Even minimally competent hackers can hijack the computer systems that control critical industrial machinery to deadly effect, according to security researchers.
NSS Labs researcher Dillon Beresford successfully breached industrial control systems (ICSs) from Siemens and other companies despite having no experience with the systems, limited time, and a small budget. He did it by exploiting a back door coded into the Siemens ICSs and other vulnerabilities that could permit a hacker with access to the computer network at a target facility to shut down or even damage the equipment that the system controls, says NSS Labs' Vikram Phatak.
Security consultant Joe Weiss says this discovery is a game-changing revelation, as it proves that "you don't have to be a nation state" to penetrate an ICS. Last month the U.S. Department of Homeland Security (DHS) issued an advisory to critical infrastructure owners warning that the Anonymous hacker collective had threatened attacks on U.S. and Canadian oil and gas companies, and that the skill level affiliated with such hacks to date was low. A DHS official cautions that "once ... vulnerabilities make their way into open source, that lowers the [skill] bar down to a 'script kiddie' level."
From Washington Times
View Full Article
Abstracts Copyright © 2011 Information Inc. , Bethesda, Maryland, USA