The penetration team started by tapping into distribution lists for SCADA user groups, where they harvested the e-mail addresses of people who worked for the target power company. They sent the workers an e-mail about a plan to cut their benefits and included a link to a Web site where they could find out more.It's always the user that is the weakest link in the chain. Scary stuff really, and it makes you wonder how exposed the National Grid are to such things, or for that matters the GSI network. Of course, the "unhackable" ID register is a different matter right?
When employees clicked on the link, they were directed to a Web server set up by Winkler and his team. The employees' machines displayed an error message, but the server downloaded malware that enabled the team to take command of the machines. "Then we had full system control," Winkler says. "It was effective within minutes."
Read the full article here.