Second nuclear plant at TN's Kudankulam stops operation. Hacked?

Discussion in 'Internal Security' started by ezsasa, Oct 29, 2019.

  1. ezsasa

    ezsasa Senior Member Veteran Member Senior Member

    Joined:
    Jul 12, 2014
    Messages:
    11,019
    Likes Received:
    24,941
    Location:
    Andhra Pradesh, India
    Assassin 2.0 likes this.
  2.  
  3. ezsasa

    ezsasa Senior Member Veteran Member Senior Member

    Joined:
    Jul 12, 2014
    Messages:
    11,019
    Likes Received:
    24,941
    Location:
    Andhra Pradesh, India
    More Chatter:

    Interesting potential DTRACK (CC
    @Mao_Ware
    ) Dumps the data mined output via manually mapped share over SMB to RFC1918 address with a statically encoded user/pass: > net use \\\\10.38.1.35\\C$ su.controller5kk /user:KKNPP\\administrator



    ...all I'm getting is a nuclear power plant. Please tell me they haven't compromised a nuclear power plant to use as a C2.

     
    Assassin 2.0 likes this.
  4. Indibomber

    Indibomber Regular Member

    Joined:
    Sep 5, 2015
    Messages:
    583
    Likes Received:
    1,013

    I hope GOI puts the IT managers behind the bars for a long time for not following IT security guidelines. This is bad on all levels, Indian banks and other systems will be tested even more.
     
  5. Akshay_Fenix

    Akshay_Fenix Member Senior Member

    Joined:
    Sep 19, 2016
    Messages:
    2,155
    Likes Received:
    6,649
    Location:
    India
    Sorry but this is a lol thread. :lawl:

    That's not how nuclear power plants work. :rofl:
     
    abingdonboy and south block like this.
  6. vampyrbladez

    vampyrbladez Senior Member Senior Member

    Joined:
    Jun 21, 2018
    Messages:
    4,246
    Likes Received:
    8,149
    Location:
    Underworld
  7. vampyrbladez

    vampyrbladez Senior Member Senior Member

    Joined:
    Jun 21, 2018
    Messages:
    4,246
    Likes Received:
    8,149
    Location:
    Underworld
  8. vampyrbladez

    vampyrbladez Senior Member Senior Member

    Joined:
    Jun 21, 2018
    Messages:
    4,246
    Likes Received:
    8,149
    Location:
    Underworld
    UPDATE : The fucking nuclear plant has its IP address on the internet! Look at the number of alleged viruses on the system!



    DTRACK samples related to the plant!

    https://pastebin.com/HLJHc1wL

    What the fuck were the IT Admins on the plant doing? Fucking PSU PoS!
     
  9. vampyrbladez

    vampyrbladez Senior Member Senior Member

    Joined:
    Jun 21, 2018
    Messages:
    4,246
    Likes Received:
    8,149
    Location:
    Underworld
  10. vampyrbladez

    vampyrbladez Senior Member Senior Member

    Joined:
    Jun 21, 2018
    Messages:
    4,246
    Likes Received:
    8,149
    Location:
    Underworld
  11. vampyrbladez

    vampyrbladez Senior Member Senior Member

    Joined:
    Jun 21, 2018
    Messages:
    4,246
    Likes Received:
    8,149
    Location:
    Underworld
    UPDATE :

    Indian supercomputers hit regularly by US. Indian nukes may have been hit! :scared1:

     
  12. vampyrbladez

    vampyrbladez Senior Member Senior Member

    Joined:
    Jun 21, 2018
    Messages:
    4,246
    Likes Received:
    8,149
    Location:
    Underworld
  13. SREEKAR

    SREEKAR DEEP STATE Senior Member

    Joined:
    Jan 30, 2015
    Messages:
    4,316
    Likes Received:
    6,956
    Location:
    Milky way galaxy
    wtf is this????? enough is enough....kick these useless psu out of anything related to defence and national security matter...
     
  14. Flying Dagger

    Flying Dagger Regular Member

    Joined:
    Sep 26, 2019
    Messages:
    443
    Likes Received:
    846
    Truth is we spent almost nothing to secure and develop cyber warfare capability. And our politician are literally dumb to understand it's importance.

    Just to get a laptop issued for a new intern it takes approvals email process that goes over month. What do you expect from them ?
     
  15. Cheran

    Cheran Regular Member

    Joined:
    Sep 8, 2019
    Messages:
    45
    Likes Received:
    133
    There has been a clarification that this is not the case for the admins, but we may never know. Others claim that the concerned username could also be from some other place..
     
  16. TejasMK3

    TejasMK3 Regular Member

    Joined:
    May 13, 2015
    Messages:
    462
    Likes Received:
    2,203
    vampyrbladez and Assassin 2.0 like this.
  17. TejasMK3

    TejasMK3 Regular Member

    Joined:
    May 13, 2015
    Messages:
    462
    Likes Received:
    2,203
    deleted dbl post


    30 charssssssssssssssssssssssssssssssssss
     
  18. south block

    south block clown world

    Joined:
    Feb 1, 2016
    Messages:
    296
    Likes Received:
    653
    No cyber attack has happen lol cut the BS.
     
