digg

Facebook Connect Join Digg About

Hacker accesses a Nuclear plant as easy as opening a can of beans

forbes.com The first time Scott Lunsford offered to hack into a nuclear power station, he was told it would be impossible. There was no way, the plant's owners claimed, that their critical components could be accessed from the Internet. Lunsford, a researcher for IBM's Internet Security Systems, found otherwise.

Who dugg this? Made popular Aug 24, 2007

Digg DudeWhat is Digg?

Digg is a place for people to discover and share content from anywhere on the web. Digg surfaces the best stuff as submitted and voted on by the community. Take the Tour to learn more.

233 Comments

show profanity settings
expand all
  • Slovenian6474, on 10/10/2007, -3/+321"By the first day, we had penetrated the network. Within a week, we were controlling a nuclear power plant."
    It takes me less than a minute to open a can of beans.
  • TiMMY8765, on 10/10/2007, -0/+142or maybe he's really bad at opening beans
  • Auridran, on 10/10/2007, -1/+137You are a master of bean-can opening.
  • explnx, on 04/27/2009, -0/+100What I'm wondering is why these critical computers are in any way connected to the internet.
  • yodaj007, on 10/10/2007, -9/+91"Hacker accesses Nuclear plant as easy as Bush avoids the law"
  • niz85, on 10/10/2007, -7/+84It makes me remember of Die Hard 4.
  • Lyndoman, on 10/10/2007, -3/+72Kinda scary that the systems are so weak, or maybe the hacker is so good.
  • wesamel, on 10/10/2007, -3/+64I think I could have thought of a more creative title than that.

    For example:
    "Hacker accesses a Nuclear plan as easy as smothering a baby with a pillow"

    Anyone want to take a shot?
  • inactive, on 10/10/2007, -1/+56Hacker finds accessing nuclear power plants easier than getting laid.
  • DivisibleByZero, on 10/10/2007, -0/+54"Hacker accesses nuclear power plan as easily as spelling the word 'plant'."
  • Otto, on 10/10/2007, -0/+53Why in the holy hell would a system that controlled anything at all inside a nuclear power plant be connected to the internet?

    Seriously, the Department of Defense figured this out ages ago. You have two networks, one for control systems and other stuff that needs to be absolutely secure, another for everything else. You don't connect the secure one to anything outside, ever, period, end of discussion. You don't even allow floppies or CD's or USB or any external inputs other than keyboards on the damn thing. That network is secure and it stays secure. The other one, well, you do whatever the hell you want with it. Transfers of data that happen between the two networks need approvals and signatures and double checking and they are done *manually* by people other than the people needing the data transferred.

    If you really must have top-notch security, that's the only way to get it. No hacker can get into a network that he is not connected to.
  • ChromaVita, on 10/10/2007, -0/+45I think whether or not he had a can opener is the critical question here
  • pulsewave, on 10/10/2007, -1/+45It was meant to be a joke, I think most people got that... yours truly, captain obvious
  • h4mx0r, on 10/10/2007, -0/+28Canned beans are pretty damn hard to open...
  • bruinexmo, on 10/10/2007, -5/+33Dugg for the word "penetration."
  • MonsterChaOS, on 10/10/2007, -0/+27Wow, scary and yet cool. I hope they fixed these systems before releasing this article though.
  • DivisibleByZero, on 10/10/2007, -2/+27I was thinking of that MacGyver episode. Sounds like the plant needs deadly robots who don't know it's a drill.
  • stratdog25, on 10/10/2007, -0/+23BUT I'VE GOT NORTON!!!!!
  • jcims, on 10/10/2007, -0/+23SCADA environments are generally focused on one thing and one thing alone, availability. Anything that threatens that availability, including OS patches, configuration changes, etc, must have _massive_ justification before it is implemented. Authentication and authorization controls are frequently disabled, or not even implemented in the products that support the environment. Having a massive plant failure due to a service account password getting locked out would not be a good thing.

    Generally they are tucked away deeply in the network, frequently completely detached from the general purpose LAN, and their configuration frozen in time for fear of breaking something important. While it might make the security purist cringe, the risk of change, any change, is sufficiently high that in many cases a patch or config change cannot be warrented based on security needs alone...especially when there are other mitigating controls involved.
  • DivisibleByZero, on 10/10/2007, -0/+22I should also add that MacGyver would have actually used the can of beans as part of the hack.
  • GuyeNoir, on 10/10/2007, -0/+22Nuclear plant operators have to come to digg too ya know.
  • akatherder, on 10/10/2007, -1/+22Why in the hell would the computers for something this critical even be accessible from the internet? Hire a goddamn entry-level network engineer and your problems are solved.
  • xiambax, on 10/10/2007, -2/+23i'm in your power plant, colliding your nuclei.
  • Salviati, on 10/10/2007, -2/+21What a load of SH*T. I work at a nuclear site, and I can promise that he can do nothing of the sort. First of all, none of the systems are tied IN ANY WAY to an internet-connected computer. At most, he could view some of the monitoring systems, but not actually 'control' anything. Secondly, most of the systems were created in the 1960s and 70s and need to be manually rotated or switched at the valve itself. Finally, even if he was able to 'sabotage' a critical system, the plant can simply pull the plug, cut the power, and the plant will immediately drop the control rods and shut down (unless he has figured out a way to hack gravity!)
  • DarkSideofOZ, on 10/10/2007, -1/+20I got you beat, I can do it in 10 seconds flat..

