MS Worm caused blackout?
Dustin Decker
dustind at moon-lite.com
Mon Aug 25 21:56:06 CDT 2003
On Mon, 25 Aug 2003, Jonathan Hutchins wrote:
> According to Robert X. Cringely from Info World, the recent MS Blaster worm
> may have actually been responsible for the Great Blackout of Ought Three.
> Cringe writes "The FBI and CERT pooh-pooh the theory, but some aren't
> convinced. Many plants on the grid run a Windows-based SCADA (Supervisory
> Control and Data Acquisition) system that receives remote commands through
> the same RPC (Remote Procedure Call) protocol exploited by MSBlaster. Among
> other things, SCADA systems control the amount of energy each plant produces.
> I talked with one plant insider who says the worm theory is possible but not
> likely. "It would have to be a major breakdown in the plant's software
> protection scheme," he said. A more likely sabotage scenario? An inside job
> by a techie ticked off at his employers. So far nobody knows the real cause,
> but if Oliver Stone is reading this, I'll sell the movie rights for a Linux
> notebook and 5 percent of the gross."
This really wouldn't suprise me at all... there are analog backup systems
that are supposed to carry load if SCADA fails. There have been a number
of folks in the electricity production industry who have revealed that
Slammer beat them up pretty bad and caused SCADA failures. In one case,
an infected laptop was blamed as it was brought in and placed on a network
behind the firewall. In another, a VPN allowed the virus in, again
bypassing a firewall.
I doubt we'll ever really get the whole story on this.
D.
--
o-----------------------------------o
| Dustin Decker - CNA, MCP |
| dustin at dustindecker.com o-------------------------------------------o
| Network Engineer | The wise man seeks everything in himself; |
| Preferred Physicians Group | the ignorant man tries to get everything |
o-------------------------------| from somebody else. |
o-------------------------------------------o
More information about the Kclug
mailing list