Share/E-mail This Story

Email This



If Phishing Email Can Kill NY Power Grid, Lack Of Cybersecurity Legislation Is Not The Problem

from the oh-come-on dept

We've been talking about the faux urgency to pass some cybersecurity legislation coming from the federal government, with plenty of fear mongering from politicians who never seem to want to point out any factual basis for why we need such new laws. Instead, it's all been about Hollywood movie script-style scenarios about planes falling from the skies. It appears that the White House is heavily involved in this bogus fear mongering as well, having recently set up a "simulated cyberattack on New York City's power supply" to convince elected officials to move forward on the legislation.
During a classified briefing in the Office of Senate Security, Homeland Security Secretary Janet Napolitano and White House counterterrorism adviser John Brennan showed lawmakers how a hacker could breach control systems of the city’s electric system and trigger a ripple effect throughout the population and private sector, according to a source familiar with the scenario.

“The fact that we could be subject to a catastrophic attack under the right circumstances and we now know some of the things that would help us to protect against such an attack, that’s why it’s important now for the Congress to take this up,” Napolitano said in an interview with POLITICO.
Now that's interesting. Just how could a hacker breach control systems of the power grid? Apparently with an email phishing attack:
During the simulation, the hacker gains access to the electric supply’s control system through a simple “spearphishing” attack, in which a worker merely clicks on a link in an email that appears to be from someone they know.
Um, there's your problem. If the NYC power grid is attached to the public internet in such a way that it can be taken down, then um, shouldn't we take it off the internet? This isn't about cybersecurity, this is about common sense, where things like the power grid should not be accessible via the internet -- and I'm pretty sure they're not (back here in reality). But in the world where we need fear, uncertainty, doubt and the ability for the federal government to spy on private networks, we have to pretend such a scenario is likely.

Of course, I also question why the White House chose NYC as the showcase for the simulation and suggested that there would be deaths and other massive harm from such a power grid takedown. After all, it was just about a decade ago that the power grid in the Northeast did, in fact, fail. It was an inconvenience for many people, certainly, but it was hardly damaging in the way the White House seems to have implied with this scare tactic.

So, once again, can we take a step back and ask some simple questions: what's the real threat and the real risk here? If it's that the NYC power grid is accessible by a simple password over the public internet, then the problem isn't cybersecurity, it's whoever was stupid enough to connect the power grid to the internet. Let's fix that. But let's not regulate and spy on large segments of the public internet to cover for a few bad decisions.


Reader Comments (rss)

(Flattened / Threaded)

  1.  
    icon
    artp (profile), Mar 12th, 2012 @ 7:50am

    If large numbers of utility and industrial systems were connected to the Internet, then we would hear about large numbers of utility and industrial systems grinding to a halt with each virus infection that spreads across the world. (Iranian uranium fuel enrichment plants and Bradley Manning aside)

    My only hesitation about this is that management PHBs are sure to have cut funding for _extra_ workstations to keep the two networks separate in those utilities and industries.

    The real problem is not that legislation is needed, even if there is a danger present. It is that training is needed for employees who operate these systems so that they recognize the threats that they could potentially transmit.

    Now, this is a tall order. I just saw an article about the military warning soldiers not to post pictures on the Internet taken with smartphones, and not to use social networks that use the same geolocation services that smartphones offer. They offer the example of someoone posting a picture of a new fleet of helicopters on the Internet, which, of course, contained geolocation data, which was followed by a mortar attack that destroyed four of the helicopters.

    You would think that it would be a no-brainer for someone to understand, "Hey guys, please don't call in a mortar attack on yourselves, pretty please?" But that is the real problem that we face. Technology is so complex that the average person cannot understand the FULL implications of his actions. Hey, I have problems with it, and I bet you've been nipped in the wringer once or twice (understatement).

     

    reply to this | link to this | view in thread ]

  2.  
    icon
    silverscarcat (profile), Mar 12th, 2012 @ 7:51am

    We are the government

    And being competent is not what your tax dollars are paying for.

     

    reply to this | link to this | view in thread ]

  3.  
    icon
    Ninja (profile), Mar 12th, 2012 @ 7:54am

    The sad part is a big chunk of the population will still fall for it despite all the facts against any further regulation.

