Keith Melton, there are a bunch of similar stories described
> there.
>
> Jon
>