Stuxnet. SCADA. And The Fact That 747s Are Giant Flying Unix Hosts.

Hello, ATS.

Are you concerned about the future of personal computing, the internet and freedom of access to information? I am.

Are you concerned about the future of Unix? I wasn’t for the longest time. In fact I wanted to know nothing about computers, other than how to use them, until about two years ago.

There are some folks on ATS that know this stuff much, much more intimately than I do and I hope that they will help us all to understand this as well as we can. I have been thinking about how to bring this topic in to some threads for discussion and I finally found an article and story that might help to open up some discussion on this.

First, though I think we should have a brief introduction to some of the items discussed in the article so everybody knows what is what. Nothing fancy, just the usual ex text pastes…

Unix (officially trademarked as UNIX, sometimes also written as Unix) is a multitasking, multi-user computer operating system originally developed in 1969 by a group of AT&T employees atBell Labs, including Ken Thompson, Dennis Ritchie, Brian Kernighan, Douglas McIlroy, and Joe Ossanna.

The Unix operating system was first developed in assembly language, but by 1973 had been almost entirely recoded in C, greatly facilitating its further development and porting to other hardware. Today's Unix systems are split into various branches, developed over time by AT&T as well as various commercial vendors and non-profit organizations.

Unix operating systems are widely used in servers, workstations, and mobile devices.[2] The Unix environment and the client–server program model were essential elements in the development of the Internet and the reshaping of computing as centered in networks rather than in individual computers.

Originally, Unix was meant to be a programmer's workbench rather than be used to run application software. The system grew larger when the operating system started spreading in the academic circle. Many individual users started adding their own tools to the system and passing it along to colleagues.

en.wikipedia.org...

OK. So check out the link on Unix. It’s in everything. The whole show is running on Unix or some distant variant including MacOS and Android.

Now we need to take a look at what a SCADA controller is, it is pretty straightforward…

SCADA (supervisory control and data acquisition) generally refers to industrial control systems (ICS): computer systems that monitor and control industrial, infrastructure, or facility-based processes, as described below:

 Industrial processes include those of manufacturing, production, power generation, fabrication, and refining, and may run in continuous, batch, repetitive, or discrete modes.
 Infrastructure processes may be public or private, and include water treatment and distribution, wastewater collection and treatment, oil and gas pipelines, electrical power transmission and distribution, Wind farms, civil defense sirensystems, and large communication systems.
 Facility processes occur both in public facilities and private ones, including buildings, airports, ships, and
space stations. They monitor and control HVAC, access, and energy consumption.

en.wikipedia.org...

And what do you suppose the SCADA controllers are running? You guessed it (even if you guessed Windows) It’s UNIX…

SCADA master computers typically run on top of a third party operating system. Nearly all SCADA products run on either a UNIX variant or HP OpenVMS, although many vendors are beginning to provide Microsoft Windows as a host operating system option.

Initially, more "open" platforms such as Linux were not as widely used due to the highly dynamic development environment and because a SCADA customer that was able to afford the field hardware and devices to be controlled could usually also purchase UNIX or OpenVMS licenses. However, in recent years all SCADA vendors have moved to NT and some also to Linux.

www.senderaconsulting.com...

Now we need to be reminded of what the Stuxnet virus is…

Stuxnet is a computer worm discovered in June 2010. It targets Siemens industrial software and equipment running on Microsoft Windows. While it is not the first time that crackers have targeted industrial systems, it is the first discovered malware that spies on and subverts industrial systems, and the first to include a programmable logic controller (PLC) rootkit.

The worm initially spreads indiscriminately, but includes a highly specialized malware payload that is designed to target only Siemens supervisory control and data acquisition (SCADA) systems that are configured to control and monitor specific industrial processes. Stuxnet infects PLCs by subverting the Step-7 software application that is used to reprogram these devices.

See what Stuxnet attacks? That’s right; the SCADA controllers that are running UNIX.

So now we can get to the article. Hold on to your luggage kids….

