Who the fuck ...
... would put this kind of kit on a network available to the general public?
I mean, really? Seems we're no longer even trying to educate teh yoof ...
A trio of Russian hackers say core flaws in rail networks are opening trains to hijacking and derailment and have published dozens of hardcoded industrial control system credentials to kick vendors into action. description Sergey Gordeychik (right), Gleb Gritsai, and Aleksandr Timorin (rear). Industrial control specialist …
"As a workaround, train operators could ensure that no aspect of the journey is in any way entertaining."
Whaddaya mean, "could"? In my experience they are alredy pretty good at that even without using any computer aid.
Re "possible paths between trains' operational systems ans passenger entertainment systems" - are we going to see high speed trains being hacked like, say a Jeep Cherokee?
"possible paths between trains' operational systems and passenger entertainment systems, they say."
Just like in aircraft then.
We've already seen claims that someone in a passenger seat got access via the entertainment network to the flight network.
I took the trouble to follow the claims as far as I could (I used to have some aircraft experience and some network experience).
There was remarkably little real detail, but one alleged detail I did see after a great deal of digging involved a "logon screen" which was said to be a Solaris logon screen.
On an aircraft? Chances are small but not quite zero.
On a safety critical system on an aircraft? Chances are zero.
I lost interest at that point.
It'd not be a huge surprise if something similar was going on here, although it also wouldn't be a huge surprise if there was genuine cause for concern.
Their mention of interlocking systems is interesting. There's at least one UK multiple unit train design that combines the door/motion interlock system (no opening door while train is in motion) with the in-train display system. Neither are directly safety critical, so "for simplicity", Windows was the chosen OS. There is another interlock with the motion control which says the train cannot start unless the door/motion interlock is showing signs of normal behaviour (ie the application is running and driving its handshake IO as required).
Windows being what it is, unplanned reboots are sometimes required. Driver gets to station and reboots the on-train info system, which therefore knocks out the door/motion interlock till the reboot has completed and the handshaking is alive again. Till startup is finished, the train cannot move off. So, some minutes later, by which time the train is irrecoverably late courtesy of Microsoft and friends, the train is able to set off again. What a marvellous design.
A better informed train geek than I am may be able to give you chapter and verse (what class train it is, who designed the train and when, who supplied the subsystems, what Windows version, etc).
Their mention of interlocking systems is interesting. There's at least one UK multiple unit train design that combines the door/motion interlock system (no opening door while train is in motion) with the in-train display system.
No, not that interlock. They are talking about the interlocks that switch a train from one track to another; to, for instance, bypass a slower moving train, or shunt a train off onto a siding or another line.
... would put this kind of kit on a network available to the general public?
It has been known for a long time that SCADA systems tend to have poor security controls; many are ancient having been built in an era before today's world where everything is connected. Plenty of time to address the issues but this has not happened.
So: regard this as a boot up the backside, not just to the vendors but also the users who have been reluctant to invest in upgrades. Granted that upgrading a rail system is not an overnight job.
Hopefully the result will be more secure infrastructure in a few years time.
"regard this as a boot up the backside, not just to the vendors but also the users who have been reluctant to invest in upgrades."
Stuxnet should surely have been that boot up the backside? It doesn't seem to have caused much of a rethink, not based on what I've seen anyway. Business as usual, clueless people in charge of budgets and technology.
It'll be fine, there's no problem, all we have to do is make sure everything on the LAN is a member of the domain (genuine plan at a List X site I'm familiar with). Failing that, device access control via 802.1x. No consideration of kit that can't join the domain for perfectly valid reasons and equally can't play 802.1x either. But what the IT Director wants, the IT Director must have, regardless of the (valid and safe) needs of the rest of the non-IT parts of the business (the bits that actually design, make, test, and repair things, and thereby pay the IT Director's overinflated wages).
" No consideration of kit that can't join the domain for perfectly valid reasons and equally can't play 802.1x either. "
More likely, equipment that cannot join the domain will be rejected at procurement stage or just given a "pass", and 802.1x would be deemed as technical requirement, and subject to commercial people over-ruling it in an effort to appear to be saving money .....
"Stuxnet should surely have been that boot up the backside? It doesn't seem to have caused much of a rethink, not based on what I've seen anyway. "
I bet there's somenoe somewhere that uses USB drives for data transfer of logs as it is "more secure" than a one-way file transfer ....
Great, as a pentester the domain is usually the first and easiest target to go for on any given network... All it takes is one vulnerable member system and you can almost always compromise the entire domain, and then every member system is owned. By putting everything in the domain you make it MUCH easier - far greater chance of finding the one vulnerable system you need, and much easier to access everything else (irrespective of how well hardened it is) once you have domain admin.
