What is The Likelihood of the Blaser Worm having Something to do With the Power Outages?

Discussion in 'Computer Support' started by Nicole Kidman, Aug 16, 2003.

  1. This idea was expressed in a snippet on the radio and I was wondering if
    it's really so far fetched... It was a nasty worm and caused me quite a bit
    of trouble myself, amazing that it was able to enter my computer directly
    without any action on my part except for logging onto the internet...
    Nicole Kidman, Aug 16, 2003
    1. Advertisements

  2. Nicole Kidman

    jeroen Guest

    Jezus christ!

    Well, yeah, it could have caused it if the US energy companies employ
    people stupid enough to believe that windows is secure and doesn;t need
    patching, people that are actually surprised that something nasty
    happens if the leave port 135 open.

    I give the powercompanies a bit more credit than that.
    jeroen, Aug 16, 2003
    1. Advertisements

  3. Nicole Kidman

    °Mike° Guest

    The Blaster worm is/was aimed at Microsoft *Windows* Update - it
    was set to perform a DoS on a particular MS url (which MS pulled).
    There are variations, which install trojans, but I find it hard to believe
    that it had *anything* to do with the blackouts - even the DoS against
    Microsoft was a failure.
    °Mike°, Aug 16, 2003

  4. But dont forget that the Powerstations used SCADA systems, which all
    communicate via DCOM, and if that got taken out, and all comms went in
    the SCADA systems, the plants would shut down.
    Michael Thompson, Aug 16, 2003
  5. Nicole Kidman

    °Mike° Guest

    I don't know anything about SCADA systems, so I can't comment.
    °Mike°, Aug 16, 2003
  6. QUOTE:

    I believe that the outage was caused by the MSblaster, or its
    mutation, which was besieged upon the respective vulnerability
    in certain control and monitoring systems (SCADA and otherwise)
    running MS 2000 or XP, located different points along the Grid.
    Some of these systems are accessible via the Internet, while
    others are accessible by POTS dialup, or private Frame relay and
    dedicated connectivity.

    Being an old PLC automation and control hack let me say that
    there is a very good plausibility that the recent East Coast
    power outage was due to an attack by an MBlaster variant on the
    SCADA system at the power plant master terminal, or more likely
    at several of the remote terminal units "RTU". SCADA runs under
    Win2000 / XP and the telemetry to the RTU is accessible via the

    From what I recall SCADA based monitoring and control systems
    were installed at many water / sewer processing, gas and oil
    processing, and hydro-electric plants.

    I also believe that yesterdays flooding of a generator sub-
    facility in Philadelphia was also due to an MBlaster variant
    attack on the SCADA or similarly Win 2000 / XP based system.

    To make things worst, the Web Interface is MS ActiveX. Now lets
    see, how can one craft an ActiveX vuln vector into the blaster?

    Oh, and for the wardrivers, SCADA can be access via wireless
    connections on the road? puts a new perspective on sniffing
    around sewer plants.

    It is also reasonable to assume that we could have a similar
    security threat regarding those system (SCADA and otherwise
    based on MS 2000 or XP) involved in the control, data
    acquisition, and maintenance of other critical infrastructure,
    such as inter/intra state GAS Distribution, Nuclear Plant
    Monitoring, Water and Sewer Processing, and city Traffic
    Control. IMO

    I think we will see a lot of finger pointing by government
    agencies, Utilities, and politicians for the Grid outage, until
    someone confess to the security dilemma and vulnerabilities in
    the systems which are involved in running this critical

    Regardless of whether the Grid outage can be attributed to the
    blaster or its variant, this is not entirely a Microsoft
    problem, as it reeks of poor System Security Engineering
    practiced by the Utility Companies, and associated equipment and
    technology suppliers.

    Nonetheless, the incident will cause lots of money to be
    earmarked by the US and Canadian Governments, to be spent in an
    attempt to solve the problem, or more specifically calm the

    This incident should be fully investigated, and regulations
    passed to ensure that the Utility companies and their suppliers
    develop and implement proper safeguards that will help prevent
    or at least significantly mitigate the effects of such a

    Conversely, I do not want to see our Government directly
    involved in yet another "business", which has such a controlling
    impact over our individual lives.
    Michael Thompson, Aug 16, 2003
  7. Nicole Kidman

    Jimchip Guest

    Where is this quote from?
    Jimchip, Aug 16, 2003
  8. Nicole Kidman

    °Mike° Guest


    °Mike°, Aug 16, 2003
  9. The quote was from a private email, from a friend when I used to be a
    SCADA process engineer. We were just discussing the possibility.
    Michael Thompson, Aug 16, 2003
  10. Whatever the source, it makes sense to me and I'd suspected this even before
    I heard of the speculations from other sources. And don't (as some earlier
    poster did) credit the power companies with THAT much intelligence: people
    are stupid.
    Gary G. Taylor, Aug 16, 2003
  11. Nicole Kidman

    °Mike° Guest

    There's only one problem with that scenario; why was *only* eastern
    USA and Canada affected? I'm afraid that just doesn't wash.


