HOME  |  NEWS  |  BLOGS  |  MESSAGES  |  FEATURES  |  VIDEOS  |  WEBINARS  |  INDUSTRIES  |  FOCUS ON FUNDAMENTALS
  |  REGISTER  |  LOGIN  |  HELP
Blogs
Blog

10 Cyber Attacks That Wreaked Havoc

View Comments: Threaded|Newest First|Oldest First
Elizabeth M
User Rank
Blogger
Lessons of history
Elizabeth M   5/14/2014 6:55:44 AM
NO RATINGS
Interesting slideshow, Rob! I bet some in the industry would like to forget about these, but it's good to remember to learn from past mistakes. Stuxnet, for example, really showed organizations that external storage and media can wreak havoc if not properly secured. I didn't even know some of these attacks happened--another good reason to make them more public. I think sometimes it behooves those in the industry to keep this stuff on the down low, but it's far better for the public to be aware of the threats that exist.

Rob Spiegel
User Rank
Blogger
Re: Lessons of history
Rob Spiegel   5/14/2014 7:04:06 AM
NO RATINGS
Elizabeth, this is just a sampling. I didn't include attcks on commercial enterprise for cc numbers such as attacks on Sony, BoA, and Target.

Elizabeth M
User Rank
Blogger
Re: Lessons of history
Elizabeth M   5/14/2014 7:09:55 AM
NO RATINGS
Well that is quite scary, then! I actually like that you included some that may be lesser know.

tekochip
User Rank
Platinum
Re: Lessons of history
tekochip   5/14/2014 10:06:23 AM
NO RATINGS
I think wants really important about that story was that the Stuxnet wormed its way into the PLC code and destroyed the centrifuges making fissionable material.  The attack was very direct and designed to perform a very exacting purpose.  It wasn't just a kid throwing a brick through the window, it was a spy sneaking into the facility and blowing up Iran's nuclear program.

Rob Spiegel
User Rank
Blogger
Re: Lessons of history
Rob Spiegel   5/14/2014 11:03:15 AM
NO RATINGS
Good point Tekochip. Yes, Stuxnet was very sophisticated. Stuxnet has three modules: a worm that executes all routines related to the main payload of the attack; a link file that automatically executes the propagated copies of the worm; and a rootkit component responsible for hiding all malicious files and processes, preventing detection of the presence of Stuxnet.


So as it was destroying the centrifuges, the monitors said everything was going just fine.

Elizabeth M
User Rank
Blogger
Re: Lessons of history
Elizabeth M   5/15/2014 11:52:47 AM
NO RATINGS
Indeed, tekochip, you illustrate a good point--the sophistication of some of these attacks. I think that's what really worried security experts so much about Stuxnet--how targeted and specific it was, and how stealthy. Very troubling that hackers can achieve this level of threat.

tekochip
User Rank
Platinum
Re: Lessons of history
tekochip   5/15/2014 12:17:57 PM
NO RATINGS
Yea, but I wouldn't call them hackers, I would call them foreign agents.  In this case, it was probably my very own government.

AnandY
User Rank
Gold
Re: Lessons of history
AnandY   5/27/2014 1:50:43 PM
NO RATINGS
Cyber attacks are the worst things that can ever happen. It brings about a lot of havoc and a lot of data is usually lost when this happens. The cyber attacks usually end up distracting the running business of a company and they bring a lot of confusion. The worst thing about these attacks is that they happen in many forms and you cannot really predict when they will happen. Companies should have better security enforced to ensure that all their important data is kept intact.

naperlou
User Rank
Blogger
the dangers of connectedness
naperlou   5/14/2014 12:48:53 PM
NO RATINGS
Rob, we have to ask ourselves a question about whether it is worth the risk to be so fully connected.  There is very little utility to having an industrial or utility control system connected to the Internet.  It is possible, and desirable, to have strong seperation of networks.  I observed issues with this many years before the Internet came live in a situation where we had corporate networks with vendor protocols. 

Rob Spiegel
User Rank
Blogger
Re: the dangers of connectedness
Rob Spiegel   5/14/2014 1:08:03 PM
NO RATINGS
That's a great question, Naperlou. For decades, plants were networked without connectivity to the outside. This didn't change with the internet of things. It changed with connectivity to the ERP system -- folks in the front office wanted to know when an order was completed and shipped so they could invoice it ASAP. And sales folks wanted to know what was going on. That ERP was connected to the internet, which meant the plant was then connected de facto.

William K.
User Rank
Platinum
Re: the dangers of connectedness
William K.   5/14/2014 4:38:14 PM
NO RATINGS
Naperlou, not only the question of is it worth being connected, but also the question of teh value of being compatible. Infections can happen to non-connected networks by means of infected portable data devices. But those non-PC compatible PLC devices would be a bit more challenging to hack, by virtue of not speaking the same language at all. But as soon as a system has parts that can handle the files, hacking becomes possible.

One working solution would be hardware firewalls of the type that would only allow certain commands, such as requests for data, to pass through, with no availability of an option to change that by means of software. Of course, the tradeoff is a lack of flexibility, and needing to change proms in order to change the programming. BUt the benefit would be a hacker-proof wall. The makers of proms and E-Proms would love it, though.

The actual mechanization would be that the instruction from outside would be of the type "send message #1 from the stored messages list, with that list being coded into the hardware memory, not changable from the outside. Sort of like a jukebox- select a record to play was the only option. And it could only play the records installed inside.

Charles Murray
User Rank
Blogger
Re: the dangers of connectedness
Charles Murray   5/14/2014 8:29:02 PM
NO RATINGS
That's a great question, naperlou. It seems like full connectivity has become such an accepted practice of business that many entities (corporations, goverment and utilities) don't bother to ask how important it really is.

David Cox
User Rank
Silver
Re: the dangers of connectedness
David Cox   5/15/2014 8:35:50 AM
NO RATINGS
In my opinion it is all a matter of novelty (and a bit of laziness).  Do I really need to be able to stream my cable signal to every device in my house and control it from my cell phone?  What's wrong with the cable remote sitting next to me?  Do I really need to be able to shut off my lights at home from the beach?  Do I need a garment embedded with leds that flashes when I am in proximity of a potential mate?  I answer a resounding NO.  If service providers said "You need to be able to do this." and we, the users said, "No, we don't," then maybe they wouldn't be so damn invasive (and by extension, we wouldn't have everything we own controlled through the internet).

RogueMoon
User Rank
Platinum
Re: the dangers of connectedness
RogueMoon   5/15/2014 9:21:41 AM
NO RATINGS
right on, David. I couldn't agree more. 

Software quality control has become a thing of the past with the plethora of "patches" we're bombarded with every week.   Just put anything on the street and hope it sticks.

I don't think anyone outside of the big city techie communities participates in tech company focus groups (assuming they bother to poll a customer).  More and more, I get features in my cell phone that I didn't ask for.  On a few rare occassions, something useful is added.  More often, its more "chindogu" features to ignore, disable or simply force myself tolerate the annoyance. 

There's a whole industry dedicated to fixing things that aren't broken.

rosek
User Rank
Silver
Re: the dangers of connectedness
rosek   5/15/2014 11:04:46 AM
NO RATINGS
@David - You are correct! It's the novelty of those features that makes people want a new cell phone whenever the latest tweak is introduced, not any real need.

I remember the Sci-Fi series Battlestar Galactica, where networks were rarely used because their robots kept hacking them and wreaking havoc. Prescient, perhaps?

Charles Murray
User Rank
Blogger
Re: the dangers of connectedness
Charles Murray   5/15/2014 5:26:51 PM
NO RATINGS
Well said, David. I agree that novelty and laziness are two of the reasons for connectedness. In corporations, I think it's also a matter of of follow-the-crowd competitiveness. If Company A and Company B are doing it that way, than I must need to do it that way, too, right? In many cases, it seems like it would be a good idea to re-examine the importance of connectness, in light of the potential downsides.  

Cabe Atwell
User Rank
Blogger
Re: the dangers of connectedness
Cabe Atwell   5/16/2014 4:59:52 PM
NO RATINGS
You can add 'Operation Saffron Rose' to that list as the Iranian Ajax Security Team recently unleashed the malicious proxy software on American defense contractors. 

lynnbr2
User Rank
Iron
Re: the dangers of connectedness
lynnbr2   5/15/2014 8:32:21 AM
NO RATINGS
Actually, there is currently a great push to connect former "islands of automation" to "network operating centers' in order to perform condition monitoring. Online bearing and gear condition analysis is now offered by SKF, as just one example. The recent Malaysian plane mystery had "pingers" in the Rolls Royce engines that effectively tracked power-on-hours for the vendor of the turbines. Most of theses new services ignore the security aspect of connecting all of these machines via the cloud - IMHO.

RogueMoon
User Rank
Platinum
Re: the dangers of connectedness
RogueMoon   5/15/2014 9:16:38 AM
NO RATINGS
Amen, naperlou!  One of the best security features today is disconnectedness.  In the military, they call it compartmentalization.  If someone has to spend more effort to bugger something, it makes it less likely to occur.

 

jclift
User Rank
Iron
Re: the dangers of connectedness
jclift   5/15/2014 9:25:51 AM
NO RATINGS
The stuxnet worm was inserted into a unconnected system using usb sticks that had wireless transceivers that communicated with a remote base station. Workers at one Iranian facilty went to move a large rock and it eploded and pieces of circuit baors flew all over.

jclift
User Rank
Iron
Re: the dangers of connectedness
jclift   5/15/2014 9:25:53 AM
NO RATINGS
The stuxnet worm was inserted into a unconnected system using usb sticks that had wireless transceivers that communicated with a remote base station. Workers at one Iranian facilty went to move a large rock and it eploded and pieces of circuit baors flew all over.

rick.curl
User Rank
Iron
Not just a terrestrial problem
rick.curl   5/15/2014 9:05:19 AM
NO RATINGS
Slide 6 makes mention of NASA having to block email attachments before Shuttle launches to avoid virus attacks, but it would appear that the International Space Station has already been hit by cyber attacks on more than one occasion: 

http://www.theguardian.com/technology/2013/nov/12/international-space-station-virus-epidemics-malware

Pretty scary stuff!

bronorb
User Rank
Silver
Stuxnet Loose?
bronorb   5/15/2014 11:37:11 AM
NO RATINGS
From what I've read the Stuxnet virus, a very expensive and detailed joint project by US and Israel, was delivered by a spy using a USB stick into one of the Iranian facilities. Once it performed its task it stayed there hidden for awhile. In the meantime, they think, an Iranian employee inadvertently brought it home on a laptop and it made its way to the internet. The problem is that the programmers did not write any failsafes into the code to lock it down in case it left the Iranian facilities.

They say it's out there now and all it will take is a hacker with the knowledge to break it apart and turn it against... anyone.

bobjengr
User Rank
Platinum
CYBER ATTACKS
bobjengr   5/23/2014 5:32:03 PM
NO RATINGS
Excellent post Rob.  Some say I'm paranoid but potential hacking is the reason I have not converted my system to the "cloud".  I even have personal data, financial in nature, on a system not connected to the internet. All of my company accounting is not internet connected.   I have just been "hacked" by the Heart Bleed virus-- enough is enough.  I have had to change most my passwords due to the slugs propagating this mess.  This is after I thought I was protected with a fire-wall, mal-wear protection and virus protection.  It was a long winter.  I think these hacking expeditions are the norm and not the exception.  Again, great post Rob.  

Partner Zone
More Blogs
During a teardown of the iPad Air and Microsoft Surface Pro 3 at the Medical Design & Manufacturing Show in Schaumburg, Ill., an engineer showed this "inflammatory" video about the dangers of maliciously mishandling lithium-ion batteries.
It's been two years since the Mac Mini's last appearance on iFixit's teardown table, but a newly revised version joins Apple's lineup this week.
Science fiction author Isaac Asimov may have the best rules for effective brainstorming and creativity. His never-before-published essay, "On Creativity," recently made it to the Web pages of MIT Technology Review.
Much has been made over the potentially dangerous flammability of lithium-ion batteries after major companies like Boeing, Sony, and Tesla have grappled with well-publicized battery fires. Researchers at Stanford University may have come up with a solution to this problem with a smart sensor for lithium-ion batteries that provides a warning if the battery is about to overheat or catch fire.
In this new Design News feature, "How it Works," we’re starting off by examining the inner workings of the electronic cigarette. While e-cigarettes seemed like a gimmick just two or three years ago, they’re catching fire -- so to speak. Sales topped $1 billion last year and are set to hit $10 billion by 2017. Cigarette companies are fighting back by buying up e-cigarette manufacturers.
Design News Webinar Series
10/7/2014 8:00 a.m. California / 11:00 a.m. New York
9/25/2014 11:00 a.m. California / 2:00 p.m. New York
9/10/2014 11:00 a.m. California / 2:00 p.m. New York
7/23/2014 11:00 a.m. California / 2:00 p.m. New York
Quick Poll
The Continuing Education Center offers engineers an entirely new way to get the education they need to formulate next-generation solutions.
Nov 3 - 7, Engineering Principles behind Advanced User Interface Technologies
SEMESTERS: 1  |  2  |  3  |  4  |  5  |  6


Focus on Fundamentals consists of 45-minute on-line classes that cover a host of technologies. You learn without leaving the comfort of your desk. All classes are taught by subject-matter experts and all are archived. So if you can't attend live, attend at your convenience.
Next Class: 10/28-10/30 11:00 AM
Sponsored by Stratasys
Next Class: 10/28-10/30 2:00 PM
Sponsored by Gates Corporation
Next Class: 11/11-11/13 2:00 PM
Sponsored by Littelfuse
Learn More   |   Login   |   Archived Classes
Twitter Feed
Design News Twitter Feed
Like Us on Facebook

Sponsored Content

Technology Marketplace

Copyright © 2014 UBM Canon, A UBM company, All rights reserved. Privacy Policy | Terms of Service