back to article Now that's taking the p... Sewage plant 'hacked' to craft crypto-coins

Infosec bods say they have uncovered what's thought to be the first case of a major industrial control system network infected with cryptocurrency-mining malware. SCADA security outfit Radiflow claimed today it found the software nasty lurking in computer systems at a water treatment facility. Several operational servers used …

  1. Swarthy

    Let me just say

    Why the FUCK are these important (SOooo Important we can't risk a bad patch taking them down) machines hooked up to the Internet with nary a proxy nor decent Firewall to shield them?

    "We can't risk a bad patch taking them down; we can't even reboot it because it's Important, and can have no downtime. But if the scrotes on the 'Net wanna fuck with it... Nothing I can do."

    1. Mark 85

      Re: Let me just say

      Lazy and cheap from what I see. Costs money and too much time to do things properly. That and many SCADA sytems could be considered legacy types that were built back when the "net" was a fun place and not a threat. The owners haven't wanted to cut profits by upgrading and redesigning their control systems to meet the threats.

      1. Anonymous Coward
        Anonymous Coward

        Re: Let me just say

        The owners haven't wanted to cut profits by upgrading and redesigning their control systems to meet the threats.

        In a lot of cases there is no need to upgrade unless you are doing a complete rebuild of the facility.

        The best security for such places and other industrial facilities is a pair of side cutters applied to any network cabled that go to anything connected to the outside world.

        1. nijam Silver badge

          Re: Let me just say

          > a pair of side cutters applied to ... anything connected to the outside world.

          The users, then.

        2. This post has been deleted by its author

    2. Anonymous Coward
      Anonymous Coward

      Easy explanation

      The supervisor wants to be able to keep tabs on what is going on, so he said "set it up so I can access it from my PC or phone" and it gets done by someone in the city's IT department. Even if he is aware it is risky, he's outranked by the guy in charge of the sewage plan (he's king shit after all) and doesn't have the authority to tell him no. If this sort of thing happens in the corporate world all the time (maybe less often the last few years but still does) why would anyone be surprised it happens in a municipality where they are years behind in security - and years behind in actual attacks so they have so far had less cause to worry about security.

  2. This post has been deleted by its author

    1. TRT Silver badge

      Re: Hmmmmm... Yuck


    2. TRT Silver badge

      Re: Hmmmmm... Yuck


    3. TRT Silver badge

      Re: Hmmmmm... Yuck


  3. Anonymous Coward
    Anonymous Coward

    Just a plop in the ocean

    The danger is the fat (in the) pipes these sewage works have when they are connected to the internet. The amount of filth they handle is almost as bad as Twitter and Reddit combined. When then happens you know urine trouble. And the sort of stuff people post from the most comfortable seat in their homes would make Facebook blush.

    You've heard of data mining, but just imagine what value these guys would be able to get out of a dump this size, I mean they should float it.

    This story is going to raise a big stink, at least it would if it was written in effluent English.

    Things are rapidly getting out of control now, it scada stop. And I'm pooped anyhow.

    1. 404

      Re: Just a plop in the ocean

      That was terrible...

      1. Anonymous Coward
        Anonymous Coward

        Re: Just a plop in the ocean

        Yes. But I feel so much better now that it's out.

    2. Pen-y-gors

      Re: Just a plop in the ocean

      Ah, "Carry On Commenting", truly British! Benny Hill would be proud!

  4. This post has been deleted by its author

    1. Jamesit

      "PCs in an OT [operational technology] network run sensitive HMI [human-machine interface] and SCADA [supervisory control and data acquisition] applications that cannot get the latest Windows, antivirus and other important updates and will always be vulnerable to malware attacks."

      Then access should be limited to intranet only.

      edited to add "to"

  5. J. Cook Silver badge

    This surprises me in what way, again?

    Someone needs to break out the chalk and write 100 times on the board "SCADA systems should never be granted internet access".

    Either that, or send Vinne and Guido over to break some fingers.

    1. DNTP

      Re: This surprises me in what way, again?

      This is the story of an airgapped lab computer running a large robot handler that had no network card and locked covers over the USB ports, that was clearly marked "No network access. No internet. No personal use. Misuse may lead to termination." Users of this lab were high-turnover basic technicians and student workers.

      Opening Internet Explorer would default to a HTML form clearly repeating these cautions, and instructions that if the user wanted to connect to the internet anyway, in complete defiance of every single direction they'd been given, to enter their university account username and password into the fields provided and click "submit".

      Obviously this did not magically grant them network access. It saved their credentials to a text file which we would then use as evidence in disciplining or firing them.

      1. Anonymous South African Coward

        Re: This surprises me in what way, again?

        Hehehe, good one that! And a jolly good idea too!

        How many people got "disciplined" by this sort of thing? Just curious to know.

        'ere, 'aff one on teh hosue :)

    2. imanidiot Silver badge

      Re: This surprises me in what way, again?

      @J. Cook

      That is incomplete. "SCADA systems should be on their own isolated network without internet access."

  6. This post has been deleted by its author

  7. Nimby

    Eat sh_t and die.

    While I in no way condone criminal activity of any kind, that someone did this is absolutely no surprise. Why buy the server farm when you can get a crap-load of open crypto-milk for free? Anyone not expecting this to have already happened and will continue to happen could run for US presidency. The more SCADA sites get hacked, the more likely Those In Charge might finally cut the wires to the outside world and take security seriously for a change.

    Meanwhile, I wonder how long before distributed computing hacks turn every internet-enabled lightbulb and default (or backdoor) password router into a viable crypto-cash-cow.

    (And if they did, would anyone even notice?)

    Someone else's hardware. Someone else's cooling. Someone else's leccy. Crap security. Likely the only people keeping the hackers out are other hackers who want the prize for themselves.

  8. adam payne

    The malicious software was, we're told, chewing up processor time, noisily shifting data over the network, and potentially exploiting the fact that industrial networks tend not to be running the latest security patches – typically because they oversee critical processes that cannot be interrupted or knocked out by bad updates.

    Important machines with connection to the internet?!?! seriously where's the air gap?

    Ilan Barda, Radiflow’s CEO, told The Register today the malware was probably installed after someone used a browser on a server to visit a website they shouldn't have. The nasty would have been accidentally downloaded and run, and it likely exploited network file shares to move through the utility company's computers, we're told.

    Someone had access to a server and was able to browse the internet on it?!?!? *shakes head*

  9. ThatOne Silver badge

    Father, forgive them, for they know not what they do.

    You guys forget that engineers aren't necessarily computer engineers. I happen to know many high ranking and very capable engineers or scientists who don't have the slightest clue about computers and computer security. Telling them about the chances something similar might happen to their workplace just results in very surprised faces and a comment like "Maybe we'll need to talk to our IT department about that". And by "IT department" they mean some outsourced part-time team in [insert low-wage country].

  10. Anonymous Coward
    Anonymous Coward


    A friend of mine has his entire house running off of a generator that uses Barium that costs about $100.00 a year to operate.

    He used to mine Bitcoin due to the low energy costs.

    He sold off $500,000.00 in Bitcoin last year to purchase a warehouse so he can mass produce these Barium powered generators.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like