SCADA Strangelove

Main fields of research include:

• Discovery of 0-day vulnerabilities in cyber physical systems and coordinated vulnerability disclosure;
• Security assessment of ICS protocols and development suites;
• Identification of publicly Internet-connected ICS components and secure it with help of proper authorities;
• Development of security hardening guides for ICS software;
• Mapping cybersecurity on to functional safety;
• Awareness control and delivery of information regarding the actual security state of ICS systems.

SCADA Strangelove's interests expand further than classic ICS components and covers various embedded systems, however, and encompass smart home components, solar panels, wind turbines, SmartGrid as well as other areas.

Group members have and continue to develop and publish numerous open source tools for scanning, fingerprinting, security evaluation and password bruteforcing for ICS devices. These devices work over industrial protocols such as modbus, Siemens S7, MMS, ISO EC 60870, ProfiNet.^[1]

In 2014 Shodan used some of the published tools for building a map of ICS devices which is publicly available on the Internet.^[2]

Open source security assessment frameworks, such as THC Hydra,^[3] Metasploit,^[4] and DigitalBond Redpoint^[5] have used Shodan-developed tools and techniques.

The group has published security-hardening guidelines for industrial solutions^[buzzword] based on Siemens SIMATIC WinCC and WinCC Flexible.^[6] The guidelines contain detailed security configuration walk-throughs, descriptions of internal security features and appropriate best practices.

Among the group’s more noticeable projects is Choo Choo PWN (CCP) also named the Critical Infrastructure Attack (CIA). This is an interactive laboratory built upon ICS software and hardware used in real world. Every system is connected to a toy city infrastructure, which includes factories, railroads and other facilities. The laboratory has been demonstrated at various conferences including PHDays, Power of Community,^[7] and 30C3.

Primarily the laboratory is used for the discovery of new vulnerabilities and for evaluation of security mechanisms, however it is also used for workshops and other educational activities. At Positive Hack Days IV, contestants found several 0-day vulnerabilities in Indusoft Web Studio 7.1 by Schneider Electric, and in specific ICS hardware RTU PET-7000^[8] during the ICS vulnerability discovery challenge.

The group supports Secure Open SmartGrid (SCADASOS)^[9] project to find and fix vulnerabilities in intellectual power grid components such as photovoltaic power station, wind turbine, power inverter. More than 80 000 industrial devices were discovered and isolated from the Internet in 2015.^[10]