back to article Someone's phishing US nuke power stations. So far, no kaboom

Don't panic, but attackers are trying to phish their way into machines in various US power facilities, including nuclear power station operators. It seems so far that whoever is behind the campaign has tried phishing and watering-hole attacks, but haven't got beyond corporate networks (which in critical infrastructure should …

  1. Nick Kew

    Why isn't it stuxnet?

    This time it would make perfect sense if it were the US's own security forces. Their job is to protect US security, and probing vulnerabilities of critical infrastructure is surely part of that job.

    So, if it falls short of a stuxnet (OK, perhaps stuxnet-with-dummy-payload), does that mean they're not doing their job? Or just that attacks are being reported selectively?

    Coincidentally, some of those same security forces are well-known for framing foreign powers.

    1. MyffyW Silver badge

      Re: Why isn't it stuxnet?

      That will be the weak anthropic principle. If it was stuxnet we wouldn't still be here to question why it isn't stuxnet.

      1. Anonymous Coward
        Anonymous Coward

        Re: Why isn't it stuxnet?

        I'm frankly quite astonished they even managed to detect the attempts!

    2. Anonymous Coward
      Anonymous Coward

      Re: Why isn't it stuxnet?

      Yes but then would we be hearing about it? I'm a little surprised we're hearing about it anyway. truth be told

  2. lglethal Silver badge
    Paris Hilton

    watering hole attacks?

    Ok I have to ask what is a watering hole attack? I thought I was familiar with most of the terminology to do with malware but thats a new one for me...

    1. Mark 110

      Re: watering hole attacks?

      Setting up a website or other delivery mechanism such as social media account (watering hole) to deliver malware and then using your phishing emails and/or search result manipulation, etc to get your marks to go and drink the bad stuff.

      I think anyway. Happy to be corrected.

      1. Richard 26
        Pint

        Re: watering hole attacks?

        The idea is that you wait for your prey to come to you: so rather than send phishing mails to their place of work, you target weak spots where they may turn up. For example, web forums where they might hang out, manufacturer sites, etc.

        Mine's a pint in my local with the compromised Wi-fi.

        1. Anonymous Coward
          Anonymous Coward

          Re: watering hole attacks?

          you target weak spots where they may turn up. For example, web forums where they might hang out

          Like here. Watering hole attacks can be quite targeted, but they don't need to be. If you're a spy agency interested in high value targets across a whole range of industries, then Facebook and Twitter aren't the places to hang out, as there's too little focus, too much dross. But here, well......

          1. James O'Shea

            Re: watering hole attacks?

            That’d be... frustrating... for our heroes, at least if they were trying to get something using the email address and password I use on El Reg. This addy has limited use, and as that use is out in public, anything addressed to it is regarded with Extreme Suspicion. And the password, while silly and not particularly secure, is used only on this site.

            Good luck, phishers.

            1. Anonymous Coward
              Anonymous Coward

              Re: watering hole attacks?

              "And the password, while silly and not particularly secure, is used only on this site."

              So you use "hunter1234" on higher value sites, then?

          2. allthecoolshortnamesweretaken

            Re: watering hole attacks?

            "If you're a spy agency interested in high value targets across a whole range of industries, then Facebook and Twitter aren't the places to hang out, as there's too little focus, too much dross. But here, well......"

            Well, now I feel flattered and am on the verge of coyly blushing.

        2. John Smith 19 Gold badge
          Unhappy

          "The idea is that you wait for your prey to come to you: "

          For example if you could infect El Reg literally XXX of companies could be affected

  3. This post has been deleted by its author

    1. This post has been deleted by its author

      1. This post has been deleted by its author

        1. This post has been deleted by its author

          1. diodesign (Written by Reg staff) Silver badge

            Re: intermediary contact

            Contact is being established...

            C.

    2. This post has been deleted by its author

  4. Anonymous Coward
    Anonymous Coward

    Air-gapping...

    Doesn't give complete protection - systems need complete physical protection to prevent accidental introduction of nasties. I remember reading about a US drone control site that was still infected because someone brought in an infected USB drive.

