posted on Sep, 27 2011 @ 03:37 PM
Are you concerned about the future of personal computing, the internet and freedom of access to information? I am.
Are you concerned about the future of Unix? I wasn’t for the longest time. In fact I wanted to know nothing about computers, other than how to use
them, until about two years ago.
There are some folks on ATS that know this stuff much, much more intimately than I do and I hope that they will help us all to understand this as well
as we can. I have been thinking about how to bring this topic in to some threads for discussion and I finally found an article and story that might
help to open up some discussion on this.
First, though I think we should have a brief introduction to some of the items discussed in the article so everybody knows what is what. Nothing
fancy, just the usual ex text pastes…
Unix (officially trademarked as UNIX, sometimes also written as Unix) is a multitasking, multi-user computer operating system originally developed in
1969 by a group of AT&T employees atBell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna.
The Unix operating system was first developed in assembly language, but by 1973 had been almost entirely recoded in C, greatly facilitating its
further development and porting to other hardware. Today's Unix systems are split into various branches, developed over time by AT&T as well as
various commercial vendors and non-profit organizations.
Unix operating systems are widely used in servers, workstations, and mobile devices. The Unix environment and the client–server program model
were essential elements in the development of the Internet and the reshaping of computing as centered in networks rather than in individual
Originally, Unix was meant to be a programmer's workbench rather than be used to run application software. The system grew larger when the operating
system started spreading in the academic circle. Many individual users started adding their own tools to the system and passing it along to
OK. So check out the link on Unix. It’s in everything. The whole show is running on Unix or some distant variant including MacOS and Android.
Now we need to take a look at what a SCADA controller is, it is pretty straightforward…
SCADA (supervisory control and data acquisition) generally refers to industrial control systems (ICS): computer systems that monitor and control
industrial, infrastructure, or facility-based processes, as described below:
Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch,
repetitive, or discrete modes.
Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas
pipelines, electrical power transmission and distribution, Wind farms, civil defense sirensystems, and large communication systems.
Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and
space stations. They monitor and control HVAC, access, and energy consumption.
And what do you suppose the SCADA controllers are running? You guessed it (even if you guessed Windows) It’s UNIX…
SCADA master computers typically run on top of a third party operating system. Nearly all SCADA products run on either a UNIX variant or HP OpenVMS,
although many vendors are beginning to provide Microsoft Windows as a host operating system option.
Initially, more "open" platforms such as Linux were not as widely used due to the highly dynamic development environment and because a SCADA
customer that was able to afford the field hardware and devices to be controlled could usually also purchase UNIX or OpenVMS licenses. However, in
recent years all SCADA vendors have moved to NT and some also to Linux.
Now we need to be reminded of what the Stuxnet virus is…
Stuxnet is a computer worm discovered in June 2010. It targets Siemens industrial software and equipment running on Microsoft Windows. While it is not
the first time that crackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and
the first to include a programmable logic controller (PLC) rootkit.
The worm initially spreads indiscriminately, but includes a highly specialized malware payload that is designed to target only Siemens supervisory
control and data acquisition (SCADA) systems that are configured to control and monitor specific industrial processes. Stuxnet infects PLCs by
subverting the Step-7 software application that is used to reprogram these devices.
See what Stuxnet attacks? That’s right; the SCADA controllers that are running UNIX.
So now we can get to the article. Hold on to your luggage kids….
I am taking this out of the context of the original article so that we can cut to the chase and get down to what we need to be concerned about. But
please read the article, the bit that I am using comes from within the greater context of telling the reader that everything is connected via the web
somehow. You are going to want to read the whole thing.
Let us see some other systems.
A while back now, but many of the same systems are in place in the same way, I was contracted to test the systems on a Boeing 747. They had added a
new video system that ran over IP. They segregated this from the control systems using layer 2 - VLANs. We managed to break the VLANs and access other
systems and with source routing could access the Engine management systems. The response, "the engine management system is out of scope."
For those who do not know, 747's are big flying Unix hosts. At the time, the engine management system on this particular airline was Solaris
based. The patching was well behind and they used telnet as SSH broke the menus and the budget did not extend to fixing this. The engineers could
actually access the engine management system of a 747 in route. If issues are noted, they can re-tune the engine in air.
The issue here is that all that separated the engine control systems and the open network was NAT based filters. There were (and as far as I know this
is true today), no extrusion controls. They filter incoming traffic, but all outgoing traffic is allowed. For those who engage in Pen Testing and know
what a shoveled shell is... I need not say more.
So, Scot... FACT CHECK, SCADA systems ARE ONLINE!
Nearly all SCADA systems are online. The addition of a simple NAT device is NOT a control. Most of these systems are horribly patched and some run
DOS, Win 95, Win 98 and even old Unixs. Some are on outdated versions of VMS. One I know of is on a Cray and another is on a PDP-11.
OK, ATS, didja get that?
747s are giant flying UNIX hosts sporting fully hackable Seimens SCADA controllers.