Guest User

tldr essay pr0f

a guest
Nov 19th, 2011
2,343
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
  1. -----BEGIN PGP SIGNED MESSAGE-----
  2. Hash: SHA1
  3.  
  4. ___ __
  5. / _ \ / _|
  6. _ __ _ __| | | | |_
  7. | '_ \| '__| | | | _|
  8. | |_) | | | |_| | |
  9. | .__/|_| \___/|_|
  10. | | PRESENTS
  11. | | SCADAPOCALYPSE.
  12. |_| Or something.
  13. FLUFFYBUNNYMAGEDDON.
  14. ____ _ _ _ _ ____ ____ ____ /
  15. | | |__| |\ | | | |___ [__ /
  16. |__| | | | \| |__| |___ ___] .
  17.  
  18.  
  19. ___ ____ _ _ ____ _ ___ ____ ____ _ _ / /
  20. | |___ |__| | __ | |__] [__ | | |\ | / /
  21. | |___ | | |__] | |__] ___] |__| | \| . .
  22.  
  23. ###########################################################################################
  24.  
  25. Hello.
  26. It's pr0f again, with less of a release, more of an essay or silly blog-like thing.
  27. I've seen a lot of noise in the blogoblag recently about what some clever guys have called SCADAPOCALYPSE, which I must say made me smile.
  28. It's not as grim and war-like as the media are making it out to be, at all. "Cyber war" and all of that is little more than hype, and I'd like to address that in a moment. But it is a sign that the security-poor institutional culture in automation needs changing, and needs changing fast.
  29. I would like to go on record and say that the main reason I did what I yesterday was essentially because I know I am not the only person with an interest in these systems. I also know I am not the only person who has explored them and read up on them. However, at least I am going public (ish) and trying to draw attention to the topic.
  30. "Cyberwar" is unlikely to happen, in my opinion. I've met enough .mil types to know that they're pretty grounded in reality; blame spokespeople for the irritating craze of adding "cyber-" to everything. Even the concept of cyberwar is ridiculous; war is a meatspace occurence and simply couldn't have a digital equivalent.
  31. What REALLY worries me is individuals and skid types who, whether through malice or accident, damage a system. Some of these attacks could cause serious harm, could hurt or even kill people, as we all know.
  32. I am also somewhat concerned that groups like ICS-Cert aren't taking things seriously enough, or are perhaps very confused about things.
  33. I have heard, for example, that they shot an email off to Teamp0ison, a group of teenage boys who's primary accomplishment with regards to owning stuff is probably owning their own Wikipedia page with an iron fist (that stuff reads like an advertisement for them, really). I know that the worst worry is a new 'sploit that provides code execution on boxes, but emailing skids beggars belief a little (Although I may just be a moron for believing rumours I hear on IRC. Which has happened before...).
  34. All flippancy aside though, this is a serious topic and I'm disappointed by some of the responses from ICS-Cert. I have at least one actually credible report of poor configuration by an installer of these systems that didn't appear to be followed up by ICS-Cert.
  35. I don't think I am alone in suggesting that the gravity of the problem is more serious than ICS-Cert and similar are equipped to deal with. I would love to see some real reform and discussions between the government, manufacturers of ICS, and people who use these systems happening, because there seems to be a huge disconnect between the parties involved.
  36. I don't have much of a doubt the FBI will be investigating recent events, and I suspect my future may well contain orange uniforms and bad food, but I feel that there's a serious need to highlight these issues publicly worth all costs. Discussion is needed, but more than that, we need action.
  37. Very few others seem to want to talk about anything from anything other than a theoretical standpoint, and legal systems across the world are attempting to stamp-out proactive, offensive security, under the misguided belief that this will somehow deter people from attacking systems.
  38. (It won't.)
  39. Lastly, on the topic of cyberwar, I'm getting tired of spokespeople for various nations claiming that physical retribution for cyber attacks is fair game. That's as fair and logical as putting a few rounds in a games console because a video game was able to beat you, and it's nothing more than testosterone-fulled machismo at best. Attribution online is near impossible, although some people are still convinced that the Chinese will hack Google from their home IPs.
  40. Anyway. Calling for some discussion and action. Fix things. Take a proactive, even offensive stance on your own security instead of waiting for someone to do it for you.
  41.  
  42. ###########################################################################################
  43.  
  44. Greetz to Lady GaGa for the perfect soundtrack to using awesome hacking tools like dir and type. JUDAS JUDAAAS JUDAS JUDAA-AAA-AAAS.
  45. Responsible, respectable SCADA researchers who've been trying to get people to sort this problem for a while, unlike me.
  46. The City of South Houston, Texas, for dealing with the highlighted security issue quickly professionally, and noting that I did indeed cause no damage.
  47.  
  48. ###########################################################################################
  49. If anyone wants to contact me for whatever reason...
  50. @pr0f_srs on twitter.
  51. pr0f_srs@ue.co.ro is my email.
  52. pastebin.com/fAa4uZDx is my public key.
  53. 1PTVF69KGjth7ZhA3gcNsb3XG6AnpJVNgu is for bitcoin donations.
  54. -----BEGIN PGP SIGNATURE-----
  55. Version: GnuPG v1.4.11 (GNU/Linux)
  56.  
  57. iQEcBAEBAgAGBQJOyGmBAAoJEFI8uH13Tfpahk8H/jb3JFrYFC6uUNCvTSAjH3oF
  58. AZ9cHNBKUBPL6O8XE5VSJ12claIIkkJ1R5kXmcvJwe5QT3zNcCnnNpmMeHmB8dO4
  59. 2nMS6zFiCBPTP8HjRpoeibgC+fZGkrjkQHGaypeM5BKfj2UMUHaVIVrQH8JuMjlt
  60. iKgkBVasrj6eIDwucdw0dYtoKQ+wnaMlLZvDlSkk8GfvqX5PnS70mdlA3rw66tJt
  61. +hXNL0fpd+/Fjz+FIIf/jMlXdy7UJmvwQ8bFYYIsDDckIGoNkkpfh3GFkn6nLfk0
  62. p+Tk1Fld87FNdRLgEZZwoD0lX3n+TAlZRlyJQmBnNLu0AgmvBuFhJJ/aAwQW/hU=
  63. =9/U0
  64. -----END PGP SIGNATURE-----
  65.  
  66.  
RAW Paste Data