Thanks for that link. Here's another one. It indicates that there WERE computer problems.
http://story.news.yahoo.com/news?tmpl=story&u=/ap/20030903/ap_on_re_us/blackout_investigation_26 jack David Colee wrote: > The first link that I found: > http://computerworld.com/newsletter/0,4902,84519,00.html?nlid=SEC > > David > > >>> [EMAIL PROTECTED] 09/03/03 03:43PM >>> > David, > > The links would be appreciated, if you can find them without too much trouble. > I read one article (may have been ComputerWorld). In it, two people were > more-or-less quoted. The first "quotee" said that one computer at First Energy was > down. > The second "quotee" said that they phoned First Energy and that apparently First > Energy > was having some kind of computer problem. That's not much information from a > second-hand source. I'd love to get some more specific information. > > Thanks, > jack > > David Colee wrote: > > > A couple of the email articles from ComputerWorld, InfoWorld and others have > > hinted or pointed directly at the rash of viruses that were running wild at the > > time as contributing causes - the suggestion/statement (depending on the article > > that you read) is that critical PCs were down due to the virus attack, and had > > they been running, the outtage may have been detected earlier and quite possibly > > contained. (If I haven't already deleted the article links, I'll post them here > > if anybody is interested.) > > > > As for what provoked or initiated the overall failure, speculation runs rampant, > > but the final report seems to be still out. > > > > David > > > > >>> [EMAIL PROTECTED] 09/03/03 02:48PM >>> > > Geoff, > > > > Often any wireless data system is assumed to be "WiFi" and therefore > > "vulnerable" with regard to security. Looking at the Synetcom link that > > you have posted reveals that: > > 1. Synetcom makes wireless equipment that interfaces with SCADA systems. > > (SCADA systems are typically used to monitor water levels and turn > > pumps on and off) > > 2. Synetcom wireless equipment is available for both licensed and unlicensed > > frequencies. > > 3. The Synetcom wireless equipment is not "WiFi". It uses proprietary > > over-the-air modulation and protocols. You can not connect to it using > > WiFi equipment. > > > > To summarize - WiFi is wireless but not all wireless is WiFi. > > > > Hope this helps shed a bit more light on possible blackout causes. > > I'm still monitoring the news and so far have seen no solid conclusion > > about what caused the blackout. My suspicions remain regarding whether > > the blackout was intentionally triggered by personnel within the electric power > > industry. > > > > Cheers, > > jack > > > > Geoff Shively wrote: > > > > > Jack, > > > Nope nothing just yet, and I don't expect anyone will. > > > > > > If you read closely the core of the original email was background > > > data on the system I was inquiring about (SCADA/DCS/Infrastrucre > > > Control Sys). WiFi Accessibility was simply a point of interest for me > > > in this realm of research. > > > > > > It is interesting, the authoritative data on wifi accessible SCADA/DCS > > > systems implemented in and around the united states, particularly southern > > > California. (By MDS, Synetcom [http://www.synetcom.com/], WEL > > > Associates, and many more). > > > > > > What I would love to know is if anyone on here has any knowledge of > > > the > > > > > > Cheers, > > > > > > Geoff Shively, CHO > > > PivX Solutions, LLC > > > > > > http://www.pivx.com > > > > > > ----- Original Message ----- > > > From: "Jack Unger" <[EMAIL PROTECTED]> > > > To: <[EMAIL PROTECTED]> > > > Sent: Thursday, August 28, 2003 11:59 AM > > > Subject: Re: [SOCALWUG] Power outages related to DCOM Worm, WiFi accessible? > > > > > > > "WOW" indeed, Scott. > > > > > > > > Have you come across any AUTHORITATIVE information yet that indicates that > > > wireless had > > > > ANYTHING to do with the blackout? If so, please share.... > > > > > > > > Thanks, > > > > jack > > > > > > > > > > > > [EMAIL PROTECTED] wrote: > > > > > > > > > WOW > > > > > > > > > > > > > > > > > > > > Sincerely, > > > > > Scott > > > > > > > > > > [EMAIL PROTECTED] > > > > > www.scottsmarineservices.com > > > > > www.boat-parts.net > > > > > www.boatparts.us > > > > > www.LaWirelessWeb.com > > > > > > > > > > Scotts Marine Services > > > > > 4105 Lincoln ave. > > > > > Culver City, California 