Tech

SCADA-phobia

| Sun Jul. 18, 2010 4:19 PM EDT

I honestly don't know if this is something to take seriously or just the latest in cyberwar hype, but....

Anti-virus specialists report that a new trojan is spreading via USB flash drives, apparently exploiting a previously unknown hole in Windows.

....An investigation by malware analyst Frank Boldewin has shown that this is not just any old trojan designed to harvest passwords from unsuspecting users....During his investigation, Boldewin came across some database queries the trojan made that point towards the WinCC SCADA system by Siemens. As Boldewin explained in an email to The H's associates at heise Security, a "normal" malware programmer wouldn't have managed to do that. Boldewin continued "As this Siemens SCADA system is used by many industrial enterprises worldwide, we must assume that the attackers' intention was industrial espionage or even espionage in the government area".

Stewart Baker explains what he thinks this means:

This particular exploit is remarkably sophisticated and singleminded....Most troubling is what the malware goes looking for once it starts up. The entire attack seems designed to exploit holes in the Siemens SCADA software that runs electric grids around the world.

As far as I can tell, there’s no reason to compromise a SCADA system other than to take it down. The SCADA system doesn’t contain credit card numbers or other financial data, and I doubt that compromising it is a cost-effective way to steal power for free....There are no obvious secrets to steal from a SCADA system — other than the secret of how to bring the system down. So the logical goal of the malware is not so much espionage as sabotage.

Let me repeat that for emphasis. This elaborate, previously unseen piece of malware, which surely could have been a big moneymaker if used to create a botnet or to send spam, has instead been put to use for a purpose that has no obvious economic payoff — compromising the power grid.

The comment thread on Baker's post is lively and, needless to say, not everyone agrees with him that this is as big a deal as he thinks. And since I don't have the chops to have an independent opinion, don't take this post as an endorsement of what Baker says. But it seemed interesting and potentially ugly. Just thought I'd pass it along.

And while I'm on the subject, if you didn't read Mark Bowden's Atlantic piece about the Conficker worm, "The Enemy Within," when it came out a few weeks ago, it's well worth your time. It's pretty riveting stuff if you have even a little touch of nerd in you.