The drama surrounding Israel continues to unfold as a group of Anonymous hackers expose employee logins to several government websites. Perhaps most disturbingly, this document (may be taken down any time) also claims the credentials provided give access to a number of Israel's SCADA (Supervisory Control and Data Acquisition) systems. The document itself includes emails, passwords, hashes and 10 IP addresses that are supposedly Israeli SCADA systems.
At this time of this writing, there were few details regarding the implications. However, such systems are typically used to monitor and regulate processes for industrial control purposes, such as a agricultural complexes, factories or public services and utilities.
Of the information provided, logins included the following domains: mod.gov.il (Israel's Ministry of Defense), idf.gov.il (Israeli Defense Force), beijing.mfa.gov.il (Israeli Chinese Embassy) and hy.health.gov.il (Israel's Ministry of Health). It is unknown whether or not the exposed logins provide any meaningful access, let alone work, but having this information out in the wild could prove serious.
This unwittingly timely article at PCMag reports on a speech given at the third annual International Conference on Cyber Security in New York City addressing security problem with SCADA systems. "It would take us 5 years and $25 million to change a SCADA system," a speaker said. Here's more:
In recent years, we've seen an alarming number of breaches (and misreports) into critical infrastructure of industrial control systems, like electric and power grids, known simply as SCADA (Supervisory Control and Data Acquisition). 0 Comments, [sic] that enduring, infrastructure-targeting beast of a computer worm that crippled Iran's nuclear facilities in 2010, probably comes to mind first. Duqu, another worm believed to be written by the same authors, was programmed to steal industrial trade secrets. Together the worms have infected around 100,000 computers equipped with Siemens PLCs and Windows-based industrial software.
What motivates the cyber criminals behind such attacks? It's not hard to imagine: terrorism, extortion, political activism.
The stolen logins may are most likely linked to an intrusion credited to 0xOmar, earlier this month. Potentially, the attack exposed 400,000 credit cards, names, addresses, Israel ID numbers (Social Security) and other details of Israeli citizens. The hacker claimed to be a member of Anonymous, but there is no word whether or not he was involved in today's activities.
Earlier, the Israeli government condemned 0xOmar's actions and compared hacking to terrorism. In the very strongly worded statement, an official said that no aggressor would be immune to Israel's retaliation. However, it appears that message hasn't intimidated hackers.