Scada Hacking and Awareness by Shahmeer Amir
Transcript of Scada Hacking and Awareness
Who are these Guys...?
Basically we are people who spend 15/24 hours in front of the LCD screens ruining our eyes....
A little bit Introduction about Us:
Co-Founders, Author and Penetration tester at Maads Security.
Penetration tester at Rewterz InfoSec
IT officers of Malaysian Enterprise DMM
Certified Penetration Testers from Mile2
Trained and Certified Ethical Hackers from CTTC Pakistan by EC-Council
Certified Virtualization Specialists by VM-Ware
SCADA Hacking & Awareness
Developers of Pakistan's First Publicly Released Penetration testing OS
Acknowledged Security Researchers by
Oracle, LinkedIn, Adobe, Mozilla etc. The list goes on for 50...
Currently Authoring A Wireless Penetration
testing Guide Book "Attacking the Air"
AGENDA:
SCADA System
Working of a SCADA Network
Cyber Security Past and Present
Vulnerabilities of a SCADA Network
SCADA Security in the Light of Cyber Warfare(Stuxnet)
Security Measures against SCADA Systems
Future of SCADA Security
#Live demonstrations
SCADA SYSTEMS
Meaning of SCADA :
Basic Components of a SCADA System:
If we talk in a Nut-shell and Basic Definition
The term SCADA usually refers to centralized systems which monitor and control entire sites, or complexes of systems spread out over large areas (anything from an industrial plant to a nation)
What is a SCADA System?
Why was there a need for SCADA?
SCADA is the abbreviation of Supervisory Control and Data Acquisition
A SCADA system mainly has 5 Components that work as it's subsystem.
1. A Remote Telemetry Unit(s) {RTUs}
2. A Programmable Logic Controller(s) {PLCs}
3. A Telemetry system
4. A Data Acquisition Server
5. A Human Machine Interface
Description Components of a SCADA System:
Supervisory Control and
Data Acquisition
PLCs have more sophisticated embedded control capabilities, typically one or more programming languages, than RTUs
A telemetry system is typically used to connect PLCs and RTUs with control centers, data warehouses, and the enterprise
A data acquisition server is a software service which uses industrial protocols to connect software services, via telemetry, with field devices such as RTUs and PLCs
A human–machine interface or HMI is the apparatus or device which presents processed data to a human operator, and through this, the human operator monitors and interacts with the process.
RTU(s)
PLC(s)
A Data
Acquisition Server
A Human
Machine Interface
Working of a SCADA System
1. Monolithic SCADA Systems
2. Distributed SCADA Systems
3. Networked SCADA Systems
4. SCADA Internet of things
How SCADA Systems and Networks Work?
Vulnerabilities in SCADA:
A Telemetry
System
Generations of a SCADA Systems
Wrote a research paper on "Next Hybird Generation Malware" Published in Hack-tree Magazine Jan 2014
First Security Researchers from Pakistan to be invited to Eclipse Con Conference
SCADA systems that tie together decentralized facilities such as power, oil, and gas pipelines and water distribution and waste water collection systems were designed to be open, robust, and easily operated and repaired, but not necessarily secure.
In modern SCADA systems,
"Something is connected to something that is connected to the internet"
Main Purpose of a SCADA System:
The main purpose of a SCADA system is
1. Gathering
2. Analyzing
3. Reacting
to the information provided by the system
Modern Security issues in a SCADA Network:
Basically there are 4 operations performed by a SCADA system. For this we will take an example of an Oil rig tank system
Data Collection
Communication
of Data across
the Network
Information
to HMI
System Control Functions
Data Collection
The Sensor attached
to the Oil tanker
connected to the Oil
Rig collects data about the height of the Oil that may not exceed 70 meters
Communication of Data across the network
The data collected by the sensor is transferred via Wireless telemetry network to the HMI machine.
Information reporting to HMI
The HMI computer displays the height and other properties like temperature of the Oil inside the tanker to the User.
System Control Functions
As the instructions by the User that the Oil height should not exceed 70 meters, When the height becomes 70 the motors are turned ON which transfer the oil to the
Remote terminal units (RTUs) connect to sensors in the process and converting sensor signals to digital data
Let's see what the news have to say
How Stuxnet Works
!!!
And this is what we feel When we are asked to hack Facebook accounts.
What is Stuxnet...?
