Eideard

Malicious virus shuttered power plant – introduced by employee

with one comment


Duh!

A computer virus attacked a turbine control system at a U.S. power company last fall when a technician unknowingly inserted an infected USB computer drive into the network, keeping a plant off line for three weeks, according to a report posted on a U.S. government website.

The Department of Homeland Security report did not identify the plant but said criminal software, which is used to conduct financial crimes such as identity theft, was behind the incident.

It was introduced by an employee of a third-party contractor that does business with the utility…

In addition to not identifying the plants, a DHS spokesman declined to say where they are located.

Justin W. Clarke, a security researcher…noted that experts believe Stuxnet was delivered to its target in Iran via a USB drive. Attackers use that technique to place malicious software on computer systems that are “air gapped,” or cut off from the public Internet.

“This is yet another stark reminder that even if a true ‘air gap’ is in place on a control network, there are still ways that malicious targeted or unintentional random infection can occur,” he said.

Yes, you can rely on human beings to do something dumb!

Many critical infrastructure control systems run on Windows XP and Windows 2000, operating systems that were designed more than a decade ago. They have “auto run” features enabled by default, which makes them an easy target for infection because malicious software loads as soon as a USB is plugged into the system unless operators change that setting, Clarke said…

A DHS spokesman could not immediately be reached to comment on the report.

The largest single category of so-called hacking attacks – which had nothing to do with hacking, of course – was spearphishing emails sent to specific employees of public utilities. The emails including a suggestion to “click here” for more information. They did.

About these ads

Written by Ed Campbell

January 18, 2013 at 8:00 pm

One Response

Subscribe to comments with RSS.

  1. I am happy to notice the USB ports in the computers in my little local bank are sealed shut with Crazy Glue.

    god

    January 19, 2013 at 6:26 am


Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

Follow

Get every new post delivered to your Inbox.

Join 1,801 other followers

%d bloggers like this: