Skip to main content


What's In Your Water Now? Hackers

posted onJuly 3, 2012
by l33tdawg

Hackers are known for attacking the computers of banks and government agencies. Now they have a new favorite target: the U.S. water system.

In an unsettling new report on cyber attacks against the nation’s critical infrastructure, the Department of Homeland Security said that water plants were targeted 81 times in 2011, compared with only two incidents in 2010.

Researchers release new batch of SCADA exploits

posted onApril 6, 2012
by l33tdawg

Researchers have released two new exploits that attack common design vulnerabilities in a computer component used to control critical infrastructure, such as refineries and factories.

The exploits would allow someone to hack the system in a manner similar to how the Stuxnet worm attacked nuclear centrifuges in Iran, a hack that stunned the security world with its sophistication and ability to use digital code to create damage in the physical world. 

Valentine's Day present for SCADA hackers: New exploit tools

posted onFebruary 10, 2012
by l33tdawg

There's good news for people who love bad news about the security of industrial control systems. At the SCADA Security Scientific Symposium (S4) in Miami Beach in January, there were a host of new security vulnerabilities unearthed in popular programmable logic controllers (PLCs) and Supervisory Control and Data Acquisition (SCADA) systems, the devices and software that are used to control all manner of critical infrastructure and industrial plants.

Hacking critical infrastructure systems now as easy as pushing a button?

posted onJanuary 20, 2012
by l33tdawg

Remember Firesheep . . . the addon that was so easy to use that even the clueless could successfully hack Facebook and Twitter accounts via Wi-Fi? In some scarier than your average security news, thanks to several Program Logic Controllers (PLC) exploits that were added to Metasploit today, "hacking SCADA systems can be push of a button easy," tweeted HD Moore, CSO of Rapid7 and Chief Architect of Metasploit.

SCADA-logical: DoS vulnerabilities in Rockwell Automation FactoryTalk disclosed

posted onJanuary 19, 2012
by l33tdawg

Luigi Auriemma has uncovered multiple denial of service (DoS) vulnerabilities in Rockwell Automation's FactoryTalk supervisory control and data acquisition (SCADA) product, the Industrial Control Systems Cyber Emergency Response Team (ICS-CERT) announced.

The vulnerabilities are exploitable by sending specially crafted packets to the server, which can result in a DoS attack, according to an ICS-CERT advisory.

Is Your SCADA Vulnerable to a Cyber Attack? Call 1-800-USA-0DAY

posted onJanuary 11, 2012
by l33tdawg

"You can't change a password or your lights will go out!" yelled out a woman sitting in the audience of a workshop on how to secure a SCADA system. The woman identified herself as an engineer at a New York electric company.

"It would take us 5 years and $25 million to change a SCADA system," she said.  Her comments were in response to a presentation delivered by Blake Cornell, an independent security researcher speaking at the third annual International Conference on Cyber Security here in New York City.

Energy Department to analyze power grid cyber threats

posted onJanuary 10, 2012
by l33tdawg

U.S. Energy Secretary Steven Chu has unveiled an initiative that seeks to further protect the power grid from cyber attacks.

The Electric Sector Cybersecurity Risk Management Maturity project, a federal program to find and contain gaps in the cyber security defenses protecting the nation's electric grid, will be headed by the Department of Energy (DOE), with assistance from the Department of Homeland Security (DHS) and the private sector. The program originated from a proposal from the White House.