DHS: Anonymous lacks the skill to harm ICS stabilityby Steve Ragan - Oct 18 2011, 17:25
An NCCIC (National Cybersecurity and Communications Integration Center) bulletin issued in September, which was released by PublicIntelligence.net on Monday, reveals that Anonymous has taken an interest in Industrial Control Systems (ICS)... but that’s about it.
Actual harm to ICS stability is limited, the NCCIC notice outlines, because Anonymous apparently lacks the skill to target anything other than Web-facing applications and access.
“The loosely organized hacking collective known as Anonymous has recently expressed an interest in targeting industrial control systems (ICS). While Anonymous recently expressed intent to target ICS, they have not demonstrated a capability to inflict damage to these systems,” the bulletin relays.
“Anonymous does have the ability to impact aspects of critical infrastructure that run on common, internet accessible systems (such as web-based applications and windows systems) by employing tactics such as denial of service. Anonymous’ increased interest may indicate intent to develop an offensive ICS capability in the future. ICS-CERT assesses that the publically available information regarding exploitation of ICS could be leveraged to reduce the amount of time to develop offensive ICS capabilities. However, the lack of centralized leadership/coordination and specific expertise may pose challenges to this effort.”
Instead of targeting ICS, the NCCIC memo adds that Anonymous has instead opted to embarrass and harass its targets, “using rudimentary attack methods, readily available to the research community.”
The DHS memo singles out OpMonsanto, where Anonymous attacked the company for two days straight, “crippling all 3 of their mail servers as well as taking down their main websites world-wide.”
Moreover, the OpMonsanto campaign targeted information, collecting the personal details on more than 2,500 company employees, even suggesting a backdoor left on one of the systems pointed to IRC [source].
The second item the DHS focused on was a Twitter message that published the results of “browsing the directory tree for Siemens SIMATIC software.”
“The posted xml and html code reveals that the individual understands the content of the code in relation to common hacking techniques to obtain elevated privileges. It does not indicate knowledge of ICS; rather, it indicates that the individual has interest in the application software used in control systems,” the bulletin explained.
In addition, the XML and HTML code included the administration code used to create password dump files for an interface control product from Siemens.
“The code also contained OLE for Process Control (OPC) foundation code that is used in server communication with control system devices such as programmable logic controllers, remote terminal units, intelligent-electronic devices, and industrial controllers.”
While the information looks damning, the DHS doubts that it was serious, noting that the information did not indicate actual ICS compromise, but rather that the person posting the details knew enough about ICS to release information capable of grabbing attention and causing panic.
“The information available on Anonymous suggests they currently have a limited ability to conduct attacks targeting ICS. However, experienced and skilled members of Anonymous in hacking could be able to develop capabilities to gain access and trespass on control system networks very quickly.
“Free educational opportunities (conferences, classes), presentations at hacker conferences, and other high profile events/media coverage have raised awareness to ICS vulnerabilities, and likely shortened the time needed to develop sufficient tactics, techniques, and procedures (TTPs) to disrupt ICS.”