25 Jul
2025
25 Jul
'25
12:09 a.m.
Greetings,
Been a long while since i have posted in on here. I usually discuss my pdp 11 and vax
systems. I have decided to pivot my career to scada syatems. The company i am with has
some interesting stuff that goes pretty far back. Our custom in house tech is a plc pump
controller with a radio connection for data logging and control. Pretty cool, 8051 based,
with a version of basic in rom that has scada functions added. The backend servers are
just linux systems, although in a modular backplane for easy replacement.
I have not read much about this tech outside of what we have in house. Are there other
historic scada system computers or technologies that are similar, easily found on ebay for
example?
Ive seen some mention of old allen bradley stuff, but not much notes on how it would be
used remotely in the field, as a remote terminal unit.
Any suggestions are appriciated, trying to read more into scada tech outside of my
company's tech.
Thanks,
Devin D.
25 Jul
25 Jul
11:05 a.m.
On 7/24/25 23:09, Devin via cctalk wrote:
Greetings,
Been a long while since i have posted in on here. I usually discuss my pdp 11 and vax
systems. I have decided to pivot my career to scada syatems. The company i am with has
some interesting stuff that goes pretty far back. Our custom in house tech is a plc pump
controller with a radio connection for data logging and control. Pretty cool, 8051 based,
with a version of basic in rom that has scada functions added. The backend servers are
just linux systems, although in a modular backplane for easy replacement.
I have not read much about this tech outside of what we have in house. Are there other
historic scada system computers or technologies that are similar, easily found on ebay for
example?
Ive seen some mention of old allen bradley stuff, but not much notes on how it would be
used remotely in the field, as a remote
terminal unit.
Allen-Bradley made a bunch of SCADA gear that was used in
power substations.
I think theirs MIGHT have been the one that was responsible
for the Y2K scare, but it might have been somebody else's unit.
Also, way back, there was a case where a SCADA manufacturer
thought some of their gear was being bought for the
trans-Siberia pipeline, and couldn't be sold for that under
trade restrictions. Somebody at that company got in touch
with a contact at the CIA, and asked if they wanted to
insert a "feature" into those units. They put in a time bomb
that was essentially the same as the Y2K shutdown, and blew
up the entire pipeline when all the valves slammed shut at
the same time. This info was reported by the famous Jack
Anderson in the Washington Post.
Jon
1:13 p.m.
Oh is this public now? I remember this, it was hilarious. Imagine what
happens when all your valves go to "open" or "closed" at once.
I wonder if this led to the downfall of the Soviet Union. Just think
about how you would feel if you suddenly realized that all the
infrastructure based on chips and designs that you stole was now 100%
suspect and could blow up at any time.
VAX, PDP11, etc.... And remember when the Pentium "bug" came out? Wasn't
that just weird....
Ah fun stuff no doubt.
Also, way back, there was a case where a SCADA
manufacturer thought some
of their gear was being bought for the trans-Siberia pipeline, and
couldn't be sold for that under trade restrictions. Somebody at that
company got in touch with a contact at the CIA, and asked if they wanted
to insert a "feature" into those units. They put in a time bomb that was
essentially the same as the Y2K shutdown, and blew up the entire
pipeline when all the valves slammed shut at the same time. This info
was reported by the famous Jack Anderson in the Washington Post.
Jon
1:25 p.m.
On Jul 25, 2025, at 1:13 PM, cz via cctalk
<cctalk(a)classiccmp.org> wrote:
Oh is this public now? I remember this, it was hilarious. Imagine what happens when all
your valves go to "open" or "closed" at once....
It reminds me a bit of the opening scene of Red Storm Rising -- Tom Clancy's second
novel though actually a not well credited collaboration with Larry Bond, and in some ways
more reminiscent of Bond's work than Clancy's. Great stuff, in any case.
paul
Also, way
back, there was a case where a SCADA manufacturer thought some of their gear was being
bought for the trans-Siberia pipeline, and couldn't be sold for that under trade
restrictions. Somebody at that company got in touch with a contact at the CIA, and asked
if they wanted to insert a "feature" into those units. They put in a time bomb
that was essentially the same as the Y2K shutdown, and blew up the entire pipeline when
all the valves slammed shut at the same time. This info was reported by the famous Jack
Anderson in the Washington Post.
