Wired.com – (New Jersey; International) Hackers breached heating system via industrial control system backdoor. Hackers broke into the industrial control system (ICS) of a New Jersey air conditioning company earlier this year, using a backdoor vulnerability in the system, according to a FBI memo made public the week of December 10. The intruders first breached the company’s ICS network through a backdoor in its Niagara AX ICS system, made by Tridium. This gave them access to the mechanism controlling the company’s own heating and air conditioning, according to a memo prepared by the FBI’s office in Newark. The breach occurred in February and March, several weeks after someone using the Twitter moniker @ntisec posted a message online indicating that hackers were targeting supervisory controla and data acquisition (SCADA) systems, and that something had to be done to address vulnerabilities. The individual had used the Shodan search engine to locate Tridium Niagara systems that were connected to the internet and posted a list of URLs for the systems online. One of the IP addresses posted led to the New Jersey company’s heating and air conditioning control system. The company used the Niagara system not only for its own HVAC system, but also installed it for customers, which included banking institutions and other commercial entities, the memo noted. An IT contractor who worked for the company told the FBI that the company had installed its own - 5 - control system directly connected to the internet with no firewall in place to protect it. Although the system was password protected in general, the backdoor through the IP address apparently required no password and allowed direct access to the control system. The backdoor URL gave access to a Graphical User Interface (GUI), “which provided a floor plan layout of the office, with control fields and feedback for each office and shop area,” according to the FBI. “All areas of the office were clearly labeled with employee names or area names.” Forensic logs showed that intruders had gained access to the system from multiple IP addresses in and outside the U.S.
Ali Loney, on December 13, 2012