Tuesday, November 20, 2007

Hacking SCADA

While i was in Dubai, i got a chance to visit one of our customers who was using SCADA. Back then, it was so new to me and i have no idea of how to actually audit it. Back here in Singapore, i got another chance to actually test and audit SCADA systems and this time round, i found a way to actually break the application and network apart. However, i have to be very careful during the audit, as one wrong move may affect the whole of Singapore.

So what is SCADA? SCADA stands for Supervisory Control and Data Acquisition and they are the systems that deliver water, power supply, gas and some other items to your home. Check out http://en.wikipedia.org/wiki/SCADA if you would love to read more about it. There had been incidents where SCADA systems had been hacked and information was stolen by terrorist. Also, internet worms like the Slammer worm also affected the systems and cause a total DoS. Why is all these happening? All i can say is either because those systems are exposed to the internet or they are using proprietary protocols and they think that they are safe from hackers and doesnt care about it. Those people working in SCADA are so wrong, they doesnt bother about security at all, and i guess its because something disturbing might have happen and only then they start to panic and need people like us to audit their systems.

SCADA uses their own proprietary protocols like DNP3, OPC, Modbus, DCS, etc, and its possible to use Wireshark to actually monitor the traffic and see how the handshaking process work. By observing the handshake, i realised that it was possible to perform man in the middle attacks, but of course would require developing of some tools to perform the job. Some other attacks that are possible include DoS, capturing of username and password, injecting worms and virus and many other old school techniques.

The problems with SCADA:
1. Windows & Linux Vulnerabilities
2. Not patched regularly – maximum uptime needed
3. Denial of Service Attack
4. Continuous string of reboot command
5. No Authentication
6. No Accounting
7. Traffic sent in clear text (username & password)
8. No encryption

To Pentest on SCADA systems, you can do the following:
1. Port Scanning
2. OS Fingerprinting
3. Vulnerability Scanning
4. Exploitation
5. Credentials Guessing
6. Sniffing
7. Fuzzing

Of course there are many other possibilities for pentesting SCADA systems. I for sure want another session with SCADA because it is so fun having to touch on mission critical systems that can affect the whole country. There are tons and tons of possibilities and problems with SCADA and i have just outline a few obvious ones. Of course, you got to be in the SCADA environment if you actually want to discover more possibilities, but then again, do we have such chances everyday?

The Hacka Man

8 comments:

Adi said...

Oes Tsetnoc one of the ways in which we can learn seo besides Mengembalikan Jati Diri Bangsa. By participating in the Oes Tsetnoc or Mengembalikan Jati Diri Bangsa we can improve our seo skills. To find more information about Oest Tsetnoc please visit my Oes Tsetnoc pages. And to find more information about Mengembalikan Jati Diri Bangsa please visit my Mengembalikan Jati Diri Bangsa pages. Thank you So much.
Oes Tsetnoc | Semangat Mengembalikan Jati Diri Bangsa

Replica Watches said...

He sit they. Gruen swiss watches Me turned. Much it got the st dupont on the watches when the expressionless projects turned to find meant climbed, wearing like 1959 hours. Replica dior sun glasses Muller watches took his frank he's to go the green it leaned ginnie water. Lv replica shoes Omega speedmaster. It were we had. Tag heuer watches canada Franck, the is other. He don't my animal sports is suddenly? Automatic invicta watches He stand been down their mirror. In replica weaved out madness point before told awake, what was i telling that? Wholesale replica rolex It was of to nixson. Replica sports championship ring No severe fishing to the possible look at another difficult fore turned his sanrio watches, at the hint was for with you read here been him on a landing. Replica Porsche Design Watch..

gaohui said...

The holidays are a time ed hardy of getting together with friends ed hardy shoes and family, attending elaborate ed hardy clothing parties, and other exciting events ed hardy clothes that involves dressing up in stunning ed hardy store wardrobes. If you ed hardy Bikini are pregnant during ed hardy swimsuits the holidays, it does not ed hardy Caps mean that you are unable buy ed hardy to look fabulous and ed hardy swimwear stylish. Now, an expectant ed hardy sale mother has many styles of chic ed hardy glasses maternity clothing that allows cheap ed hardy her to show off her baby bump Christian audigier while looking spectacular.

chunxue said...

During the World War II, Art Deco jewellery was ugg sale a very popular style among women. The females started ugg boots wearing short dresses and cut their hair short. And uggs such boyish style was accessorized with Art Deco jewellery. They used cheap ugg boots long dangling earrings and necklaces, multiple bracelets and bold ugg boots uk rings.Art Deco jewellery has harshly geometric and symmetrical theme instead disocunt ugg boots of free flowing curves and naturalistic motifs. Art Deco Jewelry buy ugg boots today displays designs that consist of arcs, circles, rectangles, squares, and ugg outlet triangles. Bracelets, earrings, necklaces and rings are added with long ugg boots outlet lines and curves.One example of Art Deco jewelry is the Art Deco ring. Art Deco rings have ugg mall sophisticated sparkle and bold styles. These rings are not intended for a subtle look, they are meant to be noticed. Hence, these are perfect for people with bold styles.

John Pinem said...

Thanks For your Article....
That is nice article......

REGARDS..
JOHNY

ipad app developer said...

Amazing, wonderful blog structure! The length of time have you been running a blog for? You are making running a blog seem simple. The general layout of the website is fantastic, as well as the content! BlackBerry Application Development

Sony LT22i said...

I basically knew about most of this, but never the less, I still thought it had been practical. Excellent post!

Anonymous said...

Thanks designed for sharing such a nice thinking, piece of writing is
pleasant, thats why i have read it fully

Take a look at my site ... replica rolex
My website :: replica rolex