Gunslinger
Regular Member
That's correct. SIpernet is stand alone, but creates a small internet on its network whether wide area or local.
-
We are now running on a new, and hopefully much-improved, server. In addition we are also on new forum software. Any move entails a lot of technical details and I suspect we will encounter a few issues as the new server goes live. Please be patient with us. It will be worth it! :) Please help by posting all issues here.
-
If you are having trouble seeing the forum then you may need to clear your browser's DNS cache. Click here for instructions on how to do that
-
Please review the Forum Rules frequently as we are constantly trying to improve the forum for our members and visitors.
Internet Censorship on the Table
- Thread starter impulse
- Start date
That's correct. SIpernet is stand alone, but creates a small internet on its network whether wide area or local.
slowfiveoh
Regular Member
Dreamer
Regular Member
You are wrong. I've done it, both on my own, and under contract.
And network security consultants agree, and have documented it...
http://ciip.wordpress.com/2009/07/19/power-lines-can-be-used-to-steal-data/
http://www.networkworld.com/news/20...ft.html?source=NWWNLE_nlt_daily_pm_2009-07-09
In fact, the TEMPEST protocols for shielding and isolation were developed by the NSA specifically to combat this sort of data spying...
http://en.wikipedia.org/wiki/TEMPEST
With some cables, you can pick up this sort of info from over 15 meters away, and with the right sort of gear, through power lines, you can capture keystrokes and hard-drive throughput from anywhere on the same electrical circuit, as long as you are on the same side of the breaker box...
I used to get paid to do this sort of thing. I know how it works, and you are either trying to hide something, or you haven't had much "real world" experience with data security and "hacking"...
Being paid to keep a system secure is one thing. But getting paid to break into systems is an entirely different ball of wax, and requires tools and techniques (electronic and mental) that 90% of "system administrators" can't even begin to imagine, and aren't even aware that exist...
And a previous post mentioned "social engineering" and that is 100% on the mark. I've breached a LOT more systems with a few phone calls or some casual chatting in a cafe on lunch break, or wandering down a hallway looking for post-its on people's monitors, than at the keyboard.
I reiterate, the only truly safe computer system is one that is not plugged in...
But to imply that hackers can access the proprietary computer systems that actually control the operations of nuclear power plants is simply disingenuous, and is nothing more than fear-mongering, and propaganda designed to frighten people into allowing the government and corporations to rape and pillage the freedom of the Internet.
slowfiveoh
Regular Member
I am trained in TEMPEST protocols as well, but all of my RF sweeps on modern equipment yields very little bleed. COMSEC courses mandate it.
If the technology and techniques were discussed at any of the major expos for hacking, than there probably is sincere reason to believe that this may exist.
However, I am betting the later, and better insulated equipment is far more hardened to this type of attack as opposed to an older AT form factor board and its peripherals.
Not a hacker chief. Anybody who has been in IT for half a second would know what I do by the description I gave above at one of my sites. I delve in everything but Systems Engineering is my focus. Currently pursuing my certification and Bachelors in Network Engineering. Hoping to obtain my goal of being CCIE certified one day. Its a brutal test from everything I hear.
I am the one who mentioned social engineering. I like to study hacking exploits of the past. Particularly Mitnick taking on Shimomura. I like how both the book and the movie underline the necessity and importance of social engineering in hacking. Not only that, but how dark, and down and dirty it is. Social Engineering is like, 3/4 of hacking from what I have read.
COMSEC reality #1.
This is where you are, factually incorrect as I have already pointed out.
SCADA systems run the EMS as I have provided you links to already.
Let me expound upon this.
This is where I used to work on a year long contract providing SMS 2003 administration and Senior (Tier 4) Desktop Support.
Read, and learn.
The control center you see above I was in every day, several times a day, speaking with engineers about remote sites, etc. The interconnectivity is of course mandatory knowledge when one is to administrate a system for such an organization. An NDA I did in fact sign, but I am not violating any terms of the NDA by filling you in on the realities of the energy infrastructure itself as it is publicly known by those who maintain it.
Long story short.
