Mar 21, 2019
It's A Security Thing Thursday. Today, Craig discusses the bizarre malware that is disabling the safety systems in our industrial plants.
These and more tech tips, news, and updates visit - CraigPeterson.com
---
Related Articles
---
Below is a rush transcript of this segment, it might contain errors.
Airing date: 03/21/2019
Bizarre Malware Disabling Safety Systems
Craig Peterson 0:06
Hey, welcome all you podcast listeners, it's time for another
Security Thing. I want to talk about this bizarre malware that MIT
wrote a really interesting article on a report over at MIT
Technology Review. Futurism.com picked it up and it's really been
kind of making the rounds and mold in certain circles within the
security community. And it's different in its attack, because we're
talking about malware here that is designed to disable the safety
systems at industrial plants. We know that the US and Israel were
involved with Stuxnet. And we know about the whole thing that
happened over in Iran at the nuclear facility. And that was
engineered by two countries. And they were trying to shut down the
processing of uranium and those centrifuges. And if you've never
seen the centrifuges, you got to have a look at it, because I had
in mind something to look like my high school chemistry
centrifuges, or the things they use for spinning down blood. These
things much, much, much different and more complex, really, they
don't even look like a centrifuge frankly, you know, at least from
the, you know, the outside point of view. But the US and the Israel
apparently designed this malware, and it was very, very well
designed. It did two things. One, it caused the centrifuges to spin
out of control and destroy themselves, because they were spinning
so fast way beyond their normal tolerances. And you'd think, of
course, that the centrifuges, which were not made in Iran, by the
way, that the centrifuges and their control systems which are not
made in Iran would be able to handle this. And in fact, that's what
the malware went against was these controllers not made in Iran,
that the bad guys in this case, Israel and the US, apparently,that
they had the ability to examine and play with and and then come up
with this whole attack vector.
Craig 2:25
So they went ahead, they made malware the attacked the controllers
for the centrifuges, and apparently ruined a more than 1000 of
them. And they also had the malware go after the control systems
that were being monitored. So really the monitor systems so that
everyone who was in the control portion of the plant would be
seeing everything being normal. No alarms going off, no klaxon
sounding and lights flashing. All of the charts would look pretty
darn normal, that they were all spinning about the right speed. It
was just done very, very well, very professional. But it was also
done in such a way that no one would lose life over it, these
things would spin themselves to the point where they would just
destroy themselves. But you know, they were trying not to kill
anyone, but it wasn't their primary goal, obviously. Well, now
we've got this new hacker tool that's been found. And it's been out
there for quite a while. It's called Triton. And it's been out
there apparently since 2014. But researchers didn't really become
aware of it until around 2017. That's a little worrisome, isn't it?
The malware also crosses a new ethical line. Now I know you say
malware and ethics, look at what ransomware has done and shut down
hospitals, police department. Ransomware is going all the way
through taking all of your family pictures away from you. malware
is bad. And there is a really there's no ethics involved for these
hackers that are spreading it. But they have always in the past,
been careful about what they targeted. And they never have seemed
in the past to target the safety systems that are in our industrial
plants. But that's exactly what's happened right now. There is a
gentleman by the name of Joe Slowik, he's a former information
warfare officer warfare officer in the US Navy. He's now working at
Dragos which is an industrial cyber security firm, according to
Futurism. And that firm Dragos has been tracking the spread of
Triton.
Craig 4:53
And Joe says that targeting safety systems just seemed to be off
limits morally, really hard to do technically. So now we've got to
really question things. We've got Dan Coats. He's a former US
Director of National Intelligence, who has been warning that things
are changing. And here's a quote from him. Here we are nearly two
decades later, this was a speech last year. And I'm here to say the
warning lights are blinking red again. Today, the digital
infrastructure that serves this country is literally under attack.
So they are attacking it, they're attacking it in different ways.
Triton has been used as a core for attacking a lot of different
business systems over the years. But now we're talking about safety
systems, the systems that protect nuclear power stations all the
way through water treatment facilities, the same types of
controllers that were attacked by our government and Israel in that
Iranian plant, those same time types of control systems are all
over the place in our businesses. They control everything from the
heating and air conditioning, through manufacturing systems,
through cooling systems, nuclear power plants, and they are dead
under attack. So I have a friend that's been in this business for
years, I haven't talked to him in probably 20 or 30 years, but he
has been trying to really sound the alarm and hasn't been terribly
successful. We've got to be careful, we've got to be more careful
about our industrial plants and our security. And that means at the
very least, we've got to separate our networks. I've got a great
module and one of my courses on this, but how to split it up? You
know, we're, we're bringing internet of things into our industrial
plants. We're bringing in these lights that are controlled by
computer to save us money. We're bringing in control systems that
heat up the plastics, that will heat up the copper to make wires
and, and pull them all out and they're all being automated. And in
many places, far too many places, they're on a flat network, you
know, the same network, they can all address each other. Even if
you separate out the networks, if they can get from one to another,
you've got problems. And if you can get to any of these systems via
the internet, you've got problems. And just because I've got a
firewall doesn't mean it's working for you. Believe me, I have yet
to go into one of these companies, you know, 10 million all the way
up through half a billion dollars, and have and audited their
systems and find that there aren't major problems, where they could
have they religious lucky, they haven't been hacked. And of course,
you already know, I've been in many businesses where they've
already been hacked, where they've already had a failure of the
lack of security systems, but a failure of their security systems
to the point where they got sued, they went out of business, they
lost hundreds of thousands, millions of dollars. In one case, it
was tens of millions of dollars. So keep this in mind, they are
coming after us. If you are an industrial plant, they want you,
they want your equipment, they want to control it. And remember
that our enemies have a first line of attack against us being
cyber. So many of these attacks are coming from Iran, they are
coming from China, they are coming from Russia, they are government
sponsored. And their idea is to flip a switch just all of a sudden
flip that switch and it's done and over with and we're in deep
trouble. Okay?
Craig 8:53
So do the right thing. split your networks, make sure there's no
routing between them that you minimize any access to any data, and
that there's no external access, and that any access from the
inside is tightly controlled. So there you go. All in a nutshell.
It sounds like what a weekend's work for you.
Craig 9:10
All right. Take care, but hey, it's a Security Thing. And we'll be
back with another one tomorrow, of course, Craig Peterson and
that's where you'll find me online. http://CraigPeterson.com
---
More stories and tech updates at:
Don't miss an episode from Craig. Subscribe and give us a rating:
Message Input:
Message #techtalk
Follow me on Twitter for the latest in tech at:
For questions, call or text:
855-385-5553