It’s been a long day, so excuse the bad mood. But, really: is it possible to read an article like this without falling further into deep despair?
Ira Winkler has the delightful job title of ‘penetration-testing consultant’. Hired by a US power utility, his task was to see how hard it was to take over their systems.
The answer? Not very.
The power company, it turns out, takes security so seriously that it runs the electricity grid on PCs that can also be used for buying marshmallows, watching teen-on-teen violence, or any of the other joys offered on these here internets (if it took you less than half an hour to read that sentence, then you’re not clicking on the links).
All Ira had to do was to (i) hang around on a few forums and harvest email addresses for people working at the power company; (ii) email the suckers employees and tell them that their benefits were about to be cut and that they needed to click a link RIGHT NOW to find out more; and (iii) use the website to infect, and take control, of their machines. Within minutes, apparently, he had ‘full system control’.
The experiment was shut down as soon as the company realized, in Wikler’s words, that it was ‘royally screwed.’ He notes: ‘The power grid is so poorly maintained that it is easier to attack than most other systems and networks. They hope for the best and make the risk-avoidance excuse if something goes wrong.’
Oh yes, and: ‘The real bad guys already know what I’m saying. There is the potential for serious damage.’
Feeling safer now?
