January 22, 2012

#fulldisclosure #US United States of America Wide open #SCADA systems



                         _..._             _____                         _____     
                      .-'_..._''.         /    /     _______            /    /     
                    .' .'      '.\       /    /      \  ___ `'.        /    /      
       /|  /|      / .'                 /    /        ' |--.\  \      /    /       
   ___//__//__    . '                  /    /         | |    \  '    /    /        
  '--//--//---'   | |                 /    /  __      | |     |  '  /    /  __     
 ___//__//__   _  | |                /    /  |  |     | |     |  | /    /  |  |    
'--//--//---'.' | . '               /    '   |  |     | |     ' .'/    '   |  |    
  |/  |/    .   | /\ '.          . /    '----|  |---. | |___.' /'/    '----|  |---.
          .'.'| |// '. `._____.-'//          |  |   |/_______.'//          |  |   |
        .'.'.-'  /    `-.______ / '----------|  |---'\_______|/ '----------|  |---'
        .'   \_.'              `             |  |                          |  |    
                                            /____\                        /____\   

@ntisec Exposes Amerikan #SCADA systems #fulldisclosure

The world has been warned enough, and corperate power has done nothing. People are at risk. We all need to be made aware of
our infrastructure lacking normal forms of safety procedures.

Hackers are targetting #SCADA this year and we have to do something about it.!

So here we go.

Please take some Screenshots and show them to me on @twitter @ntisec.
Be carefull and dont cause rampant anarchy. They might trace you and I have warned you not to alter control states. Just have a look around
To see 4 yourself how these systems affect our everyday life.

Maybe its time politics pointed their attention to bigger problems then #SOPA #PIPA etc.
Trying to regulate the last freedom, will cause uprising and dangerous cyber threats.
As our financial state gets worse and the smart IT and SEC workers have nothing to da
they will at least cause mayhem against what in our view is injustice.
Arresting and kidnapping foreign people for spreading bandwith? #OPMEGAUPLOAD?
Go try and fix your infrastructure first. Its wide open to legally expose and enter your
buildings. Like urban exploring from behind my PC.

Locking up Bradley manning? Better be carefull a hacker does not open his jaildoors 4fun!

Dont even need an exploit to get in here. Dont even have to be a hacker. No passwords what so ever.

So how is the state of your other #SCADA systems like your electrical grid? Or trafic management?
What about chemical industry? Or can hackers swich some stuf that sends trains to another fail?

That pump you saw a while back is just the first sign af being infiltrated.

It can be your vent system, a cooky factory up to a switch that switches of an entire country and economy.

These systems where found through google and shodanHQ by using the search term:


 :|slot:/

Finding them and linking them is completely legal.

Be carefull not to touch anything.

http://12.167.187.176/ord?file:^Web/html/Main.html Hmmm..... Global Forex Trade building -> not so smart leaving yourControls in the hands of #anonymous

http://209.254.21.226/file/px/Demo%20Home.px
http://75.145.221.181/ord?station:|slot:/fxApp
http://158.123.163.236/ord?station:|slot:/Graphics/HX_1
http://70.148.24.7/ord?file:^px/MainHomePage.px
http://64.49.112.47/ord?station:|slot:/fxApp
http://209.56.73.31/ord?station:|slot:/
http://204.14.161.214/ord?station:|slot:/Drivers/LonNetwork/Home
http://99.5.127.36/ord?file:^px/FPlan1.px
http://99.191.85.49/ord?station:|slot:/fxApp
http://204.215.37.73/file/px/Home.px
http://66.162.112.212/ord?station:|slot:/
http://63.227.59.186/file/PX/Splash/Splash.px
http://65.79.122.12/file/WEB/main.html
http://207.255.176.229/ord?station:|slot:/
http://207.91.52.176/ord?file:^px/Home.px
http://96.27.226.119/ord?station:|slot:/
http://155.101.230.171/ord?station:|slot:/fxApp
http://66.134.232.218/ord?station:|slot:/
http://216.212.30.61/file/Px/Main.px
http://64.128.134.126/ord?file:^WEB/main.html
http://64.128.134.126/ord?file:^WEB/main.html
http://173.160.118.253/file/px/OpenArmsHome.px
http://207.54.163.236/ord?station:|slot:/Drivers/NiagaraNetwork/Tremco_North_HQ/points/Penthouse/AHU_1
http://209.142.166.186/ord?file:^web/SiteTreeIE.html
http://64.107.163.67/ord?file:^px/MAIN.px
http://216.48.250.36/ord?station:|slot:/fxApp
http://74.228.253.3/ord?file:^px/Home.px
http://63.162.239.54/file/px/wb/Main.px
http://74.3.82.116/ord?station:|slot:/Home
http://63.139.252.4/ord?file:^Graphics/HomePage.px
http://168.180.221.21/ord?file:^px/home.px
http://137.148.114.16/ord?station:|slot:/
http://68.143.24.242/ord?file:^PX/Main.px
http://71.242.245.229/ord?station:|slot:/
http://152.15.171.111/file/UNCCWebsite/BASHome.html
http://64.183.9.30/ord?file:^px/Home.px
http://24.248.13.71/ord?file:^web/SiteTreeIE.html
http://12.171.121.27/ord?station:|slot:/Navigation/Main

http://170.185.95.21/
http://166.143.167.44/ord?file:^px/Home.px
http://167.206.190.194/file/Px/Home.px
http://192.154.63.85/ord?station:|slot:/Drivers/Graphics/DemandComparison
http://152.33.35.68/ord?station:|slot:/
http://70.155.158.246/ord?station:|slot:/floor_plan_hx
http://108.71.20.49/ord?file:^frames/home.html
http://12.167.187.176/ord?file:^Web/html/Main.html
http://206.227.27.244/ord?station:|slot:/fxApp
http://69.147.183.35/ord?station:|slot:/



/>     ______      __    __    __      __                              
   _/      \_   |  \  |  \  |  \    |  \                             
  /   $$$$$$ \  | $$\ | $$ _| $$_    \$$  _______   ______    _______
 /  $$$____$$$\ | $$$\| $$|   $$ \  |  \ /       \ /      \  /       \
|  $$/     \ $$\| $$$$\ $$ \$$$$$$  | $$|  $$$$$$$|  $$$$$$\|  $$$$$$$
| $$|  $$$$$| $$| $$\$$ $$  | $$ __ | $$ \$$    \ | $$    $$| $$     
| $$| $$| $$| $$| $$ \$$$$  | $$|  \| $$ _\$$$$$$\| $$$$$$$$| $$_____
| $$ \$$  $$| $$| $$  \$$$   \$$  $$| $$|       $$ \$$     \ \$$     \
 \$$\ \$$$$$$$$  \$$   \$$    \$$$$  \$$ \$$$$$$$   \$$$$$$$  \$$$$$$$
  \$$\ __/   \                                                       
   \$$$    $$$       Released Fulldisclosure by https://twitter.com/#!/ntisec
     \$$$$$$                            @ntisec

No comments:

Post a Comment

-