Jon
1:45 p.m.
pdp 14
westhead associates (unknown canadian company) cpm based system i have the
manuals and software for their pdm800 system
GE fanuc
USDATA hmi
siemens who is notorious for buying up the companies u seek to learn about
gould have manuals for some of that
modicon
i think motorola got into it for a bit as well
On Fri, Jul 25, 2025 at 12:35 PM Paul Koning via cctalk <
cctalk(a)classiccmp.org> wrote:
On Jul 25, 2025, at 1:13 PM, cz via cctalk
<cctalk(a)classiccmp.org>
wrote:
Oh is this public now? I remember this, it was hilarious. Imagine what
happens when all your valves go to "open" or "closed" at
once....
It reminds me a bit of the opening scene of Red Storm Rising -- Tom
Clancy's second novel though actually a not well credited collaboration
with Larry Bond, and in some ways more reminiscent of Bond's work than
Clancy's. Great stuff, in any case.
paul
> Also, way back, there was a case where a
SCADA manufacturer thought
some of their gear was being bought for the trans-Siberia pipeline, and
couldn't be sold for that under trade restrictions. Somebody at that
company got in touch with a contact at the CIA, and asked if they wanted to
insert a "feature" into those units. They put in a time bomb that was
essentially the same as the Y2K shutdown, and blew up the entire pipeline
when all the valves slammed shut at the same time. This info was reported
by the famous Jack Anderson in the Washington Post.
Jon
1:49 p.m.
allen bradly as well yes they had a full system from plc to terminal
software and all. they had courses u took on how to use their stuff was
very contaquerious from what i understand
i also know of pdp11/23's being setup in the 70's to run the controls at
fox and rutan mines mills witch were bleeding edge won awards for its time
On Fri, Jul 25, 2025 at 12:45 PM Adrian Stoness <tdk.knight(a)gmail.com>
wrote:
pdp 14
westhead associates (unknown canadian company) cpm based system i have the
manuals and software for their pdm800 system
GE fanuc
USDATA hmi
siemens who is notorious for buying up the companies u seek to learn about
gould have manuals for some of that
modicon
i think motorola got into it for a bit as well
On Fri, Jul 25, 2025 at 12:35 PM Paul Koning via cctalk <
cctalk(a)classiccmp.org> wrote:
>
>
> > On Jul 25, 2025, at 1:13 PM, cz via cctalk <cctalk(a)classiccmp.org>
> wrote:
> >
> > Oh is this public now? I remember this, it was hilarious. Imagine what
> happens when all your valves go to "open" or "closed" at
once....
>
> It reminds me a bit of the opening scene of Red Storm Rising -- Tom
> Clancy's second novel though actually a not well credited collaboration
> with Larry Bond, and in some ways more reminiscent of Bond's work than
> Clancy's. Great stuff, in any case.
>
> paul
>
> >> Also, way back, there was a case where a SCADA manufacturer thought
> some of their gear was being bought for the trans-Siberia pipeline, and
> couldn't be sold for that under trade restrictions. Somebody at that
> company got in touch with a contact at the CIA, and asked if they wanted to
> insert a "feature" into those units. They put in a time bomb that was
> essentially the same as the Y2K shutdown, and blew up the entire pipeline
> when all the valves slammed shut at the same time. This info was reported
> by the famous Jack Anderson in the Washington Post.
> >> Jon
> >
>
>
2:27 p.m.
Yep, one of my first joblets was programming Allen Bradley PLC's at Beth
Steel Sparrow's point using ladder logic. I remember asking a guy what
happened if I made a mistake, seeing all the massive steel ladles and such.
His response "People die".
What a fun time....
