EvilZone
Hacking and Security => Hacking and Security => : lucid June 21, 2014, 07:08:34 AM
-
Some of you may know about SCADA technology, or at least what SCADA is. Some of you may have no clue what I'm talking about because it's still somewhat newish in the security industry. Anyway, I've had a strong interest in learning more about this topic for quite some time. There seems to be very little quality information on the web about learning how SCADA systems work, SCADA hacking, and so forth. Anytime I search for it all I find is stuff about Stuxnet.
Does anyone share this interest with me? Does anyone here already know about SCADA systems? Or some avenue of learning about them? Aside from Stuxnet, most of what I find is sites where you can sign up for classes on SCADA systems for the low low price of 4000 usd.
-
Yes, I have the same interest. I was looking into openscada (www.openscada.org) for a while, but it's ridiculously complicated to setup. The documentation is terrible, and there are no tutorials on their wiki for developing.
-
Holy fucking shit, I can't believe I actually found someone who is also interested in learning about SCADA. I didn't think there was anyone out there. No one at all on this entire hacking community seemed to know about it. Except you my good friend and doctor/boss.
I've been trying to find some kind of useful information on SCADA, and thus far all I've found are pdfs a few pages long outlining some very basic info. I'll look into openscada and see if I can figure it out. What other avenues have you taken to learn about this stuff? It seems ridiculously hard to find any kind of practical information about SCADA/ICS.
EDIT: Dear lord this documentation really is terrible.
-
Holy fucking shit, I can't believe I actually found someone who is also interested in learning about SCADA. I didn't think there was anyone out there. No one at all on this entire hacking community seemed to know about it. Except you my good friend and doctor/boss.
I'll admit I didn't have a clue what SCADA was before I just googled it, but now I'm really interested as well! Is SCADA hacking essentially how people will change the text on traffic advisory signs, lock/unlock doors, and turn on sprinklers-- among a million other examples?
-
Yes I have been interested in scada systems for years and now you can actually find systems using scada software using sites like shodan. Stuxnet is a perfect example of a worm that targeted scada systems.
Usually scada software is connected to a plc(programmable-logic-controller) of some kind which is essentially a smart switching unit for(usually industrial) equipment. In the case of stuxnet, this was the logic controller for the nuclear centrifuges.
http://www.symantec.com/tv/products/details.jsp?vid=673432595001
As attacking these systems would require more advanced software techniques, I have put my interest in scada on the back burner until I develop the skill to have an effective plan of research.
-
You could go to linkedin (http://www.linkedin.com/title/scada+security/) and look for profiles of people and organizations with keywords 'scada' and 'security' or similar. Almost every single one of them has listed a homepage with a wealth of information (articles, whitepapers, videos).
Examples: click (https://www.lumension.com/Resources.aspx), click (http://www.scadahacker.com/about.html), click (http://www.infracritical.com/?page_id=62), click (http://www.scadaaustralia.com.au/MediaCenter.aspx).
There's a lot more to be found, but you'd need an account when doing it like this.
Or you could use a search engine with features like searching for specific keywords on a specific site, something along the lines of site:linkedin.com "scada" "security" Maybe contact a few of those people via email or twitter (for less formal communication) to point you to more resources?
My $0.02.
-
As attacking these systems would require more advanced software techniques, I have put my interest in scada on the back burner until I develop the skill to have an effective plan of research.
This is sort of how I feel, however, I refuse to put it on the backburner. I'll never understand said advanced techniques if I don't try to learn about them now.
As you said, I need to figure out a plan of research....... which seems to be the hardest part.
@karsa - That's a really good idea.
-
My view or opinion is that without a relevant skill-set any plan of research will likely be stop-and-go. Eventually I lose interest because my skill-set is underdeveloped enough that it takes awhile to make any real progress.
@lucid - At this point, the motivation to learn is highlighted and you have a point; to learn more and keep forging progress is the only logical path.
Everybody has their preferred way of doing things. Let's just say I have a rather large back-burner.
-
they always speak at defcon about SCADA
just search 'defcon scada' in google, and you'll find a lot of pdf presentations, videos...
maybe also check the defcon presentations
-
You could go to linkedin and look for profiles of people and organizations with keywords 'scada' and 'security' or similar. Almost every single one of them has listed a homepage with a wealth of information (articles, whitepapers, videos).
Examples: click, click, click, click.
There's a lot more to be found, but you'd need an account when doing it like this.
Or you could use a search engine with features like searching for specific keywords on a specific site, something along the lines of
Code: [Select]
site:linkedin.com "scada" "security"
Maybe contact a few of those people via email or twitter (for less formal communication) to point you to more resources?
My $0.02.
@Karsa-- Thanks for posting that, I hadn't thought to search shodan for such things but it makes complete sense. I remember when I was a kid thinking I was the shit for getting onto the security cameras of a store across the world lol.
You also made a good point concerning Linkedin, it's essentially fucking useless as anything more than an online resume repository :P I've never used linkedin for social engineering, but that's about to change ;)
-
...
Funny how checking throwaway emails for spam leads to something potentially useful.
-
I am interested too.... I have exploited some scada systems by some common exploits (blindly, without knowing how & why it works. Just by using some exploits), but its long time ago. Now those vulnerabilities are patched... I want to learn deeply...
-
Does anyone have experience with SCADA hacking and war-driving? I'd imagine driving around the right parts of town could yield some nice surprises :)
-
Does anyone have experience with SCADA hacking and war-driving? I'd imagine driving around the right parts of town could yield some nice surprises :)
I've been thinking of going wardriving for a while now, but always put it off for stupid reasons. WiGLE's map (https://wigle.net/gps/gps/Map/onlinemap2) is great for these sort of activities, but I don't know if wireless AP's from industrial areas are shown on the map. Couldn't find any such AP's in my vicinity, maybe your search yields better results.
-
Hacking SCADA isn't any different from anything else. SCADA products mostly deploy custom software, but in the end you usually have some service listening on some TCP ports and accepting certain commands. If you can get your hands on the service binaries, you just have to reverse and find vulnerabilities.
The Russian group SCADA StrangeLove has published many vulnerabilities in SCADA products over the last couple of years.
http://scadastrangelove.blogspot.com/
-
Wow, Goolge'd it and it sounds pretty cool! I'm going to go check out the resources that all of you mentioned.
-
SCADA is definitely interesting, but just a forewarning that it is dangerous area to get into. Even from a non-malicious POV an nmap or vuln scan on older/legacy SCADA systems may incidentally turn them over, which can be an unintended consequence on something like a water treatment system.