Thought this was interesting. They don't state the controller used.
http://money.cnn.com/2017/07/19/tech...ace/index.html
Thought this was interesting. They don't state the controller used.
http://money.cnn.com/2017/07/19/tech...ace/index.html
More like a Network Admin who doesn't understand proper VLAN isolation left a casino vulnerable. In "the business" we call that a RGE, Resume Generating Event.
They did have safeguards in place. I wish they would have stated the manufacturer and the issue so it could be prevented by other users.
I suppose, but I deal with PLC's on a daily basis. In no real world deployment should your PLC's be internet facing, or even unsecured network facing for that matter. In order to access our PLC's you have to be physically on that VLAN with an approved MAC or RDC'ed into the one single "blessed" VM to get access.
I've searched and no info was ever made public that I could find. Chances are it was unsecured access from telnet or http port forwarding, which would mean that any controller on the market (with the exception of fusion only apex with no port forwarding) or even a custom PLC based controller could have had that intrusion. More than likely I expect this was a case of an aquarium maintenance company setting up the controller on the casino network without any whitelisting.
You might be an engineer if...You have no life and can prove it mathematically.
Bookmarks