    Awareness is power as the SOPA/PIPA events clearly showed us. The best we can do is rise awareness of this fear mongering tactic and tell the ppl to ask the Govt the real question: are you that incompetent that you actually linked the power grid to the Internet and think you can solve it with laws instead of action?

     

    reply to this | link to this | view in thread ]

  4.  
    identicon
    John Everyman, Mar 12th, 2012 @ 7:58am

    I work in a factory, nothing is connected to the net. Not even the computers in the office. We don't even have an IT department at all and have no problems. I would hope something as vital as the power grid were not connected to the net.

     

    reply to this | link to this | view in thread ]

  5.  
    icon
    GMacGuffin (profile), Mar 12th, 2012 @ 8:05am

    Battlestar Galactica anyone?

    Didn't anybody learn anything from Battlestar Galactica (besides Apollo being a terrible actor)? The Luddite Bill Adama refuses to connect to the grid; Cylons infiltrate the defense systems; world ends; Adama's ship Galactica survives. Duh.

     

    reply to this | link to this | view in thread ]

  6.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 8:06am

    Mike, if we didn't regulate and spy on large segments of the population to cover for a few bad decisions then we'd never regulate or spy on large segments of the population. And what kind of a world would we be living in then?

     

    reply to this | link to this | view in thread ]

  7.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 8:06am

    My government scares me more than hackers ever will.

     

    reply to this | link to this | view in thread ]

  8.  
    icon
    Rikuo (profile), Mar 12th, 2012 @ 8:06am

    They have to be connected to the internet. The reason they did is that they watched the Simpsons, followed Homer's example, and wamt to start pressing Y on their home terminal all day instead of actually doing their jobs.



    Hopefully, at least one of them is fat enough to block the reactor before it blows.

     

    reply to this | link to this | view in thread ]

  9.  
    icon
    Rikuo (profile), Mar 12th, 2012 @ 8:07am

    Re:

    *wamt, should be wanted

     

    reply to this | link to this | view in thread ]

  10.  
    identicon
    fb39ca4, Mar 12th, 2012 @ 8:24am

    If the power grid fails, then there is no way to hack stuff.

     

    reply to this | link to this | view in thread ]

  11.  
    identicon
    Michael, Mar 12th, 2012 @ 8:27am

    Promulgating fear in order to dismantle our Constitution and Bill of Rights sounds an awful lot like terrorism to me. 'Security' is just a convenient justification. If this keeps up, our soldiers sacrificed themselves for absolutely nothing. What is an American if not free?

     

    reply to this | link to this | view in thread ]

  12.  
    identicon
    Pixelation, Mar 12th, 2012 @ 8:27am

    Perhaps if they made phishing attacks illegal, that would take care of the problem. Oh, wait...

    Guess we better just make another law.

     

    reply to this | link to this | view in thread ]

  13.  
    icon
    Karl (profile), Mar 12th, 2012 @ 8:29am

    Cause of the 2003 blackout

    I remember the Eastern blackout well. I was on tour at the time, or else I would have been in the dark, too.

    Amid all the talk about "cyberterrorism," it's important to remember what actually happened to cause that blackout:
    In February 2004, the U.S.-Canada Power System Outage Task Force released their final report, placing the causes of the blackout into four groups:

    First, that FirstEnergy and its reliability council "failed to assess and understand the inadequacies of FE’s system, particularly with respect to voltage instability and the vulnerability of the Cleveland-Akron area, and FE did not operate its system with appropriate voltage criteria". Second, that FirstEnergy "did not recognize or understand the deteriorating condition of its system". Third, that FirstEnergy "failed to manage adequately tree growth in its transmission rights-of-way". Finally, the "failure of the interconnected grid’s reliability organizations to provide effective real-time diagnostic support."
    - Wikipedia

    So it seems that, if anything, legislation should focus on the bad actors in the power industry (such as FirstEnergy), and not on any sort of "cyberattack."

    Here's a good place to start:
    On November 19, 2003, U.S. Energy Secretary Spencer Abraham said his department would not seek to punish FirstEnergy Corp for its role in the blackout because current U.S. law does not require electric reliability standards. Abraham stated, "The absence of enforceable reliability standards creates a situation in which there are limits in terms of federal level punishment."

