Home Business IT Security The critical infrastructure hack that never was

Yesterday the Internet was a-buzz with tales of a hacker shutting down a US-based wind farm.  Pity it never happened.

On Saturday 16th April, claiming to be a disgruntled ex-employee, someone calling themselves Bigr R announced on the Full Disclosure mailing list "Here comes my revenge for illegitimate firing from Florida Power & Light Company (FPL) ... ain't nothing you can do with it, since your electricity is turned off !!!"

Attached to the submission was a sequence of 8 images - supposed screen shots from the hacked system and what appeared to be a Cicso router configuration file seemingly from the hacked company - Florida Power and Light - the owners and operators of the wind farm in question.

The news sites were all over the story.

Even at the time of writing these stories, the doubts were creeping in. 

Computerworld themselves reported that the consumers of the facility's output, New Mexico Utility company PNM "is not aware of any incidents affecting the company's Fort Sumner facility."  Surely with the media paranoia regarding critical infrastructure (Stuxnet, anyone?) news of a hacker-caused outage would have spread like wildfire.

A casual view of the provided images suggests that the site runs WinCC - a very common Supervisory Control and Data Acquisition (SCADA) software system.  Oddly (and unconnectedly) this is the same system targeted by Stuxnet.

However, there are also some immediate difficulties with the screens.

This writer has reasonable experience with the control systems for a wind farm and these screens look nothing like such a system. iTWire chose to not run the story.

Contrary to lay expectations, wind farm operators have little interest in fancy images of turbine blades whirling around and photos of turbines standing on their tall towers.  Instead, they are likely to focus of what are normally referred to as "single line diagrams" (something like slide 13 here) which are electrical diagrams used to assess, manage and control the electrical flow within the plant. 

There is little in the offered information to see that such screens are present; in fact the fourth image seems more like a listing of a private FTP site containing the images than having anything to do with a control system.

There are other clues.  On the first image, we see the word "Energie" and on the second & third, most of the language also seems to be in German (the native language of Siemens, developers of the WinCC environment).  The remainder of the images appear to be work schedules associated with the commissioning of some kind of electrical installation.

By Monday, everyone was back-peddling.  Computerworld had a change of heart, as did Networkworld

Well-known SCADA security expert Eric Byres also concluded this to be a hoax based on an analysis of the screen shots and also via access to a private SCADA security reporting network.

This whole incident exposes one of the primary problems of security reporting (and probably why Bigr R chose to announce the 'hack' on a Saturday) - that it is difficult to recognise real intrusions from hoaxes and everyone seems to want to see the worst in any situation.



Download an in-depth guide to managing a healthy, motivated and energetic workforce without breaking the bank.


David Heath

joomla statistics

David Heath has over 25 years experience in the IT industry, specializing particularly in customer support, security and computer networking. Heath has worked previously as head of IT for The Television Shopping Network, as the network and desktop manager for Armstrong Jones (a major funds management organization) and has consulted into various Australian federal government agencies (including the Department of Immigration and the Australian Bureau of Criminal Intelligence). He has also served on various state, national and international committees for Novell Users International; he was also the organising chairman for the 1994 Novell Users' Conference in Brisbane. Heath is currently employed as an Instructional Designer, building technical training courses for industrial process control systems.






Join the iTWire Community and be part of the latest news, invites to exclusive events, whitepapers and educational materials and oppertunities.
Why do I want to receive this daily update?
  • The latest features from iTWire
  • Free whitepaper downloads
  • Industry opportunities