Hacktivist group "Anonymous" are considering attacking SCADA system
A recently leaked DHS document (Download Here) warns that Hacktivist group “Anonymous” are considering attacking SCADA systems and Critical Infrastructures in some countries.
The document labelled as “for official use only” quotes several “twitter” posts believed to belong to Anonymous members discussing and exchanging information about SCADA projects.
”On 19 July 2011, a known Anonymous member posted to Twitter the results of browsing the directory tree for Siemens SIMATIC software. This is an indication in a shift toward interest in control systems by the hacktivist group.”another tweet
“An anonymous individual provided an open source posting on twitter of xml and html code that queries the SIMATIC software. The individual alleged access to multiple control systems and referred to “Owning” them. The Twitter posting does not identify any systems where privileged levels of access to control systems have been obtained.”The report insinuates that experienced Anonymous hackers can quickly gain the knowledge required to hack ICS “Industrial Control Systems” which is correct. But the report didn’t mention the fact that currently there is a gold rush amongst researchers to come up with SCADA vulnerabilities, just in the past couple of weeks anyone following the right and publicly available sources can count more than a dozen zero-day vulnerabilities out there.
Just by looking around, I am afraid to say that ICS are going to be the next target after the current wave of attacks on financial institutions “Occupy wall-street”.
Looking at the flow of events, Anonymous, LulzSec and Co. have already targeted Governments, Big corporates, Defense contractors,Banks and Stock exchanges….the next logical step down the food chain is Energy.
More on the topic:
- Washington times
- The register