    But I use an electric can opener, does that make me a script kiddie?
  • strictnein, on 10/10/2007, -0/+19Send it to China, and then they will send it back in baby formula.
  • strictnein, on 10/10/2007, -0/+17Yeah, the whole idea is to protect these type of systems with an "air wall". So there is no physical connection to any outside network and you have to be onsite to work on the systems.
  • fuckingusername, on 10/10/2007, -0/+16what I don't understand is why stuff like this is online to be hacked?
  • OBKenobi, on 10/10/2007, -1/+16Any good hacker knows how to disable reactors and tractor beams.
  • hypnotoad32, on 10/10/2007, -3/+18Edgar Stiles could have kept the hacker out.
  • bdpf, on 10/10/2007, -0/+141. Disconnect the systems from internet.
    2. Remove all direct connection to phone system.
    3. Use only secure designated land lines.
    4. Costs a lot of money and removes all shareholder profits for years.
    5. Not doing it, could remove the costumer base, as in dead.
  • VictoryGin, on 10/10/2007, -0/+14Or was he trying to access the beans over the internet too?
  • xocomil, on 10/10/2007, -1/+14Easy, we reclaim most of it to use as fuel in the reactor again. With the stuff that can't be reclaimed, it can be safely stored in old mines or other areas where they are unlikely to impact humanity. If nuclear power is so horrible, why do so many nations besides the US use it. Look up France and see how much of their electrical infrastructure is nuclear power. Then look at how they have engineered reclaiming spent fuel rods and how they are solving storage of high grade and low grade nuclear waste. The only reason we aren't on the nuclear bandwagon in the US is precisely because of the fear mongering that people who don't have current information about the industry engage in. "OH NOES IT IS NUCULAR!!! CHERNOBYL!!!"
  • Bdog2g2, on 10/10/2007, -1/+14be sure to pack some chocolate bars in case a vat of acid is cracked and you need to seal it.
  • SolsPolaris, on 10/10/2007, -2/+15Another reason build NEW, more SECURE Nuclear Plants, complete with top of the line network security and systems.
  • Snarfy, on 10/10/2007, -0/+12Hacking a nuclear plant: so easy a caveman could do it. Oh wait...
  • Shadow503, on 10/10/2007, -0/+12No, this is the plot to season 4 of 24. Hackers gain access to nuclear power plants; Jack Bauer shoots terrorists.
  • ImOscar, on 10/10/2007, -2/+14WTF at digging down MacGyver?
  • khabba, on 10/10/2007, -0/+11The powerplant pc's need to have their Windows Updates regularly.. duhh! Otherwise how can they be safe?
  • ethon, on 10/10/2007, -2/+12Too bad Edgar is dead....who else will be able to override the hackers?
  • Error601, on 10/10/2007, -1/+11If you're the integrator...it's your fault that it's not secure.
  • inactive, on 10/10/2007, -1/+11He actually designed the system before getting frustrated with the owners.
  • Otto, on 10/10/2007, -0/+9We're talking about a nuclear power plant here. If they don't have physical security, then we're all screwed to begin with.
  • inactive, on 10/10/2007, -1/+10in Chernobyl, mutant can of beans opens you!
  • shredswithpiks, on 10/10/2007, -0/+9I'm with the guy above. I actually work on a team of people that design/implement/maintain the SCADA network for a 4-in-1 (water, wastewater, power, gas) utility company. SCADA controls everything, even though you can control it manually. Met with a guy from some Florida power company earlier this summer and he has at least 2 nuclear plants on SCADA.
  • oneangrypossum, on 10/10/2007, -1/+9Chernobyl showed the dangers of not treating nuclear power as responsibly and respectfully as it deserves. It's got a real possibility to be a double edged sword, but if we're intelligent about it's uses, we have a lot to gain with minimal risk. Or should we also cease space exploration since we've lost more than a few human lives? Cars kill people every day through stupid misuse, we should get back to walking everywhere we go. Fire has proven troublesome as well. If we can't treat energy and power with respect, we might as well go back to scraping a living as best we can as gatherers and scavengers. You get nowhere without intelligent risk, and perseverance when those risks rear their heads.
  • shark615, on 10/10/2007, -1/+9Bury it in sealed containers like they are already doing.

    Better then spewing it into the atmosphere at tonnes per minute like is currently happening with the alternatives.
  • VitriolAndAngst, on 10/10/2007, -0/+8How the heck would anyone have a computer system running a Nuclear plant connected at any point to the Internet?

    Every day I'm more convinced that secrecy is only to protect our government from incompetency. We couldn't possibly have enemies with fools like these in charge.
  • xocomil, on 10/10/2007, -0/+8Chernobyl was a big deal, but look into pebble bed reactors. They are gaining popularity in China right now. They make it impossible for a melt down on the scale of Chernobyl to even happen. You help to prove my point. Americans have been taught to immediately look at anything involving nuclear power as horrible. If you would take some time to do some research, you would see that nuclear power is probably the only alternative that will get us off of foreign oil. All the other alternatives out there right now have serious drawbacks that need to be overcome.
  • gtluke, on 10/10/2007, -0/+8i beg to differ. while i don't do power plants, i do enormous water treatment plants in NYC
    they whole plant runs on scada.
    it can be controlled manually, but its all done via the scada too.
  • Fetching more discussions...
    Show 51 - 100 of 236 discussions

  • Add a Comment

    Login or register to comment!
    Or, sign-in super fast with your Facebook account ...


© Digg Inc. 2009 — Content created and posted by Digg users is dedicated to the public domain | Terms of Use Updated | Privacy Policy
DIGG, DIGG IT, DUGG, DIGG THIS, Digg graphics, logos, designs, page headers, button icons, scripts, and other service names are the trademarks of Digg Inc.