One Article Review
| Source |  Reversemode |
|---|---|
| Identifiant | 8654602 |
| Date de publication | 2022-08-03 12:05:12 (vue: 2025-03-07 20:12:10) |
| Titre | J'ai un gamma frappuccino, s'il vous plaît. I\\'ll have a Gamma Frappuccino, please. |
| Texte | A recent story has been making the rounds: "Hundreds of Nuclear Radiation Monitors Were Allegedly Hacked by Former Repairmen". Basically, it seems that more than a year ago two disgruntled employees sabotaged +300 radiation monitoring devices, which were part of a nation-wide civil radiation monitoring network (RAR) in Spain. On top of that, they were apparently using the free WiFi of a Starbucks to carry out their activities. Obviously not being the sharpest tool in the box they were eventually caught.In this story there is a boring part, which is everything related to these guys and their motivations, and a slightly more interesting part which is the underlying technology behind Radiation Monitoring Networks (RMN).In 2017 I presented at BlackHat USA \'Go Nuclear: Breaking Radiation Monitoring Devices", so I thought it could be interesting to write a brief post to provide some context.The NeverEnding storyAs in most \'disgruntled employee\' attacks, the initial motivation behind the sabotage seems to be a \'poorly assessed\' reaction to a troubled employment relationship. According to the information publicly released by the police the attacks started on March 2021. Coincidentally, by using the public procurement portal of the Spanish State, we can find that, in 2020, a public contract to support and maintain the RAR network was announced, as the valid one at that time was about to expire in Feb 2021. Anyway, if you\'re interested in the technology, public procurement documents always provide a lot of information when you are researching into nation-wide systems. As expected, it is possible to find some interesting bits of information about the RAR network, including its topology, devices, deployments... The radiation monitoring devices are provided by Envinet. Indra seems to have developed some Data Acquisition Units as well as the Control System. |
| Notes | ★★★ |
| Envoyé | Oui |
| Condensat | anyway however https://www according on +300 17/wednesday/us 2017 2020 2021 20radition a glimpse into envinet ability able abnormal about according acquisition action activities actor actors actual actually addition additional against ago ago aimed alarms allegedly allowed almost already also although always analyze announced anticipated any apparently arbitrary are assessed assessment assume attack attackers attacking attacks back backdoors bad based basically be been before behalf behave behind being below between bits blackhat borders boring both box breaking brief but can carry casar case cases caught chain checkpoints civil class coincidentally com/docs/us com/sites/default/files/dtu commercial common communication compromise compromised conditions conflicts consequences consumed context contract contractors control correspond corresponding could covered covers cyber data defined depends deployed deployments derived designed detect developed device devices devicesradioactivity different digi disabling discussing disgruntled divided document documents does down dtus easy either emergency employee employees employment enabling endangers enough ensure entire envinet envinetdata envinetif environment escalona especially essentially europe even eventually everything expected expire exposed extreme eye facilities facing fact failure falsified falsify far feb final find finding first five focused forge former fortunately found frappuccino free from gamma general geo getting when going guys hacked had hand happeningby happeningthis has have heat hide highly how however https://www human humans hundreds i identified image implement implications important in: incident including increase indra indraa indracompany industrial information initial inputs insecure instance instead instrument instruments intended interested interesting internet invisible island its just kind kinds leakage least legacy levels lie likely limit located location look looked lot main mainly maintain maintained making malicious managed many map mapping march match material may mentioned mile mirion monitoring monitors more most motivation motivations nation nature need network network; networks neverending next not note noticed npp nuclear nuclear: obviously occurrences one ongoing only operating operational operations operators operators2 or other out outlined output page part password pdf pdfthis performing place plants please plenty point police policy poorly portal ports possible post potentially power predefined presented pretty primarily primary probably procedure processes procurement products profound protocols provide provided provides province public publicly purposes:1 questionable quite radiation radioactive rar reacting reaction reactor reactthese readings real reality really recent recently related relationship released relying removal repairmen researching residual resources response result rmds rmn rounds: s nmc system sabotage sabotaged safe safety same santamarta scenario scenarios scheme search secondary secure security seem seems sensor sharpest shodan should show shutdown shutting simple single situation slide slightly small smuggling so we some some documents someone something sophisticated spain spanish starbucks started state states station stations story storyas strong stuff support supporting surprised system systems systemsas take talking target technically technology terms terrorist than the impact them therefore these thing think those thought thoughts in three thus time toledo tool top topology town transiently tricking trigger triggering troubled trying two ubiquitous underlying units usa used using usual usually valid victim want well what when where which whose wide wifi will wiped world worse worst would write xbee year years you |
| Tags | Tool Legislation Industrial Commercial |
| Stories | |
| Move | 
|
L'article ne semble pas avoir été repris aprés sa publication.
L'article ne semble pas avoir été repris sur un précédent.