Full Disclosure mailing list archives



Florida Power & Light Company (FPL) Fort Sumner Wind turbine Control SCADA was HACKED

Here comes my revenge for illegitimate firing from Florida Power & Light Company (FPL) ... ain't nothing you can do with it, since your electricity is turned off !!! Secure you SCADA better! Leaked files are attached ... 1) http://img838.imageshack.us/i/49986845.png/ 2) http://img718.imageshack.us/i/24380855.png/ 3) http://img24.imageshack.us/i/58868342.png/ 4) http://img228.imageshack.us/i/85258364.png/ 5) http://img163.imageshack.us/i/90736853.png/ 6) http://img217.imageshack.us/i/55439027.png/ 7) http://img40.imageshack.us/i/87526089.png/ 8) http://img864.imageshack.us/i/94061747.png/ ------------------------------------------------------------ 161.154.232.65 HTTP/1.0 401 Unauthorized Date: Sat, 05 Feb 2011 23:43:13 GMT Server: VTS 9.0.05 Content-Type: text/html Content-Length: 622 Cache-Control: no-cache WWW-Authenticate: Basic realm="Ft. Sumner SCADA" Cache-control: no-cache="set-cookie" Cache-control: private Set-Cookie: VTS=9.0005;Version=1;Path=/ Set-Cookie: SessionID=0;Version=1;Path=/Ft. Sumner SCADA/cc8620ba-ad1a-4ae9-96ed-036c22c3576a Set-Cookie: SessionID=0;Version=1;Path=/Ft%2e%20Sumner%20SCADA/cc8620ba-ad1a-4ae9-96ed-036c22c.. NetRange: 161.154.0.0 - 161.154.255.255 CIDR: 161.154.0.0/16 OriginAS: NetName: FPL2 NetHandle: NET-161-154-0-0-1 Parent: NET-161-0-0-0-0 NetType: Direct Assignment RegDate: 1992-12-17 Updated: 2008-10-10 Ref: http://whois.arin.net/rest/net/NET-161-154-0-0-1 OrgName: Florida Power & Light Company OrgId: FFPL-1 Address: 700 Universe Blvd Address: P.O. Box 14000 City: Juno Beach StateProv: FL PostalCode: 33408-0420 Country: US RegDate: 1997-06-03 Updated: 2007-06-29 Ref: http://whois.arin.net/rest/org/FFPL-1 OrgAbuseHandle: INFOR40-ARIN OrgAbuseName: Information Security OrgAbusePhone: +1-305-552-3727 OrgAbuseEmail: information_security () fpl com OrgAbuseRef: http://whois.arin.net/rest/poc/INFOR40-ARIN OrgTechHandle: DHE37-ARIN OrgTechName: Hertzog, Dean OrgTechPhone: +1-305-552-4080 OrgTechEmail: FPLNOC () fpl com OrgTechRef: http://whois.arin.net/rest/poc/DHE37-ARIN OrgNOCHandle: DHE37-ARIN OrgNOCName: Hertzog, Dean OrgNOCPhone: +1-305-552-4080 OrgNOCEmail: FPLNOC () fpl com OrgNOCRef: http://whois.arin.net/rest/poc/DHE37-ARIN ------------------------------------------------------------------------------- Configuration file from the central Cisco Router and Security Device Manager: 161.154.232.2 (FPL - FFPL-1) Building configuration... Current configuration : 8467 bytes ! ! Last configuration change at 18:01:57 UTC Mon Oct 25 2010 by ro5810 ! NVRAM config last updated at 18:01:59 UTC Mon Oct 25 2010 by ro5810 ! version 12.2 no service pad service timestamps debug datetime localtime service timestamps log datetime localtime service password-encryption service udp-small-servers service tcp-small-servers ! hostname cpr622i00bct ! logging buffered 65000 debugging logging rate-limit all 10 except critical enable secret 5 $1$7uN5$Ok9fYku/HC/KNqWQkHoWP. ! aaa new-model aaa authentication login default group tacacs+ enable aaa authentication enable default group tacacs+ enable aaa authorization exec default group tacacs+ none aaa accounting exec default start-stop group tacacs+ aaa accounting commands 15 default start-stop group tacacs+ ! aaa session-id common ip subnet-zero no ip source-route ip routing ! no ip domain-lookup ip host cs00noc 172.16.0.132 ip host cs01noc 172.16.0.133 ip host cs00noc-pub 209.215.34.12 ip