Many critical infrastructures such as oil and gas pipelines are probable targets for hackers. This is due to the fact that many industries are controlled with supervisory control and data acquisition, or SCADA, systems. The systems are older, installed at a time when people weren’t concerned about cyber-attacks, and connected to the Internet over an unsecured network protocol.
Let us bear in mind that the reason the systems are online in the first place is so that they’re easier to monitor. Particularly oil pipelines, that is often in remote locations.
Researchers Brian Meixell and Eric Forner at the Black Hat and DefCon computer security conferences, which took place in august this year in Las Vegas staged a mock hack of an oil well using pumps and a liquid container filled with teal liquid. They got into the system, turned the pumps on and off and overflowed the containers by feeding the system false data. If it happened on an actual oil well, the hack could result in an environmental catastrophe, according to the researchers.
The industries and most governmental institution around the globe are now aware that industrial systems are vulnerable to attacks, but their remoteness and age make upgrading of pipelines makes them difficult and expensive. There is no built-in system for releasing software patches, like there is with personal computers.
Therefore, it is possible to shut down an entire industrial facility from 40 miles away using a radio transmitter, according to researchers Carlos Penagos and Lucas Apa. They demonstrated injecting fake measurements, causing the device that received them to behave differently. For example, someone could trigger a water tank to overflow by faking an abnormally high temperature.
Recently, a pipeline belonging to the Pipelines and Products Marketing Company (PPMC) exploded on Saturday evening around Adeje, an oil hub in Okpe Local Government Area of Delta State, Nigeria leaving scores of oil engineers with severe burns.
The report gathered was that the pipeline burst into flames as engineers from the PPMC, a subsidiary of the Nigerian National Petroleum Corporation (NNPC), were repairing a vandalized portion of the pipeline which conveys products to the PPMC’s depot in Benin City, Edo State, Nigeria.
This is one of the solutions that is provided by WSN Consults, a technology consulting company specializing in sensors, integrated circuits, security of wireless sensor networks module and system manufacturing. They provide with thier partners end-to-end solutions to the Oil and Gas Industry, the medical industry, defence organizations, Government Agencies, and Research & Development establishments, solving problems like
• Real time monitoring and response to the Oil leakages & protection of pipelines in the Oil Industry
• Detection of abnormal vibrations in pipelines
• Advanced sensor and actuator based systems for safety and security of pipelines in the Oil Industry
• A complete system-wide capability that is able to address challenges at the physical, communication, data and information integration levels.
• A systems integration expertise with the capability to prototype systems throughout a stacked architecture
In addition to some of the more popular targets covered at this year’s computer security conference and by drawing attention to them, the “white-hat” hackers hope to encourage greater security from the various manufacturers and industries, and more vigilance from consumers.
Typically, the presenters inform manufacturers of bugs ahead of their talks so the companies can fix the issues before they are exploited by criminals.
Even in the wake of this year’s NSA revelations, a homemade surveillance device that sniffs out pieces of data from your various computing devices, even when they’re not online, is disturbing.
Brendan O’Connor, who runs a security firm and is finishing a law degree, has created such a device, dubbed CreepyDOL (DOL stands for Distributed Object Locator; “Creepy” is self-explanatory). The device cost $57 to make and consists of a Raspberry Pi computer, a USB hub, two WiFi connections, an SD card and USB power inside an nondescript black case.
Computers and phones act as tracking devices and leak information constantly, according to O’Connor. When plugged in, CreepyDOL detects nearby phones and computers and uses them to track people’s location and patterns, figuring out who they are, where they go and what they do online.
“You find somebody with power and exploit them,” said O’Connor.
The creation is remarkable for how simple it is. It’s likely others have similar knowledge and setups that exploit the same security flaws in applications, websites, devices and networks.
Multiple demonstrations at the conferences showed just how simple it is to hack energy systems.