Reversemode

Index Introduction PhysicsFiction state_monitor state_physics state_physics #2 — A key part state_physics #3 — The attack What about the target? Conclusions Introduction This past friday Juan Andres Guerrero-Saade and Vitaly Kamluk published an extraordinary piece of research, which uncovered a 20 years old sophisticated malware, plausibly attributed to state actors. What is outstanding about this implant is, as the authors mention, that "fast16.sys selectively targets high-precision calculation software, patching code in memory to tamper with results." That's insane…and very real. I'll try to contribute to the public understanding of Fast16 by digging into the function that targets the physics simulations. At this point, there is little left to add about Stuxnet, but it is important to use it as a temporal reference, because Fast16 was allegedly active years before the malware that changed everything. Around 2...

  The "mystery" of what happened at the "Núñez de Balboa" photovoltaic power plant is, to this day, one of the most significant unresolved questions of the Iberian blackout. In this post I elaborate on this issue by using open-source intelligence, official reports and a bit of reverse engineering. Introduction In a recent official hearing of the Spanish Senate commission investigating the blackout, the president of REE (Spain’s TSO), Beatriz Corredor, stated the following. " Let me tell you why we believe, why we know, that the whole process starting at 12:03 began in Extremadura, because we have physical evidence and therefore we can demonstrate that the extraordinary 0.6 Hz oscillation, that began at 12:03, was due to poor management and poor control of a high-power photovoltaic plant installed in the province of Badajoz[...] The same plant had had a similar failure, proven and documented, the previous year, and that the people in charge of that plant themse...

Just a few days ago, a reliable but anonymous source shared with me telemetry data from the day of the blackout, covering thousands of solar inverters deployed across Spain. Yesterday evening, the Spanish government released its official report on the blackout. In this post I present a detailed analysis of the telemetry data to understand how inverter-based resources may be linked to the voltage oscillations. This analysis offers a cyber-physical perspective that has not yet been publicly explored, and remains under investigation, according to the official report (p. 84-87)  I would like to mention that yesterday morning, many hours before the official report was published, I informed INCIBE of my intention to publish this research. I believe this heads-up was the right thing to do. Watch out, a long read ahead. Introduction  The following summary may be helpful for those looking to catch up on this complex scenario.  Week 1 : Introduction to the Spanish transmission ne...

  Introduction Yesterday afternoon, I was writing what should have been the regular newsletter when the power suddenly went out. I wasn’t alarmed at all because I live in a mountain area, and power outages like this happen several times a year. It was a slightly windy day, so I assumed that maybe a tree had cracked and hit a low-voltage line or something similar. But, as it turns out, that wasn't the case. Instead, something unprecedented occurred, a 'zero energy' event: the power grid in Spain and Portugal went down completely. As we can see from the following graph coming from Red Eléctrica Española (transmission system operator responsible for managing the Spanish electricity system), at 12:35pm suddenly 15 GW of generation power went 'missing'. As the prime minister would explain during a press release: "in 5 seconds, 60% of the country's demand disappeared from the system". The interconnected power system is one of the most complex systems ever b...