It looks like you're using an Ad Blocker.

Please white-list or disable AboveTopSecret.com in your ad-blocking tool.

Thank you.

 

Some features of ATS will be disabled while you continue to use an ad-blocker.

 

Code Deliberately Designed to Put Lives at Risk

page: 1
10

log in

join
share:

posted on Mar, 7 2019 @ 04:31 PM
link   
From this week's MIT Technology Review. This is scary stuff. Anyone in cybersecurity should read this article.

Triton is the world’s most murderous malware, and it’s spreading

The rogue code can disable safety systems designed to prevent catastrophic industrial accidents. It was discovered in the Middle East, but the hackers behind it are now targeting companies in North America and other parts of the world, too.

www.technologyreview.com...



As an experienced cyber first responder, Julian Gutmanis had been called plenty of times before to help companies deal with the fallout from cyberattacks. But when the Australian security consultant was summoned to a petrochemical plant in Saudi Arabia in the summer of 2017, what he found made his blood run cold. The hackers had deployed malicious software, or malware, that let them take over the plant’s safety instrumented systems.

These physical controllers and their associated software are the last line of defense against life-threatening disasters. They are supposed to kick in if they detect dangerous conditions, returning processes to safe levels or shutting them down altogether by triggering things like shutoff valves and pressure-release mechanisms. The malware made it possible to take over these systems remotely. Had the intruders disabled or tampered with them, and then used other software to make equipment at the plant malfunction, the consequences could have been catastrophic. Fortunately, a flaw in the code gave the hackers away before they could do any harm. It triggered a response from a safety system in June 2017, which brought the plant to a halt. Then in August, several more systems were tripped, causing another shutdown.

The first outage was mistakenly attributed to a mechanical glitch; after the second, the plant's owners called in investigators. The sleuths found the malware, which has since been dubbed “Triton” (or sometimes “Trisis”) for the Triconex safety controller model that it targeted, which is made by Schneider Electric, a French company. In a worst-case scenario, the rogue code could have led to the release of toxic hydrogen sulfide gas or caused explosions, putting lives at risk both at the facility and in the surrounding area. Gutmanis recalls that dealing with the malware at the petrochemical plant, which had been restarted after the second incident, was a nerve-racking experience. “We knew that we couldn’t rely on the integrity of the safety systems,” he says. “It was about as bad as it could get.”

In attacking the plant, the hackers crossed a terrifying Rubicon. This was the first time the cybersecurity world had seen code deliberately designed to put lives at risk. Safety instrumented systems aren’t just found in petrochemical plants; they’re also the last line of defense in everything from transportation systems to water treatment facilities to nuclear power stations. Triton’s discovery raises questions about how the hackers were able to get into these critical systems. It also comes at a time when industrial facilities are embedding connectivity in all kinds of equipment—a phenomenon known as the industrial internet of things. This connectivity lets workers remotely monitor equipment and rapidly gather data so they can make operations more efficient, but it also gives hackers more potential targets.




posted on Mar, 7 2019 @ 04:45 PM
link   

But when the Australian security consultant was summoned to a petrochemical plant in Saudi Arabia in the summer of 2017, what he found made his blood run cold.


Irans high council of cyberspace(real name).

nligf.nl...



posted on Mar, 7 2019 @ 04:58 PM
link   
...so shut down the plant and any other plant, including nuke plants and charge everyone involved with negligence for hooking systems that can harm people with the gd internet.

These stupid bs articles are written to create a solution of internet regulation using saftey as an excuse to lock it down.

Thanks for sharing. I find these interesting when you read between the lines.





posted on Mar, 7 2019 @ 05:25 PM
link   
Thank God our president is the best at the cyber.

Otherwise, we might be in trouble.



posted on Mar, 7 2019 @ 05:31 PM
link   

originally posted by: underwerks
Thank God our president is the best at the cyber.

Otherwise, we might be in trouble.


Honestly, you need to find a job.




posted on Mar, 7 2019 @ 05:33 PM
link   
a reply to: Phantom423

In attacking the plant, the hackers crossed a terrifying Rubicon. This was the first time the cybersecurity world had seen code deliberately designed to put lives at risk.

The code has been around a long time to accomplish this, so it isn't exactly new or "deliberately designed to put lives at risk" per se. Existing code has rather been adapted to suit the purpose. I'm not trying to split hairs, but I think they're going to find there are pre-existing systems all over the planet that have already been infected with malicious code of this sort, and now that they know what they're looking for...



posted on Mar, 7 2019 @ 07:15 PM
link   

originally posted by: underwerks
Thank God our president is the best at the cyber.

Otherwise, we might be in trouble.


He's "like - a clever person".




posted on Mar, 7 2019 @ 08:17 PM
link   
It's likely cyberwar, like stuxnet but this time targetting other assets.

Stuxnet



posted on Mar, 7 2019 @ 09:02 PM
link   
a reply to: Klassified

That's interesting. The article mentioned that the code was "found" in 2017. But I would make a SWAG that they knew about it for a while. The article was probably sifted through a lot of hands before it was published.

A difficult challenge for cyber spooks nonetheless. Thanks for the comment.




edit on 7-3-2019 by Phantom423 because: (no reason given)



posted on Mar, 8 2019 @ 06:27 PM
link   
a reply to: Klassified

Heck you run an nmap scan on most ICS environments it'll cause the controllers and PLC's to go wonky. Even doing something as simple as causing a trip to an operating steam turbine could lead to loss of life. I don't think the average person understands just how fragile OT systems are.



posted on Mar, 8 2019 @ 07:39 PM
link   
a reply to: Phantom423

I'm sure all well-developed countries governments have access to this kind of damaging malware for cyber warfare use.
If the malware is entering via remote sharing then the solution is obvious... any network that is public is going to invite trouble.

I've been trying to learn programming code for a while now I feel I want to give up. Some people are just wizards with code.



posted on Mar, 9 2019 @ 07:09 AM
link   

originally posted by: Hypntick
a reply to: Klassified

Heck you run an nmap scan on most ICS environments it'll cause the controllers and PLC's to go wonky. Even doing something as simple as causing a trip to an operating steam turbine could lead to loss of life. I don't think the average person understands just how fragile OT systems are.

Excellent points.
Not only are they fragile, but a good portion of those systems are antiquated. They were written for simple functionality, not security, and many of them have no checks written into the code. Whatever is put in comes out the other side, no questions asked. Scary.



posted on Mar, 9 2019 @ 07:36 AM
link   
don't over react, setup proper edge security with a DMZ, put your critical systems behind the DMZ and properly train your staff


edit on 9-3-2019 by toysforadults because: (no reason given)



posted on Mar, 9 2019 @ 07:37 AM
link   
a reply to: Hypntick

who's allowing you to port scan their internal network?



posted on Mar, 9 2019 @ 10:58 AM
link   
Bay area rapid transit is down now, due to computer system malfunction. Something is up



posted on Mar, 9 2019 @ 07:10 PM
link   
a reply to: toysforadults

No one with an understanding of how these environments are supposed to operate. The problem is, and as you stated above, segmentation of these networks. NERC CIP has some prescriptions in place to attempt to enforce this behavior in the energy sector. Unfortunately as you can see from the recent 10 million fine against Duke Energy even the largest energy companies in the US are struggling with securing things even to the level of compliance (which does not equal security).

All it takes is one vendor with malware walking on to a site and plugging in to the network, which has happened more times than the public is aware of, or would be comfortable with. Until the vendors and operators of this equipment understand the need to secure these systems and how to actually do it, we're going to keep running into situations like this.

As for my example of NMAP, it's a rather benign tool in of itself, it was more to highlight just how fragile the systems actually are. I can do a full scan of any home network device and not cause near the same level of havoc that I could cause on systems designed to run continually for sometimes years at a time between outage and upgrade cycles.



posted on Mar, 10 2019 @ 10:22 AM
link   
I have worked with and written software for systems in both the natural gas and electricity sectors.

Sometimes I wonder how some of this stuff actually survives. Profits count the most.




top topics



 
10

log in

join