25 Jul
2025
25 Jul
'25
12:09 a.m.
Greetings,
Been a long while since i have posted in on here. I usually discuss my pdp 11 and vax
systems. I have decided to pivot my career to scada syatems. The company i am with has
some interesting stuff that goes pretty far back. Our custom in house tech is a plc pump
controller with a radio connection for data logging and control. Pretty cool, 8051 based,
with a version of basic in rom that has scada functions added. The backend servers are
just linux systems, although in a modular backplane for easy replacement.
I have not read much about this tech outside of what we have in house. Are there other
historic scada system computers or technologies that are similar, easily found on ebay for
example?
Ive seen some mention of old allen bradley stuff, but not much notes on how it would be
used remotely in the field, as a remote terminal unit.
Any suggestions are appriciated, trying to read more into scada tech outside of my
company's tech.
Thanks,
Devin D.
25 Jul
25 Jul
11:05 a.m.
On 7/24/25 23:09, Devin via cctalk wrote:
Greetings,
Been a long while since i have posted in on here. I usually discuss my pdp 11 and vax
systems. I have decided to pivot my career to scada syatems. The company i am with has
some interesting stuff that goes pretty far back. Our custom in house tech is a plc pump
controller with a radio connection for data logging and control. Pretty cool, 8051 based,
with a version of basic in rom that has scada functions added. The backend servers are
just linux systems, although in a modular backplane for easy replacement.
I have not read much about this tech outside of what we have in house. Are there other
historic scada system computers or technologies that are similar, easily found on ebay for
example?
Ive seen some mention of old allen bradley stuff, but not much notes on how it would be
used remotely in the field, as a remote
terminal unit.
Allen-Bradley made a bunch of SCADA gear that was used in
power substations.
I think theirs MIGHT have been the one that was responsible
for the Y2K scare, but it might have been somebody else's unit.
Also, way back, there was a case where a SCADA manufacturer
thought some of their gear was being bought for the
trans-Siberia pipeline, and couldn't be sold for that under
trade restrictions. Somebody at that company got in touch
with a contact at the CIA, and asked if they wanted to
insert a "feature" into those units. They put in a time bomb
that was essentially the same as the Y2K shutdown, and blew
up the entire pipeline when all the valves slammed shut at
the same time. This info was reported by the famous Jack
Anderson in the Washington Post.
Jon
1:13 p.m.
Oh is this public now? I remember this, it was hilarious. Imagine what
happens when all your valves go to "open" or "closed" at once.
I wonder if this led to the downfall of the Soviet Union. Just think
about how you would feel if you suddenly realized that all the
infrastructure based on chips and designs that you stole was now 100%
suspect and could blow up at any time.
VAX, PDP11, etc.... And remember when the Pentium "bug" came out? Wasn't
that just weird....
Ah fun stuff no doubt.
Also, way back, there was a case where a SCADA
manufacturer thought some
of their gear was being bought for the trans-Siberia pipeline, and
couldn't be sold for that under trade restrictions. Somebody at that
company got in touch with a contact at the CIA, and asked if they wanted
to insert a "feature" into those units. They put in a time bomb that was
essentially the same as the Y2K shutdown, and blew up the entire
pipeline when all the valves slammed shut at the same time. This info
was reported by the famous Jack Anderson in the Washington Post.
Jon
1:25 p.m.
On Jul 25, 2025, at 1:13 PM, cz via cctalk
<cctalk(a)classiccmp.org> wrote:
Oh is this public now? I remember this, it was hilarious. Imagine what happens when all
your valves go to "open" or "closed" at once....
It reminds me a bit of the opening scene of Red Storm Rising -- Tom Clancy's second
novel though actually a not well credited collaboration with Larry Bond, and in some ways
more reminiscent of Bond's work than Clancy's. Great stuff, in any case.
paul
Also, way
back, there was a case where a SCADA manufacturer thought some of their gear was being
bought for the trans-Siberia pipeline, and couldn't be sold for that under trade
restrictions. Somebody at that company got in touch with a contact at the CIA, and asked
if they wanted to insert a "feature" into those units. They put in a time bomb
that was essentially the same as the Y2K shutdown, and blew up the entire pipeline when
all the valves slammed shut at the same time. This info was reported by the famous Jack
Anderson in the Washington Post.
Jon
1:45 p.m.
pdp 14
westhead associates (unknown canadian company) cpm based system i have the
manuals and software for their pdm800 system
GE fanuc
USDATA hmi
siemens who is notorious for buying up the companies u seek to learn about
gould have manuals for some of that
modicon
i think motorola got into it for a bit as well
On Fri, Jul 25, 2025 at 12:35 PM Paul Koning via cctalk <
cctalk(a)classiccmp.org> wrote:
On Jul 25, 2025, at 1:13 PM, cz via cctalk
<cctalk(a)classiccmp.org>
wrote:
Oh is this public now? I remember this, it was hilarious. Imagine what
happens when all your valves go to "open" or "closed" at
once....
It reminds me a bit of the opening scene of Red Storm Rising -- Tom
Clancy's second novel though actually a not well credited collaboration
with Larry Bond, and in some ways more reminiscent of Bond's work than
Clancy's. Great stuff, in any case.
paul
> Also, way back, there was a case where a
SCADA manufacturer thought
some of their gear was being bought for the trans-Siberia pipeline, and
couldn't be sold for that under trade restrictions. Somebody at that
company got in touch with a contact at the CIA, and asked if they wanted to
insert a "feature" into those units. They put in a time bomb that was
essentially the same as the Y2K shutdown, and blew up the entire pipeline
when all the valves slammed shut at the same time. This info was reported
by the famous Jack Anderson in the Washington Post.
Jon
1:49 p.m.
allen bradly as well yes they had a full system from plc to terminal
software and all. they had courses u took on how to use their stuff was
very contaquerious from what i understand
i also know of pdp11/23's being setup in the 70's to run the controls at
fox and rutan mines mills witch were bleeding edge won awards for its time
On Fri, Jul 25, 2025 at 12:45 PM Adrian Stoness <tdk.knight(a)gmail.com>
wrote:
pdp 14
westhead associates (unknown canadian company) cpm based system i have the
manuals and software for their pdm800 system
GE fanuc
USDATA hmi
siemens who is notorious for buying up the companies u seek to learn about
gould have manuals for some of that
modicon
i think motorola got into it for a bit as well
On Fri, Jul 25, 2025 at 12:35 PM Paul Koning via cctalk <
cctalk(a)classiccmp.org> wrote:
>
>
> > On Jul 25, 2025, at 1:13 PM, cz via cctalk <cctalk(a)classiccmp.org>
> wrote:
> >
> > Oh is this public now? I remember this, it was hilarious. Imagine what
> happens when all your valves go to "open" or "closed" at
once....
>
> It reminds me a bit of the opening scene of Red Storm Rising -- Tom
> Clancy's second novel though actually a not well credited collaboration
> with Larry Bond, and in some ways more reminiscent of Bond's work than
> Clancy's. Great stuff, in any case.
>
> paul
>
> >> Also, way back, there was a case where a SCADA manufacturer thought
> some of their gear was being bought for the trans-Siberia pipeline, and
> couldn't be sold for that under trade restrictions. Somebody at that
> company got in touch with a contact at the CIA, and asked if they wanted to
> insert a "feature" into those units. They put in a time bomb that was
> essentially the same as the Y2K shutdown, and blew up the entire pipeline
> when all the valves slammed shut at the same time. This info was reported
> by the famous Jack Anderson in the Washington Post.
> >> Jon
> >
>
>
2:27 p.m.
Yep, one of my first joblets was programming Allen Bradley PLC's at Beth
Steel Sparrow's point using ladder logic. I remember asking a guy what
happened if I made a mistake, seeing all the massive steel ladles and such.
His response "People die".
What a fun time....
On 7/25/2025 1:49 PM, Adrian Stoness via cctalk wrote:
allen bradly as well yes they had a full system from
plc to terminal
software and all. they had courses u took on how to use their stuff was
very contaquerious from what i understand
i also know of pdp11/23's being setup in the 70's to run the controls at
fox and rutan mines mills witch were bleeding edge won awards for its time
On Fri, Jul 25, 2025 at 12:45 PM Adrian Stoness <tdk.knight(a)gmail.com>
wrote:
> pdp 14
> westhead associates (unknown canadian company) cpm based system i have the
> manuals and software for their pdm800 system
> GE fanuc
> USDATA hmi
> siemens who is notorious for buying up the companies u seek to learn about
> gould have manuals for some of that
> modicon
> i think motorola got into it for a bit as well
>
>
> On Fri, Jul 25, 2025 at 12:35 PM Paul Koning via cctalk <
> cctalk(a)classiccmp.org> wrote:
>
>>
>>
>>> On Jul 25, 2025, at 1:13 PM, cz via cctalk <cctalk(a)classiccmp.org>
>> wrote:
>>>
>>> Oh is this public now? I remember this, it was hilarious. Imagine what
>> happens when all your valves go to "open" or "closed" at
once....
>>
>> It reminds me a bit of the opening scene of Red Storm Rising -- Tom
>> Clancy's second novel though actually a not well credited collaboration
>> with Larry Bond, and in some ways more reminiscent of Bond's work than
>> Clancy's. Great stuff, in any case.
>>
>> paul
>>
>>>> Also, way back, there was a case where a SCADA manufacturer thought
>> some of their gear was being bought for the trans-Siberia pipeline, and
>> couldn't be sold for that under trade restrictions. Somebody at that
>> company got in touch with a contact at the CIA, and asked if they wanted to
>> insert a "feature" into those units. They put in a time bomb that was
>> essentially the same as the Y2K shutdown, and blew up the entire pipeline
>> when all the valves slammed shut at the same time. This info was reported
>> by the famous Jack Anderson in the Washington Post.
>>>> Jon
>>>
>>
>>
2:47 p.m.
cz via cctalk wrote:
Oh is this public now? I remember this, it was
hilarious. Imagine what
happens when all your valves go to "open" or "closed" at once.
I wonder if this led to the downfall of the Soviet Union. Just think about
how you would feel if you suddenly realized that all the infrastructure
based on chips and designs that you stole was now 100% suspect and could
blow up at any time.
VAX, PDP11, etc.... And remember when the Pentium "bug" came out? Wasn't
that just weird....
Ah fun stuff no doubt.
For most ppl here it seems impossible to realize that nothing of this
stuff could bei "copied" w/o to understand what's going on on the chip
and modify the layous etc. to fit the local foundry technology.
For Example.. there is the J11 ..this is a two chip IC, the Russians
have made an K1801VM1, VM2 and VM3 ..all single chip designs.
They made the N1806VM2 ..an CMOS chip, the K1801VM2 is the NMOS
Eqiuvalent.
The first "cloned" VAX was an chip that was an 11/730 in original..a
bunch of pcbs. They cloned a chip, that never existed. They build their
own hardware regarding the processor manual.
Yes, there are clones of the J11, DECs fastest PDP11..but this chip made
by Harris wasn't truly a success..it never reached the clock rates they
have planned. but russians build thier own chips also, this for example:
https://www.rouming.cz/roumingShow.php?file=elektronika-mk-90.jpg
I've worked some time on a east german VAX11/780: Robotron RVS K1840,
An real clone, besides of the fact that it had an K1620 MOS Bit Slice
PDP11 made in the GDR in it as console computer and there where 2 5,25"
Floppies instead of an 8"...
And the MVAXII was cloned in the GDR and in the Soviet Union
independently. After the fall of the iron curtain DEC employed all the
People working in Dresden at Robotron that build the VAX clones.
So Please: Don't think Russians are evil, nor they are stupid. Think
more about US Delta rockets using RD180 Engines from Rossia since
the USA couldn't build such efficient Engines itself..
https://www.youtube.com/watch?v=TMbl_ofF3AM
And next..there is not only an CIA and an NSA ..there are other
"intelligence" services on the world and they doing ther job..
russian PDP11:
https://www.tiffe.de/images/oleg/
.. the PCBs and it's connectors are all metric..
Russians built home computers with ther PDP11 CPUs (K1801VM1)
https://www.tiffe.de/Robotron/PDP-VAX/BK/
Schematics of the K1801VM2 CPU (big!)
https://www.tiffe.de/Robotron/PDP-VAX/russisch/K1801VM2/
Nice Jet on this:
https://www.tiffe.de/Robotron/PDP-VAX/russisch/K1801VM2/p010.jpg
That's the K1801VM3 chip, with integrated MMU:
https://www.tiffe.de/images/K1801BM3.jpg
VM3's on the left, H1806VM2 on the right, K1801VM2 at bottom:
https://www.tiffe.de/images/K1801-1.jpg
...which one is a "clone"??
Some sort of an LSI11: (M2 CPU)
https://www.tiffe.de/Robotron/PDP-VAX/E60/CPU-oben.jpg
Magnet Tape Controller from that thing above:
https://www.tiffe.de/Robotron/PDP-VAX/E60/I17.jpg
Yes, that are russian AM2901s..
Thats an Elektronika DBK, with the M2 CPU from above:
https://www.tiffe.de/Robotron/PDP-VAX/E60/DSCF0065.JPG
That's DEC..simply nice to look at:
https://www.tiffe.de/Robotron/PDP-VAX/Kernspeicher/
Regards,
Holm
..and no, I'n not a russian, but I have russian and ukrainian Friends.
--
Technik Service u. Handel Tiffe, www.tsht.de, Holm Tiffe,
Goethestrasse 15, 09569 Oederan, USt-Id: DE253710583
info(a)tsht.de Tel +49 37292 709778 Mobil: 0172 8790 741
4:28 p.m.
Also, way back, there was a case where a SCADA
manufacturer thought some of
their gear was being bought for the trans-Siberia pipeline, and couldn't be
sold for that under trade restrictions. Somebody at that company got in
touch with a contact at the CIA, and asked if they wanted to insert a
"feature" into those units. They put in a time bomb that was essentially
the same as the Y2K shutdown, and blew up the entire pipeline when all the
valves slammed shut at the same time. This info was reported by the
famous Jack Anderson in the Washington Post.
That's not just a nasty prank, that is an act of war.
4:39 p.m.
On 07/25/2025 4:28 PM EDT Fred Cisin via cctalk
<cctalk(a)classiccmp.org> wrote:
That's not just a nasty prank, that is an act of war.
More details here:
https://www.controleng.com/throwback-attack-the-u-s-hits-russia-with-the-fi…
Will
8:54 p.m.
On 7/25/25 15:28, Fred Cisin via cctalk wrote:
Well, this was during the "cold" war. This prank moved the
meter toward the hot side a bit. But, the Russians couldn't
really complain, they KNEW they were taking a risk to try to
circumvent trade restrictions.
Get hold of the book Spycraft" by Robert Wallace and H.
Keith Melton, there are a bunch of similar stories described
there.
Jon
Also, way
back, there was a case where a SCADA
manufacturer thought some of their gear was being bought
for the trans-Siberia pipeline, and couldn't be sold for
that under trade restrictions. Somebody at that company
got in touch with a contact at the CIA, and asked if they
wanted to insert a "feature" into those units. They put
in a time bomb that was essentially the same as the Y2K
shutdown, and blew up the entire pipeline when all the
valves slammed shut at the same time. This info was
reported by the famous Jack Anderson in the Washington Post.
That's not just a nasty prank, that is an act of war.
9:12 p.m.
As part of my day job, I have been involved with ethical hacking of some
SCADA environments.
Typically, they use encrypted radios for communicating with remote sites.
The RF side is pretty good. But, once you are at a remote site and you
open an outside control box beside some pumps, they almost never have the
alarm sensors configured and you can access the data side of the encrypted
radio. Once there, everything is like a university network (hard on the
outside, soft and squishy inside)!
And because it's SCADA, nobody flashes firmware or does other upgrades,
because they are scared of the system coming down. So the list of open
exploits is massive. Sometimes they even trust network traffic coming in
from the SCADA environment because they think it's secure, and it provides
a useful launchpad into the corporate network..... Then it gets fun.
Kindest regards,
Doug Jackson
em: doug(a)doughq.com
ph: 0414 986878
Follow my amateur radio adventures at vk1zdj.net
On Sat, 26 Jul 2025 at 11:00, Jon Elson via cctalk <cctalk(a)classiccmp.org>
wrote:
On 7/25/25 15:28, Fred Cisin via cctalk wrote:
Well, this was during the "cold" war. This prank moved the
meter toward the hot side a bit. But, the Russians couldn't
really complain, they KNEW they were taking a risk to try to
circumvent trade restrictions.
Get hold of the book Spycraft" by Robert Wallace and H.
Keith Melton, there are a bunch of similar stories described
there.
Jon
Also, way
back, there was a case where a SCADA
manufacturer thought some of their gear was being bought
for the trans-Siberia pipeline, and couldn't be sold for
that under trade restrictions. Somebody at that company
got in touch with a contact at the CIA, and asked if they
wanted to insert a "feature" into those units. They put
in a time bomb that was essentially the same as the Y2K
shutdown, and blew up the entire pipeline when all the
valves slammed shut at the same time. This info was
reported by the famous Jack Anderson in the Washington Post.
That's not just a nasty prank, that is an act of war.
26 Jul
26 Jul
11:10 p.m.
Thank you for the information. Sadly i wish we were on the "soft and squishy"
security model as you describe it. Ive raised concerns, and its not been made a priority.
Most of what we have is very dumb 1200 baud packet modems, all the stations get polled by
a central station and they just reply with sensor readings and levels. This is changing
with some of our newer models of plc tech, but of course if its not broke, why replace it?
That 15 year old plc is just fine dont change it.... Adoption of our latest more secure
hardware is extremely slow. Interesting to hear the security concerns you mentioned.
I had gone to defcon, they had a neat little model of a city there you could try to wreck.
The whole city was run by different plc vendors, intentionally set up insecure, so you
could break in, kill the power, overflow wells etc. Nice illistrative example of whats at
stake.
--Devin D..
On July 25, 2025 9:12:40 PM EDT, Doug Jackson via cctalk <cctalk(a)classiccmp.org>
wrote:
As part of my day job, I have been involved with
ethical hacking of some
SCADA environments.
Typically, they use encrypted radios for communicating with remote sites.
The RF side is pretty good. But, once you are at a remote site and you
open an outside control box beside some pumps, they almost never have the
alarm sensors configured and you can access the data side of the encrypted
radio. Once there, everything is like a university network (hard on the
outside, soft and squishy inside)!
And because it's SCADA, nobody flashes firmware or does other upgrades,
because they are scared of the system coming down. So the list of open
exploits is massive. Sometimes they even trust network traffic coming in
from the SCADA environment because they think it's secure, and it provides
a useful launchpad into the corporate network..... Then it gets fun.
Kindest regards,
Doug Jackson
em: doug(a)doughq.com
ph: 0414 986878
Follow my amateur radio adventures at vk1zdj.net
On Sat, 26 Jul 2025 at 11:00, Jon Elson via cctalk <cctalk(a)classiccmp.org>
wrote:
> On 7/25/25 15:28, Fred Cisin via cctalk wrote:
> >> Also, way back, there was a case where a SCADA
> >> manufacturer thought some of their gear was being bought
> >> for the trans-Siberia pipeline, and couldn't be sold for
> >> that under trade restrictions. Somebody at that company
> >> got in touch with a contact at the CIA, and asked if they
> >> wanted to insert a "feature" into those units. They put
> >> in a time bomb that was essentially the same as the Y2K
> >> shutdown, and blew up the entire pipeline when all the
> >> valves slammed shut at the same time. This info was
> >> reported by the famous Jack Anderson in the Washington Post.
> >
> > That's not just a nasty prank, that is an act of war.
>
> Well, this was during the "cold" war. This prank moved the
> meter toward the hot side a bit. But, the Russians couldn't
> really complain, they KNEW they were taking a risk to try to
> circumvent trade restrictions.
>
> Get hold of the book Spycraft" by Robert Wallace and H.
> Keith Melton, there are a bunch of similar stories described
> there.
>
> Jon
>
11:29 p.m.
Yea,
It is fascinating the damage that can be caused by a pump ignoring the
upper limit switch on a water reservoir, and the subsequent damage to the
foundations....
I hope you're able to get your managers to listen....
Kindest regards,
Doug Jackson
em: doug(a)doughq.com
ph: 0414 986878
Follow my amateur radio adventures at vk1zdj.net
On Sun, 27 Jul 2025 at 13:10, Devin <lyokoboy0(a)gmail.com> wrote:
Thank you for the information. Sadly i wish we were on
the "soft and
squishy" security model as you describe it. Ive raised concerns, and its
not been made a priority. Most of what we have is very dumb 1200 baud
packet modems, all the stations get polled by a central station and they
just reply with sensor readings and levels. This is changing with some of
our newer models of plc tech, but of course if its not broke, why replace
it? That 15 year old plc is just fine dont change it.... Adoption of our
latest more secure hardware is extremely slow. Interesting to hear the
security concerns you mentioned.
I had gone to defcon, they had a neat little model of a city there you
could try to wreck. The whole city was run by different plc vendors,
intentionally set up insecure, so you could break in, kill the power,
overflow wells etc. Nice illistrative example of whats at stake.
--Devin D..
On July 25, 2025 9:12:40 PM EDT, Doug Jackson via cctalk <
cctalk(a)classiccmp.org> wrote:
> As part of my day job, I have been involved with ethical hacking of some
> SCADA environments.
>
> Typically, they use encrypted radios for communicating with remote sites.
> The RF side is pretty good. But, once you are at a remote site and you
> open an outside control box beside some pumps, they almost never have the
> alarm sensors configured and you can access the data side of the encrypted
> radio. Once there, everything is like a university network (hard on the
> outside, soft and squishy inside)!
>
> And because it's SCADA, nobody flashes firmware or does other upgrades,
> because they are scared of the system coming down. So the list of open
> exploits is massive. Sometimes they even trust network traffic coming in
> from the SCADA environment because they think it's secure, and it provides
> a useful launchpad into the corporate network..... Then it gets fun.
>
> Kindest regards,
>
> Doug Jackson
>
> em: doug(a)doughq.com
> ph: 0414 986878
>
> Follow my amateur radio adventures at vk1zdj.net
>
>
>
> On Sat, 26 Jul 2025 at 11:00, Jon Elson via cctalk <cctalk(a)classiccmp.org>
> wrote:
>
> On 7/25/25 15:28, Fred Cisin via cctalk wrote:
>>
>>> Also, way back, there was a case where a SCADA
>>>> manufacturer thought some of their gear was being bought
>>>> for the trans-Siberia pipeline, and couldn't be sold for
>>>> that under trade restrictions. Somebody at that company
>>>> got in touch with a contact at the CIA, and asked if they
>>>> wanted to insert a "feature" into those units. They put
>>>> in a time bomb that was essentially the same as the Y2K
>>>> shutdown, and blew up the entire pipeline when all the
>>>> valves slammed shut at the same time. This info was
>>>> reported by the famous Jack Anderson in the Washington Post.
>>>>
>>>
>>> That's not just a nasty prank, that is an act of war.
>>>
>>
>> Well, this was during the "cold" war. This prank moved the
>> meter toward the hot side a bit. But, the Russians couldn't
>> really complain, they KNEW they were taking a risk to try to
>> circumvent trade restrictions.
>>
>> Get hold of the book Spycraft" by Robert Wallace and H.
>> Keith Melton, there are a bunch of similar stories described
>> there.
>>
>> Jon
>>
>>
27 Jul
27 Jul
10:53 a.m.
On 7/26/25 22:29, Doug Jackson via cctalk wrote:
Yea,
It is fascinating the damage that can be caused by a pump ignoring the
upper limit switch on a water reservoir, and the subsequent damage to the
foundations....
Yup, it had nothing to do with cyber hacking, just a
dislodged sensor. Union Electric (Now Ameren) had a pumped
storage plant built around 1960 at Proffit Mountain, called
their Taum Sauk plant. It pumped water from a river to the
top of an old volcanic cauldera about 800 feet up. They
added an additional rim of gravel and mud to raise the
maximum level. There was a state park right next to the
mountain. In 2005, the dislodged sensor allowed the
reservoir to overflow, causing the gravel rim to collapse
and sending roughly one billion gallons of water crashing
through the state park, nearly killing the park supervisor's
entire family.
Jon
11:25 a.m.
The UK also has that T-shirt from 2005 - although with gasoline as the overflowing fluid
...
https://en.wikipedia.org/wiki/Buncefield_fire#Causes
Martin
-----Original Message-----
From: Jon Elson via cctalk [mailto:cctalk@classiccmp.org]
Sent: 27 July 2025 14:53
To: Doug Jackson via cctalk <cctalk(a)classiccmp.org>
Cc: Jon Elson <elson(a)pico-systems.com>
Subject: [cctalk] Re: Scada computers and remote terminal units
On 7/26/25 22:29, Doug Jackson via cctalk wrote:
Yea,
It is fascinating the damage that can be caused by a pump ignoring the
upper limit switch on a water reservoir, and the subsequent damage to
the foundations....
Yup, it had nothing to do with cyber hacking, just a dislodged sensor. Union
Electric (Now Ameren) had a pumped storage plant built around 1960 at Proffit Mountain,
called their Taum Sauk plant. It pumped water from a river to the top of an old volcanic
cauldera about 800 feet up. They added an additional rim of gravel and mud to raise the
maximum level. There was a state park right next to the mountain. In 2005, the dislodged
sensor allowed the reservoir to overflow, causing the gravel rim to collapse and sending
roughly one billion gallons of water crashing through the state park, nearly killing the
park supervisor's entire family.
Jon
25 Jul
25 Jul
8:45 p.m.
On 7/25/25 12:13, cz via cctalk wrote:
Oh is this public now? I remember this, it was
hilarious.
Imagine what happens when all your valves go to "open" or
"closed" at once.
Well, it was in the Washington Post (I think) so that is
pretty public.
I wonder if this led to the downfall of the Soviet
Union.
Just think about how you would feel if you suddenly
realized that all the infrastructure based on chips and
designs that you stole was now 100% suspect and could blow
up at any time.
Well, it sure didn't help. It took them several years to
rebuild the pipeline. But, I think the stinger missile was
what ultimately brought them down, as well as "Star Wars"
ie. Reagan's SDI.
It was said some time ago by a major US computer scientist
that their copying the IBM 360 as their BESM 1060 set their
computer industry back a full decade.
Jon
3:09 p.m.
On 25/07/2025 16:05, Jon Elson via cctalk wrote:
On 7/24/25 23:09, Devin via cctalk wrote:
5 or so years back there was someone selling Ferranti Argus boards on
eBay. They weren't cheap, but I'm kind of kicking myself that I didn't
pick up at least one or two. I enquired as to whether he had a card
frame and other parts for a complete system and he did for his own
testing purposes, but not for sale. He claimed he still had customers
running Argus systems for industrial control. I've since learned that up
until quite recently there were UK nuclear power stations running Argus
500 based control systems.
When I worked for British Gas in the early 90s we had an in-house
developed TMS9900-based telemetry outstation, which was used to manage
remote gas and radio sites — we had our own national microwave networks
and PMR radio etc. — and this would also relay intruder, fire and UPS
etc. alarms. Outstations connected back to the main SCADA system via a
UHF radio and little yagi antenna pointing at the nearest radio site (if
not located at one). It's crazy to think now that this would have been a
simple protocol, with no security, controlling valves on HP gas lines,
huge compressors, big boilers (to heat pressure reduction equipment to
prevent it freezing) and all manner of critical infrastructure.
The SCADA system was based on a VAXserver 3800 cluster, with VAXstation
2000 satellite nodes equipped with 21" displays for the 24/7 grid
control team. IIRC the SCADA system was developed by Logica. We had a
contract with DEC whereby we'd have a full stock of parts and swap out
boards and drives etc.
The previous system was a Cossor 9900-based mini with Pertec drives and
this languished in a corner of the workshop. I'm not sure if this
influenced the telemetry outstation CPU choice, as that would have been
developed around the same time. I can't imagine there were many sites
running Cossor minis, but IIRC Heathrow Airport in London had a
9900-based air traffic control system from them.
The previous to that — and very first — grid control computer was also
sitting in a garage building. This was an Elliott system and I couldn't
say what model (I was more interested in electronics and radio at the
time). Sad to say that this and the Cossor were sold for scrap.
Another curio from that time was a simple device called, I think, a
"radac". This was a magnetic drum audio recorder and tracks would be
recorded with the site name and alarm messages. On being triggered it
would autodial a number which would be routed to whoever was on call,
who would then be greeted by this slightly robotic sounding message.
There were still one or two in use at simpler sites. I've since not
managed to find any information on this, but have wondered if one could
be found, if it might lend itself to being adapted for use as a very
small drum store.
Andrew
Greetings,
Been a long while since i have posted in on here. I usually discuss my pdp 11 and vax
systems. I have decided to pivot my career to scada syatems. The company i am with has
some interesting stuff that goes pretty far back. Our custom in house tech is a plc pump
controller with a radio connection for data logging and control. Pretty cool, 8051 based,
with a version of basic in rom that has scada functions added. The backend servers are
just linux systems, although in a modular backplane for easy replacement.
I have not read much about this tech outside of what we have in house. Are there other
historic scada system computers or technologies that are similar, easily found on ebay for
example?
Ive seen some mention of old allen bradley stuff, but not much notes on how it would be
used remotely in the field, as a remote
terminal unit.
Allen-Bradley made a bunch of SCADA gear that was used in
power substations. 
27 Jul
27 Jul
8:49 a.m.
Two quick comments on this thread.
We have all heard of PDP_11's being used in nuclear power stations
which is SCADA when you come tight down to it but I had the opportunity
to run in to another use. Many (about 40!) years ago I worked for
Martin Marietta (now Lockheed Martin). I used to make trips out to
Denver for various projects. (Is Hans Brinker still there?) In one
of the many machine rooms there was a small rack with a PDP-11 in it.
No one ever went near it and it just sat there quietly humming away.
One day I learned it ran the HVAC for the whole complex.
Was Allen Bradley the SCADA company that had a line of 6809 systems
some of which ran OS-9? Or is my memory faulty in this. Senior
moments become more common every day as I celebrate my 75th birthday
today.
bill
25 Jul
25 Jul
9:06 p.m.
He he,
And that, is precisely why the Australian Government advice for managing
secure computer systems includes this requirement:
Control: ISM-1800; Revision: 0; Updated: Sep-22; Applicability: NC, OS, P,
S, TS; Essential Eight: N/A Network devices are flashed with trusted
firmware before they are used for the first time.
Also, there are a heap of supply chain controls - essentially anything from
a US vendor that may have been side shipped through the CIA is treated as
being untrusted (cough cough CISCO) and is inspected and re-flashed before
use:
Control: ISM-1568; Revision: 7; Updated: Jun-25; Applicability: NC, OS, P,
S, TS; Essential Eight: N/A Operating systems, applications, IT equipment,
OT equipment and services are procured from suppliers that have
demonstrated a commitment to the security of their products and services.
Control: ISM-1882; Revision: 3; Updated: Jun-25; Applicability: NC, OS, P,
S, TS; Essential Eight: N/A Operating systems, applications, IT equipment,
OT equipment and services are procured from suppliers that have
demonstrated a commitment to transparency for their products and services.
Control: ISM-1632; Revision: 6; Updated: Jun-25; Applicability: NC, OS, P,
S, TS; Essential Eight: N/A Operating systems, applications, IT equipment,
OT equipment and services are procured from suppliers that have a strong
track record of maintaining the security of their own systems.
if anybody is bored, the entire UNCLASSIFIED Information Security Manual
document is available for the public here:
https://www.cyber.gov.au/resources-business-and-government/essential-cybers…
Full disclaimer - Day job is to help government agencies make sure they
have correctly implemented all of those controls :-)
Kindest regards,
Doug Jackson
em: doug(a)doughq.com
ph: 0414 986878
Follow my amateur radio adventures at vk1zdj.net
On Sat, 26 Jul 2025 at 01:10, Jon Elson via cctalk <cctalk(a)classiccmp.org>
wrote:
On 7/24/25 23:09, Devin via cctalk wrote:
Greetings,
Been a long while since i have posted in on here. I usually discuss my
pdp 11 and vax systems. I have decided to pivot my career to scada syatems.
The company i am with has some interesting stuff that goes pretty far back.
Our custom in house tech is a plc pump controller with a radio connection
for data logging and control. Pretty cool, 8051 based, with a version of
basic in rom that has scada functions added. The backend servers are just
linux systems, although in a modular backplane for easy replacement.
I have not read much about this tech outside of what we have in house.
Are there other historic scada system computers or technologies that are
similar, easily found on ebay for example?
Ive seen some mention of old allen bradley stuff, but not much notes on
how it would be used remotely in the field, as a remote
terminal unit.
Allen-Bradley made a bunch of SCADA gear that was used in
power substations.
I think theirs MIGHT have been the one that was responsible
for the Y2K scare, but it might have been somebody else's unit.
