[Dshield] Blaster / Power Outages Follow up

Bernie, CTA cta at hcsin.net
Fri Sep 5 00:15:16 GMT 2003

How true. Now we need to expose the vulnerabilities in the 
wireless telemetry and data acquisition topology utilized in the 
monitoring subsystems employed in control systems of the Power, 
Water, Gas generation/processing and distribution 
infrastructures. While some of the radios utilize proprietary 
protocols, most are based on 802.11b/g and operate in the 
microwave spectrum. Nonetheless, these wireless systems / 
transceivers are vulnerable to DOS/availability and integrity 
attacks, which could be accomplished using a home-made portable 
high power pulse mode Microwave jamming device constructed from 
components of a standard microwave oven. 

Microwave ovens are tuned to operate at 2450 Mhz, and can be 
heterodyned to produce pulses of between 900 to 1200 Mhz, 
covering the old 80211b spectrum and other wireless devices. 
However, with just a bit of hacking your trusty popcorn maker 
has enough killing power (500w to 1000w typically) to take out 
most 802.11g receivers.  Such threat can destroy receiver input 
amplifiers, degrade the integrity of data or at minimum impede 
its flow.

I wrote a theoretical paper about 12 or so years ago, on such a 
security threat concerning jamming of Tactical Air Navigation 
"TACAN" systems used for aircraft navigation in the US using a 
modified radar magnetron (available from Army Navy surplus) and 
waveguide to pierce the 962 - 1213 Mhz operating frequency 
range. Consequently, safeguards have yet to be erected.

Ok, there is a down side to building one of these jammers. That 
is, if your antenna (waveguide) is improperly designed or tuned, 
and/or your electron ejection methodology fails to blast the 
little critters from the magnetron's cathode, well then your 
body parts might fry.

Still, I am sure a we will see these jammers developed and 
deployed. For those of us in security engineering, our problem 
becomes how can we prevent, divert or abate an attack, or 
otherwise mitigate the effects of the potential threat to the 
integrity or availability of wireless data communications do to 
the inherent vulnerability of WiFi.

On 4 Sep 2003 at 12:28, Andre Ludwig wrote:
> Guess we were right all along. 
> Andre Ludwig, CISSP
> -----Original Message-----
> From: Geoff Shively [mailto:gshively at pivx.com]
> Sent: Wednesday, September 03, 2003 5:31 PM
> To: list at dshield.org
> Cc: Andre Ludwig; cta at hcsin.net
> Subject: [Dshield] Blaster / Power Outages Follow up
> As suggested the day of the blackout, SCADA / DCS security was a
> primary factor in the blackouts.
>  --MSBlast's Effect on the Blackout
> (29 August 2003)
> The MSBlast worm apparently slowed some communications lines that
> connect data centers used to manage the power grid, abetting the
> "cascading effect" of the blackout that hit the north-east,
> mid-west and parts of Canada last month.  The worm didn't harm
> the systems, but did slow down the speed at which networks
> communicated.  A Bush administration advisor said that the worm
> also "hampered efforts to ... restore power in a timely manner."
> http://www.computerworld.com/printthis/2003/0,4814,84510,00.html
> Correct after all, this is the second admission of blaster
> affecting the power systems, one from the Bush administration and
> one from First Energy.
> Cheers,
> Geoff Shively, CHO
> PivX Solutions, LLC
> http://www.pivx.com

Chief Technology Architect
Chief Security Officer
cta at hcsin.net
Euclidean Systems, Inc.
// "There is no expedient to which a man will not go 
//    to avoid the pure labor of honest thinking."   
//     Honest thought, the real business capital.    
//      Observe> Think> Plan> Think> Do> Think>      

More information about the list mailing list