Overview
- SCADA systems: what are they?
- Stuxnet facts
- Attack techniques
- Technology in depth
- Speculation
SCADA systems
- supervisory control and data acquisition
- industrial control systems
- water treatment, oil platforms, manufacture
- power generation, refining, fabrication
Who uses SCADA?
- Bushehr
- Aker
- Posten
- everyone??
How does SCADA work?
Roughly:
- Human-Machine Interface
- Supervisory computer system
- Remote Terminal Units: sensors
- Programmable Logic Controllers (PLCs) do the work
- Communications
What is Stuxnet ?
- not your twitter bug
- discovered early this year
- USB and network worm
- highly precisioned target
- well engineered
- massive (50,000+ installs) deployment
Stuxnet facts
- only SCADA systems
- targets specific configuration!
- C&C in Malaysia
- Iran most affected
Attack techniques
- autorun.inf exe
- LNK 0day
- Print Spooler
- RPC sploit
- Digitally signed by Realtek and JMicron
- Elevation of privileges
Targeted attack
- Step7 PLC programmer infection
- Simatic WinCC and PSC7
- reprogramming Siemens PLC's
- DLL preloader
PLC attack
- developer DLL hook and replacement
- replacement routines for read,write,delete module
- hides itself, modifies commands
- app programmer none the wiser
Speculation
- bushehr ?
- natanz
- Israeli bragging
- Cheif steps off + delays
More speculation
- gov't or strong commercial interest
- analysis uses drivers so prolific they cant be blacklisted
- bribes to companies in exchange for private key
- Paid blackhats for 0days
Questions?
- implications?
- "linux is way more secure"
- discuss!
Thanks!