[ale] [OT]USB Storage Drive Loaded With Malware Shuts Down Power Plant

Ron Frazier (ALE) atllinuxenthinfo at techstarship.com
Sat Jan 19 11:34:54 EST 2013


Hi David,

You have some good points.  All the more reason to have a rock solid backup.

While not directly relevant to putting USB flash drives into secure 
computers, this reminds me of some cool technology that was discussed on 
a Security Now podcast.  It allows failsafe transmission of data in one 
direction from one system to another with no possibility of sending data 
in the other direction.  This allows, for example, the output of 
telemetry from a nuclear plant with no data pipe back in which could be 
hacked.  It would also allow, for example, the sending of security 
camera data into a secure facility without any possibility of data 
leaking back out.

The way they do it is to have a send only computer and a receive only 
computer.  They are linked together with fiber optic cable.  The send 
only machine has ONLY a transmit circuit, like a laser diode.  The 
receive only machine has ONLY a receive circuit, like a photo detector.  
Thus, it is physically impossible for data to be sent in the wrong 
direction.  The person who wrote into the show says they have equipment 
in half of our nuclear facilities for this purpose.  I thought this was 
a very cool idea.

You can find data on it here:

http://www.grc.com/sn/sn-379.pdf - see page 17
http://media.grc.com/sn/sn-379.mp3 - relevant discussion at 01:06:05
http://www.owlcti.com/dualdiode_technology.html

Sincerely,

Ron



On 1/18/2013 11:06 PM, David Tomaschik wrote:
> Hi Ron,
>
> You're making a big assumption here -- that the software on the 
> computer can be updated.  Many SCADA applications are only validated 
> on VERY specific configurations and aren't updated to every new 
> version.  SCADA really shouldn't be on the internet, and workers 
> really shouldn't be plugging flash drives into SCADA.
>
> David
>
>
> On Fri, Jan 18, 2013 at 5:27 PM, Ron Frazier (ALE) 
> <atllinuxenthinfo at techstarship.com 
> <mailto:atllinuxenthinfo at techstarship.com>> wrote:
>
>     Hi all,
>
>     Step 1 - configure basic os and operational software from trusted
>     sources
>     Step 2 - configure av, but it has to be updated, which could be a
>     problem
>     Step 3 - scan the machine
>     Step 4 - TURN AUTOPLAY OFF - applies to Linux too
>     Step 5 - backup the machine locally
>     Step 6 - backup the machine offsite, or at least in a second
>     location in a fireproof bunker
>     Step 7 -maybe make a master backup on an mdisc or something so
>     it's permanent
>     Step 8 - when the machine must be updated, scan the update media
>     first on a separate system with autoplay off
>     Step 9 - do the update and create a second set of backups
>     Step 10 - repeat until 3 - 6 entire sets of backups are in place
>
>     OK I'm not a security guru and there are many variations on this
>     theme.  But, that wasn't TOO hard to figure out.  It wouldn't
>     necessarily protect too well against zero day exploits.  But,
>     since I solved their problem, I want their salary.
>
>     Ron
>
>
>     Sergio Chaves <sergio.chaves at gmail.com
>     <mailto:sergio.chaves at gmail.com>> wrote:
>
>     >http://www.eweek.com/security/usb-storage-drive-loaded-with-malware-shuts-down-power-plant/?kc=EWKNLNAV01182013STR1
>     >
>     >Sometimes you just gotta say, WTF???
>     >
>     >"US-CERT, which is part of the U.S. Department of Homeland Security,
>     >declined to identify which power plant was affected, and did not say
>     >whether the facility was operating on nuclear or conventional power.
>     >Industrial control systems frequently use Windows-based computers to
>     >run their specialized software, but they rarely run antivirus
>     software
>     >because these computers aren’t connected to outside networks.
>     However,
>     >using a USB drive to perform updates is common on these systems."
>     >"US-CERT, which is part of the U.S. Department of Homeland Security,
>     >declined to identify which power plant was affected, and did not say
>     >whether the facility was operating on nuclear or conventional power.
>     >Industrial control systems frequently use Windows-based computers to
>     >run their specialized software, but they rarely run antivirus
>     software
>     >because these computers aren’t connected to outside networks.
>     However,
>     >using a USB drive to perform updates is common on these systems."
>     >
>     >_______________________________________________
>     >Ale mailing list
>     >Ale at ale.org <mailto:Ale at ale.org>
>     >http://mail.ale.org/mailman/listinfo/ale
>     >See JOBS, ANNOUNCE and SCHOOLS lists at
>     >http://mail.ale.org/mailman/listinfo
>
>
>     --
>
>     Sent from my Android Acer A500 tablet with bluetooth keyboard and
>     K-9 Mail.
>     Please excuse my potential brevity.
>
>     (To whom it may concern.  My email address has changed.  Replying
>     to former
>     messages prior to 03/31/12 with my personal address will go to the
>     wrong
>     address.  Please send all personal correspondence to the new address.)
>
>     (PS - If you email me and don't get a quick response, you might
>     want to
>     call on the phone.  I get about 300 emails per day from alternate
>     energy
>     mailing lists and such.  I don't always see new email messages
>     very quickly.)
>
>     Ron Frazier
>     770-205-9422 <tel:770-205-9422> (O)   Leave a message.
>     linuxdude AT techstarship.com <http://techstarship.com>
>
>
>     _______________________________________________
>     Ale mailing list
>     Ale at ale.org <mailto:Ale at ale.org>
>     http://mail.ale.org/mailman/listinfo/ale
>     See JOBS, ANNOUNCE and SCHOOLS lists at
>     http://mail.ale.org/mailman/listinfo
>
>
>
>
> -- 
> David Tomaschik
> OpenPGP: 0x5DEA789B
> http://systemoverlord.com
> david at systemoverlord.com <mailto:david at systemoverlord.com>
>
>
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>    

-- 

(To whom it may concern.  My email address has changed.  Replying to former
messages prior to 03/31/12 with my personal address will go to the wrong
address.  Please send all personal correspondence to the new address.)

(PS - If you email me and don't get a quick response, you might want to
call on the phone.  I get about 300 emails per day from alternate energy
mailing lists and such.  I don't always see new email messages very quickly.)

Ron Frazier
770-205-9422 (O)   Leave a message.
linuxdude AT techstarship.com

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130119/acdbd6b6/attachment-0001.html>


More information about the Ale mailing list