Since former Defense Secretary Leon Panetta last year warned of the risks of a "cyber Pearl Habor" striking U.S. infrastructure, experts have been arguing back and forth about the scale of cyberthreats facing the U.S. This week, researchers from security firm Rapid7 said that critical infrastructure, including oil and gas systems, medical devices, naval ships faced very real risks of manipulation, owing to over 100,000 open servers used for remote access into their managing systems.
At InfoSec 2013 today, researchers from security firm Rapid7 told TechWeekEurope they have found it easy to access and toy with critical systems... Claudio Guarnieri, researcher at Rapid7, showed TechWeekEurope how he was able to use the vulnerabilities to track nation state-owned ships, including those belonging to the military and law enforcement, and various other vessels. He could determine what kind of ship they were, and if they were part of a naval fleet, whilst a malicious hacker could send false radar information to the crew, potentially causing carnage.
He was able to track 34,000 boats, and acquired the information with just four hours of work. “This is stuff that was used by boats originally to not crash into each other… it provides geolocation information,” Guarnieri added.
But there was also evidence oil and gas supply monitoring could be manipulated, potentially causing real-world damage by altering readings to trick those running the systems to make changes where none are needed. SCADA [supervisory control and data acquisition] systems , like those Stuxnet compromised, were found hooked up to a large number of vulnerable serial servers.
Earlier Wednesday Salon noted that cybersecurity tests on the USS Freedom — the Navy’s newest warship — found vulnerabilities in the vessel’s computer systems.