    "We are now fairly certain this disturbance started in Ohio," said Michehl
    R. Gent, the president and chief executive officer of the North American
    Electric Reliability council."

    "More than 100 power plants, including 22 nuclear reactors in the United
    States and Canada, were shut down to protect them from damage that
    could have come from power surges. Most of the shutdowns occurred
    by safety systems that were automatically deployed.

    Industry officials are trying to understand why the failure of the lines in
    the Cleveland area caused the service disruption to spread throughout
    much of the Northeast, the Midwest, and Ontario. The transmission
    system was supposed to isolate problems, Mr. Gent said."

    °Mike°, Aug 17, 2003
  12. Nicole Kidman

    °Mike° Guest

    More to the point, why weren't more countries (not just the US
    and Canada) affected?

    °Mike°, Aug 17, 2003
  13. °Mike° Spilled my beer when they jumped on the table and proclaimed
    Except for Third World countries,(Who probably have older,
    non-computer controlled systems, if they exist at all. <G>) I have to
    agree also. According to isc.incidents.org, port 135 accounts for a
    tremendous amount of attempts over the last 24 hours... That's one
    the original Blaster goes after, IIRC.

    Just watched the CBS Sunday morning news show. One of the guys
    chronicled his trip home last Thurs. Quit an interesting trip.

    Interesting how much NYC has changed over the last 2 years, for the
    better. (He got some free beer on the way, too. <G>)

    Thund3rstruck, Aug 17, 2003
  14. On Sun, 17 Aug 2003 14:42:30 GMT in 24hoursupport.helpdesk, my mind boggled
    at the following statement by Thund3rstruck in message

    Ever noticed how much better the BEER!!11!! tastes whenever someone else
    buys, no matter the brand?

    The Old Sourdough
    No of SETI units returned: 1967
    Processing time: 3 years, 347 days, 13 hours.
    (Total hours: 34621)
    The Old Sourdough, Aug 17, 2003
  15. This is the Flibbydabby Dee service of the BBC, & on Sun, 17 Aug 2003 10:27:20
    -0500, The Old Sourdough uttered this:
    BEER!! Mmmmmm!!
    William Poaster, Aug 17, 2003
  16. This is the Flibbydabby Dee service of the BBC, & on Sun, 17 Aug 2003 10:42:30
    -0400, Thund3rstruck uttered this:
    Well here's a laugh! ( If it's true )

    In the Dutch press, there is a news item that MicroSoft has moved it's
    updatesite to.............a Linux environment!!!
    William Poaster, Aug 17, 2003
  17. William Poaster Spilled my beer when they jumped on the table and
    I think William Poaster proved his point with your reply. <G>

    Thund3rstruck, Aug 17, 2003
  18. Nicole Kidman

    Barry OGrady Guest

    The power station computers should not be connected to the internet.

    Web page: http://members.optusnet.com.au/~barry.og
    Atheist, radio scanner, LIPD information.
    Voicemail/fax number +14136227640
    Barry OGrady, Aug 17, 2003
  19. It's bollocks. Tested with Steve Gibson's ID Serve:

    Initiating server query ...
    Looking up IP address for domain: windowsupdate.microsoft.com
    The IP address for the domain is:
    Connecting to the server on standard HTTP port: 80
    [Connected] Requesting the server's default page.
    The server returned the following response headers:
    HTTP/1.1 200 OK
    Content-Length: 5405
    Content-Type: text/html
    Content-Location: http://windowsupdate.microsoft.com/Default.htm
    Last-Modified: Wed, 05 Feb 2003 02:26:29 GMT
    Accept-Ranges: bytes
    ETag: "a157afdbdccc21:978"
    Server: Microsoft-IIS/6.0
    X-Powered-By: ASP.NET
    Date: Tue, 19 Aug 2003 00:08:52 GMT
    Connection: close
    Query complete.

    zar 2k3 - ULC Reverend
    Certified Word Police Officer - Details Detail
    http://www.drcnet.org/ http://www.abovegod.com/
    NuMbEr Tr3#3!!!!11! on a lits...

    "A man, a plan, a canoe, pasta, heros, rajahs,
    a coloratura, maps, snipe, percale, macaroni,
    a gag, a banana bag, a tan, a tag, a banana bag
    again (or a camel), a crepe, pins, Spam, a rut,
    a Rolo, cash, a jar, sore hats, a peon, a canal
    - Panama!"

    - Guy Steele Jr., CLTL2
    Monsignor Larville Jones MD, Aug 19, 2003
    1. Advertisements

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments (here). After that, you can post your question and our members will help you out.