I am taking this out of the context of the original article so that we can cut to the chase and get down to what we need to be concerned about. But please read the article, the bit that I am using comes from within the greater context of telling the reader that everything is connected via the web somehow. You are going to want to read the whole thing.

Let us see some other systems.

A while back now, but many of the same systems are in place in the same way, I was contracted to test the systems on a Boeing 747. They had added a new video system that ran over IP. They segregated this from the control systems using layer 2 - VLANs. We managed to break the VLANs and access other systems and with source routing could access the Engine management systems. The response, "the engine management system is out of scope."

For those who do not know, 747's are big flying Unix hosts. At the time, the engine management system on this particular airline was Solaris based. The patching was well behind and they used telnet as SSH broke the menus and the budget did not extend to fixing this. The engineers could actually access the engine management system of a 747 in route. If issues are noted, they can re-tune the engine in air.

The issue here is that all that separated the engine control systems and the open network was NAT based filters. There were (and as far as I know this is true today), no extrusion controls. They filter incoming traffic, but all outgoing traffic is allowed. For those who engage in Pen Testing and know what a shoveled shell is... I need not say more.

So, Scot... FACT CHECK, SCADA systems ARE ONLINE!

Nearly all SCADA systems are online. The addition of a simple NAT device is NOT a control. Most of these systems are horribly patched and some run DOS, Win 95, Win 98 and even old Unixs. Some are on outdated versions of VMS. One I know of is on a Cray and another is on a PDP-11.

www.infosecisland.com...

OK, ATS, didja get that?

747s are giant flying UNIX hosts sporting fully hackable Seimens SCADA controllers.

UH OH!

More from our friend Craig S Wright at InfoSec Island…

In 2000 I contracted to the Sydney Olympic authority. To make the Olympics run smoothly, they NSW government officials decided to connect control systems into a central head-quarters. We linked:
 Traffic systems
 Rail systems
 Water systems
 Power systems
 Emergency response systems / Police
 Sewerage systems


www.infosecisland.com...

So, I have been concerned about this for a while now. There have been other threads where it has been touched upon but I could never get quite enough traction to state in words why this was making me nervous. If this should not be making anyone stand up and take notice I hope that more informed and educated members will add some leavening to what this thread may suggest.

Otherwise, I think it is what is happening in the world of IT and especially UNIX and infowarfare that we should be focused on. Not things like Elenin.

When it comes down to it Unix and IT are our birthright as human beings. Free and open access to information must be a high priority on our wish list. I am afraid if our relationship to these is not carefully managed we may be led to a ‘Company Farm’ much worse than the one we inhabit now.

Thanks for your time.

sweet, so hackers can upload vireses into planes and now crash them into buildings remotely? Whos side are we on anyways?

interesting *Evil grin.

I know how to takeover submarines but this ads a whole new dimension to the 21st century game.

I doubt though that these systems are accessible from outside as it was a done from inside.

reply to post by camaro68ss


Right. That seems to be the concern.

Here is another bit from WikiPedia about security concerns when it comes to SCADA controllers...

The move from proprietary technologies to more standardized and open solutions together with the increased number of connections between SCADA systems and office networks and the Internet has made them more vulnerable to attacks. Consequently, the security of some SCADA-based systems has come into question as they are seen as potentially vulnerable to cyber attacks.

-In particular, security researchers are concerned about:

-the lack of concern about security and authentication in the design, deployment and operation of some existing SCADA networks

-the belief that SCADA systems have the benefit of security through obscurity through the use of specialized protocols and proprietary interfaces

-the belief that SCADA networks are secure because they are physically secured

-the belief that SCADA networks are secure because they are disconnected from the Internet. ( ED: They are NOT. Please refer to Craig's article)

en.wikipedia.org...

This is one of those things that seems to slip by. I hope it gains some traction here at ATS.

Thanks.

I had never put two and two together that Stuxnet hit SCADA controllers, but that coupled with the fact that it managed to get around an air-gap security model is pretty freaking disturbing. I know Bruce Schneier has been harping on the risks of SCADA for a while now, perhaps people outside of the IT field will finally catch on and realize the risk and encourage steps to be taken to keep bad people from doing worse things to our utility grids.

reply to post by camaro68ss


You better remember that Stuxnet was being used only in Siemens PLCs. So it doesn't mean that every SCADA system will be affected by Stuxnet.

AS far as I know ever piece of Artificial Intelligence we see is controlling some thing.

I think that you are affected by the movie : 2001 Space Odyssey by s.Kubric.

There are lots of possibilities in today's lives but we talk about them as we find a great probability.

i.e It is possible that your CPU overheat and your computer case melt. But is not logical and greatly probable.

reply to post by Frater210


inevitibly we will all be at the programming mercy of artificial intelligences.

So dont worry... any period in which the internet becomes comparable to the movie road warrior, will be short lived.

i hope no one tries to draw a connection between this and 911.

What are you smoking. SCADA isn't running UNIX.
UNIX is the host operating system.
SCADA is a program that runs on either UNIX or Windows.

Apparently also some SCADA units are also Remote Terminal Units or Programmable Logic Controllers.
Some of those devices are rom based or cassette programmed devices. They don't run an OS.

Screaming that 747's run UNIX and are going to be infected and are going to fall out of the sky on bus loads filled with nuns and children is a bit on the alarmist side.

reply to post by grey580

Some of those devices are rom based or cassette programmed devices

Yeah, and Hitler was using those.

reply to post by Frater210


You realise what the implications of this are..right Frater?

Not just future remote piloting and essentially complete and utter takeovers of the flight computers, navigation, control...everything attached to the aircraft with a chip basically of CURRENT aircraft...but also of aircraft...oh i don't know...let's pick a random date of...let's say 9/11/2001.

And Stuxnet was written by the West wasn't it?

How (not even remotely) ironic.

Something to think on.

reply to post by Frater210


Everything has it's traces from UNIX, it paved the way for multitasking and server hosts, and almost every server runs a variant of it (mainly Linux), but I don't see 747s being giant Unix hosts just for the fact that it would be far cheaper to have servers running on the ground.

oh and I have a copy of Stuxnet on a VMware OS that is used to test computer infections, and Stuxnet is not FUD and most scanners detect it now, so it would be pointless to use.

Also Stuxnet attacks windows based computers which is based on DOS, not Unix

reply to post by grey580


Don't fry the OP it's cause of the way that most sec / pen test guys try to gain publicity by "proof of concept" attacks that can barely be done while having full access to a system. In any case the article also mentions the IP6 switch but what the security guy didn't take in account is that if a system is outdated it wont be having SCADA with IP6. And as it was raised already by him and others I'm sure this will be taken in account with most implementations.

Hey everybody,

Thanks for coming by to help out with this. I don't know whether to sound the alarm or not; that is why I started the thread. So did I not read the article correctly? I am under the impression that the pen-tester that wrote the article is saying is that he has indeed been able to gain access to critical parts of the computer systems on the aircraft. Did I read that wrong?

I gathered from the article that the SCADA was running on top of Unix, some variant of Unix or most recently Windows Which would actually make the birds big flying Unix hosts.

Could someone please explain why this should not be a concern?

I am not wanting to be contentious I am just honestly really hungry to learn about this stuff so please fire away.

Thanks again.

OP, just for the record, did you change your screen name from ProphecyPhd or has someone hijacked your avatar?

I don't know whats scarier... that someone was stupid enough to have overlooked this or that it appears to be intentional.

reply to post by Frater210

If you wanted an answer about 747s, you should have posted this thread in the aircraft forum. There are some aircraft mechanics who post on ATS who know the planes they work on inside out from hands-on experience so they could probably provide some valuable insight on the plane issue.

But I realize the scope of controllers is much broader than just the 747s so I'm not saying you posted it in the wrong forum, this is certainly on topic here. But I doubt the aircraft mechanics will see this thread, if that's what you really wanted to know about.

I was a little surprised to find out that Qantas was saying that virtually everything that goes on in the cockpit of their newest planes, they can see on the ground. I don't know if they can fly it from the ground or just monitor it, but I wouldn't be surprised if they can fly it from the ground given the setup they described. The designers of that system are certainly aware of terrorist threats, so there's no doubt they'd have firewalls, authentications and other security built into the system to make sure that if Qantas ground people can fly the plane, terrorists can't.

Then the question becomes, how good is the security? I think we've all seen that no security is impenetrable, so there's always a risk. But I'm not concerned about flying for the reasons in your OP if that answers your question. I have other concerns about flying, but a terrorist taking over controls of the plane through remote hacking
is pretty far down the list. I'd say it may not be impossible but I don't know the planes as well as the mechanics do.

reply to post by grey580

What are you smoking. SCADA isn't running UNIX. UNIX is the host operating system. SCADA is a program that runs on either UNIX or Windows.

- guess

-Thanks for the clarification, yes SCADA is not running UNIX, UNIX is the host OS; which still makes 747s big flying UNIX hosts.

-Got it. And the author (a professional, offensive security, penetration tester) did find that the SCADA was accessible through the UNIX host.

Apparently also some SCADA units are also Remote Terminal Units or Programmable Logic Controllers. Some of those devices are rom based or cassette programmed devices. They don't run an OS.

Noted and thank you. One of the major security concerns about these devices (SCADA) is that they aren't networked and that their physical Inaccessibility makes them a null target. We know they are connected (networked) from our Australian friend's article, and if the Inaccessibility thing were true then how do you explain what is happening in Iran with the power plants?

Screaming that 747's run UNIX and are going to be infected and are going to fall out of the sky on bus loads filled with nuns and children is a bit on the alarmist side.

I never did any such thing. Even a little. So I am going to let you hold the potato on that one. The implications of this are much more far reaching and scary than even you are suggesting that I suggested.

reply to post by RSF77

I don't know whats scarier... that someone was stupid enough to have overlooked this or that it appears to be intentional.

I worry about both. I may be totally off course with this OP but so far no one has straightened me out on it.

Not to toot my own horn but it only took me about 18 months and a budding new interest in Linux to begin to get paranoid about this. It is not just that it is in the aircraft (the UNIX) but that it is in everything. Everything. If it is networked then it is increasingly accessible. Check the lists of the types of infrastructure that are vulnerable in this way...

 Traffic systems
 Rail systems
 Water systems
 Power systems
 Emergency response systems / Police
 Sewerage systems
(linked above)

It is a little staggering. I was wondering the same thing. Why is no one talking about this. I also find it interesting that, considering the ubiquity of Anonymous, no one has mentioned these vulnerabilities in city power and water services.

I just dunno.

reply to post by hmdphantom

You better remember that Stuxnet was being used only in Siemens PLCs. So it doesn't mean that every SCADA system will be affected by Stuxnet.

Stuxnet could be merely prototypical for others of its sort that attack SCADA controllers running on UNIX hosts.

AS far as I know ever piece of Artificial Intelligence we see is controlling some thing.

What do you consider to be artificial intelligence? Just so we are on the same sheet of music.

I think that you are affected by the movie : 2001 Space Odyssey by s.Kubric.

I have yet to see it. I keep falling asleep at the beginning where we fly through space for a really long time.

There are lots of possibilities in today's lives but we talk about them as we find a great probability. i.e It is possible that your CPU overheat and your computer case melt. But is not logical and greatly probable.

I think I follow you on this. But I am thinking that municipal services would be a target that even whit and grey hat hackers cannot resist at times and I bet it happens all the time. I mean I just don't know how good the security is or even what kind of security is used on the systems that handle city water and the like.

Can any member help out with this one?

Thanks for taking the time to post.