American manufacturer supplying heating control system with pre-installed backdoor

Posted: December 27, 2012 in IT Security News
Tags: , ,

HackersBackdoor allowed hackers to gain administrative access to the SCADA-systems, owning only the IP-address of the device.

Industrial Company of New Jersey, USA, was the victim of hackers who broke into its automated control system (Industrial control system, ICS). Hackers gained access to the system through the backdoor, which was introduced by producer ICS.

According to the memorandum the FBI, hackers gained access to the control of heating and ventilation. Hackers are systematically unauthorized access to the ICS during February and March of this year, after a Twitter user under the alias @ ntisec, which is linked to organized burglary, posted a message on the need to strengthen the protection of SCADA systems.

Hackers used Shodan search engine to find systems Tridium Niagara, directly connected to the Internet. It was at issue was discovered Shodan IP-address of the company in New Jersey, which eventually affected.

The Company used the system for ventilation Niagara not only their own premises, but also set it to their clients, including financial institutions and other commercial entities. All systems over the Internet, without using a firewall or other obvious security measures.

Backdoor for attackers to use it was enough to connect to the real IP-address system, and get over it full administrative control, including a graphical interface.

Investigation of the incident revealed that the hackers were connected to the vulnerable system with different IP addresses located in several countries. The fact whether the attackers suffered any damage in the FBI memo does not specify.

Related link:

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s