On 7/25/2025 1:49 PM, Adrian Stoness via cctalk wrote:
allen bradly as well yes they had a full system from
plc to terminal
software and all. they had courses u took on how to use their stuff was
very contaquerious from what i understand
i also know of pdp11/23's being setup in the 70's to run the controls at
fox and rutan mines mills witch were bleeding edge won awards for its time
On Fri, Jul 25, 2025 at 12:45 PM Adrian Stoness <tdk.knight(a)gmail.com>
wrote:
> pdp 14
> westhead associates (unknown canadian company) cpm based system i have the
> manuals and software for their pdm800 system
> GE fanuc
> USDATA hmi
> siemens who is notorious for buying up the companies u seek to learn about
> gould have manuals for some of that
> modicon
> i think motorola got into it for a bit as well
>
>
> On Fri, Jul 25, 2025 at 12:35 PM Paul Koning via cctalk <
> cctalk(a)classiccmp.org> wrote:
>
>>
>>
>>> On Jul 25, 2025, at 1:13 PM, cz via cctalk <cctalk(a)classiccmp.org>
>> wrote:
>>>
>>> Oh is this public now? I remember this, it was hilarious. Imagine what
>> happens when all your valves go to "open" or "closed" at
once....
>>
>> It reminds me a bit of the opening scene of Red Storm Rising -- Tom
>> Clancy's second novel though actually a not well credited collaboration
>> with Larry Bond, and in some ways more reminiscent of Bond's work than
>> Clancy's. Great stuff, in any case.
>>
>> paul
>>
>>>> Also, way back, there was a case where a SCADA manufacturer thought
>> some of their gear was being bought for the trans-Siberia pipeline, and
>> couldn't be sold for that under trade restrictions. Somebody at that
>> company got in touch with a contact at the CIA, and asked if they wanted to
>> insert a "feature" into those units. They put in a time bomb that was
>> essentially the same as the Y2K shutdown, and blew up the entire pipeline
>> when all the valves slammed shut at the same time. This info was reported
>> by the famous Jack Anderson in the Washington Post.
>>>> Jon
>>>
>>
>>
2:47 p.m.
cz via cctalk wrote:
Oh is this public now? I remember this, it was
hilarious. Imagine what
happens when all your valves go to "open" or "closed" at once.
I wonder if this led to the downfall of the Soviet Union. Just think about
how you would feel if you suddenly realized that all the infrastructure
based on chips and designs that you stole was now 100% suspect and could
blow up at any time.
VAX, PDP11, etc.... And remember when the Pentium "bug" came out? Wasn't
that just weird....
Ah fun stuff no doubt.
For most ppl here it seems impossible to realize that nothing of this
stuff could bei "copied" w/o to understand what's going on on the chip
and modify the layous etc. to fit the local foundry technology.
For Example.. there is the J11 ..this is a two chip IC, the Russians
have made an K1801VM1, VM2 and VM3 ..all single chip designs.
They made the N1806VM2 ..an CMOS chip, the K1801VM2 is the NMOS
Eqiuvalent.
The first "cloned" VAX was an chip that was an 11/730 in original..a
bunch of pcbs. They cloned a chip, that never existed. They build their
own hardware regarding the processor manual.
Yes, there are clones of the J11, DECs fastest PDP11..but this chip made
by Harris wasn't truly a success..it never reached the clock rates they
have planned. but russians build thier own chips also, this for example:
https://www.rouming.cz/roumingShow.php?file=elektronika-mk-90.jpg
I've worked some time on a east german VAX11/780: Robotron RVS K1840,
An real clone, besides of the fact that it had an K1620 MOS Bit Slice
PDP11 made in the GDR in it as console computer and there where 2 5,25"
Floppies instead of an 8"...
And the MVAXII was cloned in the GDR and in the Soviet Union
independently. After the fall of the iron curtain DEC employed all the
People working in Dresden at Robotron that build the VAX clones.
So Please: Don't think Russians are evil, nor they are stupid. Think
more about US Delta rockets using RD180 Engines from Rossia since
the USA couldn't build such efficient Engines itself..
https://www.youtube.com/watch?v=TMbl_ofF3AM
And next..there is not only an CIA and an NSA ..there are other
"intelligence" services on the world and they doing ther job..
russian PDP11:
https://www.tiffe.de/images/oleg/
.. the PCBs and it's connectors are all metric..
Russians built home computers with ther PDP11 CPUs (K1801VM1)
https://www.tiffe.de/Robotron/PDP-VAX/BK/
Schematics of the K1801VM2 CPU (big!)
https://www.tiffe.de/Robotron/PDP-VAX/russisch/K1801VM2/
Nice Jet on this:
https://www.tiffe.de/Robotron/PDP-VAX/russisch/K1801VM2/p010.jpg
That's the K1801VM3 chip, with integrated MMU:
https://www.tiffe.de/images/K1801BM3.jpg
VM3's on the left, H1806VM2 on the right, K1801VM2 at bottom:
https://www.tiffe.de/images/K1801-1.jpg
...which one is a "clone"??
Some sort of an LSI11: (M2 CPU)
https://www.tiffe.de/Robotron/PDP-VAX/E60/CPU-oben.jpg
Magnet Tape Controller from that thing above:
https://www.tiffe.de/Robotron/PDP-VAX/E60/I17.jpg
Yes, that are russian AM2901s..
Thats an Elektronika DBK, with the M2 CPU from above:
https://www.tiffe.de/Robotron/PDP-VAX/E60/DSCF0065.JPG
That's DEC..simply nice to look at:
https://www.tiffe.de/Robotron/PDP-VAX/Kernspeicher/
Regards,
Holm
..and no, I'n not a russian, but I have russian and ukrainian Friends.
--
Technik Service u. Handel Tiffe, www.tsht.de, Holm Tiffe,
Goethestrasse 15, 09569 Oederan, USt-Id: DE253710583
info(a)tsht.de Tel +49 37292 709778 Mobil: 0172 8790 741
4:28 p.m.
Also, way back, there was a case where a SCADA
manufacturer thought some of
their gear was being bought for the trans-Siberia pipeline, and couldn't be
sold for that under trade restrictions. Somebody at that company got in
touch with a contact at the CIA, and asked if they wanted to insert a
"feature" into those units. They put in a time bomb that was essentially
the same as the Y2K shutdown, and blew up the entire pipeline when all the
valves slammed shut at the same time. This info was reported by the
famous Jack Anderson in the Washington Post.
That's not just a nasty prank, that is an act of war.
4:39 p.m.
On 07/25/2025 4:28 PM EDT Fred Cisin via cctalk
<cctalk(a)classiccmp.org> wrote:
That's not just a nasty prank, that is an act of war.
More details here:
https://www.controleng.com/throwback-attack-the-u-s-hits-russia-with-the-fi…
Will
8:54 p.m.
On 7/25/25 15:28, Fred Cisin via cctalk wrote:
Well, this was during the "cold" war. This prank moved the
meter toward the hot side a bit. But, the Russians couldn't
really complain, they KNEW they were taking a risk to try to
circumvent trade restrictions.
Get hold of the book Spycraft" by Robert Wallace and H.
Keith Melton, there are a bunch of similar stories described
there.
Jon
Also, way
back, there was a case where a SCADA
manufacturer thought some of their gear was being bought
for the trans-Siberia pipeline, and couldn't be sold for
that under trade restrictions. Somebody at that company
got in touch with a contact at the CIA, and asked if they
wanted to insert a "feature" into those units. They put
in a time bomb that was essentially the same as the Y2K
shutdown, and blew up the entire pipeline when all the
valves slammed shut at the same time. This info was
reported by the famous Jack Anderson in the Washington Post.
That's not just a nasty prank, that is an act of war.
9:12 p.m.
As part of my day job, I have been involved with ethical hacking of some
SCADA environments.
Typically, they use encrypted radios for communicating with remote sites.
The RF side is pretty good. But, once you are at a remote site and you
open an outside control box beside some pumps, they almost never have the
alarm sensors configured and you can access the data side of the encrypted
radio. Once there, everything is like a university network (hard on the
outside, soft and squishy inside)!
And because it's SCADA, nobody flashes firmware or does other upgrades,
because they are scared of the system coming down. So the list of open
exploits is massive. Sometimes they even trust network traffic coming in
from the SCADA environment because they think it's secure, and it provides
a useful launchpad into the corporate network..... Then it gets fun.
Kindest regards,
Doug Jackson
em: doug(a)doughq.com
ph: 0414 986878
Follow my amateur radio adventures at vk1zdj.net
On Sat, 26 Jul 2025 at 11:00, Jon Elson via cctalk <cctalk(a)classiccmp.org>
wrote:
On 7/25/25 15:28, Fred Cisin via cctalk wrote:
Well, this was during the "cold" war. This prank moved the
meter toward the hot side a bit. But, the Russians couldn't
really complain, they KNEW they were taking a risk to try to
circumvent trade restrictions.
Get hold of the book Spycraft" by Robert Wallace and H.
Keith Melton, there are a bunch of similar stories described
there.
Jon
Also, way
back, there was a case where a SCADA
manufacturer thought some of their gear was being bought
for the trans-Siberia pipeline, and couldn't be sold for
that under trade restrictions. Somebody at that company
got in touch with a contact at the CIA, and asked if they
wanted to insert a "feature" into those units. They put
in a time bomb that was essentially the same as the Y2K
shutdown, and blew up the entire pipeline when all the
valves slammed shut at the same time. This info was
reported by the famous Jack Anderson in the Washington Post.
That's not just a nasty prank, that is an act of war.
8:45 p.m.
On 7/25/25 12:13, cz via cctalk wrote:
Oh is this public now? I remember this, it was
hilarious.
Imagine what happens when all your valves go to "open" or
"closed" at once.
Well, it was in the Washington Post (I think) so that is
pretty public.
I wonder if this led to the downfall of the Soviet
Union.
Just think about how you would feel if you suddenly
realized that all the infrastructure based on chips and
designs that you stole was now 100% suspect and could blow
up at any time.
Well, it sure didn't help. It took them several years to
rebuild the pipeline. But, I think the stinger missile was
what ultimately brought them down, as well as "Star Wars"
ie. Reagan's SDI.
It was said some time ago by a major US computer scientist
that their copying the IBM 360 as their BESM 1060 set their
computer industry back a full decade.
Jon
3:09 p.m.
On 25/07/2025 16:05, Jon Elson via cctalk wrote:
On 7/24/25 23:09, Devin via cctalk wrote:
5 or so years back there was someone selling Ferranti Argus boards on
eBay. They weren't cheap, but I'm kind of kicking myself that I didn't
pick up at least one or two. I enquired as to whether he had a card
frame and other parts for a complete system and he did for his own
testing purposes, but not for sale. He claimed he still had customers
running Argus systems for industrial control. I've since learned that up
until quite recently there were UK nuclear power stations running Argus
500 based control systems.
When I worked for British Gas in the early 90s we had an in-house
developed TMS9900-based telemetry outstation, which was used to manage
remote gas and radio sites — we had our own national microwave networks
and PMR radio etc. — and this would also relay intruder, fire and UPS
etc. alarms. Outstations connected back to the main SCADA system via a
UHF radio and little yagi antenna pointing at the nearest radio site (if
not located at one). It's crazy to think now that this would have been a
simple protocol, with no security, controlling valves on HP gas lines,
huge compressors, big boilers (to heat pressure reduction equipment to
prevent it freezing) and all manner of critical infrastructure.
The SCADA system was based on a VAXserver 3800 cluster, with VAXstation
2000 satellite nodes equipped with 21" displays for the 24/7 grid
control team. IIRC the SCADA system was developed by Logica. We had a
contract with DEC whereby we'd have a full stock of parts and swap out
boards and drives etc.
The previous system was a Cossor 9900-based mini with Pertec drives and
this languished in a corner of the workshop. I'm not sure if this
influenced the telemetry outstation CPU choice, as that would have been
developed around the same time. I can't imagine there were many sites
running Cossor minis, but IIRC Heathrow Airport in London had a
9900-based air traffic control system from them.
The previous to that — and very first — grid control computer was also
sitting in a garage building. This was an Elliott system and I couldn't
say what model (I was more interested in electronics and radio at the
time). Sad to say that this and the Cossor were sold for scrap.
Another curio from that time was a simple device called, I think, a
"radac". This was a magnetic drum audio recorder and tracks would be
recorded with the site name and alarm messages. On being triggered it
would autodial a number which would be routed to whoever was on call,
who would then be greeted by this slightly robotic sounding message.
There were still one or two in use at simpler sites. I've since not
managed to find any information on this, but have wondered if one could
be found, if it might lend itself to being adapted for use as a very
small drum store.
