Thursday, July 30, 2020

CyMoTrol Sues ECS-CERT for Libel and Slander

It was announced today that CyMoTrol, a German manufacturer of industrial motor controllers, had filed a libel and slander suit against ECS-CERT for information included in a recent control system cybersecurity alert published by the agency. They are asking for treble damages and punitive damages for publicly disparaging the cybersecurity measures used to protect their motor controllers. The suit also demands that ECS-CERT disclose the identity of the anonymous researcher, cYbrg0D, named in the Alert as the researcher who identified the multiple vulnerabilities so that charges of theft of intellectual property, unlawful access, and industrial espionage can filed on that individual.

 

Wilhelm Pieck, spokesperson for CyMoTrol, said that last week’s alert published by ECS-CERT contained out right lies, fabrications and mischaracterization of device features that had already led to one customer canceling a large order for the CyMo One motor controllers mentioned in the Alert and calls from many irate customers. “ECS-CERT never talked with us about the supposed vulnerabilities,” Pieck told reporters; “If they had we would have explained that the supposed vulnerabilities were carefully controlled features of the devices that improved service and increased production reliability when used in a properly protected industrial environment.”

 

Immanuel C. Securitage, spokesperson for ECS-CERT refused to talk about the pending litigation. He did, however, explain that the agency stood behind the information in the Alert. “Based upon extensive information provided by cYbrg0D, we stand behind the identification of the three vulnerabilities outlined in our Alert,” Securitage told reporters; “And we continue to suggest that device owners face the potential consequences we described for a potential exploit of those vulnerabilities in a production environment.”

 

Shortly after the announcement of the law suit became public cYbrg0D tweeted “CyMoTrol has hard coded backdoors in all of their products and software includes phone-home code to provide info to manufacturer.”

 

When asked about the TWEET® Pieck said “CyMoTrol maintains remote access capabilities in their products for maintenance purposes as part of our customer service program. This includes device reporting of anomalous conditions. These are carefully controlled processes and are an integral part of the service we sell. They are not vulnerabilities and do not provide access to the devices to anyone outside of our organization.”

 

CAUTIONARY NOTE: This is a future news story –


Sunday, July 19, 2020

Control System Ransomware Attack Shuts Down Chem Plant


Blew Bayou Chemical Company announced that it had shut down its Shreveport, LA facility due to a ransomware attack on a control system at the facility. Only one storage tank safety system is currently affected, but the decision was made to shut down the entire plant as a precautionary measure. The Federal Bureau of Inquiry and the ECS-CERT are conducting a joint investigation.

Johnathan Quest, FBI spokesperson, told reporters that since the facility is considered critical infrastructure, a ransomware attack is considered to be a federal crime. “We are working closely with ECS-CERT and the facility owners to determine who is behind this attack;” Quest said.

Immanuel C. Securitage, ECS-CER spokesperson, confirmed that it had investigators onsite.

Issac B Kaghun, CEO of Blew Bayou Chemical, told reporters that the company became aware of the problem when a screen for the safety control system for the styrene monomer tank turned red and an announcement was printed on the screen that said a ransom would have to be paid to regain control of the system. The attackers asked for a ransom of 100 bitcoin for the return of control of the system.

Securitage told reporters: “The screen claimed that the safety PLC for the system was under the control of ‘ĀnquánShújīn’, Chinese for ‘safety ransom’. We have never seen this type of ransomware before.”

An investigator from Dragonfire Cyber working with the ECS-CERT team speaking anonymously said that, instead of encrypting files as is seen in most normal ransomware, the AS ransomware reprogramed the PLC to shutdown all sensors and valve controllers associated with the system.”

Securitage confirmed that the company had removed the affected PLC from the system and replaced it with a preprogramed substitute that was kept on hand for emergency situations. “The replacement worked properly for about five minutes and then it was corrupted as well,” he explained; “That caused us to assume that there was some sort of worm in the system that caused the reinfection. We recommended that the company under take a shutdown of all control systems pending further investigations.”

The company is currently running all safety systems in manual mode.


Monday, July 13, 2020

Army ROWPU Hacked in Iraq

A thread on a logistics discussion board on REDDIT about a water supply issue for a US Army unit in Iraq claims that a cyberattack on a reverse osmosis water purification unity (ROWPU) employed by the 248th Composite Supply Company caused it to stop functioning. Reportedly the Army has had to provide emergency water supplies to the unnamed unit. The Army has refused to comment on the reported incident.

 

The ROWPU is supposed to be a slightly modified version of Robotron Wasseraufbereitungsanlage (WABA) unit. Robotron recently released a security advisory for their WABA unit. According to that advisory there are multiple vulnerabilities in the unit that could be remotely exploited. The advisory explains that exploits could allow the unit to become over pressurized and damage the filtration cartridges.

 

Robotron spokesman Erich Mielke confirmed that the WABA advisory had recently been published on their web site. “The advisory includes mitigation measures to address the vulnerabilities and Robotron continues to work on updated firmware for the equipment,” Mielke said.

 

When asked if the US Army had been notified of the vulnerabilities, Mielke told this reporter: “We published the advisory on our web site. System owners are responsible for monitoring that site and taking appropriate actions.”

 

Kate Libby, a spokesperson for Dragonfire Cyber, confirmed that the Robotron disclosure process was fairly common in the industry. “I am surprised that a military contract would not include a vulnerability disclosure requirement for the vendor, but it could certainly happen,” Libby said.

 

When asked about the mitigation measures outlined in the Robotron advisory, Ms. Libby explained that the generic mitigation measures included not using the remote operation capabilities provided with the unit. She noted: “It would be impracticable to stop using the remote operation controls on a unit employed in Iraq. It would require keeping a person stationed at the unit during routine operations in 120˚ daytime temperatures.”

 

CAUTIONARY NOTE: This is a future news story –


Sunday, July 12, 2020

Acrylamide Producer Declares Force Majeure Because of Storage Tank Hack

Monomère Producteur, a US subsidiary of the French chemical conglomerate Laurent Chimiques, announced today that it was declaring force majeure on all of its contracts for the delivery of acrylamide in North America. It’s Delano, GA facility is the largest manufacturer of acrylamide monomer in the US and it was recently hit by a cyberattack on its monomer storage tanks.

 

The company’s President Charles Moureu told reporters today announced that its four 50,000 gallon acrylamide storage tanks had become contaminated with unacceptable levels of polyacrylamide because the air sparge of the tanks had been shut down by a cyber criminal over the Fourth of July weekend.

 

“The air sparge of the acrylamide storage tanks prevents polymerization of the monomer in the tanks,” Moureu told reporters; “With the high heat levels we have been seeing this summer and the lack of air sparge we have found that there is three to five percent polymer in the monomer storage tanks. This level of polymer makes the product unsuitable for use by our customers.”

 

The Federal Bureau of Inquiry and the ECS-CERT have been conducting a joint investigation of the attack on the Delano chemical facility. When contacted by the company, ECS-CERT investigators quickly discovered a small USB drive in one of the devices in a control system cabinet in the tank farm. Immanuel C. Securitage from ECS-CERT told reporters that the USB device was similar to those used to connect wireless keyboards and mice to home computers.

 

“It provided a Bluetooth connection to a wireless modem that was hidden near the cabinet,” Securitage said; “That provided the access the attackers needed to bypass all of the network security controls put in place by the company and take control of the safety systems that controlled the air sparge and tank monitoring controls for the four large storage tanks.”

 

Johnathan Quest, spokesman for the FBI, told reporters that the device was placed in the cabinet during an apparent physical attack on the facility during the evening of July 3rd. “A perimeter intruder detection system alarmed at 10:00 pm that evening and local police responded but found no sign of intruders that night,” Quest said: “A more detailed inspection the next morning found a rope strung above the fence between two trees that served as the intruders route into and out of the facility.”

 

The Agency for Chemical and Environmental Security spokesman Daniel Varg told reporters that the largest volume use of acrylamide monomer in the United States is in the manufacture of water treating polymer products used in both the cleaning of drinking water and the treatment of municipal and industrial waste water.

 

“The removal of almost 180,000 gallons of acrylamide from the market place is going to have a rapid impact on the water treatment market,” Varg told reporters; “We expect to see shortages start appear in the invert emulsion polymer market place within the next couple of weeks. Depending on how long it takes Monomère Producteur to clean up the material in those tanks we could start to see treatment plants shutting down before the end of the month.”

 

CAUTIONARY NOTE: This is a future news story –