Sign In

Communications of the ACM

ACM TechNews

Mediocre Hackers Can Cause Major Damage


View as: Print Mobile App Share: Send by email Share on reddit Share on StumbleUpon Share on Hacker News Share on Tweeter Share on Facebook
Masked Hacker

Credit: Thenewinternet.com

Even minimally competent hackers can hijack the computer systems that control critical industrial machinery to deadly effect, according to security researchers.

NSS Labs researcher Dillon Beresford successfully breached industrial control systems (ICSs) from Siemens and other companies despite having no experience with the systems, limited time, and a small budget. He did it by exploiting a back door coded into the Siemens ICSs and other vulnerabilities that could permit a hacker with access to the computer network at a target facility to shut down or even damage the equipment that the system controls, says NSS Labs' Vikram Phatak.

Security consultant Joe Weiss says this discovery is a game-changing revelation, as it proves that "you don't have to be a nation state" to penetrate an ICS. Last month the U.S. Department of Homeland Security (DHS) issued an advisory to critical infrastructure owners warning that the Anonymous hacker collective had threatened attacks on U.S. and Canadian oil and gas companies, and that the skill level affiliated with such hacks to date was low. A DHS official cautions that "once ... vulnerabilities make their way into open source, that lowers the [skill] bar down to a 'script kiddie' level."

From Washington Times
View Full Article

Abstracts Copyright © 2011 Information Inc. External Link, Bethesda, Maryland, USA 


 

No entries found