[ISN] Anonymous hacker claims he broke into wind turbine systems

From: InfoSec News <alerts_at_private>
Date: Mon, 18 Apr 2011 03:09:58 -0500 (CDT)
http://www.computerworld.com/s/article/9215879/Anonymous_hacker_claims_he_broke_into_wind_turbine_systems

By Robert McMillan
IDG News Service
April 17, 2011

Claiming revenge for an "illegitimate firing," someone has posted 
screenshots and other data, apparently showing that he was able to break 
a 200 megawat wind turbine system owned by NextEra Energy Resources, a 
subsidiary of Florida Power & Light.

The data was posted to the Full Disclossure security mailing list 
Saturday anonymously, by someone using the name "Bgr R." In the post, he 
(or she) wrote, "Here comes my revenge for illegitimate firing from 
Florida Power & Light Company... ain't nothing you can do with it, since 
your electricity is turned off !!!"

In an e-mail interview, Bgr R said he's a former employee who discovered 
a vulnerability in the company's Cisco security management software that 
he then used to hack into the SCADA (supervisory control and data 
acquisition) systems used to control the turbines. His motive was to 
embarrass the company, he said. "I want people to know about them and 
how they really work on SCADA security," he said.

It's not clear whether or not the posting is a hoax, or if any systems 
have been affected, but the screen shots of the Wind Turbine management 
interface looked legitimate, said Wesley McGrew, an industrial systems 
security researcher with McGrew Security. "My best guess is that it's 
legit, and this guy will probably be picked up pretty quick if it's 
really a disgruntled employee," he said in an instant message interview. 
"The whole thing looks like just a grab bag of stuff he had access to."

[...]


___________________________________________________________      
Tegatai Managed Colocation: Four Provider Blended
Tier-1 Bandwidth, Fortinet Universal Threat Management,
Natural Disaster Avoidance, Always-On Power Delivery 
Network, Cisco Switches, SAS 70 Type II Datacenter. 
Find peace of mind, Defend your Critical Infrastructure.
http://www.tegataiphoenix.com/
Received on Mon Apr 18 2011 - 01:09:58 PDT

This archive was generated by hypermail 2.2.0 : Mon Apr 18 2011 - 01:28:10 PDT