Critical Infrastructure Flaw Vulnerable to Hacking

Cyber criminals and terrorists could potentially take advantage of a recently discovered security flaw in certain software to get a hand on gigantic computer systems that regulate and control crucial infrastructures like power plants, oil refineries, and factories, observed Ganesh Devarajan, a security researcher at 3Com Corp owned Tipping Point based in Austin, Texas. Bostonherald published this in news on August 6, 2007.

Ganesh, who uncovered the software flaw, demonstrated it to those attending the Defcon hacker conference focusing on the computer security. The software manages SCADA or 'Supervisory Control And Data Acquisition' systems, i.e., computers that direct the operation of such critical infrastructure as power transmission and water treatment facilities, oil and gas pipelines and the large-sized factories that big technology companies use.

Devarajan explained that exploitation of the vulnerability could bring down some SCADA computer systems, in particular the older ones. The hack takes place with attacks on sensors in the plants that connect to the Internet without encryption.

Devarajan, however, declined to name the company whose software he hacked, but said Tipping Point has notified the software company about the vulnerability so that it could resolve the problem. The researcher thinks similar flaws possibly exist in other software too.

Threats on SCADA systems are scary because they regulate the daily life of the public. The software they use is lightweight so that just by sending some phony requests it is possible to easily communicate with them thus making it a scary issue, said Ganesh.

Authorities are concerned about weaknesses in SCADA software as these systems that were in closed networks have been connected to the Internet, said Linton Wells II, former chief information officer at the Defense Department and now a distinguished research professor at National Defense University. Bostonherald published this on August 6, 2007.

It is important to understand that Devarajan's demonstration is not simply the techie stuff that leaves ordinary lives unaffected, Linton said prior to Devarajan's presentation.

According to officials, such infrastructure vulnerabilities are crucial terrorism concerns although some ask if the technological problem of such online attacks wouldn't divert criminals more towards physical attacks.

Related article: Critical Flaw Found in Famous VLC Media Player

» SPAMfighter News - 8/18/2007