  19. ezsasa

    ezsasa Senior Member Veteran Member Senior Member

    Joined:
    Jul 12, 2014
    Messages:
    11,019
    Likes Received:
    24,941
    Location:
    Andhra Pradesh, India
    @mods please close this thread... officially this is fake news..
     
  20. Indibomber

    Indibomber Regular Member

    Joined:
    Sep 5, 2015
    Messages:
    583
    Likes Received:
    1,013
    i hope so but officially it will never be acknowledged in public.
     
  21. Indrajit

    Indrajit Senior Member Senior Member

    Joined:
    Feb 27, 2018
    Messages:
    1,034
    Likes Received:
    1,846
    Seriously man...the evidence is not helping. The official explanation is bs.

    Security | Questions the alleged cyber-incident at Kudankulam Nuclear Plant raises

    Abhijit Iyer-Mitra

    On October 29, authorities at the Kudankulam Nuclear Power Project (KKNPP), in Tamil Nadu, issued a statement denying (Image 1) the speculation of a cyber incident at the power plant. The Indian Express reported senior government officials saying that an audit had ‘confirmed that an “incident” had occurred (in early September), though not to the main operations of the plant’. The accumulated evidence, however, tells a far more disturbing story, albeit circumstantial, and the KKNPP denial raises more questions than it answers.

    There are three pieces of circumstantial evidence that point to a significant cyber event having taken place.
    First, as per publically available documents, the fact that the Nuclear Power Corporation of India (NPCIL) issued tenders for (and bought) Windows systems. This shows that there were several Windows-enabled computers operational within the KNPP air gap. As cyber expert Samuel Cardillo told me in an interview, in any nuclear power plant the administrative side is neatly separated from the operations side for security reasons. If indeed Windows was only used in the administrative side, this raises the question as to what was the operating system (OS) used on the operations side? The only alternative explanation is that the operations of the plant were run on an OS developed ab-initio by India exclusively for use by India.

    This begs the question: What is this OS based on and how long did it take to integrate the said system with Russian equipment which would add a whole new layer of complexity (and vulnerability in addition to malfunction) to an already complex system. It is important to note that the virus in question ‘DTRACK’ is programmed to attack Windows operating systems.

    [​IMG]

    Image 1

    Second, we know for a fact from the Kudankulam data dump that KKNPP had a MyStub.exe file. Cardillo explains this as ‘the camouflage on a Trojan horse’ or to use an Indian context, it's like finding a file in a defence ministry computer titled AlJihadAlHind.exe, which should have immediately raised a red flag. He explains a stub as ‘an encrypted file that allows the virus to remain undetected — an embryo of sorts — a virus nursery that helps the virus regenerate and renew itself while staying hidden.... the fact that it was labelled MyStub should have in itself sent alarm bells ringing’. Importantly, the data dump image below shows administrator access. (Image 2)

    Third, the fact that the plant has suffered multiple shut downs suggests a serious and persistent equipment problem. In many ways this is reminiscent of the Stuxnet attack on Iran, which over time, significantly reduced the efficiency of Iranian centrifuges causing them to malfunction regularly.

    This is hardly surprising given that the progenitor of DTRACK, was a ransom-ware system that had infiltrated Sony for over two years but stayed latent collecting information and played its hand only much later. In that sense it is impossible to tell when the virus was implanted (if it was implanted) and when it would start acting up. Certainly, the frequent failures at KKNPP point to a Stuxnet-style gradual attrition of capability. If this is not malware related, this points to a possibly more serious design problem.


    [​IMG]

    Image 2; Shows administrator access

    Absent in this (and KKNPP's official denial) is the discussion of India's security culture — that is to say the human angle. What one should remember is that it is a scrupulous adherence to data hygiene that prevents the breaching of an air gap. To date we have had repeated breaches of Ministry of External affairs computers by Chinese hackers (including highly sensitive data).

    Also to note that the Natanz nuclear facility was not attacked via networks, but rather through a lax security culture where contractors were allowed to use private USB sticks within the Natanz air gap. To note, that some of these contractors also used these USB sticks in India, and transferred the virus to several Indian facilities.

    Notably, unlike in the United States, where 2 per cent of nuclear programme staff are laid off every year for minor infractions (sometimes not even related to their work, such as a repeat occurrence of speeding tickets or gambling problems), we still have no transparency with regards to our personnel reliability programme.

    In short, if indeed a breach has occurred, it is a human problem not a network one and KNPP's diagnostic and denial does little to restore confidence.

    Abhijit Iyer-Mitra is senior fellow at the Nuclear Security Programme of the Institute of Peace and Conflict Studies, New Delhi. Views are personal.

    https://www.moneycontrol.com/news/i...es-4585321.html/amp?__twitter_impression=true




     
    TejasMK3 likes this.

Share This Page