At a news conference last night, General Buck Turgidson, Director of the Critical Infrastructure Security Operation Center (CI-SOC) confirmed that an unidentified computer hacker was responsible for the recent attack on the office of Rep. Harvey Milk (D,CA). “We have confirmed that the attacker exploited a known vulnerability in the control system for the a RoboKonstruk R9 autonomous bulldozer to take control of the vehicle and drive it into the Congressman’s office,” Turgidson told reporters via a Zoom conference.
Johnathan Quest, spokesman for the Federal Bureau of Inquiry, told reporters that the FBI has taken jurisdiction over the investigation since it included an attack on a member of Congress. “We intend to work closely with the CI-SOC in our efforts to track down and arrest the perpetrators of this attack,” Quest told reporters.
Dade Murphy, CTO of Dragonfire Cyber reported that the known vulnerability that Turgidson was referring to involved the radio controller that was used on the bulldozer. “The attacker exploited a credential replay vulnerability in the Robotron SDR-1000i radio system,” Murphy explained; “This vulnerability was publicly reported six months ago, and updates were available to mitigate the issue.”
Dragonfire Cyber is providing the on-site team for the CI-SOC investigation of the incident.
Dillyboys Construction, the owner of the bulldozer, reported that they were not aware of the cyber vulnerability in system. “We were never told about the problem,” company spokesman James Portman told reporters; “We are a construction company, our expertise is in earth moving and site preparation, not cybersecurity.”
The cybersecurity researcher who discovered the radio system vulnerability a year ago goes by the handle cYbrg0D. He told me that it is relatively easy to exploit this vulnerability. The attacker would have to listen on the radio frequency used by the devices and copy the code that was initially sent by the operator to start the vehicle. That code then could be replayed by the attacker using a different radio controller to take control of the system at a later time.
Erich Mielke, spokesman for Robotron, supplied a statement that noted that the SDR-1000i is a very common radio control system. “It is used in hundreds of our products including all of the remotely operated equipment produced by our construction subsidiary, RoboKonstruk,” the statement explains. The system is also used by a number of other vendors of remotely operated equipment around the world. Robotron has sold over 10,000 remote controllers for the system over the last ten years, the Company reports. Used versions of the controller are available for sale on eBay®.
Quest told reporters that the FBI thinks that the person who operated the bulldozer was an experienced heavy equipment operator. “More than just cyber skills were obviously used int his attack,” Quest explained; “The tracks in the street from the construction site to the Congressman’s office demonstrated smooth operation and direct control as several obstacles were avoided during the movement.”
cYbrg0D confirmed to me that it would not have taken a skilled hacker to take control over this vehicle. “It easily could have been an equipment operator with a very modest set of hacking skills that executed this attack,” he said; “Driving the bulldozer is much more difficult than hacking that radio controller.”
Milk’s office reports that the Congressman is calling for a congressional investigation of the security of the controls over remotely operated equipment. That investigation in not expected to be started in this session of Congress, but Milk is slated to be the Chair of the new Cybersecurity Subcommittee of the House Transportation Committee in the 117th, Congress.
Building inspectors for the City confirmed that the building will have to be destroyed, there is no structural stability remaining that would allow for repairs to be made.
No comments:
Post a Comment