25 Jul
2025
25 Jul
'25
9:12 p.m.
As part of my day job, I have been involved with ethical hacking of some
SCADA environments.
Typically, they use encrypted radios for communicating with remote sites.
The RF side is pretty good. But, once you are at a remote site and you
open an outside control box beside some pumps, they almost never have the
alarm sensors configured and you can access the data side of the encrypted
radio. Once there, everything is like a university network (hard on the
outside, soft and squishy inside)!
And because it's SCADA, nobody flashes firmware or does other upgrades,
because they are scared of the system coming down. So the list of open
exploits is massive. Sometimes they even trust network traffic coming in
from the SCADA environment because they think it's secure, and it provides
a useful launchpad into the corporate network..... Then it gets fun.
Kindest regards,
Doug Jackson
em: doug(a)doughq.com
ph: 0414 986878
Follow my amateur radio adventures at vk1zdj.net
On Sat, 26 Jul 2025 at 11:00, Jon Elson via cctalk <cctalk(a)classiccmp.org>
wrote:
On 7/25/25 15:28, Fred Cisin via cctalk wrote:
Well, this was during the "cold" war. This prank moved the
meter toward the hot side a bit. But, the Russians couldn't
really complain, they KNEW they were taking a risk to try to
circumvent trade restrictions.
Get hold of the book Spycraft" by Robert Wallace and H.
Keith Melton, there are a bunch of similar stories described
there.
Jon
Also, way
back, there was a case where a SCADA
manufacturer thought some of their gear was being bought
for the trans-Siberia pipeline, and couldn't be sold for
that under trade restrictions. Somebody at that company
got in touch with a contact at the CIA, and asked if they
wanted to insert a "feature" into those units. They put
in a time bomb that was essentially the same as the Y2K
shutdown, and blew up the entire pipeline when all the
valves slammed shut at the same time. This info was
reported by the famous Jack Anderson in the Washington Post.
That's not just a nasty prank, that is an act of war.