     

    reply to this | link to this | view in thread ]

  14.  
    identicon
    Bengie, Mar 12th, 2012 @ 8:31am

    I agree

    I think I should also be able to leave my valuables unprotected outside. I should be able to play a few bars of gold on my front lawn and let laws take care of making sure my gold is protected. If my gold gets stolen, there is a law protecting me so I'm don't have to take responsibility for my losses. The public should foot the bill.

    This sound about right?

     

    reply to this | link to this | view in thread ]

  15.  
    icon
    silverscarcat (profile), Mar 12th, 2012 @ 8:41am

    Re:

    A good one?

     

    reply to this | link to this | view in thread ]

  16.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 8:47am

    Re: I agree

    Since we're talking about the power grid - a public utility - I'm not sure that your private valuables have anything to do with the discussion.

     

    reply to this | link to this | view in thread ]

  17.  
    identicon
    simple simon, Mar 12th, 2012 @ 8:48am

    It Was Just A Matter Of Time...

    Given the amount of calls to the help desk from people asking where the "any" button was, does it suprise anyone to learn that the power grids are on the Internet? Would it suprise you to learn that our entire fleet of nuclear missiles are also on the Net, one phishing email away from being launched? Sure wouldn't suprise me any. Good times.

     

    reply to this | link to this | view in thread ]

  18.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 8:49am

    Mike the power grid isn't on the "public internet". It's a private network, but the PC that was compromised is on that network. A hacker can attack a network without having direct access to that network through a variety of exploits in web browsers, PDF files, etc... That's why I don't click on links in emails unless it goes to a site I am familiar with and even then I often go to their main site and search instead of relying on someone else to provide a link. I never click on unsolicited links in emails, you're just asking for trouble then.

     

    reply to this | link to this | view in thread ]

  19.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 8:50am

    Everything I need to know about the internet I learned by watching "Hackers."

     

    reply to this | link to this | view in thread ]

  20.  
    identicon
    Bengie, Mar 12th, 2012 @ 8:56am

    Re: Re: I agree

    So you're saying a public utility shouldn't have to use even basic protections and should only use the law to "protect" them?

    I think my extremely simple point just went "whoosh" on you.

     

    reply to this | link to this | view in thread ]

  21.  
    icon
    Trails (profile), Mar 12th, 2012 @ 8:56am

    Reductio'd, but the absurdum is already there

    This argument in essence is: "The government sucks so badly at IT security that the government must take over more IT security".

     

    reply to this | link to this | view in thread ]

  22.  
    icon
    Eponymous Coward (profile), Mar 12th, 2012 @ 9:06am

    Re:

    Until we can legislate smarter people behind keyboards, there's no point in your fancy cyber-whatsits laws.

    This wasn't a virus, it was a social engineering attack, akin to someone claiming to be the pizza guy so you buzz them through your apartment complex's security door. Bigger locks aren't the solution here. The solution is a frozen-pizza only apartment complex, or possibly an in-building pizzeria.

    Mmm, cyberpizza.

     

    reply to this | link to this | view in thread ]

  23.  
    icon
    That Anonymous Coward (profile), Mar 12th, 2012 @ 9:06am

    Re: Cause of the 2003 blackout

    Along with this was the constant suggestion that it might have something to do with a terrorist attack.

    The first response in the face of anything out of the ordinary is ZOMG Terrorists!

    The people running the powergrid have no idea they are not about to get millions from a Nigerian Prince. The problem is not that scammers will try, it is that we refuse to demand isolated systems and penalties for people who violate those rules. Rather than lay blame on the people stupid enough to get spearfished, we make more rules and try to lock down every thing else. It is not peoples fault they are stupid greedy bastards, it is the fault that bad people will try.

    Stuxnet never would have worked if not for people sticking random flash drives into their machines. If the systems running the facility were actually isolated from outside things, it never would have worked. If the control systems were not kept as archaic secrets, someone could try to harden those systems.

    Instead we have security through obscurity, we create rules and laws to solve problems better solved in demanding personal accountability. We focus on the unknown, the what-ifs rather than real things we can do to avoid the issues. But then this is more about getting more control over citizens lives, and moving more towards an Orwellian dystopia where no one can think a bad thought without them knowing and stopping it.

