Hackers gain unauthorized access to a modular hybrid controller
|Event Year:||2002||Reliability:||Likely But Unconfirmed|
A hacker or group of hackers gained unauthorized access to a modular hybrid controller resulting in a denial of service and loss of equipment control. There were two phases to the attack. First, hackers opened connections, sent unknown messages, and left without closing the connection. After repeated attacks, all connections were consumed resulting in a denial of service to legitimate users on the Ethernet port. Second, hackers sent a Web page to the controller containing Java script and the text: “Hello! Welcome to http://worm.com Hacked by Chinese.” This exposed a bug in the TCP/IP stack causing the controller to reset, forcing all outputs to their off state.
Two incidents: first caused a denial of service and loss of equipment control the second caused the controller to reset, forcing all outputs to their off state. It is unknown what impact this had on the process being controlled by the “modular hybrid controller”.
|Action Description:||Two controller vendor engineers worked full-time on the problem for three to four weeks each. Network activity was captured with a network analyzer. Once the causes were identified, the fixes were relatively easy. First, the controller’s software was modified to properly close all timeout connections. Second, the vendor of the TCP/IP stack software used in the controller was informed and provided a fix for the stack.|