Stuxnet is a 500 KB computer malware that targets industrial control systems that are used to monitor and control large scale industrial facilities like power plants, dams, waste processing systems and similar operations.
Stuxnet In the Spotlight.
Worldwide Infection Attempts of Stuxnet
Who created Stuxnet?
Although the authors of Stuxnet haven’t been officially identified, the size and sophistication of the worm have led experts to believe that it could have been created only with the sponsorship of a nation-state, and although no one’s owned up to it, leaks to the press from officials in the
United States and Israel
strongly suggest that those two countries did the deed.
This marks a turning point in geopolitical conflicts, when the apocalyptic scenarios once only imagined in movies like Live Free or Die Hard have finally become plausible. “Fiction suddenly became reality,”
# Demo 1
Shodan
Tons of Vulnerable SCADAS
Our research shows that many SCADA systems that standalone today are vulnerable because of:
Before SCADA, “you had to send people around the plants to close valves and turn on pumps at various times. You”d have to call people and ask them to kick on three specific pumps because you needed more water in the eastern portion of the system. It was very labor-intensive
Monolithic SCADA
Computing was done by mainframe
computers. Networks did not exist at the time SCADA was developed. Thus SCADA systems were independent systems with no connectivity to other systems.
Distributed SCADA
The next generation of SCADA systems
took advantage of developments and improvement in system miniaturization and Local Area Networking (LAN) technology to distribute the processing across multiple systems.
Networked SCADA
The major improvement in the third
generation is that of opening the system architecture, utilizing open standards and protocol and making it possible to distribute SCADA functionality across a WAN and not just a LAN.
SCADA Internet
With the commercial availability of cloud computing, SCADA systems have increasingly adopted Internet of Things technology to significantly reduce infrastructure costs and increase ease of maintenance and integration.
No SCADA based Virus Protection
Device Vendor
interest towards
security
Inappropriate Network
Protocols
Live Internet Protocol
Disclosure
Default Configuration
Make no mistake. Cyberspace is real!
The Brain Virus
Current situation of Cyber Wars around the Globe
Outdated OS
Versions
The Future of SCADA
Drones (Unmanned Air Vehicles)
How Drones are controlled?
The problem is that most SCADA systems are running Microsoft operating systems, and if you are running a Microsoft operating system, you have a target painted on your forehead.
Brain is the oldest known virus on the PC platform and was first detected in 1986 that infected 5 Million Computers for about 20 years.
Brain is a boot sector virus, infecting the first sector of floppies as they are inserted into an infected computer and The volume label is changed to read: "©Brain".
Guess who created the first Virus in the History of Cyberspace?
We did!!!
By "WE" i mean to say 2 Pakistani Brothers from Lahore named
Amjad and Basit
A fascinating fact about the virus is that
When you decompile the code of BRAIN Virus. This is what you get
Mikko Hyponen is the CRO at F-secure decompiled the Code in Finland for the first time and after seeing the code rushed to Pakistan to meet
Amjad and Basit
According to our information three Groups of Destructive hackers are most active Now a days in ICS exploitation
1. Iranian Cyber Army
2. Syrian electronic Army
3. Anonymous
Dedicated Operating Systems for SCADA
Behavior based Specially designed Anti-malware Protection
Limiting Technical Information about Systems.
Multi-tiered and isolate the SCADA network:
Communication Protocol Speciallization and Validation
Vendor provision of Security controls
Here are a few more boring ones:
Data Encryption between HMI and Data server
Firewalls and DMZs Configuration
Read and Write Protection Mechanisms
Hardening of Operating Systems
Latest Patches for Operating Systems
What makes them Unique??
Out of all these three only Iranian Cyber Army has been targeting SCADA systems worldwide.
Anonymous does not need introduction.
Involved in Op Israel, Op Tunisia, Op USA etc.
Target governments an hack for a cause.
Syrian Electronic Army
One of the most active hacker groups
Hacked Twitter, Skype and also Viber, Whats app etc.
These groups are engaged in Hacking and defacing websites
What if they target SCADA systems and national infrastructure.
Overtime the Concept of SCADA has transformed from Stationary Power plants to Flying Air Vehicles
Who are these Guys...?
Basically we are people who spend 15/24 hours in front of the LCD screens ruining our eyes....
A little bit Introduction about Us:
Co-Founders, Author and Penetration tester at Maads Security.
Penetration tester at Rewterz InfoSec
IT officers of Malaysian Enterprise DMM
Certified Penetration Testers from Mile2
Trained and Certified Ethical Hackers from CTTC Pakistan by EC-Council
Certified Virtualization Specialists by VM-Ware
Basically we are people who spend 15/24 hours in front of the LCD screens ruining our eyes....
A little bit Introduction about Us:
Co-Founders, Author and Penetration tester at Maads Security.
Penetration tester at Rewterz InfoSec
IT officers of Malaysian Enterprise DMM
Certified Penetration Testers from Mile2
Trained and Certified Ethical Hackers from CTTC Pakistan by EC-Council
Certified Virtualization Specialists by VM-Ware
SCADA Hacking & Awareness
Developers of Pakistan's First Publicly Released Penetration testing OS
Acknowledged Security Researchers by
Oracle, LinkedIn, Adobe, Mozilla etc. The list goes on for 50...
Currently Authoring A Wireless Penetration
testing Guide Book "Attacking the Air"
AGENDA:
SCADA System
Working of a SCADA Network
Cyber Security Past and Present
Vulnerabilities of a SCADA Network
SCADA Security in the Light of Cyber Warfare(Stuxnet)
Security Measures against SCADA Systems
Future of SCADA Security
#Live demonstrations
SCADA SYSTEMS
Meaning of SCADA :
Basic Components of a SCADA System:
If we talk in a Nut-shell and Basic Definition
The term SCADA usually refers to centralized systems which monitor and control entire sites, or complexes of systems spread out over large areas (anything from an industrial plant to a nation)
What is a SCADA System?
Why was there a need for SCADA?
SCADA is the abbreviation of Supervisory Control and Data Acquisition
A SCADA system mainly has 5 Components that work as it's subsystem.
1. A Remote Telemetry Unit(s) {RTUs}
2. A Programmable Logic Controller(s) {PLCs}
3. A Telemetry system
4. A Data Acquisition Server
5. A Human Machine Interface
Description Components of a SCADA System:
Supervisory Control and
Data Acquisition
PLCs have more sophisticated embedded control capabilities, typically one or more programming languages, than RTUs
A telemetry system is typically used to connect PLCs and RTUs with control centers, data warehouses, and the enterprise
A data acquisition server is a software service which uses industrial protocols to connect software services, via telemetry, with field devices such as RTUs and PLCs
A human–machine interface or HMI is the apparatus or device which presents processed data to a human operator, and through this, the human operator monitors and interacts with the process.
RTU(s)
PLC(s)
A Data
Acquisition Server
A Human
Machine Interface
Working of a SCADA System
1. Monolithic SCADA Systems
2. Distributed SCADA Systems
3. Networked SCADA Systems
4. SCADA Internet of things
How SCADA Systems and Networks Work?
Vulnerabilities in SCADA:
A Telemetry
System
Generations of a SCADA Systems
Wrote a research paper on "Next Hybird Generation Malware" Published in Hack-tree Magazine Jan 2014
First Security Researchers from Pakistan to be invited to Eclipse Con Conference
SCADA systems that tie together decentralized facilities such as power, oil, and gas pipelines and water distribution and waste water collection systems were designed to be open, robust, and easily operated and repaired, but not necessarily secure.
In modern SCADA systems,
"Something is connected to something that is connected to the internet"
Main Purpose of a SCADA System:
The main purpose of a SCADA system is
1. Gathering
2. Analyzing
3. Reacting
to the information provided by the system
Modern Security issues in a SCADA Network:
Basically there are 4 operations performed by a SCADA system. For this we will take an example of an Oil rig tank system
Data Collection
Communication
of Data across
the Network
Information
to HMI
System Control Functions
Data Collection
The Sensor attached
to the Oil tanker
connected to the Oil
Rig collects data about the height of the Oil that may not exceed 70 meters
Communication of Data across the network
The data collected by the sensor is transferred via Wireless telemetry network to the HMI machine.
Information reporting to HMI
The HMI computer displays the height and other properties like temperature of the Oil inside the tanker to the User.
System Control Functions
As the instructions by the User that the Oil height should not exceed 70 meters, When the height becomes 70 the motors are turned ON which transfer the oil to the
Remote terminal units (RTUs) connect to sensors in the process and converting sensor signals to digital data
Let's see what the news have to say
How Stuxnet Works
!!!
