You are wrong. I've done it, both on my own, and under contract.
And network security consultants agree, and have documented it...
http://ciip.wordpress.com/2009/07/19/power-lines-can-be-used-to-steal-data/
http://www.networkworld.com/news/20...ft.html?source=NWWNLE_nlt_daily_pm_2009-07-09
In fact, the TEMPEST protocols for shielding and isolation were developed by the NSA specifically to combat this sort of data spying...
http://en.wikipedia.org/wiki/TEMPEST
I am trained in TEMPEST protocols as well, but all of my RF sweeps on modern equipment yields very little bleed. COMSEC courses mandate it.
If the technology and techniques were discussed at any of the major expos for hacking, than there probably is sincere reason to believe that this may exist.
However, I am betting the later, and better insulated equipment is far more hardened to this type of attack as opposed to an older AT form factor board and its peripherals.
With some cables, you can pick up this sort of info from over 15 meters away, and with the right sort of gear, through power lines, you can capture keystrokes and hard-drive throughput from anywhere on the same electrical circuit, as long as you are on the same side of the breaker box...
I used to get paid to do this sort of thing. I know how it works, and you are either trying to hide something, or you haven't had much "real world" experience with data security and "hacking"...
Not a hacker chief. Anybody who has been in IT for half a second would know what I do by the description I gave above at one of my sites. I delve in everything but Systems Engineering is my focus. Currently pursuing my certification and Bachelors in Network Engineering. Hoping to obtain my goal of being CCIE certified one day. Its a brutal test from everything I hear.
Being paid to keep a system secure is one thing. But getting paid to break into systems is an entirely different ball of wax, and requires tools and techniques (electronic and mental) that 90% of "system administrators" can't even begin to imagine, and aren't even aware that exist...
And a previous post mentioned "social engineering" and that is 100% on the mark. I've breached a LOT more systems with a few phone calls or some casual chatting in a cafe on lunch break, or wandering down a hallway looking for post-its on people's monitors, than at the keyboard.
I am the one who mentioned social engineering. I like to study hacking exploits of the past. Particularly Mitnick taking on Shimomura. I like how both the book and the movie underline the necessity and importance of social engineering in hacking. Not only that, but how dark, and down and dirty it is. Social Engineering is like, 3/4 of hacking from what I have read.
I reiterate, the only truly safe computer system is one that is not plugged in...
COMSEC reality #1.
But to imply that hackers can access the proprietary computer systems that actually control the operations of nuclear power plants is simply disingenuous, and is nothing more than fear-mongering, and propaganda designed to frighten people into allowing the government and corporations to rape and pillage the freedom of the Internet.
This is where you are, factually incorrect as I have already pointed out.
SCADA systems run the EMS as I have provided you links to already.
Let me expound upon this.
This is where I used to work on a year long contract providing SMS 2003 administration and Senior (Tier 4) Desktop Support.
Read, and learn.
The control center you see above I was in every day, several times a day, speaking with engineers about remote sites, etc. The interconnectivity is of course mandatory knowledge when one is to administrate a system for such an organization. An NDA I did in fact sign, but I am not violating any terms of the NDA by filling you in on the realities of the energy infrastructure itself as it is publicly known by those who maintain it.
Long story short.
You are completely, totally, and absolutely incorrect to think that
any of our energy systems are not
accessible via the internet.
This includes management, and monitoring interfaces.
Being a "hacker" as you so claim to be, you would understand that these systems NEED to be interconnected and accessible to be managed and monitored by the many organizations that have their hands in this plentiful basket.
You would also understand that something
internal may not necessarily be
unreachable by the outside world because of wonderful little devices like, oh I don't know; VPN Concentrators?
They make it as convoluted as possible, of course. Yet it is still a
fact that a large portion (almost all of it) is
breachable.
I had to sit and think in retrospect about some of the patches I was doing, or various software deployments. Interesting to know I could do a majority of them from home yes?
EDIT: This is in regards to the grid itself. I have absolutely 0 experience with the power plants.
However. What good is a car if it can sit an rev its engine, but thieves have stolen the wheels?
EDIT-2: This is an excerpt from a PDF of the actual investigation, and it proves my comments to be correct:
"
March 12, 2009, 02:46 PM - IDG News Service -
'Inverse Path researchers Andrea Barisani and Daniele Bianco say they get accurate results, picking out keyboard signals from keyboard ground cables.
'Their work only applies to older, PS/2 keyboards [PS/2 connector, not PlayStation], but the data they get is "pretty good," they say. On these keyboards, "the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna," Barisani said.
'That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. They believe they could pick up signals from a distance of up to 50 meters by simply plugging a keystroke-sniffing device into the power grid somewhere close to the PC they want to snoop on.
'Because PS/2 keyboards emanate radiation at a standard, very specific frequency, the researchers can pick up a keyboard's signal even on a crowded power grid. They tried out their experiment at a local university's physics department, and even with particle detectors, oscilloscopes and other computers on the network were still able to get good data."
"In a different attack, they sniffed characters from a PS/2 keyboard by monitoring the ground line in an outlet 50 feet away. They haven’t yet been able to collect more than just single strokes, but expect to get full words and sentences soon. This leakage via power line is discussed in the
1972 Tempest document we posted about earlier. The team said it wasn’t possible with USB or laptop keyboards.[Thanks Jeramy]"
http://hackaday.com/2009/03/20/sniffing-keystrokes-via-laser-power-lines/
In other words, I am completely correct about the shielding. If you are still running a PS2 keyboard, shame on you anyways.