maanantai 21. marraskuuta 2011
Cybersota on täyttä totta?
Verkkosota on kaikesta päätellen täyttä totta jo. Tunnetuin on Iranin uraaninrikastuslaitoksen sentrifugeihin (taajuusmuuttajiin) iskenyt "Stuxnet" ja aivan äsken uutisoitiin Yhdysvaltain Illinois´in vesilaitokseen tehdystä cyberhyökkäyksestä,jossa pumppu poltettiin kytkemällä sitä jatkuvasti päälle ja pois.
Tuorein uutinen kertoo Kiinan päässeen kahdesti NASA:n satelliitteja hallitsemaan, tästä oheisessa US Congressille annetussa raportissa,sivulla 216. Tästä ei voi olla tulematta mieleen Air Francen taannoinen Rion koneen mereen meno, jossa ohjaamonauhuri kertoo perämiehen sanoin "Minulla ei ole koneen hallintaa". Ohjasiko
konetta hakkeri? Lentokoneiden systeemien suojaus onkin tasolla, josta ohessa tietoturva-asiantuntija Craig S Wright´in hyytävää kertomaa:
Craig S Wright
"For those who do not know, 747's are big flying Unix hosts. At the time, the engine management system on this particular airline was Solaris based. The patching was well behind and they used telnet as SSH broke the menus and the budget did not extend to fixing this. The engineers could actually access the engine management system of a 747 in route. If issues are noted, they can re-tune the engine in air.
The issue here is that all that separated the engine control systems and the open network was NAT based filters. There were (and as far as I know this is true today), no extrusion controls. They filter incoming traffic, but all outgoing traffic is allowed. For those who engage in Pen Testing and know what a shoveled shell is... I need not say more"
Toisin sanoen, periaatteessa B747-jumbon moottoreita voi ohjata matkustajan viihdekonsolista!
cyberhyökkäys Illinoi´n vesilaitokselle
uscc.gov (sivu 216):
"• On October 20, 2007, Landsat-7, a U.S. earth observation satellite jointly managed by the National Aeronautics and Space Administration and the U.S. Geological Survey, experienced 12 or more minutes of interference. This interference was only discovered following
a simi"lar event in July 2008 (see below).†
• On June 20, 2008, Terra EOS [earth observation system] AM–1, a National Aeronautics and Space Administration-managed program for earth observation, experienced two or more minutes of interference.‡ The responsible party achieved all steps required to command the
satellite but did not issue commands.
• On July 23, 2008, Landsat-7 experienced 12 or more
minutes of interference. The responsible party did not
achieve all steps required to command the satellite.
• On October 22, 2008, Terra EOS AM–1 experienced
nine or more minutes of interference. The responsible
party achieved all steps required to command the satellite but did not issue commands"
Tilaa:
Lähetä kommentteja (Atom)
Ei kommentteja:
Lähetä kommentti