Vulnerabilities Discovered In Prison SCADA Systems

phaedrus5001 writes with an excerpt from an Ars Technica article: "Researchers have demonstrated a vulnerability in the computer systems used to control facilities at federal prisons that could allow an outsider to remotely take them over, doing everything from opening and overloading cell door mechanisms to shutting down internal communications systems. ... The researchers began their work after [John] Strauchs was called in by a warden to investigate an incident in which all the cell doors on one prison's death row spontaneously opened."

Uh oh

[Anonymous Coward]

All your jails are belong to us!!

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[metrix007]

You really don't know what you're talking about. Dead registry entries don't cause Windows to be slower, for example. That software is unnecessary and won't make any significant difference.

Re:

[account_deleted]

Comment removed based on user account deletion

Re:

[metrix007]

No, forget about tools like PCWizard. The slowness you refer to is likely to be caused by hard drive fragmentation, all sorts of adware and malware running in the background and various other issues, none of which are related to the registry.

The registry replaces INF files, and the time to search it is infinitesimal. It really doesn't matter how many irrelivant entries are added, as it does not impact the lookup time for the relevant entries. For that to happen the registry would have to increase in size du

Re:

[Macgrrl]

I thought the whole point of SCADA was that it was dark fibre and not connected to teh ebil interwebs.

Re:

[Foxhoundz]

It seems like you're directing your anger at the wrong person. Tell me. Are you happy in your life? You seem to be stressed about a trivial comment on the internet. I wonder how you handle yourself in the real world.

Re:

[tehcyder]

Like Chuck Norris, Michael K doesn't do jokes, so cower in his shadow some more, you feeb.

Re:

[justforgetme]

I tried to.
Damn thing wouldn't install.
Kept complaining that my windows were missing. Damit, they are
right there in front of you, filling in the huge holes in the walls!

Re:

[aintnostranger]

the idea of putting people in prison prison for "being" a hacker or "criminal" or any "dangerous" label you want to apply to them is morally reprensible. It's only right to punish people for stuff they DID. Not for accessory stuff such as *being* something. What if you had the ability to do something like that hack? What if you were targeted by the state for it? People seem to be forgetting the philosophical foundations behind our civilizations real fast.

Re:

[gl4ss]

not really.
if anyone can do it, it's some prison contractor/electrician with google - he's the one who knows which locks are at which address, which nodes connected to which.

unless the alternative to solitary is giving him stacks of manuals, wire pliers and a laptop with internet access and couple of radio-modems.but the powers that be were more worried probably about control systems in some of their other. more important than prison, systems, for no good reason. long solitary is just used as a way to keep

Re:

[elrous0]

It takes a lot more than opening doors at a prison to escape. Even if you open the magnetic doors and confuse the computers, you still have to get past the physical locks, non-networked cameras, and physical guards to get out. And even if you can get past all that and the fences, you'll just be adding years onto your sentence when you get caught. Why would someone like Mitnick be stupid enough to risk a 20-year stint at a Maximum security prison just to escape a 5-year stint at a minimum security one?

Re:

[drfreak]

Wow. The difference between trying to see things from the other side of the lawn and having an opinion of my own seem to have converged. I never meant to say Mitnick deserved to be in solitary, I was merely trying to understand why the other side felt it was justified. My bad for not being specific enough.

Re:omg, quick, someone spend money!!!

[Pseudonym Authority]

So the guards can telecommute.

Re:

[Sique]

Then ... fuck them.

In a prison?

Re:

[tehcyder]

So the guards can telecommute.

Then ... fuck them.

Isn't that simple?

If I were you I'd ask Santa Claus for a sense of humour, only six weeks to go.

Re:

[AHuxley]

So some well connected contractor can collect the max amount of ongoing maintenance work over many state systems with the min number of remote security cleared staff.
As for "security flaws with prison controls" - your paying top $ in state taxes per prison control system for contractors ect.
You have the right to know where your state tax $ will go and what your getting from your prison system.

Re:

[Coren22]

s/state/federal/g

Federal prisons, not state.

Re:

[cusco]

They're not. They are hooked to computers with USB drives though, so a hack could conceivably be inadvertently installed (why the fuck does even Server 2008 still have autorun turned on by default?)