You are completely, totally, and absolutely incorrect to think that any of our energy systems are not accessible via the internet.
This includes management, and monitoring interfaces.
Being a "hacker" as you so claim to be, you would understand that these systems NEED to be interconnected and accessible to be managed and monitored by the many organizations that have their hands in this plentiful basket.
You would also understand that something internal may not necessarily be unreachable by the outside world because of wonderful little devices like, oh I don't know; VPN Concentrators?
They make it as convoluted as possible, of course. Yet it is still a fact that a large portion (almost all of it) is breachable.
I had to sit and think in retrospect about some of the patches I was doing, or various software deployments. Interesting to know I could do a majority of them from home yes?
EDIT: This is in regards to the grid itself. I have absolutely 0 experience with the power plants.
However. What good is a car if it can sit an rev its engine, but thieves have stolen the wheels?
EDIT-2: This is an excerpt from a PDF of the actual investigation, and it proves my comments to be correct:
"March 12, 2009, 02:46 PM - IDG News Service -
'Inverse Path researchers Andrea Barisani and Daniele Bianco say they get accurate results, picking out keyboard signals from keyboard ground cables.
'Their work only applies to older, PS/2 keyboards [PS/2 connector, not PlayStation], but the data they get is "pretty good," they say. On these keyboards, "the data cable is so close to the ground cable, the emanations from the data cable leak onto the ground cable, which acts as an antenna," Barisani said.
'That ground wire passes through the PC and into the building's power wires, where the researchers can pick up the signals using a computer, an oscilloscope and about $500 worth of other equipment. They believe they could pick up signals from a distance of up to 50 meters by simply plugging a keystroke-sniffing device into the power grid somewhere close to the PC they want to snoop on.
'Because PS/2 keyboards emanate radiation at a standard, very specific frequency, the researchers can pick up a keyboard's signal even on a crowded power grid. They tried out their experiment at a local university's physics department, and even with particle detectors, oscilloscopes and other computers on the network were still able to get good data."
"In a different attack, they sniffed characters from a PS/2 keyboard by monitoring the ground line in an outlet 50 feet away. They haven’t yet been able to collect more than just single strokes, but expect to get full words and sentences soon. This leakage via power line is discussed in the 1972 Tempest document we posted about earlier. The team said it wasn’t possible with USB or laptop keyboards.[Thanks Jeramy]" http://hackaday.com/2009/03/20/sniffing-keystrokes-via-laser-power-lines/
In other words, I am completely correct about the shielding. If you are still running a PS2 keyboard, shame on you anyways.
Last edited:
Dreamer
Regular Member
Saying that a hacker could control a nuclear power plant because he has access to the monitoring back-end of a system is like saying that a guy looking into your automobile through the window and seeing your tachometer can control how fast your engine idles....
It's like saying that someone with access to your electric bill in the mail can control how cold you run your air conditioner...
We'll just have to agree to disagree.
slowfiveoh
Regular Member
Dreamer, you don't understand what I am saying.
The grid itself is completely and totally manageable (not just able to be monitored) from remote interfaces. The powerplant is only part of the equation. The grid itself is just as important. The facility I provided an image of for instance, can change settings on substations, junctions, controllers, etc.
I can accept error on the part of early tempest experiments showing the ability to leech RF off of running or in-use PC's (Not that this applies terribly well to modern PC's using USB interfaces). In turn, I am providing for you absolute fact, that power systems can be remotely managed.
If I put an engine on a dyno, it serves no other purpose but to gather data.
Once I hook it up to a driveline, it serves its purpose in generating power.
Remove the driveline, and the engine is useless.
That is one of my concerns regarding the current technology implementation in our national energy structure.
HankT
State Researcher
But it's unavoidable. Anywhere anyone has power/control, you will have censorship. Americans (with power) LIKE censorship. Same as anyone else, really.
We have censorship in private places, public places and on the Internet all over the place. We even have censorship on OCDO. Not much, but it is here too. Anyone can be tempted to censor when it only takes one leetle click to do it. Power.
Power tends to corrupt. Absolute power corrupts absolutely.
Last edited: