8 October 2009

Hackers hack because they can

Hackers might not be maliciously or even consciously threatening your system, so it is always important to secure it, no matter what you think the threat is.

A 14-year-old in Poland was fascinated by the way trams changed tracks in the city. He figured out there was an infrared transmitter to the train operator, who pushed a button and switched tracks. He bought a programmable TV remote control and recorded data system that came when the train operator pushed the button. When he played it back, he could switch trains. He was not trying to be malicious; “it was just for fun—just because he can; that’s the hacker mind set,” said Marty Edwards, program manager at Idaho National Laboratory. In this case, there were several derailments and one collision where people were hurt.

Another example: A water system in Harrisburg, Penn. These guys did not know what they had. An astute operator noticed his mouse moving around and doing things on the screens. An operator who operated the plant from home on weekends used it for other Internet actions. The system got infected. This user did not understand that he was affecting a water system for a town in Pennsylvania.

At a nuclear power plant, a software update caused the control system to initiate a plant shutdown for 48 hours. An engineer had installed a software update on a computer operating on the LAN’s business network. When the updated computer rebooted, it reset that on the control stem, causing safety systems to errantly interpret the lack of data as a drop in coolant water reservoirs.