John Robb notices an AP story on a trend he predicted in his book Brave New War: guerrilla entrepreneurs. Here’s more:
Hackers literally turned out the lights in multiple cities after breaking into electrical utilities and demanding extortion payments before disrupting the power, a senior CIA analyst told utility engineers at a U.S. trade conference.
All the break-ins occurred outside the United States, said senior CIA analyst Tom Donahue. The U.S. government believes some of the hackers had inside knowledge to cause the outages. Donahue did not specify what countries were affected, when the outages occurred or how long the outages lasted. He said they happened in “several regions outside the United States.”
“In at least one case, the disruption caused a power outage affecting multiple cities,” Donahue said in a statement. “We do not know who executed these attacks or why, but all involved intrusions through the Internet.”
Meanwhile, Bruce Schneier picks up a variation on the same theme, though this time the network is rail rather than power, and there’s no extortion involved.
A Polish teenager allegedly turned the tram system in the city of Lodz into his own personal train set, triggering chaos and derailing four vehicles in the process. Twelve people were injured in one of the incidents.
The 14-year-old modified a TV remote control so that it could be used to change track points, The Telegraph reports. Local police said the youngster trespassed in tram depots to gather information needed to build the device. The teenager told police that he modified track setting for a prank. “He studied the trams and the tracks for a long time and then built a device that looked like a TV remote control and used it to manoeuvre the trams and the tracks,” said Miroslaw Micor, a spokesman for Lodz police.
“He had converted the television control into a device capable of controlling all the junctions on the line and wrote in the pages of a school exercise book where the best junctions were to move trams around and what signals to change. He treated it like any other schoolboy might a giant train set, but it was lucky nobody was killed. Four trams were derailed, and others had to make emergency stops that left passengers hurt. He clearly did not think about the consequences of his actions,” Micor added.
Transport command and control systems are commonly designed by engineers with little exposure or knowledge about security using commodity electronics and a little native wit. The apparent ease with which Lodz’s tram network was hacked, even by these low standards, is still a bit of an eye opener.