>But what the IT Director wants, the IT Director must have, regardless of the (valid and safe) needs of the rest of the non-IT parts of the business
I keep seeing ACs posting on here how the IT department is some parasite fiefdom on its own that doesn't care about the business. Must be all those broken ass banking and consulting companies in the UK because that sure isn't my experience here stateside working mostly for semiconductor manufacturers. Half our current IT staff started as operators on the Fab floor before skilling up. 24/7 manufacturing always comes first no matter what we are doing and being the slim unit we are we spend far more time on requests from the fab than we do from the corporate IT wing. I guess also being in a right to work (ie right to fire) state helps cuts down on the bureaucracy created solely for job security.
And yes I know difference between right to work and employment at will concepts but both together tend to discourage unions which other arguments aside could possibly be the cause of some of the non- business parasite activity ACs on here are always whining about. For a good example see the total clusterfsck that is the VA in the US where it it is nearly impossible to fire employees even if for things you and I would consider fraud. Unsurprisingly they have formed a bureaucracy that is more about protecting their jobs and punishing whistle blowers than serving Veterans (their core mission).
No I am well aware of also of the value of unions especially for employees and with the US having an union participation rate of barely single digits they are hardly the danger here made out by the righties. Also funny how wages have stagnated since union membership started declining in the 1970s. That said unions can have drawbacks even for employees if they are allowed to run amok (see teacher jobs being given away in wills like in Mexico, a place that can really afford incompetent teachers).
"24/7 manufacturing always comes first no matter what we are doing"
And rightly so. Automated manufacturing used to be my background too, but for various reasons I ended up in the kind of places where "what the IT Director wants, the IT Director must have, regardless of the (valid and safe) needs of the rest of the non-IT parts of the business".
"I guess also being in a right to work (ie right to fire) state helps cuts down on the bureaucracy created solely for job security."
Not sure what that means. By far the worst place I saw for IT is one where the CEO thought he had a clue about IT (because he had a PC at home?) and his IT director (one of his mates) was appointed accordingly, equally cluelessly, and so on down the chain.You could have almost anything you wanted as long as it had a Dell badge and was on the approved parts list (e.g. no hi-res monitors, they weren't approved, unless it was for electronic Andon board substitute which then sit idle for 99% of the time) and either ran Windows or as long as the business user was willing to wait a year while the business justification for not running Windows was evaluated. Non-compatible improvement suggestions were treated as rank insubordination.
I'm pleased to hear there are still places that aren't quite that stupid. Got any jobs going?
In one simple, easy to understand word:
MBA PHB: "We need to cut the OPEX budget, those dedicated leased telephone lines for our plant to HQ links costs big $$$$ monthly, can we somehow get rid of them???"
PHB suckup: "Yes sir boss, we can connect them to the internet, and drop those expensive bonus killing dedicated lines."
MBA PHB: "Good, I want a larger bonus at year end."
PHB suckup (to IT): "The C suite wants budget cuts, and we can't afford those expensive leased lines anymore. Connect them to HQ through the Internet."
IT: "We can do that, but those old systems were NEVER designed for direct Internet connections. We could be compromised."
PHB suckup: "Who cares!!!! The C suite wants budget cuts."
Some time later, the ClusterFuck Electric Co's Nuclear power plant is in deep shit because some hacker thought it would be funny to play games with the coolant pumps.
`MBA PHB` and `PHB suckup` are long gone, but IT gets to clean up the shit they left behind
The El Reg forum is devoted to empirically sound applications of technology. This being the case, perhaps your specific request should be directed to the "miracles and divine intervention" forum on the Catholic church's website? Is there a patron saint of public transportation? Or even an angry train god that you can sacrifice a goat or some hobo to?
"Oh, great Loco. Oh, He who moves the masses and cargo. Accept this poor offering and show us your favor!!"
Well my G Scale (largish garden scale railway - normally dangerous only to cats who don't pay any attention at the level crossing) is controlled through 3 Raspberries. Networked wirelessly. I'm beginning to harbour suspicions about the terriers intentions - spends a lot of time in my office.
The flaws follow a tune common to all utility sectors: decades-old industrial control systems once fragmented and offline have been networked to introduce better functionality
NO, no. It isn't for better functionality but to allow the bean counters to meddle with things they know nothing about.
The big problem is that accountants have replaced engineers in positions where engineers are necessary. Until this is reversed we will continue to have these problems.
It's all very well mocking the inadequacies of antiquated systems.
But a vast new generation of on-line connected, uncertified ND inadequately protected artefacts are coming our way: Things and the Internet thereof.
