Loading presentation...

Present Remotely

Send the link below via email or IM


Present to your audience

Start remote presentation

  • Invited audience members will follow you as you navigate and present
  • People invited to a presentation do not need a Prezi account
  • This link expires 10 minutes after you close the presentation
  • A maximum of 30 users can follow your presentation
  • Learn more about this feature in our knowledge base article

Do you really want to delete this prezi?

Neither you, nor the coeditors you shared it with will be able to recover it again.


Scada Hacking and Awareness

No description

Muhammad Shahmeer

on 28 January 2015

Comments (0)

Please log in to add your comment.

Report abuse

Transcript of Scada Hacking and Awareness

Who are these Guys...?
Basically we are people who spend 15/24 hours in front of the LCD screens ruining our eyes....
A little bit Introduction about Us:
Co-Founders, Author and Penetration tester at Maads Security.
Penetration tester at Rewterz InfoSec
IT officers of Malaysian Enterprise DMM
Certified Penetration Testers from Mile2
Trained and Certified Ethical Hackers from CTTC Pakistan by EC-Council
Certified Virtualization Specialists by VM-Ware
SCADA Hacking & Awareness
Developers of Pakistan's First Publicly Released Penetration testing OS
Acknowledged Security Researchers by
Oracle, LinkedIn, Adobe, Mozilla etc. The list goes on for 50...

Currently Authoring A Wireless Penetration
testing Guide Book "Attacking the Air"
SCADA System
Working of a SCADA Network
Cyber Security Past and Present
Vulnerabilities of a SCADA Network
SCADA Security in the Light of Cyber Warfare(Stuxnet)
Security Measures against SCADA Systems
Future of SCADA Security
#Live demonstrations
Meaning of SCADA :
Basic Components of a SCADA System:
If we talk in a Nut-shell and Basic Definition
The term SCADA usually refers to centralized systems which monitor and control entire sites, or complexes of systems spread out over large areas (anything from an industrial plant to a nation)
What is a SCADA System?
Why was there a need for SCADA?
SCADA is the abbreviation of Supervisory Control and Data Acquisition
A SCADA system mainly has 5 Components that work as it's subsystem.
1. A Remote Telemetry Unit(s) {RTUs}
2. A Programmable Logic Controller(s) {PLCs}
3. A Telemetry system
4. A Data Acquisition Server
5. A Human Machine Interface
Description Components of a SCADA System:
Supervisory Control and
Data Acquisition
PLCs have more sophisticated embedded control capabilities, typically one or more programming languages, than RTUs
A telemetry system is typically used to connect PLCs and RTUs with control centers, data warehouses, and the enterprise
A data acquisition server is a software service which uses industrial protocols to connect software services, via telemetry, with field devices such as RTUs and PLCs
A human–machine interface or HMI is the apparatus or device which presents processed data to a human operator, and through this, the human operator monitors and interacts with the process.
A Data
Acquisition Server
A Human
Machine Interface
Working of a SCADA System
1. Monolithic SCADA Systems
2. Distributed SCADA Systems
3. Networked SCADA Systems
4. SCADA Internet of things

How SCADA Systems and Networks Work?
Vulnerabilities in SCADA:
A Telemetry
Generations of a SCADA Systems
Wrote a research paper on "Next Hybird Generation Malware" Published in Hack-tree Magazine Jan 2014
First Security Researchers from Pakistan to be invited to Eclipse Con Conference
SCADA systems that tie together decentralized facilities such as power, oil, and gas pipelines and water distribution and waste water collection systems were designed to be open, robust, and easily operated and repaired, but not necessarily secure.
In modern SCADA systems,
"Something is connected to something that is connected to the internet"
Main Purpose of a SCADA System:
The main purpose of a SCADA system is
1. Gathering
2. Analyzing
3. Reacting
to the information provided by the system
Modern Security issues in a SCADA Network:
Basically there are 4 operations performed by a SCADA system. For this we will take an example of an Oil rig tank system
Data Collection
of Data across
the Network
to HMI
System Control Functions
Data Collection
The Sensor attached
to the Oil tanker
connected to the Oil
Rig collects data about the height of the Oil that may not exceed 70 meters
Communication of Data across the network
The data collected by the sensor is transferred via Wireless telemetry network to the HMI machine.
Information reporting to HMI
The HMI computer displays the height and other properties like temperature of the Oil inside the tanker to the User.
System Control Functions
As the instructions by the User that the Oil height should not exceed 70 meters, When the height becomes 70 the motors are turned ON which transfer the oil to the
Remote terminal units (RTUs) connect to sensors in the process and converting sensor signals to digital data
Let's see what the news have to say
How Stuxnet Works
And this is what we feel When we are asked to hack Facebook accounts.
What is Stuxnet...?
Stuxnet is a 500 KB computer malware that targets industrial control systems that are used to monitor and control large scale industrial facilities like power plants, dams, waste processing systems and similar operations.
Stuxnet In the Spotlight.
Worldwide Infection Attempts of Stuxnet
Who created Stuxnet?
Although the authors of Stuxnet haven’t been officially identified, the size and sophistication of the worm have led experts to believe that it could have been created only with the sponsorship of a nation-state, and although no one’s owned up to it, leaks to the press from officials in the
United States and Israel
strongly suggest that those two countries did the deed.
This marks a turning point in geopolitical conflicts, when the apocalyptic scenarios once only imagined in movies like Live Free or Die Hard have finally become plausible. “Fiction suddenly became reality,”
# Demo 1
Tons of Vulnerable SCADAS

Our research shows that many SCADA systems that standalone today are vulnerable because of:
Before SCADA, “you had to send people around the plants to close valves and turn on pumps at various times. You”d have to call people and ask them to kick on three specific pumps because you needed more water in the eastern portion of the system. It was very labor-intensive
Monolithic SCADA
Computing was done by mainframe
computers. Networks did not exist at the time SCADA was developed. Thus SCADA systems were independent systems with no connectivity to other systems.
Distributed SCADA
The next generation of SCADA systems
took advantage of developments and improvement in system miniaturization and Local Area Networking (LAN) technology to distribute the processing across multiple systems.
Networked SCADA
The major improvement in the third
generation is that of opening the system architecture, utilizing open standards and protocol and making it possible to distribute SCADA functionality across a WAN and not just a LAN.
SCADA Internet
With the commercial availability of cloud computing, SCADA systems have increasingly adopted Internet of Things technology to significantly reduce infrastructure costs and increase ease of maintenance and integration.
No SCADA based Virus Protection
Device Vendor
interest towards
Inappropriate Network
Live Internet Protocol
Default Configuration
Make no mistake. Cyberspace is real!
The Brain Virus
Current situation of Cyber Wars around the Globe

Outdated OS
The Future of SCADA
Drones (Unmanned Air Vehicles)
How Drones are controlled?

The problem is that most SCADA systems are running Microsoft operating systems, and if you are running a Microsoft operating system, you have a target painted on your forehead.
Brain is the oldest known virus on the PC platform and was first detected in 1986 that infected 5 Million Computers for about 20 years.
Brain is a boot sector virus, infecting the first sector of floppies as they are inserted into an infected computer and The volume label is changed to read: "©Brain".
Guess who created the first Virus in the History of Cyberspace?
We did!!!
By "WE" i mean to say 2 Pakistani Brothers from Lahore named
Amjad and Basit
A fascinating fact about the virus is that
When you decompile the code of BRAIN Virus. This is what you get
Mikko Hyponen is the CRO at F-secure decompiled the Code in Finland for the first time and after seeing the code rushed to Pakistan to meet
Amjad and Basit
According to our information three Groups of Destructive hackers are most active Now a days in ICS exploitation
1. Iranian Cyber Army
2. Syrian electronic Army
3. Anonymous

Dedicated Operating Systems for SCADA
Behavior based Specially designed Anti-malware Protection
Limiting Technical Information about Systems.

Multi-tiered and isolate the SCADA network:
Communication Protocol Speciallization and Validation
Vendor provision of Security controls
Here are a few more boring ones:
Data Encryption between HMI and Data server
Firewalls and DMZs Configuration
Read and Write Protection Mechanisms
Hardening of Operating Systems
Latest Patches for Operating Systems
What makes them Unique??
Out of all these three only Iranian Cyber Army has been targeting SCADA systems worldwide.

Anonymous does not need introduction.
Involved in Op Israel, Op Tunisia, Op USA etc.
Target governments an hack for a cause.

Syrian Electronic Army
One of the most active hacker groups
Hacked Twitter, Skype and also Viber, Whats app etc.

These groups are engaged in Hacking and defacing websites
What if they target SCADA systems and national infrastructure.

Overtime the Concept of SCADA has transformed from Stationary Power plants to Flying Air Vehicles
What is a Drone?

Unmanned Aerial Vehicle
Piloted Through
Satellite Linked Computers
Usually by the Pilots Of
Much More Sophisticated And Well Armed To Be Called A War Predator With Some Fancy Gears Including Nuke Launchers, GPS Guidance Systems, Gunner Rigs With 60 r/s
Vulnerabilities in a SCADA Network
#Demo 2
Hacking into a Live
Cyber Security Past the Present
SCADA Security in the light of Cyber Space
#Demo 3
How Malwares and Viruses
Hacks the SCADA
SCADA Security Measures
Drones Have Been A Long Time Myth For The Past Decades So We Decided To Dig It Up A Little.
Further divided into two types
1. Recon Drone---> Used for spying by FBI and USAF
2. Attack Drone--> Used for attacks on militants
In 1973, GPS was created by USAF
Those folks know that it was going to be useful.
From US airspace to Russia it is all over the earth
There is no direct connection between the tower and the Drone. Because of GPS there is a satellite involved in the communication.
How did Iran Hacked the US Drone?
"The GPS navigation is the weakest point,"
All the Every inch 24/7 coverage is achieved using
21 satellites located in 6 planes that orbit around the earth above 20 to 200 KM the plan inclined 55° W.R.T Equator with a
revolution period of almost 11:58 hours
In the simplest explanation
By putting noise(false attempts to authenticate) between the communications, which forced the drone in Autopilot mode and it lost it's communication from the tower.
Then spoofed the
GPS frequency
making it think
it was landing in
US airspace
By: Muhammad Shahmeer
We should how power plants get hacked
And how are drones are being hacked
They all have one thing in common
No matter how much vast or stealthy
They are all controlled from a Computer!!!
Hackers will try anything to get their hands on that Computer because
"One who owns that Computer owns the infrastructure"

SCADAs were not secure neither in the times of mainframes nor today in the era of Drones
Because there are many loopholes in the
Computer(s) that control them
Thank You.......
Any Questions?
Full transcript