SCADA-phobia

Ticker

Monika Bauerlein,
CEO

Dear Reader,

The next few months are make-or-break for Mother Jones’ fundraising, and we need more online readers to pitch in than have been of late. In "It's Not a Crisis. This Is the New Normal," we take a level-headed look at the brutal economics of journalism, why investigative reporting like you get from us matters, and why we're optimistic we can grow our base of support in a big way—starting with hitting a huge $300,000 goal in just three weeks. Please learn more and donate if you can right now.

The next few months are make-or-break for Mother Jones’ fundraising. We need to raise $300,000 quickly, and we need more online readers to pitch in than have been. Please learn more in "It's Not a Crisis. This Is the New Normal," where we go into the brutal economics of journalism, and what makes Mother Jones unique and worth supporting if you can right now.

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

I honestly don’t know if this is something to take seriously or just the latest in cyberwar hype, but….

Anti-virus specialists report that a new trojan is spreading via USB flash drives, apparently exploiting a previously unknown hole in Windows.

….An investigation by malware analyst Frank Boldewin has shown that this is not just any old trojan designed to harvest passwords from unsuspecting users….During his investigation, Boldewin came across some database queries the trojan made that point towards the WinCC SCADA system by Siemens. As Boldewin explained in an email to The H’s associates at heise Security, a “normal” malware programmer wouldn’t have managed to do that. Boldewin continued “As this Siemens SCADA system is used by many industrial enterprises worldwide, we must assume that the attackers’ intention was industrial espionage or even espionage in the government area”.

Stewart Baker explains what he thinks this means:

This particular exploit is remarkably sophisticated and singleminded….Most troubling is what the malware goes looking for once it starts up. The entire attack seems designed to exploit holes in the Siemens SCADA software that runs electric grids around the world.

As far as I can tell, there’s no reason to compromise a SCADA system other than to take it down. The SCADA system doesn’t contain credit card numbers or other financial data, and I doubt that compromising it is a cost-effective way to steal power for free….There are no obvious secrets to steal from a SCADA system — other than the secret of how to bring the system down. So the logical goal of the malware is not so much espionage as sabotage.

Let me repeat that for emphasis. This elaborate, previously unseen piece of malware, which surely could have been a big moneymaker if used to create a botnet or to send spam, has instead been put to use for a purpose that has no obvious economic payoff — compromising the power grid.

The comment thread on Baker’s post is lively and, needless to say, not everyone agrees with him that this is as big a deal as he thinks. And since I don’t have the chops to have an independent opinion, don’t take this post as an endorsement of what Baker says. But it seemed interesting and potentially ugly. Just thought I’d pass it along.

And while I’m on the subject, if you didn’t read Mark Bowden’s Atlantic piece about the Conficker worm, “The Enemy Within,” when it came out a few weeks ago, it’s well worth your time. It’s pretty riveting stuff if you have even a little touch of nerd in you.