Still, if someone wanted to open a door and they have access to that machine they can do it. It's not like these systems have a lot of internal security controls on them, the general assumption is that if you have access and know what to do then you probably have permission to do it.

Repeat (sort of)

[Stone Rhino]

This research was published in July and presented at Defcon in august. The original Wired story is here.

Re:Repeat (sort of)

[Stone Rhino]

Slashdot ate the link. here:
http://www.wired.com/threatlevel/2011/07/prison-plc-vulnerabilities/ [wired.com]

Definitely not unexpected...

[Anonymous Coward]

The US has a corrections industry with an extremely strong lobby that pushes not just Congress, but judges (whom are elected) to be "tough on crime", or else they will be replaced by people on the bench who are.

Of course, handing over this to the private sector means that any security other than the obvious is done at the bottom most cost.

So, if one would expect a prison locking system to actually be secure from clued people, it wasn't in the contract and paid for, so it wasn't done. It is only a matter of time before this is used for hits on well known prisoners, either by people paid by rich victims, or a gang who managed to hire or coerce someone with IT knowledge.

Think COs wouldn't stick a USB flash drive into a machine and run stuff? A good number actually wouldn't and stay to their sworn oath. Others would plug a USB flash drive into a computer either out of curiosity, or because they are getting paid by other people in a prison gang. Smuggling a Stuxnet variant in on a fingernail sized drive is a whole lot easier than smuggling in a bag of weed or meth.

Re:

[cayenne8]

The US has a corrections industry with an extremely strong lobby that pushes not just Congress, but judges...

I keep seeing lots of post on Slashdot, about all the prisons that are privately owned.

Are there really THAT many of them that have been outsourced? I don't know that I've ever heard of any for profit prisons in any state I've lived in.

Where are all these private prisons located? I'm guessing most are in CA....but are they that prevalent across the entire US?

DUPE - Hung over since Defcon?

[ediron2]

DUPE.

I guess someone didn't turn down that neon-blue "romulan ale" being passed around at Defcon back in *AUGUST*. And damn, it must have been potent...

Seriously, I've had some long benders, fierce hangovers, and have one friend who started their current drugs-n-alcohol extravaganza during the Clinton years, but it's an amazing coincidence that submitter AND /.'s editors have collectively been this far out of it since the news of Prison SCADA risks made the national news around that time.

Hey, editors: be o

Re:

[tehcyder]

I hope you're aware that the term "backdoor penetration" could be misconstrued by those of a choldishly prurient nature as referring to male homosexual anal intercourse?

Re:

[V. P. Winterbuttocks]

You all need to get your minds out of the gutter. Does everyone on this site have a dirty mind or something?

Easy Fix.

[joocemann]

No connection to outside network.

1 - Don't connect shit like this to the internet

[Spy Handler]

2 - don't allow employees to stick their usb drives in work computers
      Or,
run Linux
      Or,
disable Autorun in Windows

3. problem solved

Now pay me my $80,000 in consulting fee (minus the 40% that will be kicked back to the prison guard union of course)

Re:

[rally2xs]

An even easier solution: To open door, insert key and turn. Try and hack that...

Easy...

[bigtrike]

Get ahold of metal, make lock pick. Steal key from guard, wait, insert, turn. Make mold out of soap, melt metal into it, insert into lock and turn.

Sure, then multiply by one thousand

[brokeninside]

One prisoner picking a lock or duplicating a key is not that large of a problem in most prisons.

The door to every cell at the same time while controls tell the guy in the guard booth that everything is fine is a problem in most prisons. The dangers presented by automation is some systems is orders of magnitude greater than the dangers presented by un-automated processes given the same level of effort by an attacker.

Re:Sure, then multiply by one thousand

[jbengt]

Last time I was in prison (on work) was a long time ago, before digital controls became ubiquitous. Opening every door to every cell would have been a big problem where the worst criminals were. (Some were known to do fun things like throw shit (literally) on guards when they walked by.) However, to get out of a cell block, and again to get out of the inner yard, and again to get outside of the prison walls, one had to walk through 10 foot long vestibules with guards at each end. The doors of the vestibule were hard-wired so that one could not open unless the other was closed.

Have we learned nothing from NetForce?