     

    reply to this | link to this | view in thread ]

  24.  
    icon
    That Anonymous Coward (profile), Mar 12th, 2012 @ 9:09am

    Re:

    It is much better if you watch it backwards.
    Its about a buncha kids who fix then Gibson and then go back to their shitty lives.

     

    reply to this | link to this | view in thread ]

  25.  
    icon
    artp (profile), Mar 12th, 2012 @ 9:12am

    Re:

    Well then, we need to make you the new CyberSecurity Czar! Or else you need to take a closer look at your company. I'm not sure which.

    It isn't what you know about your company that will get you in trouble. It isn't the documented architecture that provides the loophole to allow the bad guys to enter. It is the work-arounds that people have put in place to allow them to do their jobs because what was installed doesn't address how they do their jobs. Or it is the gaps in the architecture that the designers just didn't see.

    I've seen this at every company I've ever been at. At one Fortune 100 company, if we found a problem outside the scope of our technology (something that would obviously never be a problem at a Fortune 100 company) I would get on the modem, dial up my BBS, and download some tool that would fix said problem. Then other people in IT started doing the same thing. What are you going to do about something like that?

     

    reply to this | link to this | view in thread ]

  26.  
    icon
    PlagueSD (profile), Mar 12th, 2012 @ 9:14am

    After all, it was just about a decade ago that the power grid in the Northeast did, in fact, fail.


    And what about us in the Southwest last year???

    http://en.wikipedia.org/wiki/2011_Southwest_blackout

    You forget about us?? All we lost was a few million dollars of perisable foods.
    "The outage caused significant losses to restaurants and grocery stores, which were forced to discard quantities of spoiled food; perishable food losses at grocery stores, eating establishments and households were estimated at $12 million to $18 million."

    There were no deaths in the "millions" reported. No world ending events. Hell during the 11 hours we didn't have power, I was still on the internet chatting with my buddies on the east coast on my laptop for 3 of those hours while my UPS kept my router and cable modem powered up.


    Also, for the AC that posted this:
    "Mike the power grid isn't on the "public internet". It's a private network, but the PC that was compromised is on that network. A hacker can attack a network without having direct access to that network through a variety of exploits in web browsers, PDF files, etc..."

    ANY computers that have ANYTHING to do with the power grid shouldn't even be able to receive email or browse the web. They're used to control the grid...Not surf the net. If you can get email on a terminal that controls the power grid, THERE'S YOUR PROBLEM!!!

     

    reply to this | link to this | view in thread ]

  27.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 9:15am

    Re: Re: I agree

    So the Smithsonian Institute should just leave their doors option night and day without any security guards... nobody would ever steal or damage a national treasure, as there are laws to prevent that from happening.

     

    reply to this | link to this | view in thread ]

  28.  
    icon
    Eponymous Coward (profile), Mar 12th, 2012 @ 9:16am

    Simulation transcript

    -Good morning, Powerco superbig main control room, Fred speaking.

    -Hi Fred, this is Bill Nefario, Powerco password enforcement division. We need to verify all current passwords on your system.

    -That sounds a little suspicious to me. I don't think I should...

    -(clicks through Linkedin search results) It's ok, Tom in information security gave me authorization.

    -Oh, you know Tom? Ok, here you go.

    You can't legislate away stupidity.

     

    reply to this | link to this | view in thread ]

  29.  
    icon
    Dementia (profile), Mar 12th, 2012 @ 9:19am

    Re:

    How about posting up a link to this article you mentioned involving the helicopters.....

     

    reply to this | link to this | view in thread ]

  30.  
    icon
    Trails (profile), Mar 12th, 2012 @ 9:23am

    Re: Simulation transcript

    "Legislate up, stupid!"

     

    reply to this | link to this | view in thread ]

  31.  
    icon
    Dementia (profile), Mar 12th, 2012 @ 9:23am

    Re: Re:

    Never mind, I found it. However, I know when I deployed, we were prohibited from using personal mobile phones while we were in theater. Not to mention that there wasn't any service in western Iraq, although that may have changed.

     

    reply to this | link to this | view in thread ]

  32.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 9:26am

    Re:

    How did you post this at 8am on a Monday morning without being connected to the internet from your workplace?

    Did you send it from a smartphone? Ok, now your factory is connected to the internet via your smartphone.

     

    reply to this | link to this | view in thread ]

  33.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 9:36am

    And what is the government doing to prevent terrorist psychics from hacking the minds of power grid employees?

