July 18, 2010

SCADA-phobia

Fight disinformation: Sign up for the free Mother Jones Daily newsletter and follow the news that matters.

I honestly don’t know if this is something to take seriously or just the latest in cyberwar hype, but….

Anti-virus specialists report that a new trojan is spreading via USB flash drives, apparently exploiting a previously unknown hole in Windows.

….An investigation by malware analyst Frank Boldewin has shown that this is not just any old trojan designed to harvest passwords from unsuspecting users….During his investigation, Boldewin came across some database queries the trojan made that point towards the WinCC SCADA system by Siemens. As Boldewin explained in an email to The H’s associates at heise Security, a “normal” malware programmer wouldn’t have managed to do that. Boldewin continued “As this Siemens SCADA system is used by many industrial enterprises worldwide, we must assume that the attackers’ intention was industrial espionage or even espionage in the government area”.

Stewart Baker explains what he thinks this means:

This particular exploit is remarkably sophisticated and singleminded….Most troubling is what the malware goes looking for once it starts up. The entire attack seems designed to exploit holes in the Siemens SCADA software that runs electric grids around the world.

As far as I can tell, there’s no reason to compromise a SCADA system other than to take it down. The SCADA system doesn’t contain credit card numbers or other financial data, and I doubt that compromising it is a cost-effective way to steal power for free….There are no obvious secrets to steal from a SCADA system — other than the secret of how to bring the system down. So the logical goal of the malware is not so much espionage as sabotage.

Let me repeat that for emphasis. This elaborate, previously unseen piece of malware, which surely could have been a big moneymaker if used to create a botnet or to send spam, has instead been put to use for a purpose that has no obvious economic payoff — compromising the power grid.

The comment thread on Baker’s post is lively and, needless to say, not everyone agrees with him that this is as big a deal as he thinks. And since I don’t have the chops to have an independent opinion, don’t take this post as an endorsement of what Baker says. But it seemed interesting and potentially ugly. Just thought I’d pass it along.

And while I’m on the subject, if you didn’t read Mark Bowden’s Atlantic piece about the Conficker worm, “The Enemy Within,” when it came out a few weeks ago, it’s well worth your time. It’s pretty riveting stuff if you have even a little touch of nerd in you.

WHO DOESN’T LOVE A POSITIVE STORY—OR TWO?

“Great journalism really does make a difference in this world: it can even save kids.”

That’s what a civil rights lawyer wrote to Julia Lurie, the day after her major investigation into a psychiatric hospital chain that uses foster children as “cash cows” published, letting her know he was using her findings that same day in a hearing to keep a child out of one of the facilities we investigated.

That’s awesome. As is the fact that Julia, who spent a full year reporting this challenging story, promptly heard from a Senate committee that will use her work in their own investigation of Universal Health Services. There’s no doubt her revelations will continue to have a big impact in the months and years to come.

Like another story about Mother Jones’ real-world impact.

This one, a multiyear investigation, published in 2021, exposed conditions in sugar work camps in the Dominican Republic owned by Central Romana—the conglomerate behind brands like C&H and Domino, whose product ends up in our Hershey bars and other sweets. A year ago, the Biden administration banned sugar imports from Central Romana. And just recently, we learned of a previously undisclosed investigation from the Department of Homeland Security, looking into working conditions at Central Romana. How big of a deal is this?

“This could be the first time a corporation would be held criminally liable for forced labor in their own supply chains,” according to a retired special agent we talked to.

Wow.

And it is only because Mother Jones is funded primarily by donations from readers that we can mount ambitious, yearlong—or more—investigations like these two stories that are making waves.

About that: It’s unfathomably hard in the news business right now, and we came up about $28,000 short during our recent fall fundraising campaign. We simply have to make that up soon to avoid falling further behind than can be made up for, or needing to somehow trim $1 million from our budget, like happened last year.

If you can, please support the reporting you get from Mother Jones—that exists to make a difference, not a profit—with a donation of any amount today. We need more donations than normal to come in from this specific blurb to help close our funding gap before it gets any bigger.

payment methods

WHO DOESN’T LOVE A POSITIVE STORY—OR TWO?

“Great journalism really does make a difference in this world: it can even save kids.”

That’s what a civil rights lawyer wrote to Julia Lurie, the day after her major investigation into a psychiatric hospital chain that uses foster children as “cash cows” published, letting her know he was using her findings that same day in a hearing to keep a child out of one of the facilities we investigated.

That’s awesome. As is the fact that Julia, who spent a full year reporting this challenging story, promptly heard from a Senate committee that will use her work in their own investigation of Universal Health Services. There’s no doubt her revelations will continue to have a big impact in the months and years to come.

Like another story about Mother Jones’ real-world impact.

This one, a multiyear investigation, published in 2021, exposed conditions in sugar work camps in the Dominican Republic owned by Central Romana—the conglomerate behind brands like C&H and Domino, whose product ends up in our Hershey bars and other sweets. A year ago, the Biden administration banned sugar imports from Central Romana. And just recently, we learned of a previously undisclosed investigation from the Department of Homeland Security, looking into working conditions at Central Romana. How big of a deal is this?

“This could be the first time a corporation would be held criminally liable for forced labor in their own supply chains,” according to a retired special agent we talked to.

Wow.

And it is only because Mother Jones is funded primarily by donations from readers that we can mount ambitious, yearlong—or more—investigations like these two stories that are making waves.

About that: It’s unfathomably hard in the news business right now, and we came up about $28,000 short during our recent fall fundraising campaign. We simply have to make that up soon to avoid falling further behind than can be made up for, or needing to somehow trim $1 million from our budget, like happened last year.

If you can, please support the reporting you get from Mother Jones—that exists to make a difference, not a profit—with a donation of any amount today. We need more donations than normal to come in from this specific blurb to help close our funding gap before it gets any bigger.

payment methods

We Recommend

Latest

Sign up for our free newsletter

Subscribe to the Mother Jones Daily to have our top stories delivered directly to your inbox.

Get our award-winning magazine

Save big on a full year of investigations, ideas, and insights.

Subscribe

Support our journalism

Help Mother Jones' reporters dig deep with a tax-deductible donation.

Donate