[freeze128]

Exactly. Hackers cannot remotely open cell doors if you connect the controls to any network. There is nothing wrong with a big lever and 2 armed guards.

Re:

[aintnostranger]

+1 . There is such a thing as too much automatization/computerization

Re:

[dotancohen]

Exactly. Hackers cannot remotely open cell doors if you connect the controls to any network. There is nothing wrong with a big lever and 2 armed guards.

Big lever: $80
2 armed guards: $60,000 yearly
SCADA-controlled deadlocks: $20,000 one-time fee, $400 yearly maintenance.

The robot has paid for itself in less than half a year.

Where are those numbers from?

[brokeninside]

Unless you're talking about a single cell in a municipal jail in some small town somewhere, I'm highly dubious that any serious vendor is offering a SCADA system for jail cells on the order of $20k for installation and an annual support contract of $400.

Re:

[CastrTroy]

Also, you still need the armed guards.

Re:

[AmiMoJo]

I don't know, the guys who work as guards tend not to be the sharpest tools in the shed. A well crafted text message appearing to come from the governor might be enough to convince one of them to pull it.

Re:

[brokeninside]

There is that, but the social engineering element exists whether the automated system is in place or not. Say there is a manual lever that opens all jail cells at once in one prison and a fully automated computerized system in another. In the first prison, the guard on duty, gets the text message (or phone call, or signed order) and hits the lever, opening all the doors. In the second prison, the guard on duty, gets the text message (or phone call, or signed order) and clicks a button with a mouse, opening

Re:Ignorance is bliss

[thegarbz]

Yep another typically ignorant post by someone who thinks they know security.

1 - Don't connect shit like this to the internet

Yes the airgap-it-and-fuck-it approach works really well for the targetted attacks on SCADA systems.

don't allow employees to stick their usb drives in work computers

Easier said then done, especially since you just removed their network connections. Like it or not USB as a system to transfer data is here to stay. It needs to be managed not banned. Sure the burn a CD approach works well but these days you can't necessarily take for granted that the computers given to employees are capable of this

Re:

[cusco]

The box should be locked shut with a padlock and threat of firing anyone who tries to mess around with the system.

So when the system needs maintenance and configuration what happens? Oh, that's right, your magical Linux system never needs maintenance, and you're so perfect that your design will never need updating. You don't do this out in the real world, do you?

If all the prisons get new requirements from the government to use secured linux computers

Then the new attack vector will target Linux

Re:

[thegarbz]

You just don't get it do you?

You as a contractor are proposing a system that doesn't exist and won't meet the customer's requirement.

Locking down a system physically makes it overly difficult to maintain. "_THE_" most important security precaution is not removing something that may be useful. "_THE_" most important security precaution is thinking about security in a systemic approach. All your fancy projects will get owned by their own employees.

You're only saving grace is that you don't actually work in th

Re:

[thegarbz]

The Fuck-it mainly.

There's much to be said about air-gapping systems, however often these systems exist for data collection and their whole purpose is to exist as part of a larger network which for pretty much any multi-national company will include some form of connection to the internet.

Security is something that should be driven not by an airgap, but by a complete culture, by network design. Saying simply that something should not be connected to the internet is ignoring the realities of why many of thes

Re:

[UnresolvedExternal]

Comon, it's a fairly justified rant really - if you hear that kinda bollocks every day, you gotta crack some time....

Re:

[UnresolvedExternal]

Aww crap - my post was ambigious - I meant the GP rant...maybe... or whatever - I give up today....

Re:

[thegarbz]

Would your rather an uppity and anally retentive person designing your network, or someone why appears to have just taken Comp101 and calls themselves a security expert.

Re:

[jimmydevice]

Where the hell have you been the last 10 years, Prison? EPROMS were obsolete 10 years ago.

Re:

[DarwinSurvivor]

That's probably about how long ago they were installed.

and for profit prisons probably never mention

[decora]

this stuff happening. you guys who have worked in corps know how it works.

geek: "hey boss this shit is broken"

boss: "how much will it cost to fix it"

geek: "more than 0 dollars"

boss: "fuck it. oh, and i didnt say that"

Re:

[boristdog]

Yep, pretty much how it works in every corporation. Not gonna increase profit this quarter? Don't do it.