     

    reply to this | link to this | view in thread ]

  34.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 9:41am

    Re:

    A secure system would mean no node would be on both networks.
    The network controlling the grid should be an isolated network. An isolated network would require a physical security vulnerability in addition to a information security vulnerability.

     

    reply to this | link to this | view in thread ]

  35.  
    icon
    PlagueSD (profile), Mar 12th, 2012 @ 9:46am

    Re: Re:

    The diffence being is that his smartphone doesn't control any of the factory machines.

     

    reply to this | link to this | view in thread ]

  36.  
    icon
    ECA (profile), Mar 12th, 2012 @ 9:51am

    sTANDARD oPERATING PROCEDURE(sop)

    In any Work place..
    When you wish to do LESS..after you end 1 job, you TRY to look busy. Keep bouncing around, make it look as if you are doing something.

    THEN when the BOSS, has a FAILURE...what happens..
    IT GETS BURIED.. he gets everyone to work around the mess, until you cant see what happened...as well as MAYBE, destroying the evidence or it gets FIXED along the way.

    So, what do the law makers DO, after everything else is DONE..they cant go home. It would look like they were OVER PAID and doing nothing.

    LOGIC isnt at the top any more. And something is happening, that is Probably, being hidden. This is the 5-6th time they are passing something SIMILAR?

    I will point out something about the USA..WE ALREADY HAVE A RESTRICTED MARKET PLACE..and its not by the government..
    They finally LIMITED the use of RECORDABLE Material for movies(the VCR is gone). go look at what they are TRYING to give you to record programs.
    1. you need a tuner for sat or cable that will select a channel YOU AINT watching.
    2. record to hard drive(NOT ENCRYPTED)
    3. COPY to DVD for a collection(that you can play on ANY machine).
    4. IN GOOD quality formats.
    5. be able to play OTHER FORMATS, DVI, AVI,DIVX, ...

    They wont release such a product in the USA..UNLESS(you wont get all these options) you pay GOOD MONEY..
    This is the CORPS, ruling this nation. THEY ARE FIGHTING US thru our OWN government.

    Its time to send our leaders HOME...

     

    reply to this | link to this | view in thread ]

  37.  
    icon
    PlagueSD (profile), Mar 12th, 2012 @ 9:52am

    Re: Simulation transcript

    You can't legislate away stupidity.


    Should read "You can't patch stupid."

     

    reply to this | link to this | view in thread ]

  38.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 9:52am

    Re:

    If there are computers connected to both the public Internet and the "private" power grid network, then the power grid network is on the Internet.

     

    reply to this | link to this | view in thread ]

  39.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 9:52am

    there is no desire for governments to do any of this. they are just using excuses to implement the bills that will allow them to watch what ordinary citizens are doing during every second of their ordinary daily lives. they aren't even worried about what 'other groups' are doing and how dangerous it may be, as long as they can keep tabs on their own people. there is no progress in the USA now, only regression to the days of 'reds under the bed' etc. ridiculous!

     

    reply to this | link to this | view in thread ]

  40.  
    icon
    PlagueSD (profile), Mar 12th, 2012 @ 9:56am

    Re: Re:

    And THAT'S what needs to be fixed...Not more legislation.

     

    reply to this | link to this | view in thread ]

  41.  
    icon
    Berenerd (profile), Mar 12th, 2012 @ 10:00am

    Re:

    So this PC is connected to the internet...and to the power regulation modules? That would mean this PC is forming a bridge connecting the power grid controls to the internet. There are ways to make that not so. I know, I do this stuff for a living.

     

    reply to this | link to this | view in thread ]

  42.  
    icon
    PlagueSD (profile), Mar 12th, 2012 @ 10:00am

    Re: Re:

    If that's happening, you need to seriously re-evaluate your IT Security policy.

     

    reply to this | link to this | view in thread ]

  43.  
    icon
    artp (profile), Mar 12th, 2012 @ 10:18am

    Re: Re:

    Re: Social engineering vs. viruses....

    When your ship is blown out of the water, it doesn't matter what got you, just that you've been had.

    I was responsible for security as a Data Center Manager. Our approach was wide spectrum, from code deficiencies to not pointing out the location of the Data Center on public tours. Physical security is the first rank of protection. Every aspect of security has to be addressed.

    If we start to compartmentalize security, then we end up with the same sorry mess that Congress is looking at. It's all or nothing! I cannot succeed if you fail, so we all have to address the issues.

    That is why it is so painfully obvious that the Congressional move is a smoke-screen: it only addresses one small part of the security problem.

     

    reply to this | link to this | view in thread ]

  44.  
    icon
    ArkieGuy (profile), Mar 12th, 2012 @ 10:20am

    Push the big red button.

    The thing that blows me away is the best they could come up with was a “spearphishing” attack (while certainly the most likely, it's not exactly a technology problem).

    Consider the following scenario:

    Phone ring...
    Control Room: Control room, John speaking.
    Caller: Hi John, this is Tom in management, I need you to go push the big red button that says "self destruct" for me.
    Control Room: Ummm, are you sure? I was told never to do that.
    Caller: Yup, I just got the ok from the CEO.
    Controll Room: Well, ok then. Give me a second.

    Like someone else said, you can't fix stupid! But, just like in the above example, if there aren't other fail safes in place (like two keys on the self destruct button or maybe air gaped networks), stupid can become a technology problem.

     

    reply to this | link to this | view in thread ]

  45.  
    icon
    artp (profile), Mar 12th, 2012 @ 10:23am

    Re: Re:

    For others who are curious, I saw this link on Groklaw. The article is on Digital Journal, the title is "U.S. army warns soldiers of dangers of Facebook geotagging"

    http://digitaljournal.com/article/320997

     

    reply to this | link to this | view in thread ]

  46.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 10:30am

    Re: Re:

    Except it isn't. His phone being connected to 3g does not make his work station connected to 3g. The virus he gets on his phone will not transfer to the work computers.

     

    reply to this | link to this | view in thread ]

  47.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 11:10am

    Re:

    Still waiting for a 'not funny' button.

     

    reply to this | link to this | view in thread ]

  48.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 11:40am

    Re: Re: Re:

    But if he decides he needs to recharge the battery vampire, aka smartphone, and plugs a USB cable into his XP workstation, which will conveniently mount it as a USB drive, then his whole company is jacked because he didn't realize that recharging could transfer a virus.

     

    reply to this | link to this | view in thread ]

  49.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 11:48am

    Re:

    Too bad the government learned all they know from war games.

     

    reply to this | link to this | view in thread ]

  50.  
    icon
    John Fenderson (profile), Mar 12th, 2012 @ 12:34pm

    Re: Re: Re: Re:

    If he did this where I work, then his employment would be at risk. It's expressly prohibited as it is (or should be) pretty much anywhere else.

     

    reply to this | link to this | view in thread ]

  51.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 12:45pm

    Common sense does not apply

    This isn't about cybersecurity, this is about common sense, where things like the power grid should not be accessible via the internet -- and I'm pretty sure they're not (back here in reality).

    Critical infrastructure (including nuclear power plants) is, in fact, connected to the internet, generally for SCADA (Supervisory Control and Data Acquisition) software, which can have security vulnerabilities.

    Here's Wikipedia's article (check the "Security issues" section):
    http://en.wikipedia.org/wiki/SCADA

    Here's a Forbes article:
    http://www.forbes.com/2007/08/22/scada-hackers-infrastructure-tech-security-cx_ag_0822hack .html

    And here's a Cracked article which includes several other things that shouldn't be hackable but are, including car brakes and pacemakers:
    http://www.cracked.com/article_19412_8-things-you-wont-believe-can-be-hacked.html

     

    reply to this | link to this | view in thread ]

  52.  
    icon
    Al Bert (profile), Mar 12th, 2012 @ 2:01pm

    i haven't bitched in a while, forgive me.

    American terrorism wears a suit and tie.
    It has hands in government and a face on television
    and full control of a dangerously gullible population.

    I don't know why, but i am always compelled to restate the obvious. There's a whole nation of media-insulated technophobes out there. Sometimes i get the impression that these discussions fail to recognize how effective such absurd lies and suggestions are against the rest of the country

     

    reply to this | link to this | view in thread ]

  53.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 2:14pm

    Re: Re: Re: Re:

    All that would depend on the smartphone in question. The majority, and I speak from extensive experience repairing smart phones, DO NOT get mounted automatically.