And this is what we feel When we are asked to hack Facebook accounts.
What is Stuxnet...?
Stuxnet is a 500 KB computer malware that targets industrial control systems that are used to monitor and control large scale industrial facilities like power plants, dams, waste processing systems and similar operations.
Stuxnet In the Spotlight.
Worldwide Infection Attempts of Stuxnet
Who created Stuxnet?
Although the authors of Stuxnet haven’t been officially identified, the size and sophistication of the worm have led experts to believe that it could have been created only with the sponsorship of a nation-state, and although no one’s owned up to it, leaks to the press from officials in the
United States and Israel
strongly suggest that those two countries did the deed.
This marks a turning point in geopolitical conflicts, when the apocalyptic scenarios once only imagined in movies like Live Free or Die Hard have finally become plausible. “Fiction suddenly became reality,”
# Demo 1
Shodan
Tons of Vulnerable SCADAS
Our research shows that many SCADA systems that standalone today are vulnerable because of:
Before SCADA, “you had to send people around the plants to close valves and turn on pumps at various times. You”d have to call people and ask them to kick on three specific pumps because you needed more water in the eastern portion of the system. It was very labor-intensive
Monolithic SCADA
Computing was done by mainframe
computers. Networks did not exist at the time SCADA was developed. Thus SCADA systems were independent systems with no connectivity to other systems.
Distributed SCADA
The next generation of SCADA systems
took advantage of developments and improvement in system miniaturization and Local Area Networking (LAN) technology to distribute the processing across multiple systems.
Networked SCADA
The major improvement in the third
generation is that of opening the system architecture, utilizing open standards and protocol and making it possible to distribute SCADA functionality across a WAN and not just a LAN.
SCADA Internet
With the commercial availability of cloud computing, SCADA systems have increasingly adopted Internet of Things technology to significantly reduce infrastructure costs and increase ease of maintenance and integration.
No SCADA based Virus Protection
Device Vendor
interest towards
security
Inappropriate Network
Protocols
Live Internet Protocol
Disclosure
Default Configuration
Make no mistake. Cyberspace is real!
The Brain Virus
Current situation of Cyber Wars around the Globe
Outdated OS
Versions
The Future of SCADA
Drones (Unmanned Air Vehicles)
How Drones are controlled?
The problem is that most SCADA systems are running Microsoft operating systems, and if you are running a Microsoft operating system, you have a target painted on your forehead.
Brain is the oldest known virus on the PC platform and was first detected in 1986 that infected 5 Million Computers for about 20 years.
Brain is a boot sector virus, infecting the first sector of floppies as they are inserted into an infected computer and The volume label is changed to read: "©Brain".
Guess who created the first Virus in the History of Cyberspace?
We did!!!
By "WE" i mean to say 2 Pakistani Brothers from Lahore named
Amjad and Basit
A fascinating fact about the virus is that
When you decompile the code of BRAIN Virus. This is what you get
Mikko Hyponen is the CRO at F-secure decompiled the Code in Finland for the first time and after seeing the code rushed to Pakistan to meet
Amjad and Basit
According to our information three Groups of Destructive hackers are most active Now a days in ICS exploitation
1. Iranian Cyber Army
2. Syrian electronic Army
3. Anonymous
Dedicated Operating Systems for SCADA
Behavior based Specially designed Anti-malware Protection
Limiting Technical Information about Systems.
Multi-tiered and isolate the SCADA network:
Communication Protocol Speciallization and Validation
Vendor provision of Security controls
Here are a few more boring ones:
Data Encryption between HMI and Data server
Firewalls and DMZs Configuration
Read and Write Protection Mechanisms
Hardening of Operating Systems
Latest Patches for Operating Systems
What makes them Unique??
Out of all these three only Iranian Cyber Army has been targeting SCADA systems worldwide.
Anonymous does not need introduction.
Involved in Op Israel, Op Tunisia, Op USA etc.
Target governments an hack for a cause.
Syrian Electronic Army
One of the most active hacker groups
Hacked Twitter, Skype and also Viber, Whats app etc.
These groups are engaged in Hacking and defacing websites
What if they target SCADA systems and national infrastructure.
Overtime the Concept of SCADA has transformed from Stationary Power plants to Flying Air Vehicles
About Ali Zain
0 comments:
Post a Comment