It's Deja Vu all over again Yogi

[microphage]

"Researchers have demonstrated a vulnerability in the computer systems used to control facilities at federal prisons that could allow an outsider to remotely take them over"

By any chance are these SCADA units connected to the Internet, if so then the morons who implimented such a system should be locked up in prison, except they most probably would escape by utilizing some Windows virus. It is taken as given that these systems are running on Microsoft Windows? Give the history of these SCADA systems, who

lost in translation

[canipeal]

I guess those 9 year old kids in China took the term jail break....literally.

Re:

[gl4ss]

it's still a huge problem if any node in the prison can be used to control the whole network of scada devices. so the network design would play a huge part. really, home automation parts would be easier to build separate networks for control systems with than scada, networks for observation and for control should be separate and of course the wiring shouldn't even go outside from the prison unit they're used to control. problem is they've just in just about all cases it seems built a prison/factory wide net

open all doors maybe part of some fire plan / code

[Joe_Dragon]

open all doors maybe part of some fire plan / code in the software that is in place to do a fast open all and maybe based on code in other door locking systems (out side of prison) that unlocks all door in a fire.

Now some link that will be a easy target.

Re:

[couchslug]

Remove that capability. There is no reason to evacuate prisoners and risk their escape.

Michael Scofield's plan

[Joe_Dragon]

Fox river is the next prison to be hit.

remote maintenance / outside companies. nuke plant

[Joe_Dragon]

remote maintenance / outside companies. nuke plants don't take short cuts like that. Now maybe prisons should be at the same level or at least be more safe then any old system.

They're not supposed to.

[bigtrike]

But...they do. Viruses do infect nuke plants from time to time due to sloppy practices.

Re:

[wvmarle]

Stuxnet managed to infiltrate Iran's nuclear facilities. There is no reason to believe security there is less stringent than it is in the US, Iran is possibly even more paranoid than the US is. There is also of course no reason to believe that Iranian scientists are harder to "social engineer" into sticking an infected USB key in a secure system than US scientists are - and that was the way the internal system got infected to begin with. Prison guards are probably easier to handle that way than scientists.

Re:

[couchslug]

"Not every prison is maximum security, just like not every prisoner is convicted of violent crimes."

They are still worthless. I wouldn't bother.

Re:

[Pence128]

Well, I think you're worthless. If it were up to me, I'd dump you in a hole and leave you to die.

human factor

[louisfreeman]

I worked in a county jail for a few days. The jail was new. Guards were still getting the hang of the door system operated from a single control room. These two prisoners in the hall, mopping the floor were joking about how doors would open and shut for no reason (guards learning how to use the system). As on queue three doors in a row open up. The two prisoners and I could see cars freaking driving on the road next door. One of these guys taps his mop to the window of the control room, points at the "road

Re:

[6Yankee]

The two prisoners and I could see cars freaking driving on the road next door.

SCADA - Several Criminals Are Driving Away

Yes and no

[MichaelJ]

While I don't doubt that there are hackable vulnerabilities in these systems, I'll bet you a donut that the cited incident of all the doors on death row opening was human error, or even a bug in the software, and not a hacking attempt.

You're probably correct on that, but . . .

[brokeninside]

. . . the point, from a security perspective, is that if such things can happen because of machine or user error, then they can also be made to happen intentionally by an attacker. And, if it was machine error, that suggests than a would be attacker will be able to duplicate the error condition entirely computationally with no need for human interaction.

Control code is . . .

[dheltzel]

teddybear

Like we didn't know this would happen.

Will you shut up and listen to me!

[zeroeth]

Shut down all the garbage smashers on the detention level!

Too much internet access!

[wfstanle]

All of these problems could be reduced if you maintain physical separation between critical equipment and the outside Internet. Yes, it might require prison personnel to use a physically different computer to access the Internet but sometimes the inconvenience is justified. As far as court documents, the document handling parts of a prison would be on the Internet side of the separation. Of course, this could equally apply to nuclear power plants, chemical plants or any place where it is imperative to k

Interesting....

[hesaigo999ca]

Too bad they did not have another faulty system at the same time that forced all the main water lines to blow, and drown all the inmates that are supposed to be dead in a few anyways....would save this country an enormous amount of money, me thinks.