19 May 2011, 16:45

Researchers cancel SCADA hack talk

Virus Dillon Beresford and Brian Meixell were planning to perform a demonstration of how to attack critical infrastructure at the TakeDown Conference but cancelled after they were "asked very nicely" to refrain from providing that information. Beresford, a security analyst at NSS Labs, told CNET that he then decided that it would be "in the best interest of security" to comply with that request.

A conference organiser said that it was Siemens and the Department of Homeland Security's ICS-CERT division which made the request. The presentation, "Chain Reactions – Hacking SCADA", was due to demonstrate how traditional exploits could be harnessed to carry weaponised malicious code and how that code could be developed without direct access to the target hardware. The Stuxnet breakout last year appears to have been the first of this kind of attack, but Beresford and Meixell were planning to show how it could be performed without the backing of a nation state.

In particular, they were going to show vulnerabilities in Siemens WInCC Programmable Logic Controllers (PLC) Reports say that ICS-CERT had been notified, given exploits and confirmed that they worked. According to Beresford, ICS-CERT said they were "far-reaching and more serious than anything they’ve ever dealt with". Siemens were notified by ICS-CERT and was working on patches but upon seeing the researchers' presentation Siemens realised that their mitigation would not work and requested the talk not go ahead.

Beresford's boss, NSS Labs Chief Executive Rick Moy, said that Bereford was not prevented from presenting but decided to not speak as the "vendor's proposed mitigation had failed". He added that ICS-CERT had done a "great job assisting us" and that they looked forward to Siemens addressing the issue for their customers. In a posting on NSS Labs blog Moy invited legitimate owners and operators of SCADA PLCs to contact the company for further information.

See also: