FBI: Backdoor Free for Hackers

Monday, December 17, 2012 @ 05:12 PM gHale


Using a backdoor vulnerability in Tridium Niagara, hackers were able to break into the industrial control system (ICS) of a New Jersey air conditioning company, FBI records show.

The intruders were able to breach the company’s ICS network through a backdoor in the Tridium Niagara AX ICS system.

RELATED STORIES
Romanian Domain Firm Hacked
Routers Hacked via Email
DNS Records Hacked
Global Nuclear Watchdog Hacked

This gave them access to the mechanism controlling the company’s own heating and air conditioning, according to a memo prepared by the FBI’s office in Newark, published by the website Public Intelligence.

The breach occurred in February and March after someone used the Shodan search engine to located Tridium Niagara systems connected to the Internet and posted a list of URLs for the systems online. One of the IP addresses posted led to the New Jersey company’s heating and air conditioning control system.

The company used the Niagara system not only for its own HVAC system, but also installed it for customers, the memo said. An IT contractor who worked for the company told the FBI the company had installed its own control system directly connected to the Internet with no firewall in place to protect it.

Although the system was password protected in general, the backdoor through the IP address apparently required no password and allowed direct access to the control system. “[Th]e published backdoor URL provided the same level of access to the company’s control system as the password-protected administrator login,” said the memo.

The backdoor URL gave access to a Graphical User Interface (GUI), “which provided a floor plan layout of the office, with control fields and feedback for each office and shop area,” the FBI report said. “All areas of the office were clearly labeled with employee names or area names.”

Forensic logs showed intruders had gained access to the system from multiple IP addresses in and outside the U.S. The memo does not indicate if the intruders manipulated the system after obtaining access to it.

More than 300,000 Tridium Niagara AX Framework systems are in use worldwide, according to the Tridium web site, and see use in energy management, building automation, telecommunications, security automation and lighting control.



Leave a Reply

You must be logged in to post a comment.