    1. Anonymous Coward
      Anonymous Coward

      Re: Air-gapping...

      infected because someone brought in an infected USB drive

      By modern standards, I would have thought that a system would not be considered to be air gapped if people can plug in any form of portable media. That has consequences for tech support, but that has to be the case because IIRC there was a suspicion that Stuxnet was transferred via tech support USB drives.

  5. Pascal Monett Silver badge

    "the attackers had apparently gained at least one set of user credentials"

    Obviously the response is that all user credentials have been changed, or at the very least, if they know which user then they changed that one (prefer the former though).

    Happy to read that there is at least one installation which sets its industrial comm infrastructure apart from its public corporate one.

  6. Anonymous Coward
    Anonymous Coward

    Unnamed officials believe...

    "Unnamed officials who believe" are like zombies out of the Walking Dead.

    You meet them whenever there is a calm moment, there are always more and getting rid of them is extremely hard.

    Reminder of the non-story of “Russian hackers penetrated U.S. electricity grid through a utility in Vermont, U.S. officials say.” pushed by WaPo: 'Fake News' And How The Washington Post Rewrote Its Story On Russian Hacking Of The Power Grid

    (Also reminder that the item "17 intelligence agencies are confident that Russia hacked the elections" (Clinton) has been downgraded to "a closed circle of shifty individuals from 3 intelligence agencies issue the statement that Russia hacked the elections", but that's for another day).

    1. bombastic bob Silver badge
      Trollface

      Re: Unnamed officials believe...

      that the other 'Unnamed officials' are SO full of it...

    2. robidy

      Re: Unnamed officials believe...

      Wondered what happened to the Iraqi information minister who said no bombs were dropping as they fell in the background...presumably reinvented himself as Trump's head of fake news generation.

    3. John Brown (no body) Silver badge
      Happy

      Re: Unnamed officials believe...

      (Also reminder that the item "17 intelligence agencies are confident that Russia hacked the elections"

      Was it just me that read "item 17" as Team 17 and expected to see a reference to Worms?

  7. Doctor Syntax Silver badge

    "There is no indication that hackers were able to jump from their victims’ computers into the control systems of the facilities, nor is it clear how many facilities were breached."

    Translation: We don't know what's going on.

  8. Antron Argaiv Silver badge
    WTF?

    Nukes on the 'net?

    I understand that you might want to send telemetry over the intertubes, but connecting the control system of a nuclear power plant to the 'net seems...unnecessary. Surely all necessary control inputs are local?

    And any internet connection is surely authenticated by something more significant than username/password? Like perhaps encryption boxes or RSA tokens at each end?

  9. Derek Jones

    NRC does not want its inspectors to need to know technical stuff

    My one experience with dealing with the US NRC (Nuclear Regulatory Commission) is that they want the software to be so easy to use that its inspectors don't need to know anything technical:

    https://shape-of-code.coding-guidelines.com/2012/06/27/trying-to-sell-analysis-tools-to-the-nuclear-regulatory-commission/

  10. Trigonoceps occipitalis

    Take Note

    "maintained separate networks for corporate and operations systems"

    No mention that the "operations systems" are isolated from the Internet.

    1. Anonymous Coward
      Anonymous Coward

      No mention that the "operations systems" are isolated from the Internet.

      Apparently the control systems are - or were - connected to the internet.

      I base that on an article IEEE had in their magazine Spectrum some years ago - must be 9 years ago or more, since that is when I let my membership lapse.

      IIRC: The gist of the article was that hackers had accessed the control systems, but the reactor was off line or in training mode or? at the time. I remember that the hacker actions had to do with coolant in the reactor.

  11. Kev99 Silver badge

    Why do these idiots continue to put sensitive information on the internet? Are they that d****d cheap or stupid?

  12. Anonymous Coward
    Facepalm

    Totally pointless article ...

    If you're not going to post any actual technicals details you might as well not bother. Boo hoo hoo, I'm so scared who will save me from the Russian bogeyman ...

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like