[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Full-disclosure] Florida Power & Light Company (FPL) Fort Sumner Wind turbine Control SCADA was HACKED
- To: full-disclosure@xxxxxxxxxxxxxxxxx
- Subject: [Full-disclosure] Florida Power & Light Company (FPL) Fort Sumner Wind turbine Control SCADA was HACKED
- From: Bgr R <bgr_24423@xxxxxxxxx>
- Date: Sat, 16 Apr 2011 08:22:42 -0700 (PDT)
Here comes my revenge for illegitimate firing from Florida Power & Light
Company (FPL)
... ain't nothing you can do with it, since your electricity is turned off
!!!
Secure you SCADA better! Leaked files are attached ...
1) http://img838.imageshack.us/i/49986845.png/
2) http://img718.imageshack.us/i/24380855.png/
3) http://img24.imageshack.us/i/58868342.png/
4) http://img228.imageshack.us/i/85258364.png/
5) http://img163.imageshack.us/i/90736853.png/
6) http://img217.imageshack.us/i/55439027.png/
7) http://img40.imageshack.us/i/87526089.png/
8) http://img864.imageshack.us/i/94061747.png/
------------------------------------------------------------
161.154.232.65
HTTP/1.0 401 Unauthorized
Date: Sat, 05 Feb 2011 23:43:13 GMT
Server: VTS 9.0.05
Content-Type: text/html
Content-Length: 622
Cache-Control: no-cache
WWW-Authenticate: Basic realm="Ft. Sumner SCADA"
Cache-control: no-cache="set-cookie"
Cache-control: private
Set-Cookie: VTS=9.0005;Version=1;Path=/
Set-Cookie: SessionID=0;Version=1;Path=/Ft. Sumner
SCADA/cc8620ba-ad1a-4ae9-96ed-036c22c3576a
Set-Cookie:
SessionID=0;Version=1;Path=/Ft%2e%20Sumner%20SCADA/cc8620ba-ad1a-4ae9-96ed-036c22c..
NetRange: 161.154.0.0 - 161.154.255.255
CIDR: 161.154.0.0/16
OriginAS:
NetName: FPL2
NetHandle: NET-161-154-0-0-1
Parent: NET-161-0-0-0-0
NetType: Direct Assignment
RegDate: 1992-12-17
Updated: 2008-10-10
Ref: http://whois.arin.net/rest/net/NET-161-154-0-0-1
OrgName: Florida Power & Light Company
OrgId: FFPL-1
Address: 700 Universe Blvd
Address: P.O. Box 14000
City: Juno Beach
StateProv: FL
PostalCode: 33408-0420
Country: US
RegDate: 1997-06-03
Updated: 2007-06-29
Ref: http://whois.arin.net/rest/org/FFPL-1
OrgAbuseHandle: INFOR40-ARIN
OrgAbuseName: Information Security
OrgAbusePhone: +1-305-552-3727
OrgAbuseEmail: information_security@xxxxxxx
OrgAbuseRef: http://whois.arin.net/rest/poc/INFOR40-ARIN
OrgTechHandle: DHE37-ARIN
OrgTechName: Hertzog, Dean
OrgTechPhone: +1-305-552-4080
OrgTechEmail: FPLNOC@xxxxxxx
OrgTechRef: http://whois.arin.net/rest/poc/DHE37-ARIN
OrgNOCHandle: DHE37-ARIN
OrgNOCName: Hertzog, Dean
OrgNOCPhone: +1-305-552-4080
OrgNOCEmail: FPLNOC@xxxxxxx
OrgNOCRef: http://whois.arin.net/rest/poc/DHE37-ARIN
-------------------------------------------------------------------------------
Configuration file from the central Cisco Router and Security Device Manager:
161.154.232.2 (FPL - FFPL-1)
Building configuration...
Current configuration : 8467 bytes
!
! Last configuration change at 18:01:57 UTC Mon Oct 25 2010 by ro5810
! NVRAM config last updated at 18:01:59 UTC Mon Oct 25 2010 by ro5810
!
version 12.2
no service pad
service timestamps debug datetime localtime
service timestamps log datetime localtime
service password-encryption
service udp-small-servers
service tcp-small-servers
!
hostname cpr622i00bct
!
logging buffered 65000 debugging
logging rate-limit all 10 except critical
enable secret 5 $1$7uN5$Ok9fYku/HC/KNqWQkHoWP.