Whilst a single refrigeraor or light bulb poses an incomparably small threat compared to a 'plane or train, thousands of such Things driven in concert (cf. DDOS attacks) could be quite another matter.
"Whilst a single refrigeraor or light bulb poses an incomparably small threat compared to a 'plane or train, thousands of such Things driven in concert (cf. DDOS attacks) could be quite another matter."
Yeah, the thought of 10,000 fridge/freezers all turning on and off again in sync is probably a nightmare the power grid could do without.
On the other hand, some marketing wonk at the fridge/freezer manufacturer will probably think it 's a cool idea to have all their connected fridges talk to each other and a minor coding error will make them all talk to the same time server and use the same entropy sources.
What's wrong with them talking to the same time server? Do you think they should all have a different idea of the current time? Setting them to sync to pool.ntp.org seems the most likely.
Entropy sources don't matter - fridges aren't deciding when to turn their compressors on and off again based on a schedule, but rather based on internal temperature versus their set temperature. When to turn on the compressor will be different for each one as different homes have different ambient temperatures, different amounts of airflow around them, different amounts/lengths of opening/closing the door, and different contents being added/removed.
Those are all natural sources of entropy so even though the fridges all have the same amount of insulation built in, they would immediate have their schedules diverge even if they were all turned on with the same contents at the same time to start with.
The same experience also suggests that "Hey, let's have our hardware automatically download firmware updates so the users won't forget to" and "We should hard code a nice, safe time for all our systems to apply updates and reboot when nobody is using them" will also be seen as good ideas, and every single node in the Internet of Fridges will download the same untested update at the same time, apply it, and then power-cycle itself at midnight. UTC, of course, which puts it somewhere around peak evening power usage time in the USA
Only to come up again with the Metric to American conversion settings all backwards and happily chilling everybody's frozen meats to a nice, cool thirty-two degrees Celsius once the power comes back on.
Once again media hype is making this something it clearly isn't.
I fail to see how compromising the systems on a single train would allow a hacker to then compromise the interlocking for signalling. For a start, the interlocks and their associated signals, points and crossovers are all controlled from regional signalling centres and have nothing whatsoever to do with the trains that run on them.
Even if someone with the requisite knowledge were to be able to control a train, there is no way they could make the leap from there to controlling the national infrastructure.
Try reading and comprehending this sentence, present in the article you are labelling as garbage: Flaws affect various systems including mobile communication and interlocking platforms that control braking and help prevent collisions.
They are NOT ONLY dealing with rolling stock control systems. And even if they were, would you like to be in one where a black hat had access to the ATP/Indusi/Integra/whatever, making it ignore the next red signal?
Lots of interlock and signalling systems, from Alstom, Bombardier, Siemens as well as dozens of smaller system vendors are controlled via IP now. Stuff that used to use serial comms over dedicated copper or fiber is now fitted with Westermo's and connected via some flavour of IP network. An RFC1918 network most likely, but get into a control node via your exploit of choice and you can fsck up the lot quite a bit
This post has been deleted by a moderator
Ah the rail industry. I had to visit site to investigate some equipment which was down. It'd been down for some months (regulatory required equipment) but no one had reported/tested/been aware. Fortunately I retrieved it by pulling a disc in the raid set and it booted to the OS and then rebuilt.
Typical next question.. "where's all the data that we didn't record?"
Profits margins are so low that they aren't employing people do a good job, just enough to keep things running.
" ... they aren't employing people do a good job, just enough to keep things running."
Unfortunately, this is the case in a lot of places. A number of bridges affected by the recent water-related problems in the UK are testament to inadequate maintenance. The cult of bean-counting means that few people pay any attention to resilience these days.
Over here in America, we don't need hackers to derail our shiny new medium-speed trains. I'm always hearing about derailments and emergency track closures on the main northeast rail lines. All it takes is a rockslide, a neglected track, an engineer with a smartphone...
They are all held in thrall to the Cult of Bean Counters, whose first rule is "Know the price of everything and the value of nothing". Their second rule is "No-one else knows the value of anything either, regardless of qualifications." Their disciples, known as MBAs, are so thoroughly indoctrinated into the creed that they can see no God but the accounts ledger.
If you follow the urls and download the list and open the file. You see a list of documents showing how to log on to a newly shipped comms device. If I change the SIM for my phone it has a default code - typically 0.0.0.0 or 188.8.131.52. I would like the SIM supplier to say which it is. If I do not change it, its my fault not the SIM supplier, The supplier still have to tell me what the orginal code is so I can use the the SIM. Replace SIM with switch, same thing. No story here...
Biting the hand that feeds IT © 1998–2020