Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings

April 2022 Special Edition: Internet of Things Handbook

By Editor Design World | April 6, 2022

Share

How to turn off a smart meter the hard way

Potential cyber attacks have a lot of people worried thanks to the recent conflict in Ukraine. So it might be appropriate to review what happened when cybersecurity fi rm FireEye’s Mandiant team demonstrated how to infiltrate the network of a North American utility. During this exercise, Mandiant hacked into the utility’s industrial control systems and switched off one of its smart meters.

A point to note is that most large industrial fi rms wall-off their industrial networks from their ordinary IT networks somehow. And the utility that Mandiant stress-tested thought it had protected its network this way. These measures slowed Mandiant down but didn’t stop its researchers from eventually owning the industrial network.

In the first phase of the attack, the Mandiant team adopted techniques used by Iranian hackers to breach an industrial network in an attack on a Saudi petrochemical plant. The usual approach, says Mandiant, is to first break into the company IT network, rather than the industrial network, to collect information about security operations.

The way Mandiant hacked into the network during its exercise was almost embarrassingly simple: It embedded a link for a malicious fi le in an email attachment to a Microsoft Office document containing auto-executable macro code. This got the white-hat hackers to a point where they could execute code on a single user workstation connected to the IT side of the network. Then they used a set of publicly available offensive security tools to make it look as though their code had the privileges of a domain administrator.

It is interesting to review some of the tools they employed, all of which are publicly available. One called ldapsearch retrieves information from LDAP servers (which often stores usernames and passwords). Another called PowerSploit is a collection of programs written in the PowerShell scripting language used to manage IT resources. Typical PowerSploit tasks include listing installed security packages, impersonating logon tokens, and creating logons without triggering suspicious event warnings.

To get from the initial compromised workstation out to other equipment installed on the network, the Mandiant hackers used a program called WMImplant, also written in PowerShell, to access remote servers and run programs or issue commands on them. Then a program called Mimikatz extracted credentials for local user and domain administrator accounts.

Once they had free run of the IT network, Mandiant’s team determined targets of interest (people, processes, or technology) and looked for avenues from the IT to the industrial network. There turned out to be several ways of getting control of the industrial side. Perhaps most obvious was to get someone to copy a malicious fi le onto a USB stick which then got plugged into the industrial network. Mandiant also found that some applications on the industrial network accessed data and services on the compromised IT side; similarly, some applications on the compromised IT side could get to the industrial server.

Perhaps the biggest security screwup was that the industrial utility used a single centralized admin that handled resources on both the IT and industrial network. This software resided on the IT network. So once Mandiant got control of the IT network, it pretty much had admin status on everything. That made it easy for researchers to steal login credentials for the meter control infrastructure and issue a command to disconnect the smart meter.

For a bit of irony, consider that back in 2015 a popular TV series called Mr. Robot depicted a hack of a climate control system. The show was praised at the time because experts claimed it’s hacking approach was realistic. The hack hinged on issuing bogus commands from a rogue controller spliced onto the industrial network which could be accessed via an ordinary internet connection.

Today, sophisticated firewalls between IT and industrial networks, VPNs, and similar measures are supposed to thwart such antics. But clearly even companies that should know better are still susceptible to the Mr. Robots of the world.

Leland Teschler • Executive editor


Filed Under: EE World Digital Issues, DIGITAL ISSUES

 

Related Articles Read More >

May 2022 Issue: Robotic solution speeds up PPE manufacturing process
April 2022 Issue: A look at AI and advanced simulation in software
March 2022 Special Edition: Motion System Trends
March 2022 Issue: Augmented Reality Gets Real

DESIGN GUIDE LIBRARY

“motion

Enews Sign Up

Motion Control Classroom

Design World Digital Edition

cover

Browse the most current issue of Design World and back issues in an easy to use high quality format. Clip, share and download with the leading design engineering magazine today.

EDABoard the Forum for Electronics

Top global problem solving EE forum covering Microcontrollers, DSP, Networking, Analog and Digital Design, RF, Power Electronics, PCB Routing and much more

EDABoard: Forum for electronics

Sponsored Content

  • Global supply needs drive increased manufacturing footprint development
  • How to Increase Rotational Capacity for a Retaining Ring
  • Cordis high resolution electronic proportional pressure controls
  • WAGO’s custom designed interface wiring system making industrial applications easier
  • 10 Reasons to Specify Valve Manifolds
  • Case study: How a 3D-printed tool saved thousands of hours and dollars

Design World Podcasts

May 17, 2022
Another view on additive and the aerospace industry
See More >
Engineering Exchange

The Engineering Exchange is a global educational networking community for engineers.

Connect, share, and learn today »

Design World
  • Advertising
  • About us
  • Contact
  • Manage your Design World Subscription
  • Subscribe
  • Design World Digital Network
  • Engineering White Papers
  • LEAP AWARDS

Copyright © 2022 WTWH Media LLC. All Rights Reserved. The material on this site may not be reproduced, distributed, transmitted, cached or otherwise used, except with the prior written permission of WTWH Media
Privacy Policy | Advertising | About Us

Search Design World

  • Home
  • Technologies
    • 3D CAD
    • Electronics • electrical
    • Fastening & Joining
    • Factory automation
    • Linear Motion
    • Motion Control
    • Test & Measurement
    • Sensors
    • Fluid power
  • Learn
    • Ebooks / Tech Tips
    • Engineering Week
    • Future of Design Engineering
    • MC² Motion Control Classrooms
    • Podcasts
    • Videos
    • Webinars
  • LEAP AWARDS
  • Leadership
    • 2022 Voting
    • 2021 Winners
  • Design Guide Library
  • Resources
    • 3D Cad Models
      • PARTsolutions
      • TraceParts
    • Digital Issues
      • Design World
      • EE World
    • Women in Engineering
  • Supplier Listings