!
aaa new-model
aaa authentication login default group tacacs+ enable
aaa authentication enable default group tacacs+ enable
aaa authorization exec default group tacacs+ none
aaa accounting exec default start-stop group tacacs+
aaa accounting commands 15 default start-stop group tacacs+
!
aaa session-id common
ip subnet-zero
no ip source-route
ip routing
!
no ip domain-lookup
ip host cs00noc 172.16.0.132
ip host cs01noc 172.16.0.133
ip host cs00noc-pub 209.215.34.12
ip host cs01noc-pub 209.215.34.11
ip name-server 205.152.132.23
ip name-server 205.152.144.23
vtp domain Core
vtp mode transparent
!
mls qos
no mpls traffic-eng auto-bw timers frequency 0
!
!
no file verify auto
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
vlan internal allocation policy ascending
!
vlan 1578
name FPL
!
policy-map SHAPER1
class class-default
shape average 250000000
!
!
!
interface FastEthernet1/0/1
!
interface FastEthernet1/0/2
!
interface FastEthernet1/0/3
!
interface FastEthernet1/0/4
!
interface FastEthernet1/0/5
!
interface FastEthernet1/0/6
!
interface FastEthernet1/0/7
!
interface FastEthernet1/0/8
!
interface FastEthernet1/0/9
!
interface FastEthernet1/0/10
!
interface FastEthernet1/0/11
!
interface FastEthernet1/0/12
!
interface FastEthernet1/0/13
!
interface FastEthernet1/0/14
!
interface FastEthernet1/0/15
!
interface FastEthernet1/0/16
!
interface FastEthernet1/0/17
!
interface FastEthernet1/0/18
!
interface FastEthernet1/0/19
!
interface FastEthernet1/0/20
!
interface FastEthernet1/0/21
!
interface FastEthernet1/0/22
!
interface FastEthernet1/0/23
!
interface FastEthernet1/0/24
!
interface GigabitEthernet1/0/1
!
interface GigabitEthernet1/0/2
!
interface GigabitEthernet1/1/1
switchport trunk allowed vlan 1578
switchport mode trunk
switchport nonegotiate
ip access-group 112 in
service-policy output SHAPER1
load-interval 30
speed nonegotiate
!
interface GigabitEthernet1/1/2
no switchport
ip address 161.154.232.2 255.255.255.0
ip access-group 115 in
load-interval 30
keepalive 10
speed nonegotiate
mls qos trust dscp
no cdp enable
no clns route-cache
hold-queue 100 in
hold-queue 100 out
!
interface Vlan1
no ip address
shutdown
!
interface Vlan1578
ip address 65.14.117.30 255.255.255.252
load-interval 30
no clns route-cache
!
ip classless
ip route 0.0.0.0 0.0.0.0 65.14.117.29
ip route 155.109.5.0 255.255.255.0 161.154.232.1
ip route 155.109.19.0 255.255.255.0 161.154.232.1
ip route 155.109.29.0 255.255.255.0 161.154.232.1
ip route 155.109.29.204 255.255.255.255 65.14.117.29
ip route 155.109.29.214 255.255.255.255 65.14.117.29
ip route 155.109.66.0 255.255.255.0 161.154.232.1
ip route 155.109.88.0 255.255.255.0 161.154.232.1
ip route 155.109.95.0 255.255.255.0 161.154.232.1
ip route 161.154.0.0 255.255.0.0 161.154.232.1
ip route 170.55.0.0 255.255.0.0 161.154.232.1
ip route 204.238.236.0 255.255.255.0 161.154.232.1
no ip http server
ip http secure-server
!
!
!