Also, way back, there was a case where a SCADA manufacturer
thought some of their gear was being bought for the
trans-Siberia pipeline, and couldn't be sold for that under
trade restrictions. Somebody at that company got in touch
with a contact at the CIA, and asked if they wanted to
insert a "feature" into those units. They put in a time bomb
that was essentially the same as the Y2K shutdown, and blew
up the entire pipeline when all the valves slammed shut at
the same time. This info was reported by the famous Jack
Anderson in the Washington Post.
Jon
26 Jul
26 Jul
11:52 p.m.
And now we buy all these Chinese made gadgets ...
On Fri, 25 July 2025, 11:10 pm Jon Elson via cctalk, <cctalk(a)classiccmp.org>
wrote:
On 7/24/25 23:09, Devin via cctalk wrote:
Greetings,
Been a long while since i have posted in on here. I usually discuss my
pdp 11 and vax systems. I have decided to pivot my career to scada syatems.
The company i am with has some interesting stuff that goes pretty far back.
Our custom in house tech is a plc pump controller with a radio connection
for data logging and control. Pretty cool, 8051 based, with a version of
basic in rom that has scada functions added. The backend servers are just
linux systems, although in a modular backplane for easy replacement.
I have not read much about this tech outside of what we have in house.
Are there other historic scada system computers or technologies that are
similar, easily found on ebay for example?
Ive seen some mention of old allen bradley stuff, but not much notes on
how it would be used remotely in the field, as a remote
terminal unit.
Allen-Bradley made a bunch of SCADA gear that was used in
power substations.
I think theirs MIGHT have been the one that was responsible
for the Y2K scare, but it might have been somebody else's unit.
Also, way back, there was a case where a SCADA manufacturer
thought some of their gear was being bought for the
trans-Siberia pipeline, and couldn't be sold for that under
trade restrictions. Somebody at that company got in touch
with a contact at the CIA, and asked if they wanted to
insert a "feature" into those units. They put in a time bomb
that was essentially the same as the Y2K shutdown, and blew
up the entire pipeline when all the valves slammed shut at
the same time. This info was reported by the famous Jack
Anderson in the Washington Post.
Jon
27 Jul
27 Jul
1:29 a.m.
To be honest, the country of manufacture is not the issue - it is when it
passes through a friendly country and has its firmware modified by the
Americans... Goes to show that you can't trust the yanks either.
https://www.theguardian.com/books/2014/may/12/glenn-greenwald-nsa-tampers-u…
And all of the Huawei noise is nonsense - as long as you are using a
quality crypto over the transport - which is what HTTPS is, nobody cares.
The Chinese can have as many of my packets as they like....
Kindest regards,
Doug Jackson
em: doug(a)doughq.com
ph: 0414 986878
Follow my amateur radio adventures at vk1zdj.net
On Sun, 27 Jul 2025 at 14:00, Tom Hunter via cctalk <cctalk(a)classiccmp.org>
wrote:
And now we buy all these Chinese made gadgets ...
On Fri, 25 July 2025, 11:10 pm Jon Elson via cctalk, <
cctalk(a)classiccmp.org>
wrote:
On 7/24/25 23:09, Devin via cctalk wrote:
syatems.
Greetings,
Been a long while since i have posted in on here. I usually discuss my
pdp 11 and vax systems. I have decided to pivot my career to scada
The company i am with has some interesting stuff
that goes pretty far
back.
Our custom in house tech is a plc pump controller
with a radio connection
for data logging and control. Pretty cool, 8051 based, with a version of
basic in rom that has scada functions added. The backend servers are
just
linux systems, although in a modular backplane
for easy replacement.
I have not read much about this tech outside of what we have in house.
Are there other historic scada system computers or technologies that are
similar, easily found on ebay for example?
Ive seen some mention of old allen bradley stuff, but not much notes on
how it would be used remotely in the field, as a remote
terminal unit.
Allen-Bradley made a bunch of SCADA gear that was used in
power substations.
I think theirs MIGHT have been the one that was responsible
for the Y2K scare, but it might have been somebody else's unit.
Also, way back, there was a case where a SCADA manufacturer
thought some of their gear was being bought for the
trans-Siberia pipeline, and couldn't be sold for that under
trade restrictions. Somebody at that company got in touch
with a contact at the CIA, and asked if they wanted to
insert a "feature" into those units. They put in a time bomb
that was essentially the same as the Y2K shutdown, and blew
up the entire pipeline when all the valves slammed shut at
the same time. This info was reported by the famous Jack
Anderson in the Washington Post.
Jon
6
days inactive
8
days old
21 comments
13 participants
participants (13)
-
Adrian Stoness -
Andrew Back -
Bill Gunshannon -
cz -
Devin -
Doug Jackson -
Fred Cisin -
Holm Tiffe -
Jon Elson -
Martin Bishop -
Paul Koning -
Tom Hunter -
wrcooke@wrcooke.net