Second nuclear plant at TN's Kudankulam stops operation. Hacked?

ezsasa

Designated Cynic
Mod
Joined
Jul 12, 2014
Messages
31,719
Likes
146,997
Country flag

ezsasa

Designated Cynic
Mod
Joined
Jul 12, 2014
Messages
31,719
Likes
146,997
Country flag
More Chatter:

Interesting potential DTRACK (CC
@Mao_Ware
) Dumps the data mined output via manually mapped share over SMB to RFC1918 address with a statically encoded user/pass: > net use \\\\10.38.1.35\\C$ su.controller5kk /user:KKNPP\\administrator


...all I'm getting is a nuclear power plant. Please tell me they haven't compromised a nuclear power plant to use as a C2.

 

Indibomber

Regular Member
Joined
Sep 5, 2015
Messages
584
Likes
1,039
More Chatter:

Interesting potential DTRACK (CC
@Mao_Ware
) Dumps the data mined output via manually mapped share over SMB to RFC1918 address with a statically encoded user/pass: > net use \\\\10.38.1.35\\C$ su.controller5kk /user:KKNPP\\administrator


...all I'm getting is a nuclear power plant. Please tell me they haven't compromised a nuclear power plant to use as a C2.


I hope GOI puts the IT managers behind the bars for a long time for not following IT security guidelines. This is bad on all levels, Indian banks and other systems will be tested even more.
 

vampyrbladez

Senior Member
Joined
Jun 21, 2018
Messages
10,247
Likes
26,508
Country flag
UPDATE : The fucking nuclear plant has its IP address on the internet! Look at the number of alleged viruses on the system!


DTRACK samples related to the plant!

https://pastebin.com/HLJHc1wL

What the fuck were the IT Admins on the plant doing? Fucking PSU PoS!
 

vampyrbladez

Senior Member
Joined
Jun 21, 2018
Messages
10,247
Likes
26,508
Country flag
UPDATE :

Indian supercomputers hit regularly by US. Indian nukes may have been hit! :scared1:

 

Flying Dagger

Senior Member
Joined
Sep 26, 2019
Messages
3,583
Likes
9,441
Country flag
wtf is this????? enough is enough....kick these useless PSU out of anything related to defence and national security matter...
Truth is we spent almost nothing to secure and develop cyber warfare capability. And our politician are literally dumb to understand it's importance.

Just to get a laptop issued for a new intern it takes approvals email process that goes over month. What do you expect from them ?
 

Cheran

Senior Member
Joined
Sep 8, 2019
Messages
8,762
Likes
76,700
Country flag
There has been a clarification that this is not the case for the admins, but we may never know. Others claim that the concerned username could also be from some other place..
 

Indrajit

Senior Member
Joined
Feb 27, 2018
Messages
4,029
Likes
15,303
Country flag
@mods please close this thread... officially this is fake news..
Seriously man...the evidence is not helping. The official explanation is bs.

Security | Questions the alleged cyber-incident at Kudankulam Nuclear Plant raises

Abhijit Iyer-Mitra

On October 29, authorities at the Kudankulam Nuclear Power Project (KKNPP), in Tamil Nadu, issued a statement denying (Image 1) the speculation of a cyber incident at the power plant. The Indian Express reported senior government officials saying that an audit had ‘confirmed that an “incident” had occurred (in early September), though not to the main operations of the plant’. The accumulated evidence, however, tells a far more disturbing story, albeit circumstantial, and the KKNPP denial raises more questions than it answers.

There are three pieces of circumstantial evidence that point to a significant cyber event having taken place.
First, as per publically available documents, the fact that the Nuclear Power Corporation of India (NPCIL) issued tenders for (and bought) Windows systems. This shows that there were several Windows-enabled computers operational within the KNPP air gap. As cyber expert Samuel Cardillo told me in an interview, in any nuclear power plant the administrative side is neatly separated from the operations side for security reasons. If indeed Windows was only used in the administrative side, this raises the question as to what was the operating system (OS) used on the operations side? The only alternative explanation is that the operations of the plant were run on an OS developed ab-initio by India exclusively for use by India.

This begs the question: What is this OS based on and how long did it take to integrate the said system with Russian equipment which would add a whole new layer of complexity (and vulnerability in addition to malfunction) to an already complex system. It is important to note that the virus in question ‘DTRACK’ is programmed to attack Windows operating systems.



Image 1

Second, we know for a fact from the Kudankulam data dump that KKNPP had a MyStub.exe file. Cardillo explains this as ‘the camouflage on a Trojan horse’ or to use an Indian context, it's like finding a file in a defence ministry computer titled AlJihadAlHind.exe, which should have immediately raised a red flag. He explains a stub as ‘an encrypted file that allows the virus to remain undetected — an embryo of sorts — a virus nursery that helps the virus regenerate and renew itself while staying hidden.... the fact that it was labelled MyStub should have in itself sent alarm bells ringing’. Importantly, the data dump image below shows administrator access. (Image 2)

Third, the fact that the plant has suffered multiple shut downs suggests a serious and persistent equipment problem. In many ways this is reminiscent of the Stuxnet attack on Iran, which over time, significantly reduced the efficiency of Iranian centrifuges causing them to malfunction regularly.

This is hardly surprising given that the progenitor of DTRACK, was a ransom-ware system that had infiltrated Sony for over two years but stayed latent collecting information and played its hand only much later. In that sense it is impossible to tell when the virus was implanted (if it was implanted) and when it would start acting up. Certainly, the frequent failures at KKNPP point to a Stuxnet-style gradual attrition of capability. If this is not malware related, this points to a possibly more serious design problem.




Image 2; Shows administrator access

Absent in this (and KKNPP's official denial) is the discussion of India's security culture — that is to say the human angle. What one should remember is that it is a scrupulous adherence to data hygiene that prevents the breaching of an air gap. To date we have had repeated breaches of Ministry of External affairs computers by Chinese hackers (including highly sensitive data).

Also to note that the Natanz nuclear facility was not attacked via networks, but rather through a lax security culture where contractors were allowed to use private USB sticks within the Natanz air gap. To note, that some of these contractors also used these USB sticks in India, and transferred the virus to several Indian facilities.

Notably, unlike in the United States, where 2 per cent of nuclear programme staff are laid off every year for minor infractions (sometimes not even related to their work, such as a repeat occurrence of speeding tickets or gambling problems), we still have no transparency with regards to our personnel reliability programme.

In short, if indeed a breach has occurred, it is a human problem not a network one and KNPP's diagnostic and denial does little to restore confidence.

Abhijit Iyer-Mitra is senior fellow at the Nuclear Security Programme of the Institute of Peace and Conflict Studies, New Delhi. Views are personal.

https://www.moneycontrol.com/news/i...es-4585321.html/amp?__twitter_impression=true




 

Latest Replies

Global Defence

New threads

Articles

Top