MISTI – ITAC 2014 – SCADA Hacking: Clear and Present Danger
Date & Time: Month DD, YYYY at H:MM - H:MM
Location: Venue - Street Name and Number, City, State, Postal Code
Speaker: Bishop Fox
Francis Brown will be presenting SCADA Hacking: Clear and Present Danger at the MISTI – ITAC 2014 – IT Audit and Controls Conference.
SCADA systems serve as a gateway between technology and the physical world, making them an attractive target to malicious hackers. The Stuxnet worm that took out Iran’s nuclear weapons program by targeting Siemens SCADA systems opened the world’s eyes to the potential fruits SCADA hacking could bear. Now with blood in the water, the sharks have come. Recent developments have changed the game for SCADA hacking, making mass targeting and exploitation of SCADA systems a very real and imminent threat.
SCADA systems monitor and control industrial processes that exist in the physical world, including those running power plants, water treatment facilities, and even space stations just to name a few. Historically, SCADA systems were hard to find and hacking them was a skillset held by only a small few. Publically available hacker tools designed to specifically target SCADA systems were practically non-existent. Then in June 2010 we discovered Stuxnet, the first known malware to specifically target industrial control systems, and the first known use of a programmable logic controller (PLC) rootkit. This was the catalyst that has created a surge of interest and research by hackers into SCADA systems.
Understandably, some people are of the mindset that “the world hasn’t blown up yet, so maybe this isn’t as dangerous as people are making it out to be…”. However, it behooves those people to more closely examine recent developments in SCADA hacking that are escalating the nature of the threat in ways never seen before. For example, a Wired magazine article last year highlighted a single PhD student’s work that hooked a few simple SHODAN queries up to Google maps, resulting in an actual map of over 10,000 vulnerable SCADA systems in the United States that were Internet accessible. In the past year, we’ve also seen the first ever Metasploit SCADA exploits emerge, making point-and-click exploitation of SCADA system possible and drastically lowering the bar for skills necessary to successfully hack SCADA.
Some of the topics to be explored include:
- Identifying exposed SCADA systems using Google, Bing, and other popular search engines
- Targeting SCADA systems using the hacker specific search engine SHODAN
- Using the Metasploit tool to scan and exploit various SCADA systems
- Leveraging massive Internet scan repositories such as the Critical.io Project and the Internet Census 2012 data dump to passively identify publically exposed SCADA systems
- Identifying SCADA systems by active scanning, such as port scanning, SNMP scanning, and SCADA vendor proprietary protocol scanning (e.g. Digi's Advanced Device Discovery Protocol (ADDP))
- Identifying physically exposed SCADA systems via WiFi and Bluetooth hacking
- SCADA systems with unintended backdoors exposed via serial ports with mobile connections such as 3G, 4G, GSM, GPRS, EDGE, satellite, and modem-based solutions
- Attacking SCADA administrative interfaces such as telnet, SSH, FTP, and web admin interfaces
- Defending against modern SCADA hack attacks
This DEMO-rich presentation will benefit both newcomers to SCADA security and seasoned security professionals alike. Join us as we explore emerging SCADA threats and demonstrate new SCADA hacking tools and techniques. We hope the audience will gain an understanding of the magnitude of this threat and the importance of being proactive about addressing it.