Downloads 
| Reverse engineering a SCADA hoax |
|
|
| Written by Rubén | |
| Monday, 18 April 2011 | |
|
Well, before the snowball becomes bigger (too late I guess) I'll try to explain why I think the FPL hack is an hoax.
Here comes my revenge for illegitimate firing from Florida Power & Light Company (FPL) ... ain't nothing you can do with it, since your electricity is turned off !!!D'Oh, not very original, disgruntled former engineer...if real, too many clues... Secure you SCADA better! Leaked files are attached ...1)http://img838.imageshack.us/i/49986845.png/ Taking into account it claims he hacked a 200 MW /136 turbines wind farm, those 3945KW/135KWh make non sense for a large wind energy facility. Another weird thing is the "energie" button (energy in german language). Wind speed metered in m/s without mentioning mph is still possible so it's ok for me. 2) http://img838.imageshack.us/i/24380855.png/ 3) http://img24.imageshack.us/i/58868342.png/ Either you have WinCC or GIMP/Paint/Photshop you'll be able to create this creepy sinoptic. If you manage to convince me that a 200MW facility is controlled by this sinoptic, I'll kiss your shiny metal ass. Even the lines are malformed. The input voltage line for the sinamics s120 is used as feeder for 'whatever' those fans are representing . Absurd. Also note the custom messages in german...Everybody knows that at FPL german is the corporate language ¬¬ 4) http://img228.imageshack.us/i/85258364.png/ ftp://goxftp01.fpl.com/pub/oasis/ ...no comment 5) http://img163.imageshack.us/i/90736853.png/ 6) http://img217.imageshack.us/i/55439027.png/ 7) http://img40.imageshack.us/i/87526089.png/ 8) http://img864.imageshack.us/i/94061747.png/ Lifted from the following public document ftp://goxftp01.fpl.com/pub/oasis/switchyardreliability/switchyardreliability.pdf ...no comment 161.154.232.65 HTTP/1.0 401 Unauthorized Date: Sat, 05 Feb 2011 23:43:13 GMT Server: VTS 9.0.05 Content-Type: text/html Content-Length: 622 Cache-Control: no-cache WWW-Authenticate: Basic realm="Ft. Sumner SCADA" Cache-control: no-cache="set-cookie" Cache-control: private Set-Cookie: VTS=9.0005;Version=1;Path=/ Set-Cookie: SessionID=0;Version=1;Path=/Ft. Sumner SCADA/cc8620ba-ad1a-4ae9-96ed-036c22c3576a Set-Cookie: SessionID=0;Version=1;Path=/Ft%2e%20Sumner%20SCADA/cc8620ba-ad1a-4ae9-96ed-036c22c..IP does not match the headers. Headers correspond to a computer running water-treatment HMI software developed by Trihedral. Server: VTS is the key.Some time ago I reported to ICS-CERT that dozens of facilities running this software could be accessed by using default password. People behind this hoax probably used this info to reinforce the hoax due to "WWW-Authenticate: Basic realm="Ft. Sumner SCADA" linking it to Fort Sumner, where this wind farm is located. Morever, according to public docs the wind farm operates 136 1.5 MW GE turbines, likely controlled by GE's hardware/software...WindControl,WindSCADA... The CISCO IOS config is not anything special... Conclusion: FAKE. |
|
| Last Updated ( Monday, 18 April 2011 ) |
| < Prev | Next > |
|---|