host cs01noc-pub 209.215.34.11 ip name-server 205.152.132.23 ip name-server 205.152.144.23 vtp domain Core vtp mode transparent ! mls qos no mpls traffic-eng auto-bw timers frequency 0 ! ! no file verify auto spanning-tree mode pvst spanning-tree extend system-id ! ! ! vlan internal allocation policy ascending ! vlan 1578 name FPL ! policy-map SHAPER1 class class-default shape average 250000000 ! ! ! interface FastEthernet1/0/1 ! interface FastEthernet1/0/2 ! interface FastEthernet1/0/3 ! interface FastEthernet1/0/4 ! interface FastEthernet1/0/5 ! interface FastEthernet1/0/6 ! interface FastEthernet1/0/7 ! interface FastEthernet1/0/8 ! interface FastEthernet1/0/9 ! interface FastEthernet1/0/10 ! interface FastEthernet1/0/11 ! interface FastEthernet1/0/12 ! interface FastEthernet1/0/13 ! interface FastEthernet1/0/14 ! interface FastEthernet1/0/15 ! interface FastEthernet1/0/16 ! interface FastEthernet1/0/17 ! interface FastEthernet1/0/18 ! interface FastEthernet1/0/19 ! interface FastEthernet1/0/20 ! interface FastEthernet1/0/21 ! interface FastEthernet1/0/22 ! interface FastEthernet1/0/23 ! interface FastEthernet1/0/24 ! interface GigabitEthernet1/0/1 ! interface GigabitEthernet1/0/2 ! interface GigabitEthernet1/1/1 switchport trunk allowed vlan 1578 switchport mode trunk switchport nonegotiate ip access-group 112 in service-policy output SHAPER1 load-interval 30 speed nonegotiate ! interface GigabitEthernet1/1/2 no switchport ip address 161.154.232.2 255.255.255.0 ip access-group 115 in load-interval 30 keepalive 10 speed nonegotiate mls qos trust dscp no cdp enable no clns route-cache hold-queue 100 in hold-queue 100 out ! interface Vlan1 no ip address shutdown ! interface Vlan1578 ip address 65.14.117.30 255.255.255.252 load-interval 30 no clns route-cache ! ip classless ip route 0.0.0.0 0.0.0.0 65.14.117.29 ip route 155.109.5.0 255.255.255.0 161.154.232.1 ip route 155.109.19.0 255.255.255.0 161.154.232.1 ip route 155.109.29.0 255.255.255.0 161.154.232.1 ip route 155.109.29.204 255.255.255.255 65.14.117.29 ip route 155.109.29.214 255.255.255.255 65.14.117.29 ip route 155.109.66.0 255.255.255.0 161.154.232.1 ip route 155.109.88.0 255.255.255.0 161.154.232.1 ip route 155.109.95.0 255.255.255.0 161.154.232.1 ip route 161.154.0.0 255.255.0.0 161.154.232.1 ip route 170.55.0.0 255.255.0.0 161.154.232.1 ip route 204.238.236.0 255.255.255.0 161.154.232.1 no ip http server ip http secure-server ! ! ! access-list 98 permit 205.152.144.226 access-list 98 permit 205.152.132.250 access-list 98 permit 205.152.132.226 access-list 98 permit 205.152.144.250 access-list 98 permit 205.152.144.165 access-list 98 permit 205.152.37.19 access-list 98 permit 205.152.37.20 access-list 98 permit 205.152.144.163 access-list 98 permit 205.152.37.26 access-list 98 permit 205.152.37.27 access-list 98 permit 205.152.132.163 access-list 98 permit 205.152.132.165 access-list 98 permit 205.152.37.250 access-list 98 permit 205.152.37.226 access-list 98 permit 205.152.132.27 access-list 98 permit 205.152.132.26 access-list 98 permit 205.152.144.20 access-list 98 permit 205.152.37.163 access-list 98 permit 205.152.37.165 access-list 98 permit 205.152.144.19 access-list 98 permit 205.152.144.27 access-list 98 permit 205.152.144.26 access-list 98 permit 139.76.53.0 0.0.0.255 access-list 98 permit 139.76.68.0 0.0.3.255 access-list 98 permit 139.76.88.0 0.0.1.255 access-list 98 permit 139.76.228.0 0.0.3.255 access-list 98 permit 139.76.240.0 0.0.1.255 access-list 98 permit 172.16.0.0 0.0.1.255 access-list 98 permit 205.152.6.0 0.0.0.255 access-list 98 permit 205.152.66.0 0.0.0.255 access-list 98 permit 205.152.204.0 0.0.0.255 access-list 99 permit 68.153.6.0 0.0.1.255 access-list 99 permit 172.16.0.0 0.0.1.255 access-list 99 permit 139.76.53.0 0.0.0.255 access-list 99 permit 139.76.68.0 0.0.3.255 access-list 99 permit 139.76.88.0 0.0.1.255 access-list 99 permit 139.76.228.0 0.0.3.255 access-list 99 permit 139.76.240.0 0.0.1.255 access-list 99 permit 205.152.6.0 0.0.0.255 access-list 111 permit ip 65.14.117.28 0.0.0.3 any access-list 111 permit ip 74.175.105.64 0.0.0.31 any access-list 111 permit ip 205.152.17.0 0.0.0.255 any access-list 111 permit ip 155.109.0.0 0.0.255.255 any access-list 111 permit ip 161.154.0.0 0.0.255.255 any access-list 111 permit ip 205.152.161.0 0.0.0.255 any access-list 111 permit ip 204.238.236.0 0.0.0.255 any access-list 111 permit ip 170.55.0.0 0.0.255.255 any access-list 112 deny ip 204.0.0.0 0.0.255.255 any access-list 112 deny ip 204.1.0.0 0.0.255.255 any access-list 112 deny ip 204.3.0.0 0.0.255.255 any access-list 112 deny ip 69.22.0.0 0.0.192.255 any access-list 112 permit ip any any access-list 115 deny 53 any any access-list 115 deny 55 any any access-list 115 deny 77 any any access-list 115 deny pim any any access-list 115 permit ip any any no cdp run snmp-server community Ty#Qr53b RO 98 snmp-server community R5t3bF5c RW 98 tacacs-server host 172.16.0.132 tacacs-server host 209.215.34.12 tacacs-server host 172.16.0.133 tacacs-server host 209.215.34.11 tacacs-server timeout 10 tacacs-server directed-request tacacs-server key 7 010703174F ! radius-server source-ports 1645-1646 ! control-plane ! banner motd ^CC ###################################################################### # # # ***PRIVATE/PROPRIETARY*** # # # # ANY UNAUTHORIZED ACCESS TO, OR MISUSE OF BELLSOUTH # # SYSTEMS OR DATA MAY RESULT IN CIVIL AND/OR CRIMINAL # # PROSECUTION, EMPLOYEE DISCIPLINE UP TO AND INCLUDING # # DISCHARGE, OR THE TERMINATION OF VENDOR/SERVICE CONTRACTS. # # # # BELLSOUTH MAY PERIODICALLY MONITOR AND/OR AUDIT SYSTEM # # ACCESS/USAGE. # # # # # ###################################################################### # # # <VERSION TEMPLATE DATE@TIME> # ###################################################################### ^C privilege exec level 1 traceroute privilege exec level 1 ping privilege exec level 1 terminal monitor privilege exec level 1 terminal privilege exec level 1 show line privilege exec level 1 show snmp privilege exec level 1 show arp privilege exec level 1 show accounting privilege exec level 1 show service-module privilege exec level 1 show version privilege exec level 1 show reload privilege exec level 1 show debugging privilege exec level 1 show controllers privilege exec level 1 show users privilege exec level 1 show sessions privilege exec level 1 show access-lists privilege exec level 1 show privilege privilege exec level 1 show interfaces privilege exec level 1 show startup-config privilege exec level 1 show privilege exec level 1 clear line privilege exec level 1 clear counters privilege exec level 1 clear ! line con 0 exec-timeout 5 30 password 7 070C285F4D06 line vty 0 4 access-class 99 in exec-timeout 30 0 password 7 03075218050061 line vty 5 15 access-class 99 in exec-timeout 30 0 password 7 03075218050061 ! end ---------------------------------------------------- Fort Sumner wind turbines: http://www.flickr.com/photos/30325073@N02/4113855086/

_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/

By Date By Thread

Current thread: