Breaking into a power station in three easy steps

Found on CNet News on Tuesday, 08 April 2008

"I will tell (you) how to break into a nuclear reactor," Ira Winkler, president of security firm ISAG said as he launched into his presentation on "How to Take Down the Power Grid" at RSA 2008 on Tuesday night.

First, you set up a Web server that downloads spyware onto the computers that visit.

Second, you send an e-mail to people who work inside a power station that entices them to click on a hyperlink to the Web server with the spyware.

Third, you wait as the recipients--and everyone else they forwarded the e-mail to--visit the server and get infected.

"Then we had full system control," he said. "Once the malware was downloaded onto their systems...we could see the screens and manipulate the cursors."

"It had to be shut down after a couple of hours because it was working too well," he said.

That raises the question why power stations are connected to the Internet at all. And, as the points out, why they are running Windows NT, an outdated system.

Browse all articles« Previous « » Next »