Andrew
Greetings,
Been a long while since i have posted in on here. I usually discuss my pdp 11 and vax
systems. I have decided to pivot my career to scada syatems. The company i am with has
some interesting stuff that goes pretty far back. Our custom in house tech is a plc pump
controller with a radio connection for data logging and control. Pretty cool, 8051 based,
with a version of basic in rom that has scada functions added. The backend servers are
just linux systems, although in a modular backplane for easy replacement.
I have not read much about this tech outside of what we have in house. Are there other
historic scada system computers or technologies that are similar, easily found on ebay for
example?
Ive seen some mention of old allen bradley stuff, but not much notes on how it would be
used remotely in the field, as a remote
terminal unit.
Allen-Bradley made a bunch of SCADA gear that was used in
power substations.
9:06 p.m.
He he,
And that, is precisely why the Australian Government advice for managing
secure computer systems includes this requirement:
Control: ISM-1800; Revision: 0; Updated: Sep-22; Applicability: NC, OS, P,
S, TS; Essential Eight: N/A Network devices are flashed with trusted
firmware before they are used for the first time.
Also, there are a heap of supply chain controls - essentially anything from
a US vendor that may have been side shipped through the CIA is treated as
being untrusted (cough cough CISCO) and is inspected and re-flashed before
use:
Control: ISM-1568; Revision: 7; Updated: Jun-25; Applicability: NC, OS, P,
S, TS; Essential Eight: N/A Operating systems, applications, IT equipment,
OT equipment and services are procured from suppliers that have
demonstrated a commitment to the security of their products and services.
Control: ISM-1882; Revision: 3; Updated: Jun-25; Applicability: NC, OS, P,
S, TS; Essential Eight: N/A Operating systems, applications, IT equipment,
OT equipment and services are procured from suppliers that have
demonstrated a commitment to transparency for their products and services.
Control: ISM-1632; Revision: 6; Updated: Jun-25; Applicability: NC, OS, P,
S, TS; Essential Eight: N/A Operating systems, applications, IT equipment,
OT equipment and services are procured from suppliers that have a strong
track record of maintaining the security of their own systems.
if anybody is bored, the entire UNCLASSIFIED Information Security Manual
document is available for the public here:
https://www.cyber.gov.au/resources-business-and-government/essential-cybers…
Full disclaimer - Day job is to help government agencies make sure they
have correctly implemented all of those controls :-)
Kindest regards,
Doug Jackson
em: doug(a)doughq.com
ph: 0414 986878
Follow my amateur radio adventures at vk1zdj.net
On Sat, 26 Jul 2025 at 01:10, Jon Elson via cctalk <cctalk(a)classiccmp.org>
wrote:
On 7/24/25 23:09, Devin via cctalk wrote:
Greetings,
Been a long while since i have posted in on here. I usually discuss my
pdp 11 and vax systems. I have decided to pivot my career to scada syatems.
The company i am with has some interesting stuff that goes pretty far back.
Our custom in house tech is a plc pump controller with a radio connection
for data logging and control. Pretty cool, 8051 based, with a version of
basic in rom that has scada functions added. The backend servers are just
linux systems, although in a modular backplane for easy replacement.
I have not read much about this tech outside of what we have in house.
Are there other historic scada system computers or technologies that are
similar, easily found on ebay for example?
Ive seen some mention of old allen bradley stuff, but not much notes on
how it would be used remotely in the field, as a remote
terminal unit.
Allen-Bradley made a bunch of SCADA gear that was used in
power substations.
I think theirs MIGHT have been the one that was responsible
for the Y2K scare, but it might have been somebody else's unit.
Also, way back, there was a case where a SCADA manufacturer
thought some of their gear was being bought for the
trans-Siberia pipeline, and couldn't be sold for that under
trade restrictions. Somebody at that company got in touch
with a contact at the CIA, and asked if they wanted to
insert a "feature" into those units. They put in a time bomb
that was essentially the same as the Y2K shutdown, and blew
up the entire pipeline when all the valves slammed shut at
the same time. This info was reported by the famous Jack
Anderson in the Washington Post.
Jon
0
days inactive
1
days old
14 comments
10 participants
participants (10)
-
Adrian Stoness -
Andrew Back -
cz -
Devin -
Doug Jackson -
Fred Cisin -
Holm Tiffe -
Jon Elson -
Paul Koning -
wrcooke@wrcooke.net