    The majority can however simply be charged by just plugging them in. No harm, or transferring of files, to your computer.

    As far as XP goes, most smart phones wouldn't even be recognized at plug in. You'd have to install the necessary drivers, software or both to get it recognized. Vista or Windows 7 is another story. Also, you fail to recognize the fact that the majority of smart phones first require that you change a setting in the phone itself that results in it being auto mounted and read whenever being plugged in.

    Which is of course overlooking the fact that depending where you work, some auto run and mount options are disabled from the start to prevent just such problems, like viruses, from happening. Not too mention that what few ACTUAL smartphone viruses there are ONLY target and infect.... SMARTPHONES.

    I'm not going to call you an alarmist or misinformed, but suffice it to say that you're really grasping at straws.

     

    reply to this | link to this | view in thread ]

  54.  
    identicon
    AB, Mar 12th, 2012 @ 3:40pm

    Anti-Terrorist Mind Control Law

    Way ahead of you on that one. They're working on a new super-secret law that will make any unauthorized use of minds illegal.

     

    reply to this | link to this | view in thread ]

  55.  
    icon
    ECA (profile), Mar 12th, 2012 @ 3:58pm

    WARNING..

    POWER WAS TAKEN away from government control..
    It was released to be PRIVATELY run, by a CORP...FOR PROFIT..

    ITS A CORP...
    IF they SCREW UP, its THEIR FAULT.
    LEt the gov, FINE them..
    1. NOT supplying proper energy protections..
    2. NOT upgrading facilities to maintain Proper POWEr structure
    3. FOR being an F@#%#ing IDIOT..

     

    reply to this | link to this | view in thread ]

  56.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 4:46pm

    Re: WARNING..

    Alright, after skimming over your last post and this one I just have to say this: if you expect to be taken seriously, at all, lay off the caps button.

    Used to that extent, or even half that much, it doesn't help your arguments, it just makes you look like a kid who doesn't know decent spelling and punctuation.

     

    reply to this | link to this | view in thread ]

  57.  
    icon
    That Anonymous Coward (profile), Mar 12th, 2012 @ 5:20pm

    Re: Reductio'd, but the absurdum is already there

    is this fallout from the idea that everyone gets a ribbon and there are no losers?
    We want to make sure that even the most inept hacker can have the rush of hacking into a system.

     

    reply to this | link to this | view in thread ]

  58.  
    icon
    Endtimer (profile), Mar 12th, 2012 @ 7:38pm

    Re:

    Unless the hackers are hacking from, I dunno, say, any other place in the world

    or have access to a generator.

     

    reply to this | link to this | view in thread ]

  59.  
    icon
    Al Bert (profile), Mar 12th, 2012 @ 10:38pm

    if you wanted to be constructive

    You could go so far as to politely suggest tactful use of the simple HTML tags allowed by the comment form.

     

    reply to this | link to this | view in thread ]

  60.  
    icon
    ECA (profile), Mar 12th, 2012 @ 11:04pm

    Re: Re: WARNING..

    Lets add something here..

    USA makes more food then it could ever eat, every year..Over 80% is shipped out...
    Do you think they take out the peanut oil from the shipments?
    Do they add fillers to any of the food?
    Do those Poor countries, pa as much as we do for the SAME food?

    Why do we get products that BREAK?
    Simple answer..Profit..Its cheaper to make, as they Auction for the Best prices..
    And computers make it Easy.
    Laptop batteries went to court.
    The corps were programming them to Quit, after a certain time. Just like your PRINTER Cartridges.
    Why is this happening? EASY..we dont STOP them.

    Do you have a choice? Not really.
    Corps say you have CHOICE. Go ahead, tell them what you want. and watch them either say:
    NO
    Restricted
    Or Charge you thru the nose for it.

    Copyrights should fail/fall to everyone..
    Do you really think that a Side load washer should cost $1000...For that price, you could get a commercial one, with a GREAT warranty. But it used to be, that when they shipped them to the USA, they sent PARTS with them for repairs. Not now. they have to be ordered, at SPECIAL prices.. It used to be easy/cheap to fix our appliances..Not now.

