[ale] [OT]USB Storage Drive Loaded With Malware Shuts Down Power Plant

Brian Stanaland brian at stanaland.org
Sat Jan 19 01:33:22 EST 2013


The US Army encrypts drives too. How strictly that is enforced is, of
course, dependent on the data. I've taken apart and sanded down my share of
hard drive platters. There were no USB drives allowed in offices I worked
at. Neither were cell phones or even calculator watches. lol

-- Brian


On Sat, Jan 19, 2013 at 12:00 AM, Matthew <simontek at gmail.com> wrote:

> How? The US Navy prohibits USB drives. For This Reason, figured it went
> through all of the gov't. So I guess we are the only ones encrypting drives
> too?
>
>
> On Fri, Jan 18, 2013 at 11:06 PM, David Tomaschik <
> david at systemoverlord.com> wrote:
>
>> Hi Ron,
>>
>> You're making a big assumption here -- that the software on the computer
>> can be updated.  Many SCADA applications are only validated on VERY
>> specific configurations and aren't updated to every new version.  SCADA
>> really shouldn't be on the internet, and workers really shouldn't be
>> plugging flash drives into SCADA.
>>
>> David
>>
>>
>> On Fri, Jan 18, 2013 at 5:27 PM, Ron Frazier (ALE) <
>> atllinuxenthinfo at techstarship.com> wrote:
>>
>>> Hi all,
>>>
>>> Step 1 - configure basic os and operational software from trusted sources
>>> Step 2 - configure av, but it has to be updated, which could be a problem
>>> Step 3 - scan the machine
>>> Step 4 - TURN AUTOPLAY OFF - applies to Linux too
>>> Step 5 - backup the machine locally
>>> Step 6 - backup the machine offsite, or at least in a second location in
>>> a fireproof bunker
>>> Step 7 -maybe make a master backup on an mdisc or something so it's
>>> permanent
>>> Step 8 - when the machine must be updated, scan the update media first
>>> on a separate system with autoplay off
>>> Step 9 - do the update and create a second set of backups
>>> Step 10 - repeat until 3 - 6 entire sets of backups are in place
>>>
>>> OK I'm not a security guru and there are many variations on this theme.
>>>  But, that wasn't TOO hard to figure out.  It wouldn't necessarily protect
>>> too well against zero day exploits.  But, since I solved their problem, I
>>> want their salary.
>>>
>>> Ron
>>>
>>>
>>> Sergio Chaves <sergio.chaves at gmail.com> wrote:
>>>
>>> >
>>> http://www.eweek.com/security/usb-storage-drive-loaded-with-malware-shuts-down-power-plant/?kc=EWKNLNAV01182013STR1
>>> >
>>> >Sometimes you just gotta say, WTF???
>>> >
>>> >"US-CERT, which is part of the U.S. Department of Homeland Security,
>>> >declined to identify which power plant was affected, and did not say
>>> >whether the facility was operating on nuclear or conventional power.
>>> >Industrial control systems frequently use Windows-based computers to
>>> >run their specialized software, but they rarely run antivirus software
>>> >because these computers aren’t connected to outside networks. However,
>>> >using a USB drive to perform updates is common on these systems."
>>> >"US-CERT, which is part of the U.S. Department of Homeland Security,
>>> >declined to identify which power plant was affected, and did not say
>>> >whether the facility was operating on nuclear or conventional power.
>>> >Industrial control systems frequently use Windows-based computers to
>>> >run their specialized software, but they rarely run antivirus software
>>> >because these computers aren’t connected to outside networks. However,
>>> >using a USB drive to perform updates is common on these systems."
>>> >
>>> >_______________________________________________
>>> >Ale mailing list
>>> >Ale at ale.org
>>> >http://mail.ale.org/mailman/listinfo/ale
>>> >See JOBS, ANNOUNCE and SCHOOLS lists at
>>> >http://mail.ale.org/mailman/listinfo
>>>
>>>
>>> --
>>>
>>> Sent from my Android Acer A500 tablet with bluetooth keyboard and K-9
>>> Mail.
>>> Please excuse my potential brevity.
>>>
>>> (To whom it may concern.  My email address has changed.  Replying to
>>> former
>>> messages prior to 03/31/12 with my personal address will go to the wrong
>>> address.  Please send all personal correspondence to the new address.)
>>>
>>> (PS - If you email me and don't get a quick response, you might want to
>>> call on the phone.  I get about 300 emails per day from alternate energy
>>> mailing lists and such.  I don't always see new email messages very
>>> quickly.)
>>>
>>> Ron Frazier
>>> 770-205-9422 (O)   Leave a message.
>>> linuxdude AT techstarship.com
>>>
>>>
>>> _______________________________________________
>>> Ale mailing list
>>> Ale at ale.org
>>> http://mail.ale.org/mailman/listinfo/ale
>>> See JOBS, ANNOUNCE and SCHOOLS lists at
>>> http://mail.ale.org/mailman/listinfo
>>>
>>
>>
>>
>> --
>> David Tomaschik
>> OpenPGP: 0x5DEA789B
>> http://systemoverlord.com
>> david at systemoverlord.com
>>
>> _______________________________________________
>> Ale mailing list
>> Ale at ale.org
>> http://mail.ale.org/mailman/listinfo/ale
>> See JOBS, ANNOUNCE and SCHOOLS lists at
>> http://mail.ale.org/mailman/listinfo
>>
>>
>
>
> --
> SimonTek
> 912-398-6704
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>
>


-- 
"Anyone who has never made a mistake has never tried anything new." -Albert
Einstein
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130119/73b26ee7/attachment.html>


More information about the Ale mailing list