[ISN] Intruders hack industrial heating system using backdoor posted online

From: InfoSec News <alerts_at_private>
Date: Fri, 14 Dec 2012 03:48:06 -0600 (CST)

By Dan Goodin
Ars Technica
Dec 13 2012

Hackers illegally accessed the Internet-connected controls of a New 
Jersey-based company's internal heating and air-conditioning system by 
exploiting a backdoor in a widely used piece of software, according to a 
recently published memo issued by the FBI.

The backdoor was contained in older versions of the Niagara AX 
Framework, which is used to remotely control boiler, heating, fire 
detection, and surveillance systems for the Pentagon, the FBI, the US 
Attorney's Office, and the Internal Revenue Service, among many others. 
The exploit gave hackers using multiple unauthorized US and 
international IP addresses access to a "Graphical User Interface (GUI), 
which provided a floor plan layout of the office, with control fields 
and feedback for each office and shop area," according to the memo, 
which was issued in July. "All areas of the office were clearly labeled 
with employee names or area names."

An IT contractor for the unnamed business told FBI agents the "Niagara 
control box was directly connected to the Internet with no interposing 
firewall," according to the memo, which was published Saturday by Public 
Intelligence. The website has an established track record of posting 
authentic government documents. Barbara Woodruff, a spokeswoman in the 
Newark, New Jersey division of the FBI, where the memo originated, said 
the document appeared to be authentic.

The unauthorized access began in February, a few weeks after someone 
using the Twitter handle @ntisec posted comments indicating hackers were 
targeting SCADA -- or supervisory control and data acquisition -- 
systems. One tweet included a list of Internet addresses, including one 
that was assigned to the heating system belonging to the New Jersey 
business. The hack came five months before security researchers Billy 
Rios and Terry McCorkle blew the whistle on serious vulnerabilities in 
the Niagara system, which is marketed by Tridium, a company with US 
offices located in Richmond, Virginia.


Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
Received on Fri Dec 14 2012 - 01:48:06 PST

This archive was generated by hypermail 2.2.0 : Fri Dec 14 2012 - 01:52:12 PST