Thursday, April 30, 2020

Arrest Made in Meat Packing Ammonia Hack


The Federal Bureau of Inquiry announced today that they had arrested Willie Cole, a maintenance worker at the Intershop Meat Plant in connection with the recent spate of ammonia releases at the facility. Cole admitted to FBI agents that he had inserted the thumb drive into the computer that controlled the Kühlsicherheit refrigeration safety system.

Johnathan Quest, FBI spokesman, told reporters that: “Cole said that he was upset with the companies continued operation during the COVID-19 epidemic, especially after hearing news reports of illness and deaths at other plants across the country.”

Dade Murphy from Dragonfire Cyber has been helping ECS-CERT in their investigation of the hacking incident. He told reporters that the thumb drive found in the safety system contained a copy of  AmmoniakSaugt, a safety-system worm. “This malware searches out PLC’s in the Robotron Kühlsicherheit refrigeration safety system and effects the operation of both the pressure relief valves on the system and ammonia sensors connected to the system” he explained.

The malware was authored by Stasi Ehemalige, a German hacking collective. They have been active in attacking systems from Robotron. The FBI is still investigating how Cole is related to Stasi Ehemalige and how he obtained the thumb drive used in the attack.

Junior Butts, a lawyer representing Cole and other workers at Intershop told reporters that Cole will be pleading innocent at tomorrow’s expected arraignment. “Cole is being caught up in an ongoing labor dispute about Intershop’s continued unsafe operations” Butts said.


Wednesday, April 29, 2020

Hack Causes Ammonia Leak at Meat Processing Plant


The recent series of ammonia releases at the Intershop Meat Plant in Delano, GA appear to be the result of an attack on the Kühlsicherheit safety system for their ammonia refrigeration system, according to Immanuel C. Securitage of ECS-CERT. “Our investigators discovered that the Robotron safety system had been compromised by worm that was introduced into the system by a thumb drive” Securitage told reporters.

Horst Sinderman, the facility manager for Intershop, that the facility had been experiencing five or six unexplained releases of anhydrous ammonia over the last week or so. The releases were from short periods of opening of the pressure relief valve on the facility’s roof. With each release, alarms went off at the facility that resulted in facility evacuations that lasted until the all-clear was given by the fire department.

Junior Butts, a lawyer representing workers at the plant told reporters outside of the news conference that these ammonia releases were part of the ongoing safety problems at the facility that were endangering workers. He said that the owners of the plant were not taking adequate precautions to prevent workers from being exposed to the COVID-19 virus.


Sunday, April 19, 2020

COVID-19 Vaccine Trial Hacked


The Federal Bureau of Inquiry announced today that they were taking over the ECS-CERT investigation of an apparent hack of a protein analyzer at Hudson University that was being used in the evaluation of a new COVID-19 vaccine. ECS-CERT had confirmed that the report by Dr. Marty Beijerinck, the head of the University’s vaccine lab, that their test results were being remotely modified in an effort to discredit their vaccine’s efficacy.

Immanuel C. Securitage, ECS-CERT spokesman, said: “We found a vulnerability in the Robotron PrAnalysator that allowed a remote attacker to change the reported test results in network connected device. The device in the Vaccine Lab showed evidence that this vulnerability had been used to effect the reported results, showing that the Hudson vaccine was substantially less effective than it really was.”

Beijerinck explained to reporters that T-cells in an individual who had recovered from a COVID-19 infection contained a unique protein, Coronein-1, known to bind with sites on the surface of the virus. “The presence of this protein in a blood sample would indicate that a person had some level of immunity to the COVID-19 virus. We noticed during quality assurance testing that the system was not detecting the protein in samples that were spiked with known levels of Coronein-1.”

Beijerinck noted that ‎Adolf Mayer, a graduate student with programming experience that was part of the vaccine development team, suggested that the protein analyzer had been hacked. After a preliminary investigation by the Hudson University CERT ECS-CERT was contacted.

Securitage explained that the Medical Device Away Team (MDAT) was sent to the Hudson University lab to investigate the problem. They discovered a backdoor account in the PrAnalysator software that allowed the attacker to access the device and modify the reporting software so that only 25% of the positive tests were actually reported. That was immediately reported to the FBI’s COVID-19 Taskforce.

Johnathan Quest, the FBI spokesman, told reporters that the Taskforce had been formed to investigate cyber fraud related to the COVID-19 outbreak. “With the amount of money that is being invested in vaccine development and the competition for both financial and status reasons,” Quest explained “This definitely falls into the purview of  the Taskforce and will be a high profile investigation.”


Friday, April 17, 2020

SFINCTER Behind Delano Chemical Attack


Today the Federal Bureau of Inquiry announced that the attack last week on a bleach plant in Delano, GA was the act of the anti-chlorine terrorist group, Students for Immediate Neutralization of Chlorine Technology and Energy Reversion (SFINCTER). Johnathan Quest, the FBI spokesman, said that the group has not yet claimed responsibility for the attack. The determination that they were behind the attack was made based upon cyber forensic evidence obtained over the last week.

Dade Murphy, of DragonFire Cyber, who assisted the FBI analysts on this case, told reporters that the attackers used a known vulnerability in the third-party virtual private network (VPN) that was bundled with the Robotron vFernbedienung, remote DCS software that was being used by Bleichen Chemical to operate the control system that was used in last week’s attack. This vulnerability allowed the attackers to access the login credentials of multiple employees at the facility. With those credentials, the attackers had complete control of the distributed control system used at the facility.

In related news, Eric Schlamm, spokesman for the Delano Wastewater Treatment Plant (WWTP) told reporters today that the facility that normally received industrial grade bleach from the now closed Bleichen plant for wastewater disinfection was remaining open due to the efforts of the Georgia National Guard’s 555th Transportation Battalion. They were supplying truck loads of bleach from a facility in Alabama. Schlamm said that because so many industrial facilities in Delano were not operating, the WWTP was operating at reduced capacity, so the once-a-day delivery by the famed Triple Nickels was adequate to keep the plant operating. That would change when the Georgia shelter-in-place order for the COVID-19 outbreak was lifted.

Carl Scheele, Bleichen Plant Manager, told reporters by phone that engineers were just now getting into the plant to inspect the damage. “It will be at least a week before we can start to formulate a restart plan because of the damage caused when Reactor 2 exploded” he said.


Monday, April 13, 2020

Chlorine Explosion at Closed Bleach Plant


The Federal Bureau of Inquiry announced this morning that last weeks blast at the shuttered Bleichen Chemical plant in Delano, GA was being treated as a terrorist attack. Johnathan Quest told reporters that it appears that the attackers remotely accessed the plant control systems to cause an overpressure event in a facility reaction vessel. The rapid rise in pressure caused the vessel to catastrophically fail, destroying large portions of the facility and releasing small amounts of chlorine gas into the atmosphere. There was no one in the closed plant when the accident happened and there were no injuries.

Carl Scheele, the plant manager, joined the today’s news conference via video messaging as he is recovering from a COVID-19 infection. He noted that the plant was closed two weeks ago due to five employees coming down with severe COVID-19 illness and had been expected to reopen in three weeks after all employees had a chance to recover.

Scheele explained that Reactor 2, the vessel that exploded Friday, was being used as a safety vessel to neutralize chlorine gas emissions from the railcar on site. The pressure relief vent on the railcar was piped to Reactor 2. The company had not been able to empty the railcar before the plant closed and expected the temperature in the car to rise in the relatively mild Georgia spring resulting in a rise in pressure.

To avoid that pressure venting resulting in a release of chlorine gas, it was to be chemically neutralized Reactor 2. The system had been set up to maintain the caustic soda solution in the vessel at a low temperature to control the side reactions and reduce the pressure produced by the exothermic reaction of chlorine and caustic. Immanuel C. Securitage from the ECS-CERT told reporters that control system records showed that instead of keeping the temperature low in Reactor 2, someone had remotely accessed the control system and increased the temperature to near boiling. Then, at the same time that the railcar vent opened, the attacker also added an additional 1000 lbs of caustic soda to the vessel. The vessel temperature rose rapidly with a sharp increase in the vessel pressure. Safety limits were exceeded, and the vessel exploded.

Securitage said that it was too early in the investigation to determine who or how the attackers gained access to the control system, but that the control system was set up for remote operation to allow for sick operators to oversee the systems from home. The standby operator was supposed to be notified when the railcar pressure approached the emergency vent pressure setting to allow them to watch the operation, but no such notification was made by the system. No one from Bleichen was on-line when the incident happened.

In a related development, Eric Schlamm, the manager of the Delano Waste Water Treatment Plant (WWTP) said that they were still looking for an alternative source for industrial bleach that they had been getting from Bleichen. There are no other local suppliers and the nearest plants are all ready fully committed.

The Delano WWTP has about four days of bleach on hand for continued operations.