     

    reply to this | link to this | view in thread ]

  61.  
    identicon
    Anonymous Coward, Mar 12th, 2012 @ 11:46pm

    Re: Re: Re: I agree

    Totally agree with you...i mean, power grid gets stolen all the time, people can just pocket them and walk away....

     

    reply to this | link to this | view in thread ]

  62.  
    icon
    Al Bert (profile), Mar 13th, 2012 @ 12:04am

    Re: Re: Re: WARNING..

    Oh, I hear you. It's a horrid bitch to fix consumer products anymore. Half the time you literally need a machine shop and engineering experience to rebuild that which was designed to fail.

    But go back to the days when things could be easily fixed by users. Take your modern consumer. If they had been given a spare defrost timer, dryer belt, tuner module, vacuum tube, or even spark plugs as might be associated with such vintage expectations... could most people even muster the effort to try and fix it themselves? For the most part, the answer is no.

    The "corps" as you put it have the power to fuck people over because people accept being fucked daily. I'm not pointing my finger at you or other people in the vicinity of this comment, but next time you're out among the technophobes and whitney-watchers, look around and think about it.

     

    reply to this | link to this | view in thread ]

  63.  
    identicon
    Faetan, Mar 13th, 2012 @ 12:46am

    Re: Common sense does not apply

    Well then they are doing it wrong you can have two networks running, one for process control eg SCADA and the other for corporate computers.

    That is how it should be done PCN networks should be locked down completely with no internet access and also locked down form users doing almost anything with them if not they need a new IT department.

     

    reply to this | link to this | view in thread ]

  64.  
    identicon
    Faetan, Mar 13th, 2012 @ 12:46am

    Re: Common sense does not apply

    Well then they are doing it wrong you can have two networks running, one for process control eg SCADA and the other for corporate computers.

    That is how it should be done PCN networks should be locked down completely with no internet access and also locked down form users doing almost anything with them if not they need a new IT department.

     

    reply to this | link to this | view in thread ]

  65.  
    icon
    That One Guy (profile), Mar 13th, 2012 @ 6:12am

    Re: Re:

    >or possibly an in-building pizzeria.

    Man, if someone built an apartment complex with one of those, and then rented it out to college students... they could charge anything they wanted and they'd still be out of available apartments inside a week of opening.

     

    reply to this | link to this | view in thread ]

  66.  
    icon
    That One Guy (profile), Mar 13th, 2012 @ 6:14am

    Re: Re:

    Though it would be rather big, I think 'should be funny but isn't' would be more appropriate.

     

    reply to this | link to this | view in thread ]

  67.  
    icon
    That One Guy (profile), Mar 13th, 2012 @ 6:21am

    Re:

    Easy, you see all the crazy stuff they keep trying to push isn't meant to actually pass, instead it's designed to make people more and more paranoid, until finally 'poof', everyone is wearing tin-foil hats, and are therefor terrorist psychic proof.

     

    reply to this | link to this | view in thread ]

  68.  
    icon
    That One Guy (profile), Mar 13th, 2012 @ 6:27am

    Re: if you wanted to be constructive

    Point, after re-reading what I typed out I was a little overboard there, the last line especially, and for that I apologize to the one I was replying to.

     

    reply to this | link to this | view in thread ]

  69.  
    icon
    Gerald Robinson (profile), Mar 13th, 2012 @ 10:52am

    SCADA and the 'net

    There is no reason to connect SCADA systems to the internet except laziness, parsimony and convenience. AQ laqw that specifically address security of SCADA systems and of any vendor systems which can access them either over the 'net or out of band makes sense. A law that sets security standards for automotive and transportation systems including hardening makes sense. A separate law which requires that GPS sold in the US not be susceptible to off band interference makes sense. A single buckshot law with broad effect makes no sense.

     

    reply to this | link to this | view in thread ]


Add Your Comment

Have a Techdirt Account? Sign in now. Want one? Register here
Get Techdirt’s Daily Email
Save me a cookie
  • Note: A CRLF will be replaced by a break tag (<br>), all other allowable HTML will remain intact
  • Allowed HTML Tags: <b> <i> <a> <em> <br> <strong> <blockquote> <hr> <tt>
Follow Techdirt
A word from our sponsors...
Essential Reading
Techdirt Reading List
Techdirt Insider Chat
A word from our sponsors...
Recent Stories
A word from our sponsors...

Close

Email This