90232 > > > > > Phone & Fax 310-559-5353 > > > > > > > > > > > > > > > > > > > > > > > > > -----Original Message----- > > > > > From: Geoff Shively [mailto:[EMAIL PROTECTED] > > > > > Sent: Friday, August 15, 2003 6:12 PM > > > > > To: [EMAIL PROTECTED] > > > > > Cc: [EMAIL PROTECTED]; [EMAIL PROTECTED] > > > > > Subject: Re: [SOCALWUG] Power outages related to DCOM Worm, WiFi > > > > > accessible? > > > > > > > > > > Jack, > > > > > > > > > > Before reading any of your own text, you may want > > > > > to view this PBS documentary. It is only 10 minutes long > > > > > and even if you aren't a PBS fan it has good data and support > > > > > everything I am saying. > > > > > > > > > > http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/view/ > > > > > > > > > > I would hope most review presented data before forming an > > > > > argument against it. > > > > > > > > > > > But your logic is so well... > > > > > > it's so uh... uh... > > > > > > it's uh... it's so lacking, dude. > > > > > > > > > > My logic or my data, or both? Please clarify. > > > > > > > > > > > Are you asking the question or making an assertion? > > > > > > The answer is no, in most cases, they're not WiFi accessible. > > > > > > > > > > I was attempting to keep the subject short and concise. > > > > > > > > > > > Some have said, huh. Who are these authoritative folks? > > > > > > > > > > If they were as authoritative as your argument precedes, > > > > > then I wouldn't have bothered asking the list about WiFi. > > > > > > > > > > Bernie, CTA [mailto:[EMAIL PROTECTED] had some good data > > > > > from his days working with these systems, if you would like > > > > > to contact him feel free. I have CC'd Bernie on this thread. > > > > > > > > > > Attached is the original email to the full-disclosure list. > > > > > > > > > > > Lots of talk, eh?? Gosh, I guess that makes it true, No? > > > > > > > > > > No but at the very least I have some data backing my logic, > > > > > I see nothing but cynical comments and lacking data to support > > > > > your theory that mine is false. Present some and then we can > > > > > talk in what I hope is a tactful fashion. > > > > > > > > > > > The changes that you assert "could" have taken place? > > > > > > > > > > I would love to see one bit of evidence that isn't speculative > > > > > at this point. Yes, this could have taken place, and to present > > > > > it I used research data to form my verbiage. Is this not how > > > > > you come about finding an answer? > > > > > > > > > > > "Very well penetrate" - what a convincing argument. > > > > > > > > > > In security, do we not asses risk and mitigate it as necessary? > > > > > well before we can mitigate the risk here we have to present > > > > > the case for how probable it is to get into one of these systems. > > > > > > > > > > > Thanks for your expert analysis and opinion, oops, you're not really > > > > > > an expert are you? > > > > > > > > > > I don't claim to be and never have. This does not take a power expert > > > > > to understand. Example, most know how a car works, but could they > > > > > ever build one, no. I am simply putting pieces of a puzzle together > > > > > based on experts I do speak with, as the members of our national > > > > > media are not practicing responsible reporting, and listening to > > > > > uneducated guesses about the system's architecture. > > > > > > > > > > > Oh, the industry may be pretty well prepared, Geoff. They may in fact > > > > > > have created the problem themselves to get the government > > > > > > (Oopps... I mean the taxpayers) to give them 50 or 60 billion dollars > > > > > > to "upgrade" the grid (continuing to artificially reduce the supply of > > > > > power and > > > > > > then trade power at inflated rates at a huge profit) and make it > > > > > easier > > > > > for them > > > > > > to rip off the nation like they have already ripped-off California. Oh > > > > > my > > > > > God, > > > > > > maybe now I'm the crackpot who's gone "over the edge". Well, at least > > > > > that > > > > > will > > > > > > lend YOU some credibility and make your marketing efforts > > > > > > suddenly look legitimate. Don't say I never gave you anything! > > > > > > > > > > I have not made one reference to assumed information as I said before my > > > > > information is based upon facts. > > > > > > > > > > Please, do describe what you mean by this marketing? > > > > > > > > > > > "could be" > > > > > > > > > > Could be anything, but facts will lead us to an answer. It really is > > > > > that > > > > > simple. > > > > > > > > > > > Holy crap!!! With a pile of documents as high as the sky, > > > > > > how can you possibly be wrong? > > > > > > > > > > Facts are facts, I don't know what else to say. I could be wrong, and > > > > > that > > > > > is > > > > > my biggest asset. I don't assert that this is definitely what happened. > > > > > > > > > > With that said, I would have preferred that such a tactless and cynical > > > > > reply > > > > > to what was intending as an informative and inquisitive post be handled > > > > > off > > > > > of the list. Oh well, live and learn. > > > > > > > > > > Cheers, > > > > > > > > > > Geoff Shively, CHO > > > > > PivX Solutions, LLC > > > > > > > > > > Are You Secure? > > > > > http://www.pivx.com > > > > > > > > > > ----- Original Message ----- > > > > > From: "Jack Unger" <[EMAIL PROTECTED]> > > > > > To: <[EMAIL PROTECTED]> > > > > > Sent: Friday, August 15, 2003 5:04 PM > > > > > Subject: Re: [SOCALWUG] Power outages related to DCOM Worm, WiFi > > > > > accessible? > > > > > > > > > > > Nice marketing piece, Geoff... > > > > > > > > > > > > Hey - don't take this personally - I have no arguement > > > > > > with you. But your logic is so well... > > > > > > it's so uh... uh... > > > > > > it's uh... it's so lacking, dude. > > > > > > > > > > > > Geoff Shively wrote: > > > > > > > > > > > > > Power outages related to DCOM Worm, are SCADA and DCS WiFi > > > > > Accessible? > > > > > > > > > > > > Are you asking the question or making an assertion? > > > > > > The answer is no, in most cases, they're not WiFi accessible. > > > > > > > > > > > > > Some > > > > > > > have said that they are accessible via WiFi and a potential attacker > > > > > could > > > > > > > break protection mechanisms thus gaining access to control and > > > > > acquired > > > > > > > data. > > > > > > > > > > > > Some have said, huh. Who are these authoritative folks? > > > > > > > > > > > > > Is there any truth to this, any SCADA, DCS, or HMI experts on the > > > > > > > list? > > > > > > > > > > > > Probably not. This is a wireless list. > > > > > > > > > > > > > > > > > > > > Furthermore, there has been allot of talk on bugtraq, full > > > > > disclosure, > > > > > and > > > > > > > dsheild about the latest American power crisis being caused by > > > > > malicious > > > > > > > computer activities or worm. > > > > > > > > > > > > Lots of talk, eh?? Gosh, I guess that makes it true, No? > > > > > > > > > > > > > > > > > > > > A bit of background on the systems that control power facilities. > > > > > > > Distributed control systems (DCS) and supervisory control and data > > > > > > > acquisition (SCADA) systems are the key elements of facility > > > > > control. > > > > > remote > > > > > > > terminal units "RTU". SCADA runs under Win2000 / XP and the > > > > > telemetry > > > > > to > > > > > > > the RTU is accessible via the Internet. > > > > > > > > > > > > So these control systems are Internet accessible, huh? Got any > > > > > convincing > > > > > > proof of that? > > > > > > > > > > > > > > > > > > > > SCADA (Supervisory Control And Data Acquisition) and DCS > > > > > (Distributed > > > > > > > Control Systems) are highly vulnerable to attack. > > > > > > > > > > > > Oh really, can't you be more specific? But wait, your just throwing a > > > > > bunch of > > > > > > acronyms around, huh? No real facts there... > > > > > > > > > > > > > An attacker could very > > > > > > > well penetrate these systems to make changes or implement simple > > > > > scripts > > > > > to > > > > > > > cause a legitimate operator to make unnecessary changes to a large > > > > > scale > > > > > > > power grid. > > > > > > > > > > > > "Very well penetrate" - what a convincing argument. > > > > > > > > > > > > > These changes could result in massive failure causing an > > > > > > > international power crisis. > > > > > > > > > > > > The changes that you assert "could" have taken place? > > > > > > > > > > > > > > > > > > > > Be it from a worm or home grown hack, these latest power failures > > > > > were > > > > > > > unlikely to have been caused by a physical failure that would have > > > > > surfaced > > > > > > > by now. > > > > > > > > > > > > Thanks for your expert analysis and opinion, oops, you're not really > > > > > > an expert are you? > > > > > > > > > > > > > Power failures from the years past have brought about legislation > > > > > > > and system changes that deal with most large scale issues as they > > > > > arise > > > > > to > > > > > > > mitigate risk of large scale failure, whatever happened this time > > > > > was a > > > > > new > > > > > > > problem the industry was not prepared for. > > > > > > > > > > > > Oh, the industry may be pretty well prepared, Geoff. They may in fact > > > > > > have created the problem themselves to get the government > > > > > > (Oopps... I mean the taxpayers) to give them 50 or 60 billion dollars > > > > > > to "upgrade" the grid (continuing to artificially reduce the supply of > > > > > power and > > > > > > then trade power at inflated rates at a huge profit) and make it > > > > > easier > > > > > for them > > > > > > to rip off the nation like they have already ripped-off California. Oh > > > > > my > > > > > God, > > > > > > maybe now I'm the crackpot who's gone "over the edge". Well, at least > > > > > that > > > > > will > > > > > > lend YOU some credibility and make your marketing efforts > > > > > > suddenly look legitimate. Don't say I never gave you anything!> > > > > > > > > > > > > > > > > > > > > We know that SCADA and DCS systems are supplied by one of 5 major > > > > > vendors > > > > > > > and these system are advertised on the vendors websites to run > > > > > Microsoft > > > > > > > Windows versions 95, 2000 and NT. Also advertised is DCOM and RPC > > > > > support > > > > > > > within these systems, RPC/DCOM recently became famous as the > > > > > Lovsan/Blaster > > > > > > > worm exploited this protocol to spread across the internet. With > > > > > this > > > > > said > > > > > > > it is likely > > > > > > > > > > > > It's very truly "likely", Geoff - because you said that it's > > > > > likely.... > > > > > > that makes it true, No? > > > > > > > > > > > > > that an infected system infected a SCADA or DCS, and could be > > > > > > > > > > > > "could be" > > > > > > > > > > > > > > > > > > > > why we are seeing large scale outages across the country. This is > > > > > not a > > > > > > > Microsoft problem as many would like to say, though it is a problem > > > > > with > > > > > > > patch management. > > > > > > > > > > > > > > Below is documentation on the problem, the first one sums up the > > > > > problem > > > > > > > nicely (DCOM > > > > > > > and SCADA white papers): > > > > > > > > > > > > Holy crap!!! With a pile of documents as high as the sky, > > > > > > how can you possibly be wrong? > > > > > > > > > > > > > > > > > > > > http://www.automationtechies.com/sitepages/pid641.php > > > > > > > > > > > > > > http://www.pbs.org/wgbh/pages/frontline/shows/cyberwar/view/ > > > > > > > > > > > > > > http://www.scada-system.com/scada-software-windows.htm > > > > > > > > > > > > > > http://www.data-acquisition-software.com/index.htm > > > > > > > > > > > > > > Cheers, > > > > > > > > > > > > Cheers, Geoff.... and thank you again for such a well-planted > > > > > > marketing piece - opps I mean such an accurate, informative, > > > > > > scientific and enlightening post. I'll look forward to your next > > > > > > post where you'll tell us how to use WiFi to take over control > > > > > > of cruise missiles. > > > > > > jack > > > > > > > > > > > > > Geoff Shively, CHO > > > > > > > PivX Solutions, LLC > > > > > > > > > > > > > > Are You Secure? > > > > > > > http://www.pivx.com > > > > > > > > > > -- > > Jack Unger - President, Wireless InfoNet Inc. > > Author of the WISP Handbook - "Deploying License-Free Wireless WANs" > > http://www.ask-wi.com/book.html > > True Vendor-Neutral WISP Training-Troubleshooting-Consulting > > http://www.ask-wi.com/services.html > > Email: [EMAIL PROTECTED] Phone: (818)227-4220 > > -- > Jack Unger - President, Wireless InfoNet Inc. > Author of the WISP Handbook - "Deploying License-Free Wireless WANs" > http://www.ask-wi.com/book.html > True Vendor-Neutral WISP Training-Troubleshooting-Consulting > http://www.ask-wi.com/services.html > Email: [EMAIL PROTECTED] Phone: (818)227-4220 -- Jack Unger - President, Wireless InfoNet Inc. Author of the WISP Handbook - "Deploying License-Free Wireless WANs" http://www.ask-wi.com/book.html True Vendor-Neutral WISP Training-Troubleshooting-Consulting http://www.ask-wi.com/services.html Email: [EMAIL PROTECTED] Phone: (818)227-4220