access-list 98 permit 205.152.144.226
access-list 98 permit 205.152.132.250
access-list 98 permit 205.152.132.226
access-list 98 permit 205.152.144.250
access-list 98 permit 205.152.144.165
access-list 98 permit 205.152.37.19
access-list 98 permit 205.152.37.20
access-list 98 permit 205.152.144.163
access-list 98 permit 205.152.37.26
access-list 98 permit 205.152.37.27
access-list 98 permit 205.152.132.163
access-list 98 permit 205.152.132.165
access-list 98 permit 205.152.37.250
access-list 98 permit 205.152.37.226
access-list 98 permit 205.152.132.27
access-list 98 permit 205.152.132.26
access-list 98 permit 205.152.144.20
access-list 98 permit 205.152.37.163
access-list 98 permit 205.152.37.165
access-list 98 permit 205.152.144.19
access-list 98 permit 205.152.144.27
access-list 98 permit 205.152.144.26
access-list 98 permit 139.76.53.0 0.0.0.255
access-list 98 permit 139.76.68.0 0.0.3.255
access-list 98 permit 139.76.88.0 0.0.1.255
access-list 98 permit 139.76.228.0 0.0.3.255
access-list 98 permit 139.76.240.0 0.0.1.255
access-list 98 permit 172.16.0.0 0.0.1.255
access-list 98 permit 205.152.6.0 0.0.0.255
access-list 98 permit 205.152.66.0 0.0.0.255
access-list 98 permit 205.152.204.0 0.0.0.255
access-list 99 permit 68.153.6.0 0.0.1.255
access-list 99 permit 172.16.0.0 0.0.1.255
access-list 99 permit 139.76.53.0 0.0.0.255
access-list 99 permit 139.76.68.0 0.0.3.255
access-list 99 permit 139.76.88.0 0.0.1.255
access-list 99 permit 139.76.228.0 0.0.3.255
access-list 99 permit 139.76.240.0 0.0.1.255
access-list 99 permit 205.152.6.0 0.0.0.255
access-list 111 permit ip 65.14.117.28 0.0.0.3 any
access-list 111 permit ip 74.175.105.64 0.0.0.31 any
access-list 111 permit ip 205.152.17.0 0.0.0.255 any
access-list 111 permit ip 155.109.0.0 0.0.255.255 any
access-list 111 permit ip 161.154.0.0 0.0.255.255 any
access-list 111 permit ip 205.152.161.0 0.0.0.255 any
access-list 111 permit ip 204.238.236.0 0.0.0.255 any
access-list 111 permit ip 170.55.0.0 0.0.255.255 any
access-list 112 deny ip 204.0.0.0 0.0.255.255 any
access-list 112 deny ip 204.1.0.0 0.0.255.255 any
access-list 112 deny ip 204.3.0.0 0.0.255.255 any
access-list 112 deny ip 69.22.0.0 0.0.192.255 any
access-list 112 permit ip any any
access-list 115 deny 53 any any
access-list 115 deny 55 any any
access-list 115 deny 77 any any
access-list 115 deny pim any any
access-list 115 permit ip any any
no cdp run
snmp-server community Ty#Qr53b RO 98
snmp-server community R5t3bF5c RW 98
tacacs-server host 172.16.0.132
tacacs-server host 209.215.34.12
tacacs-server host 172.16.0.133
tacacs-server host 209.215.34.11
tacacs-server timeout 10
tacacs-server directed-request
tacacs-server key 7 010703174F
!
radius-server source-ports 1645-1646
!
control-plane
!
banner motd ^CC
######################################################################
# #
# ***PRIVATE/PROPRIETARY*** #
# #
# ANY UNAUTHORIZED ACCESS TO, OR MISUSE OF BELLSOUTH #
# SYSTEMS OR DATA MAY RESULT IN CIVIL AND/OR CRIMINAL #
# PROSECUTION, EMPLOYEE DISCIPLINE UP TO AND INCLUDING #
# DISCHARGE, OR THE TERMINATION OF VENDOR/SERVICE CONTRACTS. #
# #
# BELLSOUTH MAY PERIODICALLY MONITOR AND/OR AUDIT SYSTEM #
# ACCESS/USAGE. #
# #
# #
######################################################################
# #
# <VERSION TEMPLATE DATE@TIME> #
######################################################################
^C
privilege exec level 1 traceroute
privilege exec level 1 ping
privilege exec level 1 terminal monitor
privilege exec level 1 terminal
privilege exec level 1 show line
privilege exec level 1 show snmp
privilege exec level 1 show arp
privilege exec level 1 show accounting
privilege exec level 1 show service-module
privilege exec level 1 show version
privilege exec level 1 show reload
privilege exec level 1 show debugging
privilege exec level 1 show controllers
privilege exec level 1 show users
privilege exec level 1 show sessions
privilege exec level 1 show access-lists
privilege exec level 1 show privilege
privilege exec level 1 show interfaces
privilege exec level 1 show startup-config
privilege exec level 1 show
privilege exec level 1 clear line
privilege exec level 1 clear counters
privilege exec level 1 clear
!
line con 0
exec-timeout 5 30
password 7 070C285F4D06
line vty 0 4
access-class 99 in
exec-timeout 30 0
password 7 03075218050061
line vty 5 15
access-class 99 in
exec-timeout 30 0
password 7 03075218050061
!
end
----------------------------------------------------
Fort Sumner wind turbines:
http://www.flickr.com/photos/30325073@N02/4113855086/
_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/