SCADA Watch: Things You Probably Wish You Didn’t Know

January 18th, 2008 by Paul Ferguson (Advanced Threats Researcher)

Historically, “sensitive” networks have traditionally enjoyed a sense of security due to their total, and complete separation from publicly accessible networks.

In fact, most of us old-school “security wonks” have always joked about the fact that the “…only real security is a pair of wire cutters…” to humorously illustrate the fact that nothing is really secure that is exposed to uncertainty, or untrusted access.

This has always been true in my personal background, having worked in U.S. Military COMSEC disciplines over many years. And given the fact that I have also worked in the Internet security arena for almost 20 years, I figure this gives me some unique insight into some of these issues.

The same security postures which can be applied to COMSEC can, and should, be true of SCADA (Supervisory Control And Data Acquisition) systems.

When you think “SCADA”, think power, water, etc. The systems that allow civilization to function.

First and foremost, these systems should never — never — be connected in any way, shape, or form to the public Internet. Not even as VPNs, or overlay networks. This is simply wrong-headed.

Unfortunately, some business decisions over the course of the past 15 years have allowed the “public” and “private” networks to become dangerously close in proximity, due to “cost savings” and “operational efficiency” business decisions — by companies that control the very systems which deliver these life-sustaining services to the world’s population.

It’s one thing to steal passwords, perpetrate fraud, and other financial theft-based cyber crimes — but it is ominously more dangerous to shut down the electricity to a complete region of a power grid.

If there is anyone out there who thinks that this is only the storyline of blockbuster movies, think again.

There are certainly forces “out there” who wish to wreak havoc, cause damage, and claim victory.

And they are using the exact same methods to infiltrate SCADA infrastructure that they are using to steal unwitting victim’s checking account information.

“Fergie”, a.k.a. Paul Ferguson
Internet Security Intelligence
Advanced Threats Research

Rogue App Sweeps Mac

January 18th, 2008 by Roderick Ordoñez (Technical Communications)

Mac users beware: a rogue system cleaner calling itself “MacSweeper” has recently surfaced. Although it doesn’t really do anything malicious, once installed, it can be really difficult to remove.

MacSweeper claims to scan the system and report any privacy violations. It does find plenty of these “privacy violations,” but to remove these violations, one has to purchase the full version of the software.

If you’re a Windows user, a scenario such as this may sound all too familiar.

There is a legitimate Mac Sweeper (yes, two words). The sceenshot below from Softpedia shows a window from the real one:

The fake MacSweeper (one word here), on the other hand, has an interface like the one below:

Clicking the Purchase button takes the user to this page:

What’s even more suspicious is that a visit to the product’s Web site initiates an online scan and releases vulnerability reports in folders that exist only in Macs — even if you’re browsing using a Windows machine.

The Web site also gives an abstact of the company’s profile, which should actually be believable, if it wasn’t obviously copied and pasted straight out of Symantec’s site — and just more recently, out of Kaspersky’s site as well.

Trend Micro detects this rogue app as OSX_MACSWEEP.A.

The rising popularity of Macs may be luring malware authors to test profits on these platforms. Tides are turning and what many security experts have predicted are coming true: the days of malware-free Mac are numbered.